Re: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet-architecture-08

Lou Berger <lberger@labn.net> Fri, 09 November 2018 06:38 UTC

Return-Path: <lberger@labn.net>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70DBE130E36 for <tsv-art@ietfa.amsl.com>; Thu, 8 Nov 2018 22:38:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id za1vpeXjIE4j for <tsv-art@ietfa.amsl.com>; Thu, 8 Nov 2018 22:37:55 -0800 (PST)
Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D475130E02 for <tsv-art@ietf.org>; Thu, 8 Nov 2018 22:37:55 -0800 (PST)
Received: from cmgw12.unifiedlayer.com (unknown [10.9.0.12]) by gproxy2.mail.unifiedlayer.com (Postfix) with ESMTP id A65301E0C32 for <tsv-art@ietf.org>; Thu, 8 Nov 2018 23:37:54 -0700 (MST)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id L0QUglXUPE0jML0QUg7tiZ; Thu, 08 Nov 2018 23:37:54 -0700
X-Authority-Reason: nr=8
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:Cc:To:Subject:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3zGrer0ZNnw4NsCp0eWLtE/hijr/kgjY8hRgx+FELi4=; b=032e595wiyOjqS6I8hnAmPXGFA GaMK8APOoCX/rNOcK9hj/Lsw1hEg1qNdw45IdlRPSDCMcEMQroxbjBViDshL2MZvrgjCjA7/42EhV q2Wrwgs91z8bg6lLEfjtsJcyP;
Received: from pool-100-15-106-211.washdc.fios.verizon.net ([100.15.106.211]:42410 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <lberger@labn.net>) id 1gL0QT-003Pi6-QD; Thu, 08 Nov 2018 23:37:54 -0700
To: "Black, David" <David.Black@dell.com>, "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>, 'János Farkas' <janos.farkas@ericsson.com>
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, DetNet WG <detnet@ietf.org>, "draft-ietf-detnet-architecture.all@ietf.org" <draft-ietf-detnet-architecture.all@ietf.org>
References: <0bb7176c-c386-b863-a4f8-06254f4627ab@ericsson.com> <1705d15c-c7ba-c76f-88db-c75f1a88db0f@ericsson.com> <6EC6417807D9754DA64F3087E2E2E03E2D143BE1@rznt8114.rznt.rzdir.fht-esslingen.de> <CE03DB3D7B45C245BCA0D243277949363032BA55@MX307CL04.corp.emc.com> <cfd56f25-c05c-d8c2-a3d5-41d0a35a435d@labn.net> <6EC6417807D9754DA64F3087E2E2E03E2D15213B@rznt8114.rznt.rzdir.fht-esslingen.de> <CE03DB3D7B45C245BCA0D243277949363033943F@MX307CL04.corp.emc.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <6bfa3a1f-3460-adce-1615-9a5ff31bac9c@labn.net>
Date: Fri, 09 Nov 2018 13:37:48 +0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949363033943F@MX307CL04.corp.emc.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 100.15.106.211
X-Source-L: No
X-Exim-ID: 1gL0QT-003Pi6-QD
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-100-15-106-211.washdc.fios.verizon.net ([IPv6:::1]) [100.15.106.211]:42410
X-Source-Auth: lberger@labn.net
X-Email-Count: 4
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/tbVFHGGFgNvKI9IQ2k5hlN2WaIU>
Subject: Re: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet-architecture-08
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2018 06:38:01 -0000

David,

     I think we're at the point were some specific proposed language 
would be helpful at this point.  (FYI - I'm responding to Michael's 
message, just need some time to finish..)

What language would you like to see in addition to the text you quoted 
below.

See below for more specific and secondary responses.

On 11/9/2018 12:08 PM, Black, David wrote:
> Acronym expansion correction:
>
>> I've been there, done that for other
>> Controlled Environments ... and have the scars ... from the worked examples in
>> RFC 7510 (MPLS/UDP) and RFC 8086's TMCE (Traffic Management Controlled
>> Environment) applicability scenario for GRE/UDP.  Those two RFCs may be
>> helpful background reading.
> TMCE = Traffic-Managed Controlled Environment
>
> The spelling corrector "helped" with the original ;-)
>
> Thanks, --David
>
>
>> -----Original Message-----
>> From: Black, David
>> Sent: Thursday, November 8, 2018 11:33 PM
>> To: 'Scharf, Michael'; 'Lou Berger'; 'János Farkas'
>> Cc: 'tsv-art@ietf.org'; 'DetNet WG'; 'draft-ietf-detnet-architecture.all@ietf.org';
>> Black, David
>> Subject: RE: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet-
>> architecture-08
>>
>> So, I'm going to agree with Michael on the problem, but suggest a different
>> approach for tackling it, with apologies for the length of this message
>> necessitated by the need to "show your work."
>>
>> I think this comment from Lou is a key insight into the underlying divergence of
>> views:
>>
>>>> DetNet operates at Layer 3 and basically provides detnet flows with a
>>>> service equivalent to IntServ's Guaranteed Quality of Service.  As such,
>>>> DetNet flows basically operate as if the network is uncongested.
>> And hence DetNet flows have no requirement or incentive to react to
>> congestion, even though some DetNet traffic will no doubt react to congestion.


