[sfc] AD review for draft-ietf-sfc-hierarchical-07
Martin Vigoureux <martin.vigoureux@nokia.com> Tue, 10 April 2018 10:11 UTC
Return-Path: <martin.vigoureux@nokia.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C08D127275; Tue, 10 Apr 2018 03:11:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xgz3Ya8MSzVM; Tue, 10 Apr 2018 03:11:18 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00108.outbound.protection.outlook.com [40.107.0.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AD85124B18; Tue, 10 Apr 2018 03:11:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HouEWjLe9h+41unfpvZYiwEAGUpROooH/mGHaoonKsA=; b=jMq1TBWTU3j7ny/N3jaww/lhta14aPz92i/kwrTehKESKIRhteLUuNrnO3Fq9gs5IO4vl5X96WtkGe7okZZgjZHgEmT66VRL5N7tfECf0kGeEKm8/LT3jR9S44uxdxdwbaG/9k3AW2lpwpAPTeLoBIn59vcxKNLQ8Ugm3QdES40=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=martin.vigoureux@nokia.com;
Received: from [IPv6:2a01:cb04:a1a:4c00:f443:6b8b:e1f8:5e65] (2a01:cb04:a1a:4c00:f443:6b8b:e1f8:5e65) by VI1PR0701MB2144.eurprd07.prod.outlook.com (2603:10a6:800:30::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.675.3; Tue, 10 Apr 2018 10:11:12 +0000
From: Martin Vigoureux <martin.vigoureux@nokia.com>
To: draft-ietf-sfc-hierarchical@ietf.org
Cc: "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, sarikaya@ieee.org, sfc@ietf.org
Message-ID: <49f64a48-cd4c-db01-7741-66f6c613c77d@nokia.com>
Date: Tue, 10 Apr 2018 12:11:04 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-Originating-IP: [2a01:cb04:a1a:4c00:f443:6b8b:e1f8:5e65]
X-ClientProxiedBy: PR0P264CA0048.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1::36) To VI1PR0701MB2144.eurprd07.prod.outlook.com (2603:10a6:800:30::13)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 632c8973-6aa4-4c48-abb6-08d59ecb6340
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:VI1PR0701MB2144;
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0701MB2144; 3:mdxU/aSuhq3D9v+ix4VteYkZz1ltehcMEQLOj4teOI2RrVA/ngmAo+BHQP29LBl9LjWRlFBpJEbTQRgNspxXCjBjBHsrdRtcUezEGYlfVns9N2o354QgV4zDbhDnVr3xxqihHCAHunRc+wAopz3AH3ibc6Y/HDbhogjRz+biLHQ15XXHIeSGIfgFavqOL6bx5ha2IuvTB8r3peiZHluVo09k004ZqaRKelqAmVHtj9IVtuSNlOwUb1katFMSb7vb; 25:wJf2P1Rs4AUjnjG3ivS9DZVbyq7gzSplCg/Tm5QZ7O+NPbtGaZ4+WOkbzx34jcdznB8A+TR9gLgBZ8XuBAmhzBwpBKIDJAI5mZWt/wY935wzNH1GtwycV8c2zfoMH2wc4Qs9kh3ySOuXaSHNxrHPpac4InRs5EfzIEiUzvrEdmj5hS3j6MzxiyP4uMJSAtPKlp41fgEdkparWtGkrvmstqBQ7/doXwoW9X33IPAvPOBVAtCKnTtL0h7BIfZzzK/cHDsVsQ6xn2DSA+qsJlbYWcLOOHVA6jVlqfbrjuDJQ9b0ZgDMhweIDTDtqTz/euJNgRWxng2SjYPk5Id1fIVvDw==; 31:nAWstggIVt8OO/Y01+clSbT/xvOsxZ++2hGuhavF97dSAOPXGdnofGFDXw0ahdZodSWhWGhko2yXZEPw9V3Y+E5zwcp8isCzwUXQY+n63Pkuqs6qc5i+DmTu5GiscAT1UtMLV1e4zDi+Ql/HIEqVyKRQijDsE/j8W7OWRNnw64zYj4SqMlcZKq3s0opD3fYGLmuVWasSj5MAcHZvdKuHgn+LFQDvm0vTp8ThDjNeRIA=
