IETF Logo Mail Archive

Re: [v6ops] 答复: FW: New Version Notification for draft-fioccola-spring-flow-label-alt-mark-01.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 08 November 2017 19:35 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56FB6129B70 for <v6ops@ietfa.amsl.com>; Wed, 8 Nov 2017 11:35:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2c49cwPPjhlF for <v6ops@ietfa.amsl.com>; Wed, 8 Nov 2017 11:35:16 -0800 (PST)
Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7755B129B71 for <v6ops@ietf.org>; Wed, 8 Nov 2017 11:35:16 -0800 (PST)
Received: by mail-pf0-x232.google.com with SMTP id b79so2455182pfk.5 for <v6ops@ietf.org>; Wed, 08 Nov 2017 11:35:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=oSDYnEOoC11G30KOzTv2o2e9itywI4UcqysIA3Y7S+o=; b=k0BmEA0el3PIR9SPKtQ1r2K0JnzJD8shpgSXX3xBQl8R78La9dytleIAVCkmcNLXZt HvlZZv5wrrw8ZtENJPx6eB54nHSqUVAvYov0dEdwpw6Jyj1NCwrKXhhVzArmIECeJ8CM MJUOrMhT9vWQVMb0GqYyQQj8kcM02zaTS+M/tEoRYYNFUk29bsUeQEo5V+JjH2si2TyG 9H74TKSmtt51cOtbDqmoQVmlxMn4w6+ZjLSJS/kn6LqcULaMoeGLU4xD3U5MMTPoinuD pECg/0JFeu9xjPVnwcsnrDDW4bQNoraSjpJJMOrUECT5PusN2zcJj/mIws6+NtFOx9Ix 4Jvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=oSDYnEOoC11G30KOzTv2o2e9itywI4UcqysIA3Y7S+o=; b=G/aD8063lbTQjPjILSkOtrIdFzu6TQnKc5K84b0oqlpst+OZ3Jp+uq64YGhLyY6Mos KZNCPiMDrDemHpSpQR+8WTSCkb5SDXy6WpO0BKEUNq6rLPsParcSkcZsgZp7ba1eCanr AfY4QEG6Z0ggTtNI14wSnNc6YvbMokemgm/6calQZIcLlEmOKRWtjVdTtW6YLkjrKIQz aULGyB8sm1WtbaljcQ/wT5I+6m2WiQKP/KDAUisZbTtOm96Kme7y+oltKN49ipIdJa4S 5GBZSEtfTMwMCIQTGL86w+tqY0ef3SMcH6dAHAh+kvCz8FtTFRt/f7ZJv5MxiLUbl19e pCcg==
X-Gm-Message-State: AJaThX5jg14EEb53pkc2lYjFZINvvzDi2Wm6ntwgPTcWWCBMqszJpPON CGTbUeloM1ek5iRgeM3M9BjYkg==
X-Google-Smtp-Source: ABhQp+ROFa3B5wNdisjP4dPrZfwwzu3THE9mjMSCBi/17NpkwSlgKWJue7vp1/t4cvJQFIHXiNf18g==
X-Received: by 10.84.233.8 with SMTP id j8mr1401699plk.311.1510169715585; Wed, 08 Nov 2017 11:35:15 -0800 (PST)
Received: from ?IPv6:2406:e001:3d21:1:28cc:dc4c:9703:6781? ([2406:e001:3d21:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id b10sm10231835pfk.20.2017.11.08.11.35.13 for <v6ops@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Nov 2017 11:35:14 -0800 (PST)
To: v6ops@ietf.org
References: <150902848277.24072.5918643353810761226.idtracker@ietfa.amsl.com> <AM5PR0701MB2836F062687C887AA96C915CE0510@AM5PR0701MB2836.eurprd07.prod.outlook.com> <CALx6S37H2RTc04Md-PpOUkzpuN09CDDMSRDY5bGer-NzEok2XQ@mail.gmail.com> <AM5PR0701MB28366E17E992406B6DD43150E0510@AM5PR0701MB2836.eurprd07.prod.outlook.com> <CALx6S34q-6QY-yu4W-S-Zz3zhHjEC6532d+FM7qb4uLbtMwfnA@mail.gmail.com> <1089D217-18B5-4439-8516-FC36687A2CFE@nokia.com> <CALx6S379kXsDgbAKs_dewwy3fOk3dORKpxOMbwb2cioB=xxN7w@mail.gmail.com> <9CB80455-11ED-4E3A-B6EB-0CCEBDE92EC4@nokia.com> <CALx6S34i0pF5XgxLhjWDNXtKrbKAzeOtCcdfXXAk6Ndd02b0yQ@mail.gmail.com> <008938C4-0861-4BF1-A265-6EE323742B19@nokia.com> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE30477C89@NKGEML515-MBS.china.huawei.com> <CALx6S35YGje61ew7cnomi2x1K=YV6=VXq4+VZCuJQH-fHhWVBA@mail.gmail.com> <199d8e92-a307-161b-175d-c1a762a0bef1@bogus.com> <CALx6S37JQv5zCgYNSbEHKRdNCpCtZjT2coVoM2UxwTTUaqNcbQ@mail.gmail.com> <3caffe52-7ace-8871-2585-bdb02a69ad56@bogus.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <ca2e0d66-1edd-bdb3-1923-55d49318b38c@gmail.com>
Date: Thu, 09 Nov 2017 08:35:17 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <3caffe52-7ace-8871-2585-bdb02a69ad56@bogus.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/14OER4wAN9kSHfmOf9EIvQ7bGcM>
Subject: Re: [v6ops] 答复: FW: New Version Notification for draft-fioccola-spring-flow-label-alt-mark-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 19:35:18 -0000