This may be true, but this is an issue for users of DetNet services, not 
DetNet.  This is an important distinction and one we can reflect in the 
architecture document -- i.e., that users/applications/transport 
protocols using detnet need to address this and for those uses 
https://tools.ietf.org/html/rfc8084#section-3.2.2 applies.

>>
>> That quoted comment is followed by a "reduce to previous case" argument
>> about networking in general:
>>
>>>> WRT escaped traffic, as I mentioned in today's session, I really think
>>>> this is no difference between escaped DetNet traffic and traffic
>>>> delivered over an uncongested network to a peer (congested or
>>>> uncongested) network.
>> Unfortunately, that argument leads to a contradiction, namely a conclusion that
>> congestion control is not necessary for the Internet, which is known to be
>> wrong.  Having arrived at a result that mathematicians would call "proof by
>> contradiction," one of the assumptions that lead to this point has to be wrong,
>> but which one?

Sure, but the current internet architecture, for good or bad, puts the 
burden for congestion control at the transport protocol layer not the 
network layer - and DetNet is about control and service delivery at the 
network layer.


>>
>> The "clear, simple and wrong" (Mencken) approach to resolving this would be to
>> focus on the inelastic traffic and require that all DetNet traffic MUST be
>> congestion controlled.  I'm not advocating this, and neither is Michael.

There is certainly no issues with adding a statement that the use of 
DetNet doesn't change the internet architecture or the need to ensure 
that congestion control is appropriately and 
https://tools.ietf.org/html/rfc8084#section-5.3 applies.  I'll note that 
rfc8084 doesn't place any requirements on general IP traffic that use 
https://tools.ietf.org/html/rfc8084#section-3.2.2


>>
>> A more subtle approach (with credit to Deb Brungard for an insightful discussion
>> after RTGAREA yesterday) is to recognize that DetNet is a Controlled
>> Environment, to which different rules apply than the Internet and networks in
>> general.  For the definition of Controlled Environment, see Section 3.6 of RFC
>> 8085 (https://tools.ietf.org/html/rfc8085#section-3.6).  For now, please ignore
>> the material in that section on safety, robustness and corruption, as inapplicable
>> to this discussion.  FWIW, that material was motivated by the incessant
>> attempts to optimize out UDP checksums without serious consideration of the
>> resulting packet corruption risks and the potential consequences thereof.
>> Viewing DetNet as a Controlled Environment, this discussion is then primarily
>> about what to require/do at the boundary between the DetNet Controlled
>> Environment and other networks.  I've been there, done that for other
>> Controlled Environments ... and have the scars ... from the worked examples in
>> RFC 7510 (MPLS/UDP) and RFC 8086's TMCE (Traffic Management Controlled
>> Environment) applicability scenario for GRE/UDP.  Those two RFCs may be
>> helpful background reading.

Again, these are users of DetNet -- DetNet really is nothing more than 
IntServ (for IP data plane) an MPLS-TE (for MPLS data plane) .  Keeping 
this in mind, what is the right 8085 or other language that applies and 
should be added.

>> The good news here is that we are not as far from agreeing on a solution as
>> might appear from the length of this discussion.   Going back to a couple of
>> chunks of text that Janos proposed earlier:
>>
>> 	NEW:
>> 	This document provides the overall Architecture for Deterministic
>> 	Networking (DetNet), which provides a capability for the delivery of
>> 	data flows with extremely low packet loss rates and bounded end-to-
>> 	end delivery latency within a network domain. DetNet is for networks
>> 	that are under a single administrative control or within a closed group
>> 	of administrative control; these include campus-wide networks and
>> 	private WANs. DetNet is not for large groups of domains such as the
>> 	Internet.
>>
>> That reads to me as a clear statement that a DetNet network is a Controlled
>> Environment, so I would hope that we're in agreement on that.
>>
>> 	NEW:
>> 	Robust real-time systems require to reduce the number of possible
>> 	failures. Filters and policers should be used in a DetNet network to
>> 	detect if DetNet packets are received on the wrong interface, or at
>> 	the wrong time, or in too great volume. Furthermore, filters and
>> 	policers can take action to discard offending packets or flows, or
>> 	trigger shutting down the offending DetNet flow, or shutting down
>> 	the offending interface.
>>
>> That proposed text actually contains two circuit breakers, "shutting down the
>> offending DetNet flow" or "shutting down the offending interface."  So far, so
>> good, but what's missing is text on deployment requirements of the mechanisms
>> described in that text, particularly at the edges of DetNet networks.
>>
>> Text that requires deployment of "filters and policers ... [that] discard offending
>> [DetNet] packets and flows" at the boundaries between DetNet and non-DetNet
>> networks would go a long way towards resolving this discussion.  I would
>> suggest expanding "offending" into text that includes all unauthorized DetNet
>> traffic and all unexpected DetNet traffic.  Once that's done, the "circuit breaker"
>> discussion becomes more tractable, as the discarding of all DetNet traffic that
>> would otherwise escape the DetNet network reduces the "circuit breaker"
>> discussion to the existing DetNet material measures that need to be taken inside
>> a DetNet network to protect delivery of DetNet service.

