Re: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet-architecture-08
"Black, David" <David.Black@dell.com> Fri, 09 November 2018 05:08 UTC
Return-Path: <David.Black@dell.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66D3512958B; Thu, 8 Nov 2018 21:08:47 -0800 (PST)
X-Quarantine-ID: <h-462K5CLjZn>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Improper folded header field made up entirely of whitespace (char 20 hex): References: ...15213B@rznt8114.rznt.rzdir.fht-esslingen.de>\n
X-Spam-Flag: NO
X-Spam-Score: -3.171
X-Spam-Level:
X-Spam-Status: No, score=-3.171 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=h75DMeVL; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=mZlQCzp9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h-462K5CLjZn; Thu, 8 Nov 2018 21:08:43 -0800 (PST)
Received: from esa6.dell-outbound.iphmx.com (esa6.dell-outbound.iphmx.com [68.232.149.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68ECE1298C5; Thu, 8 Nov 2018 21:08:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1541740123; x=1573276123; h=from:cc:to:subject:date:message-id:references: content-transfer-encoding:mime-version; bh=LcW/7WkJQb/nELv6ELABnTF9gLOzZANVbg9Z/pZ6iOo=; b=h75DMeVLlYZRDrCRCNMU6NFTIWKj+6/9n1hsX1kJii+sd0EbuQMWcrps BMbhg1rzCu+K0kughYmb6JjwpV4pjO9I82NmQAffAaXldRAW/O4nfeI1R RHs6UCfEh1SUR8OaWsJsZSKYOpL8LD+SLop2x1XA5SJtYLot13cCQJWJC k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2ELAABKFeVbhiWd50NkGwEBAQEDAQEBBwMBAQGBVAMBAQELAYEwgTmBAicKg26Id4scgg16lkyBKzgDCwEBGAsLg3hGAheDAiI3Cg0BAwEBAgEBAgEBAhABAQEKCQsIKSMMgjYkAQ8vHC8JBgEBAQEBAScBAQEBAQEBAQEBAQEBAQEBAQEXAkMBEgEBGAEBAQECAQEBEAgBCBEMHwgHCwEEBwQCAQgRAQMBAQECAgYdAwICAiULFAECBggCBAESCAwGAQeCfwGBeQgBDpwtAoEQiVgBAQFugS6CfYFCQIUhAwWBC4k7F4EcgVk+gRABRoFOSQcugxsBAQIBAYEqAQsHAQcGFAUQDwYMAoJKMYImiG9Qlg0DBAIChnGDJYRbgj2BV4UBgyKECIJqiVaDRQWGYoNHAgQCBAUCFIFZgQdxcFCCbII1G4M4hRSFPkExAQuKeg8XgQiBHwEB
X-IPAS-Result: A2ELAABKFeVbhiWd50NkGwEBAQEDAQEBBwMBAQGBVAMBAQELAYEwgTmBAicKg26Id4scgg16lkyBKzgDCwEBGAsLg3hGAheDAiI3Cg0BAwEBAgEBAgEBAhABAQEKCQsIKSMMgjYkAQ8vHC8JBgEBAQEBAScBAQEBAQEBAQEBAQEBAQEBAQEXAkMBEgEBGAEBAQECAQEBEAgBCBEMHwgHCwEEBwQCAQgRAQMBAQECAgYdAwICAiULFAECBggCBAESCAwGAQeCfwGBeQgBDpwtAoEQiVgBAQFugS6CfYFCQIUhAwWBC4k7F4EcgVk+gRABRoFOSQcugxsBAQIBAYEqAQsHAQcGFAUQDwYMAoJKMYImiG9Qlg0DBAIChnGDJYRbgj2BV4UBgyKECIJqiVaDRQWGYoNHAgQCBAUCFIFZgQdxcFCCbII1G4M4hRSFPkExAQuKeg8XgQiBHwEB
Received: from mx0b-00154901.pphosted.com ([67.231.157.37]) by esa6.dell-outbound.iphmx.com with ESMTP/TLS/AES256-SHA256; 08 Nov 2018 23:08:40 -0600
Received: from pps.filterd (m0144104.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wA958IeU019642; Fri, 9 Nov 2018 00:08:40 -0500
Received: from esa6.dell-outbound2.iphmx.com (esa6.dell-outbound2.iphmx.com [68.232.154.99]) by mx0b-00154901.pphosted.com with ESMTP id 2nmtq0aab1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 09 Nov 2018 00:08:39 -0500
From: "Black, David" <David.Black@dell.com>
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, DetNet WG <detnet@ietf.org>, "draft-ietf-detnet-architecture.all@ietf.org" <draft-ietf-detnet-architecture.all@ietf.org>, "Black, David" <David.Black@dell.com>
Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa6.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-SHA256; 09 Nov 2018 11:08:37 +0600
Received: from maildlpprd51.lss.emc.com (maildlpprd51.lss.emc.com [10.106.48.155]) by mailuogwprd52.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id wA958YUY011197 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 9 Nov 2018 00:08:35 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com wA958YUY011197
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1541740116; bh=KZNQTsFe0saLjPl3ilbrvonGerM=; h=From:To:CC:Subject:Date:Message-ID:References:Content-Type: Content-Transfer-Encoding:MIME-Version; b=mZlQCzp96ZOk7gUV0gh1JizDEcHpG7Hjr/2pOaORaigqZekrY13043fMKiun3Kg3w Cdkvdu1cxNwJDnTV+YIbhJgBPOZcZS4cuP9VzHzdApzCjsm2f8borFLwDGZ0+1Qgaj 6PabC0D9IXGHaZGBjOR7asbRQVtzzDFL2iagkTUE=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com wA958YUY011197
Received: from mailusrhubprd04.lss.emc.com (mailusrhubprd04.lss.emc.com [10.253.24.22]) by maildlpprd51.lss.emc.com (RSA Interceptor); Fri, 9 Nov 2018 00:08:10 -0500
Received: from MXHUB304.corp.emc.com (MXHUB304.corp.emc.com [10.146.3.30]) by mailusrhubprd04.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id wA958Hdn002334 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Fri, 9 Nov 2018 00:08:17 -0500
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB304.corp.emc.com ([10.146.3.30]) with mapi id 14.03.0399.000; Fri, 9 Nov 2018 00:08:16 -0500
To: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>, Lou Berger <lberger@labn.net>, 'János Farkas' <janos.farkas@ericsson.com>
Thread-Topic: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet-architecture-08
Thread-Index: AQHUalB58M+v0OOIXEymBs4njO5rx6U/6Y3QgAYDmQCAAK8ZAIAATo0AgAAUWnA=
Date: Fri, 09 Nov 2018 05:08:16 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949363033943F@MX307CL04.corp.emc.com>
