Re: [Teas] WG Last Call: draft-ietf-teas-pce-native-ip-06

Dhruv Dhody <dhruv.ietf@gmail.com> Mon, 01 June 2020 05:12 UTC

Return-Path: <dhruv.ietf@gmail.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50BCB3A0CD8 for <teas@ietfa.amsl.com>; Sun, 31 May 2020 22:12:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 66YrrAh1DcVC for <teas@ietfa.amsl.com>; Sun, 31 May 2020 22:12:18 -0700 (PDT)
Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83CA43A0CD7 for <teas@ietf.org>; Sun, 31 May 2020 22:12:18 -0700 (PDT)
Received: by mail-io1-xd44.google.com with SMTP id j8so5587529iog.13 for <teas@ietf.org>; Sun, 31 May 2020 22:12:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NCJ90HYjlJRcrDlW1BVAw1loxtOZIvUBV4tNZlJNlz4=; b=apYr/zXU3FGGCFbY7RWacmUnlR3O3z1Y5GRwkmyFtR9QP60uc0f/FaMOnSca/nZ3Tc hXDMOnreIGSyxoiy0jiBRF7xHzpcsxE90XwaIMezKGLYW+CSA/zTE7iVFHUx+BDrCLQj hQgykIJ4Sn1DuKhfiaPdtce1lxXZgIulAIC84KPc7qV9zkj5evOHtJJQIbjUvUNXHhoO 7XKhPhHlpW+onJB3GC8YSK2sIvMv4OLKEtlcmXFCbo9qOOdScHu7pMJ0XL+kLFlrjECr Ah0YI83ioBY0sufhIRzYhpglGLtv1OmJ9J+zBUH2BwydF8wmVcEFG7UA3ilDaqDQ3MdH pW6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NCJ90HYjlJRcrDlW1BVAw1loxtOZIvUBV4tNZlJNlz4=; b=QYwS7thYrqme8+Qk/NZv+98S1ed8sH+8aJwYEt5fsrnVmuN52lD7fzn+gp4ulT0gZJ IiQzY9ipku7m+Z5Z72YjxSlwAlNyxasZwMaS3COFrxg9VsGB3zhV2ztuO8/5oe8uNAmo bPcgND/GapwyJLIM3caondzzzipyyD9aoLVFlSfwsyMwG5p2hFZnGBjA8+uSUUQQh3cE H8DTu2PgcwkR94m6OYVbFOFLOp/Df/hJ1ZHDMLjg+ouWjJi0kvhiyt2mUTLfcgMtE7Qt 6cIibzRtCC+HKOXh51Vo8Pibhqg8f5MyeKoC9zjInNF7s1kIL3227mGDqtFY35xD1uY2 KoDg==
X-Gm-Message-State: AOAM5325Y2ITbdHZ0XSeiMpaCwXUbCBV/ZJaWTThnYzxgUg2Gw1ddy5b bnHt6vweQrZG8e4nj3E2GAL/roQ4kWJVFQbAXZcWqX9L1J0=
X-Google-Smtp-Source: ABdhPJxo5ogeXi2o0yYkRM/5kLvvz5jZjg92zM62kgmrin3+hR1Y99zWXEYoWgiJkThkw/NDn+ory6zP4bt82p/Y+Ro=
X-Received: by 2002:a05:6602:5ce:: with SMTP id w14mr17319375iox.178.1590988336116; Sun, 31 May 2020 22:12:16 -0700 (PDT)
MIME-Version: 1.0
References: <000b01d637b2$ed5fe740$c81fb5c0$@org.cn>
In-Reply-To: <000b01d637b2$ed5fe740$c81fb5c0$@org.cn>
From: Dhruv Dhody <dhruv.ietf@gmail.com>
Date: Mon, 01 Jun 2020 10:41:39 +0530
Message-ID: <CAB75xn4H1dy_UnWS-7-RkEot+TeGj8t1-p4MBNp4Fcu5zS1QXQ@mail.gmail.com>
To: Aijun Wang <wangaijun@tsinghua.org.cn>
Cc: Lou Berger <lberger@labn.net>, TEAS WG <teas@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/nVecN2dPbMBo5hyfUVQG_4qW3l4>
Subject: Re: [Teas] WG Last Call: draft-ietf-teas-pce-native-ip-06
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2020 05:12:20 -0000

Hi Aijun,

Thanks for your reply, please see inline...