Here's where I think some specific proposed language would be helpful.

Thanks,

Lou

>> Thanks, --David
>>
>>
>>> -----Original Message-----
>>> From: Scharf, Michael [mailto:Michael.Scharf@hs-esslingen.de]
>>> Sent: Thursday, November 8, 2018 1:12 PM
>>> To: Lou Berger; Black, David; 'János Farkas'
>>> Cc: tsv-art@ietf.org; DetNet WG; draft-ietf-detnet-architecture.all@ietf.org
>>> Subject: RE: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-detnet-
>>> architecture-08
>>>
>>>
>>> [EXTERNAL EMAIL]
>>> Please report any suspicious attachments, links, or requests for sensitive
>>> information.
>>>
>>>
>>> Inline
>>>
>>>> -----Original Message-----
>>>> From: Tsv-art [mailto:tsv-art-bounces@ietf.org] On Behalf Of Lou Berger
>>>> Sent: Thursday, November 8, 2018 8:45 AM
>>>> To: Black, David; Scharf, Michael; 'János Farkas'
>>>> Cc: tsv-art@ietf.org; DetNet WG; draft-ietf-detnet-
>>>> architecture.all@ietf.org
>>>> Subject: Re: [Tsv-art] [Detnet] Tsvart last call review of draft-ietf-
>>>> detnet-architecture-08
>>>>
>>>> Hi,
>>>>
>>>> See below for in-line responses
>>>>
>>>> On 11/5/2018 12:21 AM, Black, David wrote:
>>>>> ...
>>>>>>> * It is surprising that there is hardly any discussion on network
>>>> robustness
>>>>>>> and safety; this probably also relates to security. For instance,
>>>>>>> misconfiguration or errors of functions performing packet
>>>> replication could
>>>>>>> severely and permanently congest a network and cause harm.
>>>>> [... snip ...]
>>>>>> NEW:
>>>>>> Robust real-time systems require to reduce the number of possible
>>>>>> failures. Filters and policers should be used in a DetNet network to
>>>>>> detect if DetNet packets are received on the wrong interface, or at
>>>>>> the wrong time, or in too great volume. Furthermore, filters and
>>>>>> policers can take action to discard offending packets or flows, or
>>>>>> trigger shutting down the offending DetNet flow, or shutting down
>>>>>> the offending interface.
>>>>>>
>>>>>> [ms] That does not address my concern. As I wrote already, I believe
>>>> this
>>>>>> document has to discuss the applicability of circuit breakers
>>>> according to RFC
>>>>>> 8084.
>>>>> I concur with Michael's implied concern that the "should" in the NEW
>>>> text
>>>>> is woefully inadequate.  The provisions to prevent escaped non-
>>>> elastic traffic
>>>>> from causing damage elsewhere need to be mandatory particularly if
>>>> DetNet
>>>>> and non-DetNet networks are interconnected.  The above
>>>>> text on filters doesn't appear to cover escape from the DetNet
>>>> network,
>>>>> and needs to do so.  Deployment of filters at DetNet nodes that drop
>>>> all
>>>>> DetNet traffic that tries to escape, and that drop all misdirected
>>>> DetNet
>>>>> traffic should address most of this problem.
>>>>>
>>>>> Once that is done, I think a discussion of circuit breakers is
>>>> needed, in the
>>>>> form of Detnet service mechanisms that can shut down (cease
>>>> transmission
>>>>> of) a flow that is being sent entirely into the bit-bucket by a
>>>> downstream filter,
>>>>> due to misconfiguration, failure, etc.
>>>> I think we have a bit of a disconnect of what DetNet service delivers.
>>>>
>>>> DetNet does not itself impact any Transport protocol  (e.g., UDP, TCP)
>>>> so itself does not *produce* elastic or non-elastic traffic.
>>> First, the question whether DetNet *produces* elastic or non-elastic traffic
>> does
>>> not matter for the applicability of circuit breakers. Section 3 of RFC 8084
>> states:
>>>     CBs are RECOMMENDED for IETF protocols and tunnels that carry non-
>>>     congestion-controlled Internet flows and for traffic aggregates.
>>>     This includes traffic sent using a network tunnel.  Designers of
>>>     other protocols and tunnel encapsulations also ought to consider the
>>>     use of these techniques as a last resort to protect traffic that
>>>     shares the network path being used.
>>>
>>> Section 3.2.1.1 of draft-ietf-detnet-architecture-09 explains explicitly that
>>> DetNet can carry non-congestion-controlled traffic:
>>>
>>>     Note that a DetNet flow cannot be throttled, i.e., its
>>>     transmission rate cannot be reduced via explicit congestion
>>>     notification.
>>>
>>> So, clearly the condition of carrying non-congestion-controlled flows or traffic