On 09/11/2017 07:16, joel jaeggli wrote:
> On 11/8/17 09:25, Tom Herbert wrote:
>> On Wed, Nov 8, 2017 at 8:16 AM, joel jaeggli <joelja@bogus.com> wrote:
>>> On 11/8/17 07:33, Tom Herbert wrote:
>>>> On Tue, Nov 7, 2017 at 11:57 PM, Xuxiaohu <xuxiaohu@huawei.com> wrote:
>>>>>
>>>>>
>>>>>> -----邮件原件-----
>>>>>> 发件人: v6ops [mailto:v6ops-bounces@ietf.org] 代表 Van De Velde, Gunter
>>>>>> (Nokia - BE/Antwerp)
>>>>>> 发送时间: 2017年11月8日 4:37
>>>>>> 收件人: Tom Herbert
>>>>>> 抄送: v6ops@ietf.org
>>>>>> 主题: Re: [v6ops] FW: New Version Notification for
>>>>>> draft-fioccola-spring-flow-label-alt-mark-01.txt
>>>>>>
>>>>>> In this case, the controlled domain reflects to the fact that it is operator choice
>>>>>> that grabs control of packet handling within its own network.
>>>>>> The operator adds through policy the outer SRv6 header. The operator has in
>>>>>> fact then three options regarding flow label:
>>>>>>
>>>>>> 1) Just do not do anything with Flow-label (leave it default)
>>>>>> 2) Alternate marking only and NO usage of entropy
>>>>>> 3) Alternate marking and entropy (in this case the entropy SHOULD be based
>>>>>> upon 18 bits instead of 20 bits because otherwise paths may be changed when
>>>>>> the marking changes (e.g. periods of 5 minutes per marking period) …. This is
>>>>>> however not a MUST because some operators do not care if because of marking
>>>>>> change.
>>>>>
>>>>> In option 3, it would require a few changes to the RFC6437-compatible behaviors of intermediate routers within a controlled network domain. Hence it seems better and safer to disable the FL-based load-balancing mechanism in this special case, especially when the existing load-balancing mechanism (e.g., five-tuple-based LB) is good enough, IMHO.
>>>>>
>>>> Five-tuple hash requires parsing into the transport layer to get the
>>>> ports. In the proposed use case there will be extension headers (at
>>>> least a routing header) so routers would need to parse over those.
>>>> It's unlikely that such parsing is consistently implemented and
>>>> besides that the whole point of using the flow label for ECMP is to
>>>> obviate the need for routers to perform DPI.
>>>
>>> The flow label is unprotected in the header which makes it hard to use
>>> to hash to stateful endpoints. it would be helpful if nothng ever
>>> changed it or did so consistently but in fact devices that do so exist.
>>>
>> Joel,
>>
>> The problem isn't at stateful endpoints, it's with middleboxes that
>> maintain flow state. The result of a flow label change at an endpoint
>> is OOO packets which any transport protocol is expected to gracefully
>> handle. A middlebox that maintains state expects all packets of the
>> flow to got through it, so if there is a flow label change (or other
>> routing change) packets for the flow may bypass the device (like a
>> firewall or NAT) with the flow state. It's likely they're forwarded
>> through a peer device that doesn't have any state for the flow and so
>> dropped packets ensue.
>>
>> This has created an implicit requirement on network architecture that
>> all packets of a flow need to follow the same path. From a host
>> perspective there are good reasons to change the flow label, for
>> instance we can modulate the the flow label for a failing connection
>> as a form of source routing to try for a better route through the
>> network. However, from a practical perspective I suppose the
>> recommendation should be that by default the flow label should be
>> constant for the lifetime of the flow.
> 
> 6437 says
> 
>    Once set to a non-zero value, the Flow Label is expected to be
>    delivered unchanged to the destination node(s).  A forwarding node
>    MUST either leave a non-zero flow label value unchanged or change it
>    only for compelling operational security reasons as described in
>    Section 6.1.
> 
> Disgusting get out of jail-free card not-withstanding that's
> unequivical. If It changes I cannnot use it for hashing in my load
> balancer function.

Sure. But if a local domain chooses to restrict itself to hashing
18 bits that's its privilege; we don't specify the hash algorithm.
And if the packet is forwarded outside the local domain, the other
two bits need to be set to consistent values for use on the outside.
I think the draft meets those conditions.

   Brian

v2.23.0 | Report a Bug | By Email