References: <0bb7176c-c386-b863-a4f8-06254f4627ab@ericsson.com> <1705d15c-c7ba-c76f-88db-c75f1a88db0f@ericsson.com> <6EC6417807D9754DA64F3087E2E2E03E2D143BE1@rznt8114.rznt.rzdir.fht-esslingen.de> <CE03DB3D7B45C245BCA0D243277949363032BA55@MX307CL04.corp.emc.com> <cfd56f25-c05c-d8c2-a3d5-41d0a35a435d@labn.net> <6EC6417807D9754DA64F3087E2E2E03E2D15213B@rznt8114.rznt.rzdir.fht-esslingen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.36.32.164]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd04.lss.emc.com
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-11-08_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1811090047
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/TqbbWDFSZn8nFH_ZYBnM2nd1Yis>
Subject: Re: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet-architecture-08
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2018 05:08:48 -0000
Acronym expansion correction: > I've been there, done that for other > Controlled Environments ... and have the scars ... from the worked examples in > RFC 7510 (MPLS/UDP) and RFC 8086's TMCE (Traffic Management Controlled > Environment) applicability scenario for GRE/UDP. Those two RFCs may be > helpful background reading. TMCE = Traffic-Managed Controlled Environment The spelling corrector "helped" with the original ;-) Thanks, --David > -----Original Message----- > From: Black, David > Sent: Thursday, November 8, 2018 11:33 PM > To: 'Scharf, Michael'; 'Lou Berger'; 'János Farkas' > Cc: 'tsv-art@ietf.org'; 'DetNet WG'; 'draft-ietf-detnet-architecture.all@ietf.org'; > Black, David > Subject: RE: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet- > architecture-08 > > So, I'm going to agree with Michael on the problem, but suggest a different > approach for tackling it, with apologies for the length of this message > necessitated by the need to "show your work." > > I think this comment from Lou is a key insight into the underlying divergence of > views: > > > > DetNet operates at Layer 3 and basically provides detnet flows with a > > > service equivalent to IntServ's Guaranteed Quality of Service. As such, > > > DetNet flows basically operate as if the network is uncongested. > > And hence DetNet flows have no requirement or incentive to react to > congestion, even though some DetNet traffic will no doubt react to congestion. > > That quoted comment is followed by a "reduce to previous case" argument > about networking in general: > > > > WRT escaped traffic, as I mentioned in today's session, I really think > > > this is no difference between escaped DetNet traffic and traffic > > > delivered over an uncongested network to a peer (congested or > > > uncongested) network. > > Unfortunately, that argument leads to a contradiction, namely a conclusion that > congestion control is not necessary for the Internet, which is known to be > wrong. Having arrived at a result that mathematicians would call "proof by > contradiction," one of the assumptions that lead to this point has to be wrong, > but which one? > > The "clear, simple and wrong" (Mencken) approach to resolving this would be to > focus on the inelastic traffic and require that all DetNet traffic MUST be > congestion controlled. I'm not advocating this, and neither is Michael. > > A more subtle approach (with credit to Deb Brungard for an insightful discussion > after RTGAREA yesterday) is to recognize that DetNet is a Controlled > Environment, to which different rules apply than the Internet and networks in > general. For the definition of Controlled Environment, see Section 3.6 of RFC > 8085 (https://tools.ietf.org/html/rfc8085#section-3.6). For now, please ignore > the material in that section on safety, robustness and corruption, as inapplicable > to this discussion. FWIW, that material was motivated by the incessant > attempts to optimize out UDP checksums without serious consideration of the > resulting packet corruption risks and the potential consequences thereof. > Viewing DetNet as a Controlled Environment, this discussion is then primarily > about what to require/do at the boundary between the DetNet Controlled > Environment and other networks. I've been there, done that for other > Controlled Environments ... and have the scars ... from the worked examples in > RFC 7510 (MPLS/UDP) and RFC 8086's TMCE (Traffic Management Controlled > Environment) applicability scenario for GRE/UDP. Those two RFCs may be > helpful background reading. > > The good news here is that we are not as far from agreeing on a solution as > might appear from the length of this discussion. Going back to a couple of > chunks of text that Janos proposed earlier: > > NEW: > This document provides the overall Architecture for Deterministic > Networking (DetNet), which provides a capability for the delivery of > data flows with extremely low packet loss rates and bounded end-to- > end delivery latency within a network domain. DetNet is for networks > that are under a single administrative control or within a closed group > of administrative control; these include campus-wide networks and > private WANs. DetNet is not for large groups of domains such as the > Internet. > > That