>>> aggregates applies to the DetNet architecture. And, as a result, the
>>> RECOMMENDED in RFC 8084 is in principle applicable to DetNet. Also, note
>> that
>>> the RECOMMENDED in RFC 8084 is not limited to tunnels.
>>>
>>> As pointed out by David, the key question is whether, and how, the DetNet
>>> architecture prevents that non-congestion controlled traffic escapes from a
>>> controlled environment into the Internet. As also explained in RFC 8084, this
>>> question in particular matters for failure scenarios.
>>>
>>> As TSV-ART reviewer, I insist in a discussion of this problem in draft-ietf-
>> detnet-
>>> architecture. And I believe that a reference to RFC 8084 is needed in draft-ietf-
>>> detnet-architecture.
>>>
>>> Note that the wording in RFC 8084 is RECOMMENDED and not MUST, i.e., it is
>>> possible that circuit breakers may not be needed for certain solutions. As an
>>> example, MPLS traffic may not easily escape from a managed MPLS network.
>>>
>>>
>>> Second, in my TSV-ART review I have explicitly mentioned the DetNet Packet
>>> Replication Function (PRF). Replicating non-elastic traffic may create
>> additional
>>> challenges if the replicated packets can somehow escape into the Internet,
>> e.g.,
>>> in failure cases. For instance, as far as I understand draft-ietf-detnet-
>>> architecture, I assume the PRF can replicate non-congestion-controlled traffic
>>> and forward it along different paths. If one of these paths escapes to the
>>> Internet, to the Internet the PRF could basically be a producer of non-
>> congestion
>>> controlled traffic, and that traffic could cause significant harm in the Internet.
>>> Also, note that in that case it may not necessarily help if the traffic carried by
>>> DetNet is elastic, e.g., if DetNet carries TCP traffic. For instance, if other paths
>>> used by the PRF within the DetNet domain would deliver all packets, the
>>> congestion control in TCP would not never be triggered as each packet gets
>>> indeed delivered over one of the paths. So, an unelastic traffic stream would
>>> escale into the Internet and never back off. Unless I miss something, DetNet
>>> needs counter-means to prevent this sort of issues.
>>>
>>> As TSV-ART reviewer, I believe draft-ietf-detnet-architecture needs a
>> dedicated
>>> discussion whether the PRF can cause harm and, if so, how to avoid such
>> harm.
>>>> DetNet operates at Layer 3 and basically provides detnet flows with a
>>>> service equivalent to IntServ's Guaranteed Quality of Service.  As
>>>> such,
>>>> DetNet flows basically operate as if the network is uncongested.
>>> RFC 8084 exactly addresses that case. The question is not the normal
>> operation
>>> of the network, but abnormal cases.
>>>
>>>> WRT escaped traffic, as I mentioned in today's session, I really think
>>>> this is no difference between escaped DetNet traffic and traffic
>>>> delivered over an uncongested network to a peer (congested or
>>>> uncongested) network.
>>> That comes down to how the DetNet network deals with abnormal situations
>> at
>>> the edges, e.g., for the problems mentioned in RFC 8084:
>>>
>>>     o  anomalous traffic that exceeds the provisioned capacity (or whose
>>>        traffic characteristics exceed the threshold configured for the
>>>        CB);
>>>
>>>     o  traffic generated by an application at a time when the provisioned
>>>        network capacity is being utilized for other purposes;
>>>
>>>     o  routing changes that cause additional traffic to start using the
>>>        path monitored by the CB;
>>>
>>>     o  misconfiguration of a service/network device where the capacity
>>>        available is insufficient to support the current traffic
>>>        aggregate;
>>>
>>>     o  misconfiguration of an admission controller or traffic policer
>>>        that allows more traffic than expected across the path monitored
>>>        by the CB.
>>>
>>> According to the last point, misconfiguration of filters/policies is one of the
>>> challenges to look at.
>>>
>>>> Based on all this, I'm not sure how or why a  discussion of circuit
>>>> breakers is needed.
>>> RFC 8084 represents IETF community consensus. And in my reading the DetNet
>>> architecture falls into the type of solutions discussed in RFC 8084.
>>>
>>> Thanks
>>>
>>> Michael
>>>
>>>
>>>> Lou
>>>>
>>>>> Thanks, --David