On Mon, Jun 1, 2020 at 6:51 AM Aijun Wang <wangaijun@tsinghua.org.cn> wrote:
>
> Hi, Dhruv:
>
> We have updated the draft according your comments, please view it again and
> wish to get your comments on the update.
>
> For the document track, we want to ask chair to change it from
> "Experimental" to "Standard". The reasons for this change are the
> followings:

While the question is for the chairs, but IMHO the experimental track
is the correct for this work and my review was based on that.

> 1. Central control component is necessary for various networks/technologies
> to accomplish the E2E QoS assurance, such as MPLS, SRv6. and Native IP
> network.
> 2. Native IP network deployment is the trending in near future, alongside
> the emerge of Cloud Overlay solution.

While these *might* be true, there are a lot of unknowns (some of them
highlighted in my review) that need to be worked through. Doing this
as an experiment to gain knowledge and expertise in the use of PCEP
and BGP in this way is the right way forward. When I asked to define
the scope of the experiment, it was not to question the experimental
track for this I-D.

> 3. It needs to standardize the process and PCEP protocol extension to assure
> the interoperability.
>

This is in the scope of PCE I-D and not this one.

> Welcome also the comments from other experts.
>
> Please see the detail responses below inline.
>
>
My replies are inline. I have trimmed to those comments that need
further discussion.

>
> Best Regards.
>
> Aijun Wang
> China Telecom
>
> -----邮件原件-----
> 发件人: teas-bounces@ietf.org [mailto:teas-bounces@ietf.org] 代表 Dhruv
> Dhody

<snip>

> (2) We need to add some text that describes the experimental nature of this
> work. Something in line with
>
>    The procedures described in this document are experimental.  The
>    experiment is intended to enable research for the usage of PCE in
>    native IP scenarios.  For this purpose, this document describe the
>    CCDR framework and the PCEP extension is specified in
>    [I-D.ietf-pce-pcep-extension-native-ip].
> 【WAJ】We have asked the TEAS chair to change the track to "Standard". Wait
> for the response from the chair. The reasons for this are stated at above.
>

See above.

> (3) Section 1
>
> We should be clear on where are these requirements coming from. Can we say
> that they are based on the scenarios listed in RFC 8735(?), so it does not
> read out of place. More importantly, the list is a mix of technology
> choices, deployment limitations, and abstract philosophy; calling them
> requirement may be a stretch. Further,
> 【WAJ】These requirements are proposed based on the scenarios described in
> RFC8735. When we want to adopt or develop some technologies, we should
> evaluation them in various aspects.

How about this change then -


OLD:
   [RFC8735] describes the scenarios and simulation results for traffic
   engineering in native IP network.  To meet the requirements of
   various scenarios, the solution for traffic engineering in native IP
   network should have the following criteria:
NEW:
   [RFC8735] describes the scenarios and simulation results for traffic
   engineering in the native IP network to provide End-to-End (E2E) performance
   assurance and QoS using PCE based central control, referred to as
   Centralized Control Dynamic Routing (CCDR). Based on the various scenarios
   and analysis as per [RFC8735], the solution for traffic engineering in
   native IP network should have the following criteria:
END

>
>    o  No complex Multiprotocol Label Switching (MPLS) signaling
>       procedures.
>
>     Why signaling alone? Isn't data-plane as native IP, one of the key
>     requirements?
> 【WAJ】For MPLS to achieve the Traffic Engineering aim, the complex part is
> the signaling, network node must preserve the machine state during
> signaling. The data plane itself is straightforward.
>

Since this is native IP, MPLS in dataplane (even though it is simpler)
is a no-go! Maybe you can put Native IP as the very first criteria and
then this would make more sense.

>    o  End to End traffic assurance, determined Quality of Service (QoS)
>       behavior.
>
>     Should we specify that this in the control plane?
> 【WAJ】This is the ultimate aim the technology selection and design aim of
> the control plane.
>

This is handled only at the controller (and the network nodes might
not be aware of any of this), think of how you could highlight that.
Ignore if you think if it is implicit.

>     o  Flexible deployment and automation control.
>
>     IMHO too generic (and marketing).
> 【WAJ】Just want to express the solution should adjust the path dynamicly
> and not the static planning.
>

Ah, say that instead :)

> Also, please describe CCDR in the Introduction. Jumping directly into
> example in section 4 is not right.
> 【WAJ】:Add the following description to explain the CCDR: " It depends on
> the central control (PCE) element to compute the optimal path for selected
> traffic, and utilizes the dynamic routing behavior of traditional IGP/BGP
> protocols to forward such traffic. "
>

Ok, I added some text in the comment (3), that should help too.

