IETF Logo Mail Archive

[Teas] Re: issue on multiple match-criterion on the same time for a connectivity-group

"Wubo (lana)" <lana.wubo@huawei.com> Tue, 27 August 2024 11:52 UTC

Return-Path: <lana.wubo@huawei.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 272A5C157931; Tue, 27 Aug 2024 04:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.206
X-Spam-Level:
X-Spam-Status: No, score=-4.206 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oa5GAnklOq8Y; Tue, 27 Aug 2024 04:52:46 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D491C1654EB; Tue, 27 Aug 2024 04:52:45 -0700 (PDT)
Received: from mail.maildlp.com (unknown [172.18.186.231]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4WtQnM5LFsz6DBYv; Tue, 27 Aug 2024 19:49:27 +0800 (CST)
Received: from lhrpeml500006.china.huawei.com (unknown [7.191.161.198]) by mail.maildlp.com (Postfix) with ESMTPS id 66F9D140A71; Tue, 27 Aug 2024 19:52:42 +0800 (CST)
Received: from kwepemg100006.china.huawei.com (7.202.181.24) by lhrpeml500006.china.huawei.com (7.191.161.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Tue, 27 Aug 2024 12:52:41 +0100
Received: from kwepemd500012.china.huawei.com (7.221.188.25) by kwepemg100006.china.huawei.com (7.202.181.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 27 Aug 2024 19:52:39 +0800
Received: from kwepemd500012.china.huawei.com ([7.221.188.25]) by kwepemd500012.china.huawei.com ([7.221.188.25]) with mapi id 15.02.1258.034; Tue, 27 Aug 2024 19:52:39 +0800
From: "Wubo (lana)" <lana.wubo@huawei.com>
To: Vishnu Pavan Beeram <vishnupavan@gmail.com>
Thread-Topic: issue on multiple match-criterion on the same time for a connectivity-group
Thread-Index: AdruIHu+4eWXIPFgSXyihRdofyInwgHDjnhQ//+rhAD/+RpvUA==
Date: Tue, 27 Aug 2024 11:52:39 +0000
Message-ID: <5d04c65822bc44a480d6c1ca90649a19@huawei.com>
References: <PAVPR07MB93596F12B3E0E133470A58E891872@PAVPR07MB9359.eurprd07.prod.outlook.com> <63029379cde446eb8c6bf6f87ab7770e@huawei.com> <CA+YzgTt3x8gsvJyNVYEg-u6bXBEKeExaZstNxuDAmR+75Ajbfw@mail.gmail.com>
In-Reply-To: <CA+YzgTt3x8gsvJyNVYEg-u6bXBEKeExaZstNxuDAmR+75Ajbfw@mail.gmail.com>
Accept-Language: en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.114.167]
Content-Type: multipart/alternative; boundary="_000_5d04c65822bc44a480d6c1ca90649a19huaweicom_"
MIME-Version: 1.0
Message-ID-Hash: VN4O26B2UW3CBUIFF6NZUNFS75HBVNFR
X-Message-ID-Hash: VN4O26B2UW3CBUIFF6NZUNFS75HBVNFR
X-MailFrom: lana.wubo@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teas.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Sergio Belotti (Nokia)" <sergio.belotti@nokia.com>, Oscar González de Dios <oscar.gonzalezdedios@telefonica.com>, TEAS WG Chairs <teas-chairs@ietf.org>, "teas@ietf.org" <teas@ietf.org>, "Peter Busschbach (Nokia)" <peter.busschbach@nokia.com>, "Swamynathan B (Nokia)" <swamynathan.b@nokia.com>, Qin Wu <bill.wu@huawei.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Teas] Re: issue on multiple match-criterion on the same time for a connectivity-group
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/mhegiMldBmOPy_LlQb0N4g016bk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Owner: <mailto:teas-owner@ietf.org>
List-Post: <mailto:teas@ietf.org>
List-Subscribe: <mailto:teas-join@ietf.org>
List-Unsubscribe: <mailto:teas-leave@ietf.org>

Hi Pavan, Oscar, Sergio, WG,

We have posted version (-15) to address the comments made by Sergio and Pavan. Thanks for your valuable comments.
Diff is at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-teas-ietf-network-slice-nbi-yang-15


In this version, we enhance “match-criterion” with “match-type“ list, and also improve the overall text description.



Thanks,

Bo


From: Vishnu Pavan Beeram <vishnupavan@gmail.com>
Sent: Friday, August 23, 2024 6:31 PM
To: Wubo (lana) <lana.wubo@huawei.com>
Cc: Sergio Belotti (Nokia) <sergio.belotti@nokia.com>; Oscar González de Dios <oscar.gonzalezdedios@telefonica.com>; TEAS WG Chairs <teas-chairs@ietf.org>; teas@ietf.org; Peter Busschbach (Nokia) <peter.busschbach@nokia.com>; Swamynathan B (Nokia) <swamynathan.b@nokia.com>; Qin Wu <bill.wu@huawei.com>
Subject: Re: issue on multiple match-criterion on the same time for a connectivity-group

Sergio -- Thanks for bringing this to the WG's attention.