reads to me as a clear statement that a DetNet network is a Controlled > Environment, so I would hope that we're in agreement on that. > > NEW: > Robust real-time systems require to reduce the number of possible > failures. Filters and policers should be used in a DetNet network to > detect if DetNet packets are received on the wrong interface, or at > the wrong time, or in too great volume. Furthermore, filters and > policers can take action to discard offending packets or flows, or > trigger shutting down the offending DetNet flow, or shutting down > the offending interface. > > That proposed text actually contains two circuit breakers, "shutting down the > offending DetNet flow" or "shutting down the offending interface." So far, so > good, but what's missing is text on deployment requirements of the mechanisms > described in that text, particularly at the edges of DetNet networks. > > Text that requires deployment of "filters and policers ... [that] discard offending > [DetNet] packets and flows" at the boundaries between DetNet and non-DetNet > networks would go a long way towards resolving this discussion. I would > suggest expanding "offending" into text that includes all unauthorized DetNet > traffic and all unexpected DetNet traffic. Once that's done, the "circuit breaker" > discussion becomes more tractable, as the discarding of all DetNet traffic that > would otherwise escape the DetNet network reduces the "circuit breaker" > discussion to the existing DetNet material measures that need to be taken inside > a DetNet network to protect delivery of DetNet service. > > Thanks, --David > > > > -----Original Message----- > > From: Scharf, Michael [mailto:Michael.Scharf@hs-esslingen.de] > > Sent: Thursday, November 8, 2018 1:12 PM > > To: Lou Berger; Black, David; 'János Farkas' > > Cc: tsv-art@ietf.org; DetNet WG; draft-ietf-detnet-architecture.all@ietf.org > > Subject: RE: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet- > > architecture-08 > > > > > > [EXTERNAL EMAIL] > > Please report any suspicious attachments, links, or requests for sensitive > > information. > > > > > > Inline > > > > > -----Original Message----- > > > From: Tsv-art [mailto:tsv-art-bounces@ietf.org] On Behalf Of Lou Berger > > > Sent: Thursday, November 8, 2018 8:45 AM > > > To: Black, David; Scharf, Michael; 'János Farkas' > > > Cc: tsv-art@ietf.org; DetNet WG; draft-ietf-detnet- > > > architecture.all@ietf.org > > > Subject: Re: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf- > > > detnet-architecture-08 > > > > > > Hi, > > > > > > See below for in-line responses > > > > > > On 11/5/2018 12:21 AM, Black, David wrote: > > > > ... > > > > > > >>> * It is surprising that there is hardly any discussion on network > > > robustness > > > >>> and safety; this probably also relates to security. For instance, > > > >>> misconfiguration or errors of functions performing packet > > > replication could > > > >>> severely and permanently congest a network and cause harm. > > > > [... snip ...] > > > >> NEW: > > > >> Robust real-time systems require to reduce the number of possible > > > >> failures. Filters and policers should be used in a DetNet network to > > > >> detect if DetNet packets are received on the wrong interface, or at > > > >> the wrong time, or in too great volume. Furthermore, filters and > > > >> policers can take action to discard offending packets or flows, or > > > >> trigger shutting down the offending DetNet flow, or shutting down > > > >> the offending interface. > > > >> > > > >> [ms] That does not address my concern. As I wrote already, I believe > > > this > > > >> document has to discuss the applicability of circuit breakers > > > according to RFC > > > >> 8084. > > > > I concur with Michael's implied concern that the "should" in the NEW > > > text > > > > is woefully inadequate. The provisions to prevent escaped non- > > > elastic traffic > > > > from causing damage elsewhere need to be mandatory particularly if > > > DetNet > > > > and non-DetNet networks are interconnected. The above > > > > text on filters doesn't appear to cover escape from the DetNet > > > network, > > > > and needs to do so. Deployment of filters at DetNet nodes that drop > > > all > > > > DetNet traffic that tries to escape, and that drop all misdirected > > > DetNet > > > > traffic should address most of this problem. > > > > > > > > Once that is done, I think a discussion of circuit breakers is > > > needed, in the > > > > form of Detnet service mechanisms that can shut down (cease > > > transmission > > > > of) a flow that is being sent entirely into the bit-bucket by a > > > downstream filter, > > > > due to misconfiguration, failure, etc. > > > > > > I think we have a bit of a disconnect of what DetNet service delivers. > > > > > > DetNet does not itself impact any Transport protocol (e.g., UDP, TCP) > > > so itself does not *produce* elastic or non-elastic traffic. > > > > First, the question whether DetNet *produces* elastic or non-elastic traffic > does > > not matter for the applicability of circuit breakers. Section 