IETF Logo Mail Archive

Re: [v6ops] Flow Label Load Balancing

Tom Herbert <tom@herbertland.com> Wed, 25 November 2020 20:05 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84DDA3A1C69 for <v6ops@ietfa.amsl.com>; Wed, 25 Nov 2020 12:05:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UQq9vBSH6zgN for <v6ops@ietfa.amsl.com>; Wed, 25 Nov 2020 12:05:16 -0800 (PST)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 396E53A1CAC for <v6ops@ietf.org>; Wed, 25 Nov 2020 12:05:13 -0800 (PST)
Received: by mail-ej1-x629.google.com with SMTP id oq3so4737855ejb.7 for <v6ops@ietf.org>; Wed, 25 Nov 2020 12:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fcooyIZCSMch3fTbFOLokrdujEjrdUAGttzOwcEB5tU=; b=IqGI+/ARxrRXUbowuvoNX4o+J1DVc/2mFsiy30gS02MSOOWJxSDrHcPzIA46kw6+Z4 yAVGqY7AZ2Bd9AjlncwVe/sbiYLOOP55H+3VHa90yXDQi7ErrSMNUvCs8xtd0osm192G KvmxVo5Ynf4Lx7EyOGljQ5hkk9O1AZifcChgS7LA+DqbGP5mWD/Kv8qxzSzcAdETwYh+ G9e0T+5w8c2elNOkFC+5AIuvd5EIY2NXpKVrHwYL0rt3STPlexoZBfyDMwXUWSMwArIo Ws7maAAyxKLVExWTWpV+6WOBqCJ7pUTmQTYrzyEWMYakPRwsSwCMeHF428CkEbaprZp1 ti8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fcooyIZCSMch3fTbFOLokrdujEjrdUAGttzOwcEB5tU=; b=HHwHNUEGDc2epTuIb5qqorGM2BlDgochTL/4lMz4H3k/NJ8y0e0xK0ivLhCqPutdnV vSUIc8eSwlHN5PGa/P7Cb288meMwmpS9jRUOgsja5+d7EiLrPCY4bhPpLmpQ/uqeTysy 3ZJI5yVzTglyEgsY7pu9aILeoC9pFKNGuDIsTl4ump0R+5e//rrYId0iqIs/CWESf6mg i6n3IcocfruapRGTbz5cftQPEiI/M5lYA5BqjLGiQtK+DHQXCedJhsNwteioGw7di2TU Y1vJOxYRalgjWfsWEuzKVxuG2BM8yar5+9h63vKumMb8lvwn1PitZwN79ZZFzgg/07Oa uaeQ==
X-Gm-Message-State: AOAM531eo0Vi3Y6o5nodawNTyQIpkGY04FYXMwt3667g5MRLDDGqAvFa o2dpC3F1ZIKSGyfo7oznd+bqoAO07bLp+oy1kiUSYLeCpmk=
X-Google-Smtp-Source: ABdhPJwx/znQ66iAKYmdAJEV4MnLbSaRZ1ZT/TpKPYbZpXPm7wOw19C9hZH7ijmbZM/ujPfIVZxHUjuyl2jFhYvWPCY=
X-Received: by 2002:a17:906:3294:: with SMTP id 20mr4584338ejw.239.1606334711385; Wed, 25 Nov 2020 12:05:11 -0800 (PST)
MIME-Version: 1.0
References: <CAEGSd=DY8t8Skor+b6LSopzecoUUzUZhti9s0kdooLZGxPEt+w@mail.gmail.com> <d29042a7-742b-a445-cf60-2773e5515ae5@gont.com.ar> <CALx6S37+1duoNGR3dZWesHsZvx15kX9wCWufPMh=esvMaSMF_g@mail.gmail.com> <63e7aad3-7094-7492-dbe4-3eefb5236de3@gont.com.ar> <CALx6S37t4jump6S-R5_xdo5DF+RnHtT4rU5-RuiC-2GQ0PXxkQ@mail.gmail.com> <239c4b67-1d9a-da00-7bb0-52019be1b7c1@joelhalpern.com>
In-Reply-To: <239c4b67-1d9a-da00-7bb0-52019be1b7c1@joelhalpern.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 25 Nov 2020 13:05:00 -0700
Message-ID: <CALx6S34uSAne_LyhrWDcjkR5p7MO6ggm_Ua_h+6nkX41S=Ge=A@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: IPv6 Operations <v6ops@ietf.org>, tcpm <tcpm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/vCnV2VsjnRhMZ17xgdMWFVVwDaM>
Subject: Re: [v6ops] Flow Label Load Balancing
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 20:05:23 -0000

Joel,

Is there an RFC that clearly and unambiguously states that a host MUST
use the same flow label for the lifetime _and_ clearly defines exactly
what a flow is with respect to such a requirement (for instance, how
would you define a flow and enforce such a requirement in UDP? IPsec?
other encapsulations?). If there is such a requirement then we'll
change the code to be conformant.

