Re: [rbridge] merging draft-tissa-trill-oam anddraft-ietf-trill-rbridge-oam
Santosh Rajagopalan <sunny.rajagopalan@us.ibm.com> Mon, 19 March 2012 18:02 UTC
Return-Path: <rbridge-bounces@postel.org>
X-Original-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Delivered-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E5C621F8811 for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Mon, 19 Mar 2012 11:02:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.224
X-Spam-Level:
X-Spam-Status: No, score=-6.224 tagged_above=-999 required=5 tests=[AWL=0.374, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TcwDB1xy0KoT for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Mon, 19 Mar 2012 11:02:44 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id A9F1221F880D for <trill-archive-Osh9cae4@lists.ietf.org>; Mon, 19 Mar 2012 11:02:44 -0700 (PDT)
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2JHnKil006490; Mon, 19 Mar 2012 10:49:21 -0700 (PDT)
Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2JHmun3006446 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <rbridge@postel.org>; Mon, 19 Mar 2012 10:49:05 -0700 (PDT)
Received: from /spool/local by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <rbridge@postel.org> from <sunny.rajagopalan@us.ibm.com>; Mon, 19 Mar 2012 11:48:54 -0600
Received: from d03dlp03.boulder.ibm.com (9.17.202.179) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 19 Mar 2012 11:48:52 -0600
Received: from d03relay05.boulder.ibm.com (d03relay05.boulder.ibm.com [9.17.195.107]) by d03dlp03.boulder.ibm.com (Postfix) with ESMTP id 0D5CD19D804F; Mon, 19 Mar 2012 11:48:45 -0600 (MDT)
Received: from d03av06.boulder.ibm.com (d03av06.boulder.ibm.com [9.17.195.245]) by d03relay05.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q2JHmCUs037542; Mon, 19 Mar 2012 11:48:16 -0600
Received: from d03av06.boulder.ibm.com (loopback [127.0.0.1]) by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q2JHmVM6015548; Mon, 19 Mar 2012 11:48:32 -0600
Received: from d03nm127.boulder.ibm.com (d03nm127.boulder.ibm.com [9.17.195.18]) by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id q2JHmVeb015532; Mon, 19 Mar 2012 11:48:31 -0600
In-Reply-To: <CD31C838133B34469D6E01406350E68C0E8A563E@xmb-sjc-215.amer.cisco.com>
References: <220BAABC-A9BB-497E-8ABA-9A7C65CFB6B6@us.ibm.com> <EF74E90D-AC4C-4798-88CD-ACF3035E268D@us.ibm.com> <CD31C838133B34469D6E01406350E68C0E8A563E@xmb-sjc-215.amer.cisco.com>
To: "Rohit Watve (rwatve)" <rwatve@cisco.com>
MIME-Version: 1.0
X-KeepSent: 785471D9:96C20091-872579C6:005F99B6; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.1FP5 SHF29 November 12, 2010
Message-ID: <OF785471D9.96C20091-ON872579C6.005F99B6-882579C6.0061DDA8@us.ibm.com>
From: Santosh Rajagopalan <sunny.rajagopalan@us.ibm.com>
Date: Mon, 19 Mar 2012 10:48:29 -0700
X-MIMETrack: Serialize by Router on D03NM127/03/M/IBM(Release 8.5.1FP2|March 17, 2010) at 03/19/2012 11:48:10, Serialize complete at 03/19/2012 11:48:10
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 12031917-1780-0000-0000-000004164527
X-IBM-ISS-SpamDetectors:
X-IBM-ISS-DetailInfo: BY=3.00000258; HX=3.00000186; KW=3.00000007; PH=3.00000001; SC=3.00000001; SDB=6.00123427; UDB=6.00029611; UTC=2012-03-19 17:48:54
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: sunny.rajagopalan@us.ibm.com
Cc: rbridge@postel.org, rbridge-bounces@postel.org
Subject: Re: [rbridge] merging draft-tissa-trill-oam anddraft-ietf-trill-rbridge-oam
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0786058506=="
Sender: rbridge-bounces@postel.org
Errors-To: rbridge-bounces@postel.org
Hi, Rohit You could have a packet or two leak to the host, and the host OS will drop it because of the invalid checksum (this number of drops would be at the level of noise for most systems). A more difficult alternative would be to have switches drop packets with an invalid IP checksum from leaving host-facing ports. 1) You employ this method only after all your other means of debugging have failed to root cause the issue. This means that you've already used the means outlined below to trace the path that this packet should be taking (2.a and 2.b below, which use the rbridge channel header and result in no leaks). 