Re: [v6ops] Flow Label Load Balancing
Tom Herbert <tom@herbertland.com> Wed, 25 November 2020 22:13 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC0ED3A1EE9 for <v6ops@ietfa.amsl.com>; Wed, 25 Nov 2020 14:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gOq58t1weDd3 for <v6ops@ietfa.amsl.com>; Wed, 25 Nov 2020 14:13:27 -0800 (PST)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC1433A1ED4 for <v6ops@ietf.org>; Wed, 25 Nov 2020 14:13:26 -0800 (PST)
Received: by mail-ej1-x632.google.com with SMTP id lt17so4642853ejb.3 for <v6ops@ietf.org>; Wed, 25 Nov 2020 14:13:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WxdQiywIPlAyDaIo00bMFE94JVqujKhxjM2KopTZ6Mg=; b=E8CBiwMuIw3ttPfv0pyd7ev5NZBQjwN3T1CSOIreCT5esXuu14bAdfqYyWodpbV444 feo9IKDzxEKJMk9w59Quz9dvy+C+LqqAkpUxqTLjD/F7uwxcmMDBB+GTSHSqpICirOAM SJzgEBX3LX1EBPpDMPle4tvLCLQ7GHnC84//CVoO8p72FdLo9qywcj8Q5npJBhxxX+Sq J+YK45z+CJU2hIrBzIcuK6+CRzfMo7mQRd49Wz0HJRHjQ6X/Hm3WS5/bY6mX0WyTXjAJ s7nrf5G9N06+GrvQZI6zNLs7sgUfFCqTkurJ1fKV9yD5lL4RgUvGB2IR1rWzJj4Ouxts 1P9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WxdQiywIPlAyDaIo00bMFE94JVqujKhxjM2KopTZ6Mg=; b=gntiF4/XHnUK6qQJgHUFM4FDl6qJ8KGE7K2Dpi+o0zNVdo0JlAW26kPdDNL3RT1x6E 4uKpSg7nbiGCrh+hMOR0iu21p1mLBn8aly5Dn4MWqWnA6t8YO/ZKjxvYVoHaPUiT/lui Gd3rdVt7YDpqjB8w0I+OX6ZYiEMs2ivaY+Z1fViZAOkJqT4oiocVxU6id07xus9zYEUZ bEmb9uRzlMG20fCKdqP8L43QiTT0+44odPpKVlvLLGGlrhnqxKipQJz3+4gPFv/WMucH 4AxaK/UZADHrwMle6hrLgrvrOWYzqnMtoGhDr/1zowrDh4edpRku5hTzBuZJDogMdtyq 0KMA==
X-Gm-Message-State: AOAM533iqrccyso3PGZftLQFZ/gzC9J/6KLEOP0NrMY9qH1dLPwcLa6n 3GpsDaFFHY3sxGoRKW9UjIv8pGMWTj1bg4s0BYIDFg==
X-Google-Smtp-Source: ABdhPJwuken19hAvQqUqHZreGho/udbFEVyecKPAEhXbyr+FG36vuGUBMU0z+Zw4yvdKvEBXtZ+4peX1pZWhGpj7a34=
X-Received: by 2002:a17:906:180b:: with SMTP id v11mr79086eje.41.1606342403708; Wed, 25 Nov 2020 14:13:23 -0800 (PST)
MIME-Version: 1.0
References: <CAEGSd=DY8t8Skor+b6LSopzecoUUzUZhti9s0kdooLZGxPEt+w@mail.gmail.com> <d29042a7-742b-a445-cf60-2773e5515ae5@gont.com.ar> <CALx6S37+1duoNGR3dZWesHsZvx15kX9wCWufPMh=esvMaSMF_g@mail.gmail.com> <63e7aad3-7094-7492-dbe4-3eefb5236de3@gont.com.ar> <CALx6S37t4jump6S-R5_xdo5DF+RnHtT4rU5-RuiC-2GQ0PXxkQ@mail.gmail.com> <239c4b67-1d9a-da00-7bb0-52019be1b7c1@joelhalpern.com> <CALx6S34uSAne_LyhrWDcjkR5p7MO6ggm_Ua_h+6nkX41S=Ge=A@mail.gmail.com> <a8aad80c-1a4b-4a86-4c13-7391e8513049@joelhalpern.com>
In-Reply-To: <a8aad80c-1a4b-4a86-4c13-7391e8513049@joelhalpern.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 25 Nov 2020 14:13:11 -0800
Message-ID: <CALx6S36xYADqNrPp1A_Ohx48d7SdV2oFOgVFVV+y_tDbGQG6ug@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: IPv6 Operations <v6ops@ietf.org>, tcpm <tcpm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005c70cc05b4f5bcdb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/jLvNQX0F8Uxzjzle70uPt-F4UHM>
Subject: Re: [v6ops] Flow Label Load Balancing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 22:13:31 -0000
Joel, is there a normative definition of a flow? On Wed, Nov 25, 2020, 1:27 PM Joel M. Halpern <jmh@joelhalpern.com> wrote: > No, as Brian says, there are escape clauses in the flow definitions. > > But changing the flow label due to traffic problems does not correspond > to packets being in actually different flows. > If one were using UDP, and mixing loss sensitive packets with loss > insensitive packets for a special application, sure, one could use two > flow labels. But that is not what you are describing. > > Yours, > Joel > > On 11/25/2020 3:05 PM, Tom Herbert wrote: > > Joel, > > > > Is there an RFC that clearly and unambiguously states that a host MUST > > use the same flow label for the lifetime _and_ clearly defines