Tom

On Wed, Nov 25, 2020 at 12:39 PM Joel M. Halpern <jmh@joelhalpern.com> wrote:
>
> This kind of thing is why, as I understand it, MPTCP has discovery
> mechanisms ot know if both sides use it, and can select alternative
> addresses for communication.
>
> Trying to guess flow labels that might avoid a problem because it might
> be an ECMP problem, is just flailing about.  Not a good design for
> operational protocols.
>
> And in general, designing protocols around "I know exactly what is going
> on"  (the requirement for what you describe that goes well beyond just
> "limited domains") is also a recipe for failure.
>
> The Flow Label RFCs are actually very explicit that a flow label is
> supposed to be stable for the life of the flow.  Otherwise, it isn't a
> flow label.
>
> Yours,
> Joel
>
> On 11/25/2020 2:35 PM, Tom Herbert wrote:
> > Hi Fernando, comments in line...
> >
> > On Wed, Nov 25, 2020 at 12:13 AM Fernando Gont <fernando@gont.com.ar> wrote:
> >>
> >> Hi, Tom,
> >>
> >> On 24/11/20 16:43, Tom Herbert wrote:
> >> [....]
> >>> Modulating the flow label is a means to affect the routing of packets
> >>> through the network that uses flow labels as input to the ECMP hash.
> >>
> >> What's the point?
> >>
> >> 1) You cannot tell *if* the FL is being used.
> >>
> > Generally true, but in a limited domain this information could be
> > discerned. I'd note that it's also generally true that we don't know
> > if there is a load balancer or stateful firewall in the path that
> > requires consistent routing, but in a limited domain we could know
> > that also.
> >
> >> 2) Changing the FL does not necessarily mean that packets will employ a
> >> different link.
> >
> > It's an opportunistic mechanism. If a connection is failing and we get
> > a better path that fixes it by simply changing the flow label then
> > what's the harm?
> >
> >>
> >> 3) If the network is failing, shouldn't you handle this via routing?
> >>
> > Sure, but then that requires an out of band feedback loop from a TCP
> > implementation to the network infrastructure to indicate there is a
> > problem and then the network needs to respond. That's significant
> > infrastructure and higher reaction time than doing something in TCP
> > and IP. Think of modulating the flow label is an inexpensive form of
> > source routing within a limited domain that doesn't need any
> > infrastructure or heavyweight protocols or something like segment
> > routing.
> >
> >>
> >>
> >>> The basic idea is that the flow label associated with a connection is
> >>> randomly changed when the stack observes that the connection is
> >>> failing (e.g. and an RTO). There is nothing in the specs that prevents
> >>> this since the source is at liberty to set the flow label as it sees
> >>> fit.
> >>
> >> The FL is expected to remain constant for the life of a flow. A
> >> retransmitted packet is part of the same flow as the
> >> originally-transmitted packet. So this seems to be contradicting the
> >> very specification of the FL.
> >>
> >> For instance, If a RTO for a flow causes the FL to change, then one may
> >> possibly argue that the FL is not naming/labeling what is said/expected
> >> to be anming/labeling.
> >
> > Specifically, RFC6437 states:
> >
> > "It is therefore RECOMMENDED that source hosts support the flow label
> > by setting the flow label field for all packets of a given flow to the
> > same value chosen from an approximation to a discrete uniform
> > distribution."
> >
> > So that is clearly a just recommendation, and not a requirement (and
> > definitely not a MUST). Furthermore, RFC6437 states:
> >
> > "A forwarding node MUST either leave a non-zero flow label value
> > unchanged or change it only for compelling operational security
> > reasons as described in Section 6.1."
> >
> > So there's no guarantee in the protocol specs that flow labels are
> > consistent for the life of the connection, which means that the
> > network cannot assume that and thus it would be incorrect if the
> > network tried to enforce flow label consistency as a protocol
> > requirement. As I said, it is prudent to try to be consistent with
> > flow labels and the default behavior in Linux should be changed,
> > however I do not believe there's a valid claim of non-conformance that
> > motivates removal of the feature that is already deployed.
> >
> > Tom
> >
> >
> >
> >
> >>
> >>
> >>
> >>> The feature is useful in large datacenter networks, like
> >>> pparently Facebook where the patches originate, since information
> >>> discerned by TCP can opportunistically be applied to route selection.
> >>> The practical issue is that there are stateful devices like firewalls
> >>> that require consistent routing in the network in which case changing
> >>> the flow label can confuse them. As I mentioned, the original intent
> >>> was that the flow label randomization feature should be opt-in instead
> >>> of on by default.
> >>
> >> So... where is the "source" of the packet that would be "modulating" the FL?
> >>
> >> Thanks,
> >> --
> >> Fernando Gont
> >> e-mail: fernando@gont.com.ar || fgont@si6networks.com
> >> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> >>
> >>
> >>
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
> >

v2.23.0 | Report a Bug | By Email