Bo and authors -- Thanks for the quick resolution. The changes to the module and the associated examples seem to be straightforward. Adding another example for this specific scenario would be useful to explain the difference between the "OR" and "AND" application of the match criteria. We (chairs) don't think this warrants another LC (or any change to the shepherd write-up). That said, we'll review the changes when the new revision is available and decide on the next steps.

Regards,
-Pavan and Oscar

On Fri, Aug 23, 2024 at 1:33 PM Wubo (lana) <lana.wubo@huawei.com<mailto:lana.wubo@huawei.com>> wrote:
Dear Pavan, Oscar, Sergio, WG,

After discussing among the authors, we agree that this match criterion enhancement can be added for flexibility without relying on the ACL model reference.

And for ACL, since IETF has multiple ACL enhancement models, which can support many complex rule combinations.
Therefore, it is recommended to leave the ACL as the match criteria as it is. We can add text stating that the ACL name can be used as the "value" when the ACL is used as a match criterion.

We will post a new version to resolve this. At the same time, the authors think that the modification is an enhancement of YANG model and does not change the definition of “match criteria”. We hope this change does not require a second WGLC?

Thanks,
Bo

From: Sergio Belotti (Nokia) <sergio.belotti@nokia.com<mailto:sergio.belotti@nokia.com>>
Sent: Wednesday, August 14, 2024 4:10 PM
To: Vishnu Pavan Beeram <vishnupavan@gmail.com<mailto:vishnupavan@gmail.com>>; Oscar González de Dios <oscar.gonzalezdedios@telefonica.com<mailto:oscar.gonzalezdedios@telefonica.com>>; TEAS WG Chairs <teas-chairs@ietf.org<mailto:teas-chairs@ietf.org>>
Cc: teas@ietf.org<mailto:teas@ietf.org>; Wubo (lana) <lana.wubo@huawei.com<mailto:lana.wubo@huawei.com>>; Peter Busschbach (Nokia) <peter.busschbach@nokia.com<mailto:peter.busschbach@nokia.com>>; Swamynathan B (Nokia) <swamynathan.b@nokia.com<mailto:swamynathan.b@nokia.com>>; Sergio Belotti (Nokia) <sergio.belotti@nokia.com<mailto:sergio.belotti@nokia.com>>
Subject: issue on multiple match-criterion on the same time for a connectivity-group

Hello Pavan,Oscar, authors, WG,

I know draft-ietf-teas-ietf-network-slice-nbi-yang-14 has passed the WGLC but I’ve discovered a potential issue that heavily affects the model flexibility.

For my understanding of the model there is no possibility to have a combination of match criteria. For example: IF source-ip-address = 1.2.3.4 AND IF dscp = ef THEN map traffic onto target-connection-group X.
So we’d like to obtain that at the same connection-group X, it can be applied two matching criteria at the same time.

The model allows for the identification of multiple values (i.e. “value” is a leaf-list node). In principle, it is possible to identify an ip address and a dcsp value. The draft literally says “Provides a value for the Slice Service match criteria, e.g., IP prefix and VLAN ID”. However, you can only specify one match-type.
The model permit to have  e.g. 2 match criteria   one with source IP address and another with DSCP values both pointing to same connection group or connectivity construct.
So basically taking an example from the draft you could have :

              "service-match-criteria": {
                "match-criterion": [
                  {
                    "index": 1,
                    "match-type": "ietf-nss:dscp",
                    "value": ["EF"],
                    "target-connection-group-id": “matrix6”,
                    "target-connectivity-construct-id": "2"
                  },
                  {
                    "index": 2,
                                "match-type": "ietf-nss: source-ip-prefix",
                                “value”: “1.2.3.4”
                    "target-connection-group-id": “matrix6”,
                    "target-connectivity-construct-id": "2"
                  }

This type of encoding permits the OR of the matching criteria , I mean source-ip-address = 1.2.3.4 OR  dscp = ef., but how I can have the AND of the two ?

I know that for complex combination it is suggested to use the matching criteria type of ACL, defining a specific identity to be used as match-type


  identity acl {
    base service-match-type;
    description
      "Uses Access Control List (ACL) as match criteria
       for the Slice Service traffic.";
    reference
      "RFC 8519: YANG Data Model for Network Access Control
                 Lists (ACLs)";
  }

But there is no guideline on how to use it, and how to encode the “value” field, that is not present in ACL model.
ACL encodes a set of rules consisting of conditions and actions but there is no specific format that is able to capture a set of conditions .

What I would propose to solve the problem would be a list of pairs “match-type” and “value” , with match-type as key and value as another leaf. In this case for any “index” you could have multiple match-type and for the same “index” of match-criterion a combination of more than one match-type.

Something like:

"service-match-criteria": {
                "match-criterion": [
                  {
                    "index": 1,
                    “newlist” : [
                          {
                             "match-type": "ietf-nss:dscp",
                             "value": ["EF"]
                         },
                         {
                             "match-type": "ietf-nss: source-ip-prefix",
                              “value”: “1.2.3.4”
                         }
                   ]
                   "target-connection-group-id": “matrix6”,
                   "target-connectivity-construct-id": "2"
                 },

I think the modification is not complex and the model would be more flexible and “ready to be used” for match combinations instead to exploit another model like ACL.

Thanks
Sergio

v2.45.0 | Report a Bug | By Email | System Status