IETF Logo Mail Archive

Re: [v6ops] Flow Label Load Balancing

Tom Herbert <tom@herbertland.com> Wed, 25 November 2020 22:13 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC0ED3A1EE9 for <v6ops@ietfa.amsl.com>; Wed, 25 Nov 2020 14:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gOq58t1weDd3 for <v6ops@ietfa.amsl.com>; Wed, 25 Nov 2020 14:13:27 -0800 (PST)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC1433A1ED4 for <v6ops@ietf.org>; Wed, 25 Nov 2020 14:13:26 -0800 (PST)
Received: by mail-ej1-x632.google.com with SMTP id lt17so4642853ejb.3 for <v6ops@ietf.org>; Wed, 25 Nov 2020 14:13:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WxdQiywIPlAyDaIo00bMFE94JVqujKhxjM2KopTZ6Mg=; b=E8CBiwMuIw3ttPfv0pyd7ev5NZBQjwN3T1CSOIreCT5esXuu14bAdfqYyWodpbV444 feo9IKDzxEKJMk9w59Quz9dvy+C+LqqAkpUxqTLjD/F7uwxcmMDBB+GTSHSqpICirOAM SJzgEBX3LX1EBPpDMPle4tvLCLQ7GHnC84//CVoO8p72FdLo9qywcj8Q5npJBhxxX+Sq J+YK45z+CJU2hIrBzIcuK6+CRzfMo7mQRd49Wz0HJRHjQ6X/Hm3WS5/bY6mX0WyTXjAJ s7nrf5G9N06+GrvQZI6zNLs7sgUfFCqTkurJ1fKV9yD5lL4RgUvGB2IR1rWzJj4Ouxts 1P9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WxdQiywIPlAyDaIo00bMFE94JVqujKhxjM2KopTZ6Mg=; b=gntiF4/XHnUK6qQJgHUFM4FDl6qJ8KGE7K2Dpi+o0zNVdo0JlAW26kPdDNL3RT1x6E 4uKpSg7nbiGCrh+hMOR0iu21p1mLBn8aly5Dn4MWqWnA6t8YO/ZKjxvYVoHaPUiT/lui Gd3rdVt7YDpqjB8w0I+OX6ZYiEMs2ivaY+Z1fViZAOkJqT4oiocVxU6id07xus9zYEUZ bEmb9uRzlMG20fCKdqP8L43QiTT0+44odPpKVlvLLGGlrhnqxKipQJz3+4gPFv/WMucH 4AxaK/UZADHrwMle6hrLgrvrOWYzqnMtoGhDr/1zowrDh4edpRku5hTzBuZJDogMdtyq 0KMA==
X-Gm-Message-State: AOAM533iqrccyso3PGZftLQFZ/gzC9J/6KLEOP0NrMY9qH1dLPwcLa6n 3GpsDaFFHY3sxGoRKW9UjIv8pGMWTj1bg4s0BYIDFg==
X-Google-Smtp-Source: ABdhPJwuken19hAvQqUqHZreGho/udbFEVyecKPAEhXbyr+FG36vuGUBMU0z+Zw4yvdKvEBXtZ+4peX1pZWhGpj7a34=
X-Received: by 2002:a17:906:180b:: with SMTP id v11mr79086eje.41.1606342403708; Wed, 25 Nov 2020 14:13:23 -0800 (PST)
MIME-Version: 1.0
References: <CAEGSd=DY8t8Skor+b6LSopzecoUUzUZhti9s0kdooLZGxPEt+w@mail.gmail.com> <d29042a7-742b-a445-cf60-2773e5515ae5@gont.com.ar> <CALx6S37+1duoNGR3dZWesHsZvx15kX9wCWufPMh=esvMaSMF_g@mail.gmail.com> <63e7aad3-7094-7492-dbe4-3eefb5236de3@gont.com.ar> <CALx6S37t4jump6S-R5_xdo5DF+RnHtT4rU5-RuiC-2GQ0PXxkQ@mail.gmail.com> <239c4b67-1d9a-da00-7bb0-52019be1b7c1@joelhalpern.com> <CALx6S34uSAne_LyhrWDcjkR5p7MO6ggm_Ua_h+6nkX41S=Ge=A@mail.gmail.com> <a8aad80c-1a4b-4a86-4c13-7391e8513049@joelhalpern.com>
In-Reply-To: <a8aad80c-1a4b-4a86-4c13-7391e8513049@joelhalpern.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 25 Nov 2020 14:13:11 -0800
Message-ID: <CALx6S36xYADqNrPp1A_Ohx48d7SdV2oFOgVFVV+y_tDbGQG6ug@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: IPv6 Operations <v6ops@ietf.org>, tcpm <tcpm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005c70cc05b4f5bcdb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/jLvNQX0F8Uxzjzle70uPt-F4UHM>
Subject: Re: [v6ops] Flow Label Load Balancing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 22:13:31 -0000

Joel, is there a normative definition of a flow?