2) After you've used 2.a and 2.b, you need to check what the hardware on the path is really doing with a packet that looks like the flow you're debugging. For this, you cannot change any of the familiar header fields to help you capture the packet at the egress, because that could change the hash result on the way (This isn't theoretical - I know of asics that hash on IP, trill header, tcp/udp, inner ethernet header, outer ethernet header). Since you need a probe packet that looks just like a real flow, your best bet is to clone the real flow packet, but with an invalid IP checksum and then send it out with incrementing ttl values. -- Sunny Rajagopalan From: "Rohit Watve (rwatve)" <rwatve@cisco.com> To: Santosh Rajagopalan/Santa Clara/IBM@IBMUS, <rbridge@postel.org> Date: 03/16/2012 06:38 PM Subject: Re: [rbridge] merging draft-tissa-trill-oam anddraft-ietf-trill-rbridge-oam Sent by: rbridge-bounces@postel.org Hi Santosh, I had a question about following: 2. c) Multicast pruned tree discovery for a particular flow: I recommend building a packet with an empty payload which looks like the actual flow (with the header fields from the flow being tested instead of the rbridge channel header). The IP address, mac address, L4 headers etc all match with that of the flow you're trying to debug. However, to ensure that any leaked packets get dropped, set the IP checksum to be invalid (the IP checksum is never used for the ecmp hash). Now send out successive packets with the ttl field in incrementing values. Note that you're sending a "pseudo-real" packet into the network and relying on received ttl expiry messages to figure out the path. How do you prevent OAM packets with Invalid IP checksum from leaking out to customers? Thanks Rohit From: rbridge-bounces@postel.org [mailto:rbridge-bounces@postel.org] On Behalf Of Santosh Rajagopalan Sent: Tuesday, March 06, 2012 8:49 AM To: rbridge@postel.org Cc: Santosh Rajagopalan Subject: [rbridge] merging draft-tissa-trill-oam anddraft-ietf-trill-rbridge-oam Hi, We currently have two competing approaches to TRILL OAM, draft-ietf-trill-rbridge-oam and draft-tissa-trill-oam. Both have their merits, which calls for a revised draft with the best ideas from both. draft-tissa-trill-oam has a dependancy on IP/ICMP/ARP etc. The major reason for this dependency seems to be for multipath path discovery, and I have some suggestions as to how to fix this in draft-ietf-trill-rbridge-oam without using IP. draft-tissa-trill-oam also has several features which should be rightly queried from a MIB. I think the OAM draft should concentrate on facilitating actions that would be difficult or impossible to perform in its absence. So querying counters has no place here, because you could easily figure them out by doing an SNMP query or by logging into the switch. I also think it's worthwhile to look at the features traditionally supported in ethernet OAM and to see if they have a place here. Using draft-ietf-trill-rbridge-oam as a basis: 1) Ping/loopback: draft-ietf-trill-rbridge-oam handles this well enough (it does need a multicast addition). The purpose of ping is to verify connectivity between two rbridges, not to discover the various ways of connecting the two. One suggestion I have here is to be able to include a cookie in the echo request message which gets reflected back by the receiver. This cookie could be used to include the sender's timestamp in the ping message. The response could then be used to measure round-trip path latency and jitter. If the sender and receiver's clocks are synchronized using some external mechanism then this can also be used to measure one-way delay and jitter. This is a feature borrowed from ethernet OAM. 2) Traceroute: IP traceroute doesn't rely on icmp for the outgoing packet (you could use ICMP, but that's a different matter). In fact, UNIX implementations usually just send UDP packets with port numbers in the 33K range, with appropriate TTL values. Note that traceroute in the IP world gives you "a" path to a destination, not "all possible paths". However, being able to enumerate all possible paths, as well as to pinpoint the particular path a flow would take are good to have features. Here're the modifications needed in draft-ietf-trill-rbridge-oam to achieve this: a. Multicast unpruned tree discovery: you can discover all existing unpruned multicast trees by setting the erbridge value of an rbridge channel message to the respective roots, M=1 and the dmac to "all-egress-rbridges". Just like regular ping, you can send this as an echo request message with incrementing ttl values, and the ttl expiry messages you get will tell you what the unpruned tree looks like. Changing the egress_rbridge will paint you a picture of the different trees. b. Multicast pruned tree discovery: just do a), but replace the "all-egress-rbridges" multicast address in the inner dmac with the mac address of the multicast group. As you vary the egress_rbridge field, this will enumerate all possible pruned trees for that group. Note that draft-ietf-trill-rbridge-oam uses draft-ietf-trill-rbridge-channel, which requires the inner dmac to be all-egress-rbridges. However, the ethertype field can be used by itself to classify an OAM packet, and I am advocating that the inner dmac requirement in draft-ietf-trill-rbridge-channel be relaxed to allow