3 of RFC 8084 > states: > > > > CBs are RECOMMENDED for IETF protocols and tunnels that carry non- > > congestion-controlled Internet flows and for traffic aggregates. > > This includes traffic sent using a network tunnel. Designers of > > other protocols and tunnel encapsulations also ought to consider the > > use of these techniques as a last resort to protect traffic that > > shares the network path being used. > > > > Section 3.2.1.1 of draft-ietf-detnet-architecture-09 explains explicitly that > > DetNet can carry non-congestion-controlled traffic: > > > > Note that a DetNet flow cannot be throttled, i.e., its > > transmission rate cannot be reduced via explicit congestion > > notification. > > > > So, clearly the condition of carrying non-congestion-controlled flows or traffic > > aggregates applies to the DetNet architecture. And, as a result, the > > RECOMMENDED in RFC 8084 is in principle applicable to DetNet. Also, note > that > > the RECOMMENDED in RFC 8084 is not limited to tunnels. > > > > As pointed out by David, the key question is whether, and how, the DetNet > > architecture prevents that non-congestion controlled traffic escapes from a > > controlled environment into the Internet. As also explained in RFC 8084, this > > question in particular matters for failure scenarios. > > > > As TSV-ART reviewer, I insist in a discussion of this problem in draft-ietf- > detnet- > > architecture. And I believe that a reference to RFC 8084 is needed in draft-ietf- > > detnet-architecture. > > > > Note that the wording in RFC 8084 is RECOMMENDED and not MUST, i.e., it is > > possible that circuit breakers may not be needed for certain solutions. As an > > example, MPLS traffic may not easily escape from a managed MPLS network. > > > > > > Second, in my TSV-ART review I have explicitly mentioned the DetNet Packet > > Replication Function (PRF). Replicating non-elastic traffic may create > additional > > challenges if the replicated packets can somehow escape into the Internet, > e.g., > > in failure cases. For instance, as far as I understand draft-ietf-detnet- > > architecture, I assume the PRF can replicate non-congestion-controlled traffic > > and forward it along different paths. If one of these paths escapes to the > > Internet, to the Internet the PRF could basically be a producer of non- > congestion > > controlled traffic, and that traffic could cause significant harm in the Internet. > > Also, note that in that case it may not necessarily help if the traffic carried by > > DetNet is elastic, e.g., if DetNet carries TCP traffic. For instance, if other paths > > used by the PRF within the DetNet domain would deliver all packets, the > > congestion control in TCP would not never be triggered as each packet gets > > indeed delivered over one of the paths. So, an unelastic traffic stream would > > escale into the Internet and never back off. Unless I miss something, DetNet > > needs counter-means to prevent this sort of issues. > > > > As TSV-ART reviewer, I believe draft-ietf-detnet-architecture needs a > dedicated > > discussion whether the PRF can cause harm and, if so, how to avoid such > harm. > > > > > DetNet operates at Layer 3 and basically provides detnet flows with a > > > service equivalent to IntServ's Guaranteed Quality of Service. As > > > such, > > > DetNet flows basically operate as if the network is uncongested. > > > > RFC 8084 exactly addresses that case. The question is not the normal > operation > > of the network, but abnormal cases. > > > > > WRT escaped traffic, as I mentioned in today's session, I really think > > > this is no difference between escaped DetNet traffic and traffic > > > delivered over an uncongested network to a peer (congested or > > > uncongested) network. > > > > That comes down to how the DetNet network deals with abnormal situations > at > > the edges, e.g., for the problems mentioned in RFC 8084: > > > > o anomalous traffic that exceeds the provisioned capacity (or whose > > traffic characteristics exceed the threshold configured for the > > CB); > > > > o traffic generated by an application at a time when the provisioned > > network capacity is being utilized for other purposes; > > > > o routing changes that cause additional traffic to start using the > > path monitored by the CB; > > > > o misconfiguration of a service/network device where the capacity > > available is insufficient to support the current traffic > > aggregate; > > > > o misconfiguration of an admission controller or traffic policer > > that allows more traffic than expected across the path monitored > > by the CB. > > > > According to the last point, misconfiguration of filters/policies is one of the > > challenges to look at. > > > > > Based on all this, I'm not sure how or why a discussion of circuit > > > breakers is needed. > > > > RFC 8084 represents IETF community consensus. And in my reading the DetNet > > architecture falls into the type of solutions discussed in RFC 8084. > > > > Thanks > > > > Michael > > > > > > > > > > Lou > > > > > > > > > > > Thanks, --David > > > > > > > >> -----Original Message----- > > > >> From: Tsv-art [mailto:tsv-art-bounces@ietf.org] On Behalf Of Scharf, > > > Michael > > > >> Sent: Monday, October 22, 2018 5:44 PM > > > >> To: 'János Farkas' > > > >> Cc: tsv-art@ietf.org; DetNet WG; draft-ietf-detnet- > > > architecture.all@ietf.org > > > >> Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-detnet- > > > architecture-08 > > > >> > > > >> > > > >> [EXTERNAL EMAIL] > > > >> Please report any suspicious attachments, links, or requests for > > > sensitive > > > >> information. > > > >> > > > >> > > > >> Hi Janos, > > > >> > > > >> Thanks for the reply. My comments are inline [ms]. > > > >> > > > >> I have omitted all proposed changes that work for me. > > > >> > > > >> Michael > > > >> > > > >> > > > >> -----Original Message----- > > > >> From: János Farkas <janos.farkas@ericsson.com> > > > >> Sent: Wednesday, October 17, 2018 10:56 AM > > > >> To: Scharf, Michael <Michael.Scharf@hs-esslingen.de> > > > >> Cc: tsv-art@ietf.org; draft-ietf-detnet-architecture.all@ietf.org; > > > DetNet WG > > > >> <detnet@ietf.org> > > > >> Subject: Re: Tsvart last call review of draft-ietf-detnet- > > > architecture-08 > > > >> > > > >> Hi Michael, > > > >> > > > >> Thank you very much for the thorough review and good comments! > > > >> > > > >> Please find below in-line responses and how we plan to update the > > > draft to > > > >> resolve your comments. > > > >> > > > >> Best regards, > > > >> Janos > > > >> > > > >> > > > >> On 9/29/2018 12:24 AM, Michael Scharf wrote: > > > >>> Reviewer: Michael Scharf > > > >>> Review result: Ready with Issues > > > >>> > > > >>> The document "Deterministic Networking Architecture" > > > >>> (draft-ietf-detnet-architecture-08) defines an overall framework > > > for > > > >>> Deterministic Networking. > > > >>> > > > >>> As TSV-ART reviewer, I believe that this document has issues as > > > >>> detailed below. > > > >>> > > > >>> Michael > > > >>> > > > >>> Major issues: > > > >> [...] > > > >> > > > >>> DetNet > > > >>> basically requires support in (almost) all network devices > > > >>> transporting DetNet traffic. That assumption should be explicitly > > > >>> spelt out early in the document, e.g., in the introduction. > > > >> Actually, some form of DetNet support is required from each node > > > that > > > >> transports DetNet traffic. For instance, DetNet flows have to be > > > recognized in > > > >> order not to spoil their QoS at the minimum. > > > >> > > > >> [ms] I look for an clear explanation in the architecture document of > > > what "some > > > >> form of DetNet support" exactly means. For instance, is standard > > > MPLS TE > > > >> without any DetNet support good enough for an LSR on the IP/MPLS > > > path used > > > >> by DetNet traffic, or not? As an example, when I read the following > > > paragraph in > > > >> draft-ietf-detnet-dp-sol-mpls-01 ... > > > >> > > > >> Transit nodes are normal MPLS Label Switching Routers (LSRs). > > > They > > > >> are generally unaware of the special requirements of DetNet > > > flows, > > > >> although they need to provide traffic engineering services and > > > proper > > > >> QoS to the LSPs associated with DetNet flows to enhance the > > > prospect > > > >> of the LSPs meeting the DetNet service requirements. Some > > > >> implementations of transit nodes may be DetNet aware, but such > > > nodes > > > >> just support the DetNet transport layer. > > > >> > > > >> ... I could maybe assume that actually there can be "transit nodes" > > > that do not > > > >> require *any* sort of DetNet support or DetNet awareness. Is that > > > correct? I > > > >> think the architecture document has to be clear on such fundamental > > > questions. > > > >> > > > >> The Introduction could be extended to clarify, e.g., the third > > > paragraph: > > > >> > > > >> OLD: > > > >> A goal of DetNet is a converged network in all respects. That is, > > > the presence of > > > >> DetNet flows does not preclude non-DetNet flows, and the benefits > > > offered > > > >> DetNet flows should not, except in extreme cases, prevent existing > > > QoS > > > >> mechanisms from operating in a normal fashion, subject to the > > > bandwidth > > > >> required for the DetNet flows. A single source-destination pair can > > > trade both > > > >> DetNet and non-DetNet flows. End systems and applications need not > > > >> instantiate special interfaces for DetNet flows. Networks are not > > > restricted to > > > >> certain topologies; connectivity is not restricted. Any application > > > that generates > > > >> a data flow that can be usefully characterized as having a maximum > > > bandwidth > > > >> should be able to take advantage of DetNet, as long as the necessary > > > resources > > > >> can be reserved. Reservations can be made by the application itself, > > > via network > > > >> management, by an application’s controller, or by other means, e.g., > > > a dynamic > > > >> control plane (e.g., [RFC2205]). > > > >> > > > >> NEW: > > > >> A goal of DetNet is a converged network in all respects. That is, > > > the presence