<snip>

> (5) Section 4,
> - I am not sure why the description is in terms of address pairs
>   (IP11, IP21) and (IP12, IP22) - what happens if one sends traffic
>   from IP11 to IP22? I guess the forwarding would be based on
>   destination IP22 and the traffic would be sent to the link
>   associated with it? Doesn't it make more sense to describe things in
>   terms of IP prefix?
> 【WAJ】:You are right. The forwarding is based on destination address. Use
> the pair just want to show normally the application requires bi-direction
> assurance. Actually, the two directions can be deployed separately, same as
> the MPLS LSP.
>

If you want to use PF11 to PF21, say explicitly that this example is
for bi-directional assurance. If not, just say traffic to PF21.

> (6) Section 6, you have -
>
>    It is almost impossible to provide an End-to-End (E2E) path with
>    latency, jitter, packet loss constraints to meet the above
>    requirements in large scale IP-based network via the distributed
>    routing protocol...
>
> Well flex-algo to some extent could do this. So maybe reword this...
> 【WAJ】The deployment of Flex-algo requires the allocation of links into
> different groups in advance. We think it will lead to the inefficiently
> usage of physical links.
>

The "almost impossible" in the original statement isn't true right?
Just reword it.

<snip>

> (9) Section 10,
>
>    The PCE should have the capability to calculate the loop-free E2E
>    path upon the status of network condition and the service
>    requirements in real time.
>
> This is true for any PCE, don't think it belongs in Security consideration.
> 【WAJ】Change the sentence as " A PCE assures calculations of E2E path upon
> the status of network condition and the service requirements in real time."
>

Could not parse, do you mean -

   A PCE needs to assure the calculation of the E2E path based on the status
   of the network and the service requirements in real-time.

> This section needs to be improved as one can use PCEP to create bogus BGP
> sessions and we need to consider what would be impact on that. Further what
> would be the impact of incorrect prefix, can this be used to misdirect
> traffic.
> 【WAJ】Currently, we assumed the interaction between PCE and the underlying
> devices is secured, via the PCEPS, as described in RFC8253. The PCE and
> their communication is authorized/authenticated. It seems impossible to
> encounter bogus bgp seesion and incorrect prefix?
>

IMHO the best way to state the security analysis would be to describe
how the procedure in this I-D could be exploited & list the possible
attack vectors. Then state that the PCEP speakers need to use RFC8253
to make sure this doesn't happen.

> (10) Other considerations - Few things that are missing -
>
> - PCE and PCEP considerations - Stateful nature of PCE, path state at
>   the PCE, synchronization of the state etc
> 【WAJ】These depend on the existing mechanism. No special requirements.
> Would you like to provide some text or thoughts?
>

I think this I-D need to be explicit about the use of stateful PCE and
PCECC. This might be added even in the introduction to set the stage
correctly. It should also talk about the state of paths (explicit peer
route) and state that the existing mechanisms could be reused.

> - Multi-domain case - as that is listed as a key benefit of CCDR.
> 【WAJ】Add sentence at the "Scalability" part: "For multiple domain
> deployment, the PCE need only control the edge router to build multiple eBGP
> sessions, all other procedures are the same that in one domain."
>

Are you assuming a single PCE for multiple domains? What happens in
the case of multiple PCE?
Also, not sure what happens to the explicit peer route based on the
above statement that you added?

> - Impact of dynamic BGP session created based on CCDR.
> 【WAJ】No extra impact. Similar that you build multiple BGP sessions via
> configuration.

There is a difference between sessions created by configuration v/s
sessions created dynamically. Such as ephemeral nature, handling of
misconfigurations, default values, number of such dynamic sessions
etc.

> - Impact of "explicit peer routes" and their interaction with other
>   routes.
> 【WAJ】Add some sentence at section "PCEP extension for key parameter" as
> below:
> "The explicit route created by PCE has the higher priority than the route
> information created by other protocols, including the route manually
> configured

I guess you need to state that it is the job of the administrator to
ensure that.

> All above dynamically created states (BGP sessions, Prefix
> advertised prefix, Explict route) will be cleared once the connection
> between the PCE and network devices is interrupted.
> These parts will be considered in more detail in protocol extension draft.
>

This should be cleared on the expiration of state timeout interval
based on the local policy, otherwise, service would have an immediate
impact on the PCEP session flap. Reword it to say that state cleanup
could be based on the existing Stateful PCE and PCECC mechanism.

I would suggest adding the 'other considerations' section and adding
explicit text for these
- you could state that some of them would be handled by extension I-D,
- you can state some procedures remain the same,
- you can say no impact at all
- just say something :)

<snip>

Thanks!
Dhruv