On Wed, Nov 25, 2020, 1:27 PM Joel M. Halpern <jmh@joelhalpern.com> wrote:

> No, as Brian says, there are escape clauses in the flow definitions.
>
> But changing the flow label due to traffic problems does not correspond
> to packets being in actually different flows.
> If one were using UDP, and mixing loss sensitive packets with loss
> insensitive packets for a special application, sure, one could use two
> flow labels.  But that is not what you are describing.
>
> Yours,
> Joel
>
> On 11/25/2020 3:05 PM, Tom Herbert wrote:
> > Joel,
> >
> > Is there an RFC that clearly and unambiguously states that a host MUST
> > use the same flow label for the lifetime _and_ clearly defines exactly
> > what a flow is with respect to such a requirement (for instance, how
> > would you define a flow and enforce such a requirement in UDP? IPsec?
> > other encapsulations?). If there is such a requirement then we'll
> > change the code to be conformant.
> >
> > Tom
> >
> > On Wed, Nov 25, 2020 at 12:39 PM Joel M. Halpern <jmh@joelhalpern.com>
> wrote:
> >>
> >> This kind of thing is why, as I understand it, MPTCP has discovery
> >> mechanisms ot know if both sides use it, and can select alternative
> >> addresses for communication.
> >>
> >> Trying to guess flow labels that might avoid a problem because it might
> >> be an ECMP problem, is just flailing about.  Not a good design for
> >> operational protocols.
> >>
> >> And in general, designing protocols around "I know exactly what is going
> >> on"  (the requirement for what you describe that goes well beyond just
> >> "limited domains") is also a recipe for failure.
> >>
> >> The Flow Label RFCs are actually very explicit that a flow label is
> >> supposed to be stable for the life of the flow.  Otherwise, it isn't a
> >> flow label.
> >>
> >> Yours,
> >> Joel
> >>
> >> On 11/25/2020 2:35 PM, Tom Herbert wrote:
> >>> Hi Fernando, comments in line...
> >>>
> >>> On Wed, Nov 25, 2020 at 12:13 AM Fernando Gont <fernando@gont.com.ar>
> wrote:
> >>>>
> >>>> Hi, Tom,
> >>>>
> >>>> On 24/11/20 16:43, Tom Herbert wrote:
> >>>> [....]
> >>>>> Modulating the flow label is a means to affect the routing of packets
> >>>>> through the network that uses flow labels as input to the ECMP hash.
> >>>>
> >>>> What's the point?
> >>>>
> >>>> 1) You cannot tell *if* the FL is being used.
> >>>>
> >>> Generally true, but in a limited domain this information could be
> >>> discerned. I'd note that it's also generally true that we don't know
> >>> if there is a load balancer or stateful firewall in the path that
> >>> requires consistent routing, but in a limited domain we could know
> >>> that also.
> >>>
> >>>> 2) Changing the FL does not necessarily mean that packets will employ
> a
> >>>> different link.
> >>>
> >>> It's an opportunistic mechanism. If a connection is failing and we get
> >>> a better path that fixes it by simply changing the flow label then
> >>> what's the harm?
> >>>
> >>>>
> >>>> 3) If the network is failing, shouldn't you handle this via routing?
> >>>>
> >>> Sure, but then that requires an out of band feedback loop from a TCP
> >>> implementation to the network infrastructure to indicate there is a
> >>> problem and then the network needs to respond. That's significant
> >>> infrastructure and higher reaction time than doing something in TCP
> >>> and IP. Think of modulating the flow label is an inexpensive form of
> >>> source routing within a limited domain that doesn't need any
> >>> infrastructure or heavyweight protocols or something like segment
> >>> routing.
> >>>
> >>>>
> >>>>
> >>>>> The basic idea is that the flow label associated with a connection is
> >>>>> randomly changed when the stack observes that the connection is
> >>>>> failing (e.g. and an RTO). There is nothing in the specs that
> prevents
> >>>>> this since the source is at liberty to set the flow label as it sees
> >>>>> fit.
> >>>>
> >>>> The FL is expected to remain constant for the life of a flow. A
> >>>> retransmitted packet is part of the same flow as the
> >>>> originally-transmitted packet. So this seems to be contradicting the
> >>>> very specification of the FL.
> >>>>
> >>>> For instance, If a RTO for a flow causes the FL to change, then one
> may
> >>>> possibly argue that the FL is not naming/labeling what is
> said/expected
> >>>> to be anming/labeling.
> >>>
> >>> Specifically, RFC6437 states:
> >>>
> >>> "It is therefore RECOMMENDED that source hosts support the flow label
> >>> by setting the flow label field for all packets of a given flow to the
> >>> same value chosen from an approximation to a discrete uniform
> >>> distribution."
> >>>
> >>> So that is clearly a just recommendation, and not a requirement (and
> >>> definitely not a MUST). Furthermore, RFC6437 states:
> >>>
> >>> "A forwarding node MUST either leave a non-zero flow label value
> >>> unchanged or change it only for compelling operational security
> >>> reasons as described in Section 6.1."
> >>>
> >>> So there's no guarantee in the protocol specs that flow labels are
> >>> consistent for the life of the connection, which means that the
> >>> network cannot assume that and thus it would be incorrect if the
> >>> network tried to enforce flow label consistency as a protocol
> >>> requirement. As I said, it is prudent to try to be consistent with
> >>> flow labels and the default behavior in Linux should be changed,
> >>> however I do not believe there's a valid claim of non-conformance that
> >>> motivates removal of the feature that is already deployed.
> >>>
> >>> Tom
> >>>
> >>>
> >>>
> >>>
> >>>>
> >>>>
> >>>>
> >>>>> The feature is useful in large datacenter networks, like
> >>>>> pparently Facebook where the patches originate, since information
> >>>>> discerned by TCP can opportunistically be applied to route selection.
> >>>>> The practical issue is that there are stateful devices like firewalls
> >>>>> that require consistent routing in the network in which case changing
> >>>>> the flow label can confuse them. As I mentioned, the original intent
> >>>>> was that the flow label randomization feature should be opt-in
> instead
> >>>>> of on by default.
> >>>>
> >>>> So... where is the "source" of the packet that would be "modulating"
> the FL?
> >>>>
> >>>> Thanks,
> >>>> --
> >>>> Fernando Gont
> >>>> e-mail: fernando@gont.com.ar || fgont@si6networks.com
> >>>> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> >>>>
> >>>>
> >>>>
> >>>
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >>>
>

v2.23.0 | Report a Bug | By Email