of > > > >> DetNet flows does not preclude non-DetNet flows, and the benefits > > > offered > > > >> DetNet flows should not, except in extreme cases, prevent existing > > > QoS > > > >> mechanisms from operating in a normal fashion, subject to the > > > bandwidth > > > >> required for the DetNet flows. A single source-destination pair can > > > trade both > > > >> DetNet and non-DetNet flows. End systems and applications need not > > > >> instantiate special interfaces for DetNet flows. Networks are not > > > restricted to > > > >> certain topologies; connectivity is not restricted. Any application > > > that generates > > > >> a data flow that can be usefully characterized as having a maximum > > > bandwidth > > > >> should be able to take advantage of DetNet, as long as the necessary > > > resources > > > >> can be reserved. Reservations can be made by the application itself, > > > via network > > > >> management, by an application’s controller, or by other means, e.g., > > > a dynamic > > > >> control plane (e.g., [RFC2205]). Network nodes supporting DetNet > > > flows have to > > > >> implement some of the DetNet capabilities (not necessarily all) in > > > order to treat > > > >> DetNet flows such that their QoS requirements are met. > > > >> > > > >> [ms] To me, the last sentence is not clear. Does "some of the DetNet > > > capabilities > > > >> (not necessarily all)" include e.g. vanilla traffic engineering? For > > > instance, if a > > > >> network node can ensure that the QoS requirements are met by > > > leveraging > > > >> existing standardized TE without any additional DetNet awareness, is > > > this > > > >> enough for deploying DetNet? Or does this node have to implement > > > additional > > > >> DetNet-specific functionality? Specifically, please explain if an > > > existing DetNet- > > > >> unaware router on the path taken by DetNet traffic can be used to > > > forward > > > >> DetNet traffic, or if it is mandatory that any router forwarding > > > DetNet traffic > > > >> indeed implements new capabilities specific to DetNet. In the latter > > > case, I think > > > >> the document would need to discuss incremental deployment strategies > > > as well. > > > >> > > > >>> * It is surprising that there is hardly any discussion on network > > > robustness > > > >>> and safety; this probably also relates to security. For instance, > > > >>> misconfiguration or errors of functions performing packet > > > replication could > > > >>> severely and permantly congest a network and cause harm. How does > > > the DetNet > > > >>> architecture ensure that a network stays fully operational e.g. if > > > the topology > > > >>> changes or there are equipment failures? Probably this can be > > > solved by > > > >>> implementations (e.g., dynamic control plane), but why are > > > corresponding > > > >>> requirements not spelt out? Section 3.3.2 speculates that filters > > > and policers > > > >>> can help, and that may be true, but that probably still assumes > > > consistently > > > >>> and correctly configured (and well-behaving) devices. And Section > > > 3.3.2 is > > > >>> vague and mentions a "infinite variety of possible failures" > > > without stating > > > >>> any requirements or recommendations. There may be further > > > solutions, such as > > > >>> circuit breakers and the like. Why are such topics not discussed? > > > >> Security issues and considerations are addressed by the DetNet > > > Security > > > >> draft: https://datatracker.ietf.org/doc/draft-ietf-detnet-security. > > > >> Reference to the DetNet Security draft will be added. > > > >> > > > >> There will be a document dedicated to Operations, Administration and > > > >> Maintenance (OAM), which will address operational, misconfiguration, > > > and > > > >> failure detection issues. > > > >> > > > >> The topology changes have to be solved by the control plane, either > > > >> centralized or distributed. > > > >> > > > >> The filters and policers described in Section 3.3.2 also provide > > > >> robustness by eliminating/mitigating traffic coming from > > > malfunctioning > > > >> devices. > > > >> > > > >> RFC2475 is recommended for traffic policing functions to increase > > > >> robustness. > > > >> > > > >> The text in Section 3.3.2 could be made clearer, e.g., by updating > > > the > > > >> first paragraph to: > > > >> > > > >> OLD: > > > >> One key to building robust real-time systems is to reduce the > > > >> infinite variety of possible failures to a number that can be > > > >> analyzed with reasonable confidence. DetNet aids in the process by > > > >> allowing for filters and policers to detect DetNet packets received > > > >> on the wrong interface, or at the wrong time, or in too great a > > > >> volume, and to then take actions such as discarding the offending > > > >> packet, shutting down the offending DetNet flow, or shutting down > > > the > > > >> offending interface. > > > >> > > > >> NEW: > > > >> Robust real-time systems require to reduce the number of possible > > > >> failures. Filters and policers should be used in a DetNet