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Tsv-art [mailto:tsv-art-bounces@ietf.org] On Behalf Of Scharf,
>>>> Michael
>>>>>> Sent: Monday, October 22, 2018 5:44 PM
>>>>>> To: 'János Farkas'
>>>>>> Cc: tsv-art@ietf.org; DetNet WG; draft-ietf-detnet-
>>>> architecture.all@ietf.org
>>>>>> Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-detnet-
>>>> architecture-08
>>>>>>
>>>>>> [EXTERNAL EMAIL]
>>>>>> Please report any suspicious attachments, links, or requests for
>>>> sensitive
>>>>>> information.
>>>>>>
>>>>>>
>>>>>> Hi Janos,
>>>>>>
>>>>>> Thanks for the reply. My comments are inline [ms].
>>>>>>
>>>>>> I have omitted all proposed changes that work for me.
>>>>>>
>>>>>> Michael
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: János Farkas <janos.farkas@ericsson.com>
>>>>>> Sent: Wednesday, October 17, 2018 10:56 AM
>>>>>> To: Scharf, Michael <Michael.Scharf@hs-esslingen.de>
>>>>>> Cc: tsv-art@ietf.org; draft-ietf-detnet-architecture.all@ietf.org;
>>>> DetNet WG
>>>>>> <detnet@ietf.org>
>>>>>> Subject: Re: Tsvart last call review of draft-ietf-detnet-
>>>> architecture-08
>>>>>> Hi Michael,
>>>>>>
>>>>>> Thank you very much for the thorough review and good comments!
>>>>>>
>>>>>> Please find below in-line responses and how we plan to update the
>>>> draft to
>>>>>> resolve your comments.
>>>>>>
>>>>>> Best regards,
>>>>>> Janos
>>>>>>
>>>>>>
>>>>>> On 9/29/2018 12:24 AM, Michael Scharf wrote:
>>>>>>> Reviewer: Michael Scharf
>>>>>>> Review result: Ready with Issues
>>>>>>>
>>>>>>> The document "Deterministic Networking Architecture"
>>>>>>> (draft-ietf-detnet-architecture-08) defines an overall framework
>>>> for
>>>>>>> Deterministic Networking.
>>>>>>>
>>>>>>> As TSV-ART reviewer, I believe that this document has issues as
>>>>>>> detailed below.
>>>>>>>
>>>>>>> Michael
>>>>>>>
>>>>>>> Major issues:
>>>>>> [...]
>>>>>>
>>>>>>> DetNet
>>>>>>> basically requires support in (almost) all network devices
>>>>>>> transporting DetNet traffic. That assumption should be explicitly
>>>>>>> spelt out early in the document, e.g., in the introduction.
>>>>>> Actually, some form of DetNet support is required from each node
>>>> that
>>>>>> transports DetNet traffic. For instance, DetNet flows have to be
>>>> recognized in
>>>>>> order not to spoil their QoS at the minimum.
>>>>>>
>>>>>> [ms] I look for an clear explanation in the architecture document of
>>>> what "some
>>>>>> form of DetNet support" exactly means. For instance, is standard
>>>> MPLS TE
>>>>>> without any DetNet support good enough for an LSR on the IP/MPLS
>>>> path used
>>>>>> by DetNet traffic, or not? As an example, when I read the following
>>>> paragraph in
>>>>>> draft-ietf-detnet-dp-sol-mpls-01 ...
>>>>>>
>>>>>>      Transit nodes are normal MPLS Label Switching Routers (LSRs).
>>>> They
>>>>>>      are generally unaware of the special requirements of DetNet
>>>> flows,
>>>>>>      although they need to provide traffic engineering services and
>>>> proper
>>>>>>      QoS to the LSPs associated with DetNet flows to enhance the
>>>> prospect
>>>>>>      of the LSPs meeting the DetNet service requirements.  Some
>>>>>>      implementations of transit nodes may be DetNet aware, but such
>>>> nodes
>>>>>>      just support the DetNet transport layer.
>>>>>>
>>>>>> ... I could maybe assume that actually there can be "transit nodes"
>>>> that do not
>>>>>> require *any* sort of DetNet support or DetNet awareness. Is that
>>>> correct? I
>>>>>> think the architecture document has to be clear on such fundamental
>>>> questions.
>>>>>> The Introduction could be extended to clarify, e.g., the third
>>>> paragraph:
>>>>>> OLD:
>>>>>> A goal of DetNet is a converged network in all respects. That is,
>>>> the presence of
>>>>>> DetNet flows does not preclude non-DetNet flows, and the benefits
>>>> offered
>>>>>> DetNet flows should not, except in extreme cases, prevent existing
>>>> QoS
>>>>>> mechanisms from operating in a normal fashion, subject to the
>>>> bandwidth
>>>>>> required for the DetNet flows. A single source-destination pair can
>>>> trade both
>>>>>> DetNet and non-DetNet flows. End systems and applications need not
>>>>>> instantiate special interfaces for DetNet flows. Networks are not
>>>> restricted to
>>>>>> certain topologies; connectivity is not restricted. Any application
>>>> that generates