for alternative inner dmacs where needed. c. Multicast pruned tree discovery for a particular flow: I recommend building a packet with an empty payload which looks like the actual flow (with the header fields from the flow being tested instead of the rbridge channel header). The IP address, mac address, L4 headers etc all match with that of the flow you're trying to debug. However, to ensure that any leaked packets get dropped, set the IP checksum to be invalid (the IP checksum is never used for the ecmp hash). Now send out successive packets with the ttl field in incrementing values. Note that you're sending a "pseudo-real" packet into the network and relying on received ttl expiry messages to figure out the path. d. Unicast path discovery: the erbridge ID is that of the switch you're trying to ping. Let's send this echo request message with a fake inner DMAC. Construct the dmac so that the U/L bit is 1 and the I/G bit is 0 (basically, its a local scope unicast mac). Set the last 32 bits to a random value. This is a fake mac address, but that's ok because the network routes only on the erbridge anyway. The M bit in the TRILL header is 0. Send this as an echo request message with incrementing ttl values. This gives you "a" path from the source to the destination rbridge. Increment the dmac used earlier, and repeat. All rbridges hash at least on the inner dmac, so this will allow you to enumerate all possible paths from source to destination. e. Unicast path discovery for a particular flow: Similar to what we did for multicast, construct a real packet of length 0. The IP address, mac address, L4 headers etc all match with that of the flow you're trying to debug. However, to ensure that any leaked packets get dropped, set the IP checksum to be invalid. Now set the ttl field in incrementing values. Note that you're sending a "pseudo-real" packet into the network and relying on received ttl expiry messages to figure out the path. Note that doing this eliminates the reliance on IP/ICMP, while preserving the objectives of draft-tissa-trill-oam. The fake packets generated are technically not OAM packets, just suggestions on how to achieve a certain objective. 3) Fault notification: although neither draft talks about this, this is a part of the ethernet OAM feature set. I think draft-ietf-trill-rbridge-oam needs to mention that the expectation is that BFD will work over the rbridge channel to achieve this. 4) draft-tissa-trill-oam has a big section on TTM. The equivalent in Ethernet OAM is performance management by checking counters and send/receive delays, etc. We can cover send/receive delay/jitter measurements using ping (as described earlier). I frankly don't see the benefit to including remote discovery of counters in this OAM proposal. The administrator can always just login to the rbridge of interest and get a read-out of the counters directly, or use snmp remotely. We shouldnt be replicating functionality which is better done elsewhere, and I think this entire section on TTM in draft-tissa-trill-oam should be taken out. 5) I don't see any benefits to DRB/AF discovery OAM messages. This is probably done most easily by logging into the rbridge in question and doing a "show l2 isis", or extending the SNMP MIB. 6) draft-tissa-trill-oam has a section on MAC discovery (basically, being able to query all rbridges to see what their rbridge<->mac binding is). This is again something that should be best queried using SNMP - this is a classic MIB walk case. 7) Address binding verification should be out of scope for a TRILL OAM draft, and besides, should just be queried at the rbridge with the CLI. 8) End-Station Attachment Point Discovery: should be out of scope of this draft, and is too vendor specific (it uses VN-tags). best, Sunny Rajagopalan_______________________________________________ rbridge mailing list rbridge@postel.org http://mailman.postel.org/mailman/listinfo/rbridge
_______________________________________________ rbridge mailing list rbridge@postel.org http://mailman.postel.org/mailman/listinfo/rbridge
- [rbridge] merging draft-tissa-trill-oam and draft… Santosh Rajagopalan
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Tissa Senevirathne (tsenevir)
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Santosh Rajagopalan
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Sam Aldrin
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Santosh Rajagopalan
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Sam Aldrin
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Rohit Watve (rwatve)
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Santosh Rajagopalan
- Re: [rbridge] mergingdraft-tissa-trill-oam anddra… Tissa Senevirathne (tsenevir)
- Re: [rbridge] merging draft-tissa-trill-oam anddr… Sam Aldrin