network to > > > >> detect if DetNet packets are received on the wrong interface, or at > > > >> the wrong time, or in too great volume. Furthermore, filters and > > > >> policers can take action to discard offending packets or flows, or > > > >> trigger shutting down the offending DetNet flow, or shutting down > > > >> the offending interface. > > > >> > > > >> [ms] That does not address my concern. As I wrote already, I believe > > > this > > > >> document has to discuss the applicability of circuit breakers > > > according to RFC > > > >> 8084. > > > >> > > > >>> * Somewhat related, the document only looks at impact of failures > > > to the QoS of > > > >>> DetNet traffic. What is missing is a discussion how to protect non- > > > DetNet parts > > > >>> of a network from any harm caused by DetNet mechanisms. Solutions > > > to this > > > >>> probably exist. But why is the impact on non-DetNet traffic (e.g., > > > in case of > > > >>> topology changes or failures of DetNet functions) not discussed at > > > all in the document? > > > >> Actually the regulation of DetNet traffic by polices and filters > > > >> protects both other DetNet traffic and non-DetNet traffic. > > > >> > > > >> Section 3.3.1 could be extended to make it clear, e.g., by extending > > > the > > > >> last paragraph: > > > >> > > > >> OLD: > > > >> Ideally, the net effect of the presence of DetNet flows in a network > > > >> on the non-DetNet packets is primarily a reduction in the available > > > >> bandwidth. > > > >> > > > >> NEW: > > > >> Traffic policing functions (e.g. [RFC2475]) are used to avoid the > > > >> starvation of non-DetNet traffic. Thus, the net effect of the > > > presence > > > >> of DetNet flows in a network on non-DetNet flows is primarily a > > > >> reduction in the available bandwidth. > > > >> > > > >> [ms] I believe a stronger wording is needed, e.g. along the lines of > > > "a DetNet > > > >> deployment must avoid starvation of non-DetNet traffic ...". > > > >> > > > >> [...] > > > >> > > > >>> * Section 4.4 refers to RFC 7426, which is an informational RFC on > > > IRTF stream, > > > >>> and the document uses the concepts introduced there (e.g., > > > "planes"). This is > > > >>> very confusing. First, an IETF Proposed Standard should probably > > > refer to > > > >>> documents having IETF consensus. An example would be RFC 7491, > > > albeit there is > > > >>> other related work as well, e.g., in the TEAS WG. Second, Section > > > 4.4 is by and > > > >>> large decoupled from the rest of the document and not specific to > > > DetNet. > > > >>> Neither do other sections of the document refer to the concepts > > > introduced in > > > >>> Section 4.4, nor does Section 4.4 use the DetNet terminology or > > > discuss > > > >>> applicability to DetNet. Section 4.4 even mentions explicitly at > > > the end that > > > >>> it discusses aspects that are orthogonal to the DetNet > > > architecture. It is not > > > >>> at all clear why Section 4.4 is in this document. Section 4.4 could > > > be removed > > > >>> from the document without impacting the rest of the document. > > > >> The document should point out to traffic engineering and centralized > > > >> control plane aspects, so it is better to keep Section 4.4. > > > >> > > > >> RFC 7426 provides the full picture of SDN architecture, which needs > > > to > > > >> be referred from the DetNet architecture. No other RFC provides such > > > >> detailed picture. Therefore, we need to keep the reference to RFC > > > 7426, > > > >> which is an informative reference. > > > >> > > > >> [ms] I'll leave that up to the IESG to decide whether an IETF > > > proposed standard > > > >> should build an architecture based on research work instead of, say, > > > documents > > > >> with IETF consensus. As a side note, I believe the understanding in > > > industry what > > > >> "SDN architecture" really means and how it is implemented may have > > > evolved > > > >> since publication of IRTF RFC 7426, which was published in Jan. > > > 2015. For > > > >> instance, IRTF RFC 7426 does not discuss the implications of segment > > > routing, > > > >> BGP-LS, and other recent IETF techniques. And, based on what I read > > > in the > > > >> DetNet architecture, I believe DetNet could actually be implemented > > > without > > > >> any "SDN architecture", e.g. by distributed traffic engineering. As > > > a result, I don't > > > >> even understand the need to discuss "SDN". > > > >> > > > >> [ms] For the record: As TSV-ART reviewer, I question whether IRTF > > > RFC 7426 is > > > >> indeed an appropriate reference, I have doubts that IRTF RFC 7426 is > > > really up- > > > >> to-date, and I am concerned about the content quality of section > > > 4.4, e.g., > > > >> regarding the lack of alignment with the rest of the document. The > > > IESG will > > > >> certainly have a better understanding that than me how to deal with > > > such topics. > > > >> > > > >> The related work in TEAS is already referred to. > > > >> > > > >> [...] > > > >> > > > >>> Minor issues: > > > >>> > > > >>> * Terminology "DetNet transport layer" > > > >>> > > > >>> The term "transport layer" has a well-defined meaning in the IETF, > > > e.g. > > > >>> originating from RFC 1122. While "transport" and e.g. "transport > > > network" is > > > >>> used in the IETF for different technologies in different areas, I > > > think the > > > >>> term "transport layer" is typically understood to refer to > > > transport > > > >>> protocols such as TCP and UDP. As such, I personally find the term > > > "DetNet > > > >>> transport layer" misleading and confusing. The confusion is easy to > > > see e.g. > > > >>> in Figure 4, where UDP (which is a transport protocol as per RFC > > > 1122) sits > > > >>> on top of "transport". > > > >>> > > > >>> Based on the document it also may be solution/implementation > > > specific > > > >> whether > > > >>> the "DetNet transport layer" is actually a separate protocol layer > > > compared > > > >>> to the "DetNet service layer". Thus it is not clear to me why the > > > word > > > >>> "layer" has to be used, specifically in combination "transport > > > layer". > > > >>> > > > >>> To me as, the word "transport layer" (and "transport protocol") > > > should be > > > >>> used for protocols defined in TSV area, consistent with RFC 1122. > > > But this is > > > >>> probably a question to be sorted out by the IESG. > > > >> "transport" is used here as in "packet transport networks" not as > > > OSI L4 > > > >> transport. > > > >> > > > >> [ms] At the risk of stating the obvious: The relevant section of RFC > > > 1122 defining > > > >> "transport layer" is entitled by "The Internet Architecture". And, > > > according e.g. > > > >> to RFC 5921, "packet transport network" is a term defined by ITU-T. > > > In an IETF > > > >> document, I believe IETF terminology should be used. > > > >> > > > >> I suggest to use the terms "DetNet transport sub-layer" and "DetNet > > > >> service sub-layer" throughout the document, which would hopefully > > > avoid > > > >> confusion. > > > >> > > > >> [ms] "DetNet transport sub-layer" somewhat solves my concern of > > > avoiding the > > > >> expression "transport layer". To really avoid confusion, I believe > > > it would be > > > >> better to avoid the ambiguous term "transport" altogether. But I > > > will be fine if > > > >> all DetNet documents consistently avoid the term "transport layer". > > > >> > > > >> Michael > > > >> _______________________________________________ > > > >> Tsv-art mailing list > > > >> Tsv-art@ietf.org > > > >> https://www.ietf.org/mailman/listinfo/tsv-art > > > > _______________________________________________ > > > > detnet mailing list > > > > detnet@ietf.org > > > > https://www.ietf.org/mailman/listinfo/detnet > > > > > > _______________________________________________ > > > Tsv-art mailing list > > > Tsv-art@ietf.org > > > https://www.ietf.org/mailman/listinfo/tsv-art
- [Tsv-art] Tsvart last call review of draft-ietf-d… Michael Scharf
- Re: [Tsv-art] Tsvart last call review of draft-ie… János Farkas
- Re: [Tsv-art] Tsvart last call review of draft-ie… Scharf, Michael
- Re: [Tsv-art] Tsvart last call review of draft-ie… Black, David
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Lou Berger
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Scharf, Michael
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Black, David
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Black, David
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Lou Berger
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Scharf, Michael
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Lou Berger
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Toerless Eckert
- [Tsv-art] Fwd: Re: Tsvart last call review of dra… János Farkas
- Re: [Tsv-art] [Detnet] Fwd: Re: Tsvart last call … Lou Berger
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Scharf, Michael
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Toerless Eckert
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Scharf, Michael
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Toerless Eckert
- Re: [Tsv-art] Tsvart last call review of draft-ie… Lou Berger
- Re: [Tsv-art] Tsvart last call review of draft-ie… Scharf, Michael
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Lou Berger
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Scharf, Michael
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Black, David
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Pascal Thubert (pthubert)
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Lou Berger
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Scharf, Michael
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Norman Finn
- Re: [Tsv-art] [Detnet] Tsvart last call review of… Scharf, Michael
- [Tsv-art] Congestion Protection name change (was:… János Farkas
- Re: [Tsv-art] Congestion Protection name change (… Pascal Thubert (pthubert)
- Re: [Tsv-art] [Detnet] Congestion Protection name… Andrew G. Malis
- Re: [Tsv-art] [Detnet] Congestion Protection name… qiangli (D)
- Re: [Tsv-art] [Detnet] Tsvart last call review of… János Farkas