>>>>>> a data flow that can be usefully characterized as having a maximum
>>>> bandwidth
>>>>>> should be able to take advantage of DetNet, as long as the necessary
>>>> resources
>>>>>> can be reserved. Reservations can be made by the application itself,
>>>> via network
>>>>>> management, by an application’s controller, or by other means, e.g.,
>>>> a dynamic
>>>>>> control plane (e.g., [RFC2205]).
>>>>>>
>>>>>> NEW:
>>>>>> A goal of DetNet is a converged network in all respects. That is,
>>>> the presence of
>>>>>> DetNet flows does not preclude non-DetNet flows, and the benefits
>>>> offered
>>>>>> DetNet flows should not, except in extreme cases, prevent existing
>>>> QoS
>>>>>> mechanisms from operating in a normal fashion, subject to the
>>>> bandwidth
>>>>>> required for the DetNet flows. A single source-destination pair can
>>>> trade both
>>>>>> DetNet and non-DetNet flows. End systems and applications need not
>>>>>> instantiate special interfaces for DetNet flows. Networks are not
>>>> restricted to
>>>>>> certain topologies; connectivity is not restricted. Any application
>>>> that generates
>>>>>> a data flow that can be usefully characterized as having a maximum
>>>> bandwidth
>>>>>> should be able to take advantage of DetNet, as long as the necessary
>>>> resources
>>>>>> can be reserved. Reservations can be made by the application itself,
>>>> via network
>>>>>> management, by an application’s controller, or by other means, e.g.,
>>>> a dynamic
>>>>>> control plane (e.g., [RFC2205]). Network nodes supporting DetNet
>>>> flows have to
>>>>>> implement some of the DetNet capabilities (not necessarily all) in
>>>> order to treat
>>>>>> DetNet flows such that their QoS requirements are met.
>>>>>>
>>>>>> [ms] To me, the last sentence is not clear. Does "some of the DetNet
>>>> capabilities
>>>>>> (not necessarily all)" include e.g. vanilla traffic engineering? For
>>>> instance, if a
>>>>>> network node can ensure that the QoS requirements are met by
>>>> leveraging
>>>>>> existing standardized TE without any additional DetNet awareness, is
>>>> this
>>>>>> enough for deploying DetNet? Or does this node have to implement
>>>> additional
>>>>>> DetNet-specific functionality? Specifically, please explain if an
>>>> existing DetNet-
>>>>>> unaware router on the path taken by DetNet traffic can be used to
>>>> forward
>>>>>> DetNet traffic, or if it is mandatory that any router forwarding
>>>> DetNet traffic
>>>>>> indeed implements new capabilities specific to DetNet. In the latter
>>>> case, I think
>>>>>> the document would need to discuss incremental deployment strategies
>>>> as well.
>>>>>>> * It is surprising that there is hardly any discussion on network
>>>> robustness
>>>>>>> and safety; this probably also relates to security. For instance,
>>>>>>> misconfiguration or errors of functions performing packet
>>>> replication could
>>>>>>> severely and permantly congest a network and cause harm. How does
>>>> the DetNet
>>>>>>> architecture ensure that a network stays fully operational e.g. if
>>>> the topology
>>>>>>> changes or there are equipment failures? Probably this can be
>>>> solved by
>>>>>>> implementations (e.g., dynamic control plane), but why are
>>>> corresponding
>>>>>>> requirements not spelt out? Section 3.3.2 speculates that filters
>>>> and policers
>>>>>>> can help, and that may be true, but that probably still assumes
>>>> consistently
>>>>>>> and correctly configured (and well-behaving) devices. And Section
>>>> 3.3.2 is
>>>>>>> vague and mentions a "infinite variety of possible failures"
>>>> without stating
>>>>>>> any requirements or recommendations. There may be further
>>>> solutions, such as
>>>>>>> circuit breakers and the like. Why are such topics not discussed?
>>>>>> Security issues and considerations are addressed by the DetNet
>>>> Security
>>>>>> draft: https://datatracker.ietf.org/doc/draft-ietf-detnet-security.
>>>>>> Reference to the  DetNet Security draft will be added.
>>>>>>
>>>>>> There will be a document dedicated to Operations, Administration and
>>>>>> Maintenance (OAM), which will address operational, misconfiguration,
>>>> and
>>>>>> failure detection issues.
>>>>>>
>>>>>> The topology changes have to be solved by the control plane, either
>>>>>> centralized or distributed.
>>>>>>
>>>>>> The filters and policers described in Section 3.3.2 also provide