exactly > > what a flow is with respect to such a requirement (for instance, how > > would you define a flow and enforce such a requirement in UDP? IPsec? > > other encapsulations?). If there is such a requirement then we'll > > change the code to be conformant. > > > > Tom > > > > On Wed, Nov 25, 2020 at 12:39 PM Joel M. Halpern <jmh@joelhalpern.com> > wrote: > >> > >> This kind of thing is why, as I understand it, MPTCP has discovery > >> mechanisms ot know if both sides use it, and can select alternative > >> addresses for communication. > >> > >> Trying to guess flow labels that might avoid a problem because it might > >> be an ECMP problem, is just flailing about. Not a good design for > >> operational protocols. > >> > >> And in general, designing protocols around "I know exactly what is going > >> on" (the requirement for what you describe that goes well beyond just > >> "limited domains") is also a recipe for failure. > >> > >> The Flow Label RFCs are actually very explicit that a flow label is > >> supposed to be stable for the life of the flow. Otherwise, it isn't a > >> flow label. > >> > >> Yours, > >> Joel > >> > >> On 11/25/2020 2:35 PM, Tom Herbert wrote: > >>> Hi Fernando, comments in line... > >>> > >>> On Wed, Nov 25, 2020 at 12:13 AM Fernando Gont <fernando@gont.com.ar> > wrote: > >>>> > >>>> Hi, Tom, > >>>> > >>>> On 24/11/20 16:43, Tom Herbert wrote: > >>>> [....] > >>>>> Modulating the flow label is a means to affect the routing of packets > >>>>> through the network that uses flow labels as input to the ECMP hash. > >>>> > >>>> What's the point? > >>>> > >>>> 1) You cannot tell *if* the FL is being used. > >>>> > >>> Generally true, but in a limited domain this information could be > >>> discerned. I'd note that it's also generally true that we don't know > >>> if there is a load balancer or stateful firewall in the path that > >>> requires consistent routing, but in a limited domain we could know > >>> that also. > >>> > >>>> 2) Changing the FL does not necessarily mean that packets will employ > a > >>>> different link. > >>> > >>> It's an opportunistic mechanism. If a connection is failing and we get > >>> a better path that fixes it by simply changing the flow label then > >>> what's the harm? > >>> > >>>> > >>>> 3) If the network is failing, shouldn't you handle this via routing? > >>>> > >>> Sure, but then that requires an out of band feedback loop from a TCP > >>> implementation to the network infrastructure to indicate there is a > >>> problem and then the network needs to respond. That's significant > >>> infrastructure and higher reaction time than doing something in TCP > >>> and IP. Think of modulating the flow label is an inexpensive form of > >>> source routing within a limited domain that doesn't need any > >>> infrastructure or heavyweight protocols or something like segment > >>> routing. > >>> > >>>> > >>>> > >>>>> The basic idea is that the flow label associated with a connection is > >>>>> randomly changed when the stack observes that the connection is > >>>>> failing (e.g. and an RTO). There is nothing in the specs that > prevents > >>>>> this since the source is at liberty to set the flow label as it sees > >>>>> fit. > >>>> > >>>> The FL is expected to remain constant for the life of a flow. A > >>>> retransmitted packet is part of the same flow as the > >>>> originally-transmitted packet. So this seems to be contradicting the > >>>> very specification of the FL. > >>>> > >>>> For instance, If a RTO for a flow causes the FL to change, then one > may > >>>> possibly argue that the FL is not naming/labeling what is > said/expected > >>>> to be