>>>>>> robustness by eliminating/mitigating traffic coming from
>>>> malfunctioning
>>>>>> devices.
>>>>>>
>>>>>> RFC2475 is recommended for traffic policing functions to increase
>>>>>> robustness.
>>>>>>
>>>>>> The text  in Section 3.3.2 could be made clearer, e.g., by updating
>>>> the
>>>>>> first paragraph to:
>>>>>>
>>>>>> OLD:
>>>>>> One key to building robust real-time systems is to reduce the
>>>>>> infinite variety of possible failures to a number that can be
>>>>>> analyzed with reasonable confidence. DetNet aids in the process by
>>>>>> allowing for filters and policers to detect DetNet packets received
>>>>>> on the wrong interface, or at the wrong time, or in too great a
>>>>>> volume, and to then take actions such as discarding the offending
>>>>>> packet, shutting down the offending DetNet flow, or shutting down
>>>> the
>>>>>> offending interface.
>>>>>>
>>>>>> NEW:
>>>>>> Robust real-time systems require to reduce the number of possible
>>>>>> failures. Filters and policers should be used in a DetNet network to
>>>>>> detect if DetNet packets are received on the wrong interface, or at
>>>>>> the wrong time, or in too great volume. Furthermore, filters and
>>>>>> policers can take action to discard offending packets or flows, or
>>>>>> trigger shutting down the offending DetNet flow, or shutting down
>>>>>> the offending interface.
>>>>>>
>>>>>> [ms] That does not address my concern. As I wrote already, I believe
>>>> this
>>>>>> document has to discuss the applicability of circuit breakers
>>>> according to RFC
>>>>>> 8084.
>>>>>>
>>>>>>> * Somewhat related, the document only looks at impact of failures
>>>> to the QoS of
>>>>>>> DetNet traffic. What is missing is a discussion how to protect non-
>>>> DetNet parts
>>>>>>> of a network from any harm caused by DetNet mechanisms. Solutions
>>>> to this
>>>>>>> probably exist. But why is the impact on non-DetNet traffic (e.g.,
>>>> in case of
>>>>>>> topology changes or failures of DetNet functions) not discussed at
>>>> all in the document?
>>>>>> Actually the regulation of DetNet traffic by polices and filters
>>>>>> protects both other DetNet traffic and non-DetNet traffic.
>>>>>>
>>>>>> Section 3.3.1 could be extended to make it clear, e.g., by extending
>>>> the
>>>>>> last paragraph:
>>>>>>
>>>>>> OLD:
>>>>>> Ideally, the net effect of the presence of DetNet flows in a network
>>>>>> on the non-DetNet packets is primarily a reduction in the available
>>>>>> bandwidth.
>>>>>>
>>>>>> NEW:
>>>>>> Traffic policing functions (e.g. [RFC2475]) are used to avoid the
>>>>>> starvation of non-DetNet traffic. Thus, the net effect of the
>>>> presence
>>>>>> of DetNet flows in a network on non-DetNet flows is primarily a
>>>>>> reduction in the available bandwidth.
>>>>>>
>>>>>> [ms] I believe a stronger wording is needed, e.g. along the lines of
>>>> "a DetNet
>>>>>> deployment must avoid starvation of non-DetNet traffic ...".
>>>>>>
>>>>>> [...]
>>>>>>
>>>>>>> * Section 4.4 refers to RFC 7426, which is an informational RFC on
>>>> IRTF stream,
>>>>>>> and the document uses the concepts introduced there (e.g.,
>>>> "planes"). This is
>>>>>>> very confusing. First, an IETF Proposed Standard should probably
>>>> refer to
>>>>>>> documents having IETF consensus. An example would be RFC 7491,
>>>> albeit there is
>>>>>>> other related work as well, e.g., in the TEAS WG. Second, Section
>>>> 4.4 is by and
>>>>>>> large decoupled from the rest of the document and not specific to
>>>> DetNet.
>>>>>>> Neither do other sections of the document refer to the concepts
>>>> introduced in
>>>>>>> Section 4.4, nor does Section 4.4 use the DetNet terminology or
>>>> discuss
>>>>>>> applicability to DetNet. Section 4.4 even mentions explicitly at
>>>> the end that
>>>>>>> it discusses aspects that are orthogonal to the DetNet
>>>> architecture. It is not
>>>>>>> at all clear why Section 4.4 is in this document. Section 4.4 could
>>>> be removed
>>>>>>> from the document without impacting the rest of the document.
>>>>>> The document should point out to traffic engineering and centralized
>>>>>> control plane aspects, so it is better to keep Section 4.4.
>>>>>>
>>>>>> RFC 7426 provides the full picture of SDN architecture, which needs
>>>> to
>>>>>> be referred from the DetNet architecture. No other RFC provides such
>>>>>> detailed picture. Therefore, we need to keep the reference to RFC
>>>> 7426,
>>>>>> which is an informative reference.
>>>>>>
>>>>>> [ms] I'll leave that up to the IESG to decide whether an IETF
>>>> proposed standard
>>>>>> should build an architecture based on research work instead of, say,
>>>> documents
>>>>>> with IETF consensus. As a side note, I believe the understanding in
>>>> industry what
>>>>>> "SDN architecture" really means and how it is implemented may have
>>>> evolved
>>>>>> since publication of IRTF RFC 7426, which was published in Jan.
>>>> 2015. For
>>>>>> instance, IRTF RFC 7426 does not discuss the implications of segment
>>>> routing,
>>>>>> BGP-LS, and other recent IETF techniques. And, based on what I read
>>>> in the
>>>>>> DetNet architecture, I believe DetNet could actually be implemented
>>>> without
>>>>>> any "SDN architecture", e.g. by distributed traffic engineering. As
>>>> a result, I don't
>>>>>> even understand the need to discuss "SDN".
>>>>>>
>>>>>> [ms] For the record: As TSV-ART reviewer, I question whether IRTF
>>>> RFC 7426 is
>>>>>> indeed an appropriate reference, I have doubts that IRTF RFC 7426 is
>>>> really up-
>>>>>> to-date, and I am concerned about the content quality of section
>>>> 4.4, e.g.,
>>>>>> regarding the lack of alignment with the rest of the document. The
>>>> IESG will
>>>>>> certainly have a better understanding that than me how to deal with
>>>> such topics.
>>>>>> The related work in TEAS is already referred to.
>>>>>>
>>>>>> [...]
>>>>>>
>>>>>>> Minor issues:
>>>>>>>
>>>>>>> * Terminology "DetNet transport layer"
>>>>>>>
>>>>>>> The term "transport layer" has a well-defined meaning in the IETF,
>>>> e.g.
>>>>>>> originating from RFC 1122. While "transport" and e.g. "transport
>>>> network" is
>>>>>>> used in the IETF for different technologies in different areas, I
>>>> think the
>>>>>>> term "transport layer" is typically understood to refer to
>>>> transport
>>>>>>> protocols such as TCP and UDP. As such, I personally find the term
>>>> "DetNet
>>>>>>> transport layer" misleading and confusing. The confusion is easy to
>>>> see e.g.
>>>>>>> in Figure 4, where UDP (which is a transport protocol as per RFC
>>>> 1122) sits
>>>>>>> on top of "transport".
>>>>>>>
>>>>>>> Based on the document it also may be solution/implementation
>>>> specific
>>>>>> whether
>>>>>>> the "DetNet transport layer" is actually a separate protocol layer
>>>> compared
>>>>>>> to the "DetNet service layer". Thus it is not clear to me why the
>>>> word
>>>>>>> "layer" has to be used, specifically in combination "transport
>>>> layer".
>>>>>>> To me as, the word "transport layer" (and "transport protocol")
>>>> should be
>>>>>>> used for protocols defined in TSV area, consistent with RFC 1122.
>>>> But this is
>>>>>>> probably a question to be sorted out by the IESG.
>>>>>> "transport" is used here as in "packet transport networks" not as
>>>> OSI L4
>>>>>> transport.
>>>>>>
>>>>>> [ms] At the risk of stating the obvious: The relevant section of RFC
>>>> 1122 defining
>>>>>> "transport layer" is entitled by "The Internet Architecture". And,
>>>> according e.g.
>>>>>> to RFC 5921, "packet transport network" is a term defined by ITU-T.
>>>> In an IETF
>>>>>> document, I believe IETF terminology should be used.
>>>>>>
>>>>>> I suggest to use the terms "DetNet transport sub-layer" and "DetNet
>>>>>> service sub-layer" throughout the document, which would hopefully
>>>> avoid
>>>>>> confusion.
>>>>>>
>>>>>> [ms] "DetNet transport sub-layer" somewhat solves my concern of
>>>> avoiding the
>>>>>> expression "transport layer". To really avoid confusion, I believe
>>>> it would be
>>>>>> better to avoid the ambiguous term "transport" altogether.  But I
>>>> will be fine if
>>>>>> all DetNet documents consistently avoid the term "transport layer".
>>>>>>
>>>>>> Michael
>>>>>> _______________________________________________
>>>>>> Tsv-art mailing list
>>>>>> Tsv-art@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/tsv-art
>>>>> _______________________________________________
>>>>> detnet mailing list
>>>>> detnet@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/detnet
>>>> _______________________________________________
>>>> Tsv-art mailing list
>>>> Tsv-art@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/tsv-art