anming/labeling. > >>> > >>> Specifically, RFC6437 states: > >>> > >>> "It is therefore RECOMMENDED that source hosts support the flow label > >>> by setting the flow label field for all packets of a given flow to the > >>> same value chosen from an approximation to a discrete uniform > >>> distribution." > >>> > >>> So that is clearly a just recommendation, and not a requirement (and > >>> definitely not a MUST). Furthermore, RFC6437 states: > >>> > >>> "A forwarding node MUST either leave a non-zero flow label value > >>> unchanged or change it only for compelling operational security > >>> reasons as described in Section 6.1." > >>> > >>> So there's no guarantee in the protocol specs that flow labels are > >>> consistent for the life of the connection, which means that the > >>> network cannot assume that and thus it would be incorrect if the > >>> network tried to enforce flow label consistency as a protocol > >>> requirement. As I said, it is prudent to try to be consistent with > >>> flow labels and the default behavior in Linux should be changed, > >>> however I do not believe there's a valid claim of non-conformance that > >>> motivates removal of the feature that is already deployed. > >>> > >>> Tom > >>> > >>> > >>> > >>> > >>>> > >>>> > >>>> > >>>>> The feature is useful in large datacenter networks, like > >>>>> pparently Facebook where the patches originate, since information > >>>>> discerned by TCP can opportunistically be applied to route selection. > >>>>> The practical issue is that there are stateful devices like firewalls > >>>>> that require consistent routing in the network in which case changing > >>>>> the flow label can confuse them. As I mentioned, the original intent > >>>>> was that the flow label randomization feature should be opt-in > instead > >>>>> of on by default. > >>>> > >>>> So... where is the "source" of the packet that would be "modulating" > the FL? > >>>> > >>>> Thanks, > >>>> -- > >>>> Fernando Gont > >>>> e-mail: fernando@gont.com.ar || fgont@si6networks.com > >>>> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > >>>> > >>>> > >>>> > >>> > >>> _______________________________________________ > >>> v6ops mailing list > >>> v6ops@ietf.org > >>> https://www.ietf.org/mailman/listinfo/v6ops > >>> >
- [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Joel M. Halpern
- Re: [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Joel M. Halpern
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [v6ops] [tcpm] Flow Label Load Balancing Yuchung Cheng
- Re: [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] Flow Label Load Balancing Mark Smith
- Re: [v6ops] Flow Label Load Balancing Joseph Touch
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] Flow Label Load Balancing Mark Smith
- Re: [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] [tcpm] Flow Label Load Balancing Alexander Azimov
- Re: [v6ops] [tcpm] Flow Label Load Balancing Michael Tuexen
- Re: [v6ops] [tcpm] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] [tcpm] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] [tcpm] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] [tcpm] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] [tcpm] Flow Label Load Balancing Erik Kline
- Re: [v6ops] [tcpm] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] [tcpm] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] [tcpm] Flow Label Load Balancing Fernando Gont
- Re: [v6ops] [tcpm] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] [tcpm] Flow Label Load Balancing Brian E Carpenter
- Re: [v6ops] [tcpm] Flow Label Load Balancing Tom Herbert
- Re: [v6ops] [tcpm] Flow Label Load Balancing Fernando Gont