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2144:
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0701MB2144; 20:juj1Gi5GhqBx62vEmHaRB1ZsHpbH6ktuP4kAdl2FPYdaYKe2OuXke1HTEUFu1Gt5EqCrXT/VyCPi84Mtl942EdSM4yY5ra+wxSVfb4XydbJVvpX1l8ma5tdmcPTFUKYnbQuyJcGUfmlOorrkQTIG/yJiUTO7UUNAhBaGMug646Auqku2aafHGn4RmbL0QWpDSxzOWL8RJW6tf0cXg+Nj/5W4Uj4JSxk/dRUKZW+rHmcdkB1SQEhTR9G0/fk5QAmKdGRoZXGYo8lh4m49zlX/I0idjrLeQ3I+pfI/Eg+CYG7b7EWZ8CgfO10u4jgAecxRf71jCSsyGb9TjGevm2nbbvSv4UAl3GdZF3AfDZ6HVncwpQsqXZAKxG9w5NyXCiVswtRt1A4qtYpzx7UfI02Wh3HkgOS6knaw2NoFoLDDkdjOv0LfjsTRelYxtu2k1TMaVgWWL151cmwXUBUwlg9q9/blouI75YbX+gki7Vwvxh8gHSdYCm4q7VvVEzfZsKnu; 4:i47tqvq+dp9fh1OFmdKvxNycfIcoi5pymY6n64lt4TaEo5gW9IeZCQtRASQ1rMOQbxPFF+34pNuchu6iIxJcp3JVOvYZhwN2mVhL0yKT7Z3xSoA00Ru4ZDpjbe8mkGbMBXl4YBc4riI3Gv0IvJtnDPXebD+4eyUdd7+RuEHXV/Q6i3EHphTTVyB6U4wdQpId//fYsv0tGzdty1sVGajEEZ42z8d1bswb0U1x1HPnKyGfVA504KvIBuax4P4WEHtIaBdGpMmLkAyaMrlZMvI7Y+POjc65jXBkK6DadniDqLiJZ9wwY4WgbgZjbRd4Yiie
X-Microsoft-Antispam-PRVS: <VI1PR0701MB2144DA8C3AE6B972C91D63388CBE0@VI1PR0701MB2144.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231221)(11241501184)(806099)(944501327)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041310)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:VI1PR0701MB2144; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0701MB2144;
X-Forefront-PRVS: 0638FD5066
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(39860400002)(39380400002)(346002)(376002)(366004)(396003)(199004)(189003)(501624003)(54164003)(52146003)(2486003)(23676004)(2351001)(2361001)(6486002)(478600001)(7736002)(305945005)(67846002)(81166006)(81156014)(8676002)(8936002)(97736004)(86362001)(316002)(2616005)(52396003)(31696002)(65956001)(65806001)(58126008)(476003)(4326008)(561944003)(53936002)(1706002)(3260700006)(186003)(68736007)(6916009)(6666003)(50466002)(25786009)(52116002)(47776003)(59450400001)(386003)(36756003)(16526019)(2906002)(6116002)(31686004)(486006)(106356001)(5660300001)(230700001)(105586002)(64126003)(46003)(65826007); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR0701MB2144; H:[IPv6:2a01:cb04:a1a:4c00:f443:6b8b:e1f8:5e65]; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;VI1PR0701MB2144;23:s5Zi8E1F5ol9wwdgy+DyeSrEDSMSg+gMbNxzqtE0vcE/BxYJBoalgS4myfm5e/Xghzqug2gVTXKMAIkSMne87UX9bK5D04q3LikZTA7ID21VgzgBODYDCccXMXN/1gmCdRTA/6fHGxMQ7MfIR+AiWhWkahMRWmm45dHhjkOMKu7giKb6SkPfCHQCm3Bbl5vEqY1u/J/nQbX4I5mehfYc+D+/l3nZ3vLsH6T/MP92lquVblRI0N1Mxh6LrhYW6CePDSa08F5Qit6MtApmAexb3XX+YDBhLHQAJbGYPsTRVvuUQzAjNk3OcwEUPzsiYPC1vsVzE9c6jE04xso4rkJYE0KodxC5VfXMs3oiKIhd6MNDW7MocjVtiRuxFp+xChvrTgEaZSTKbRzHyRwwnrapUdNHn1vO7D8SjEoLdpTtCYXPQDqP6rh9LRgJLnsCS27FjcGXbakOlImfX7K2B6/NmCSjcRP6Y/UCEosTQ9wNOx9PnkIJiERgRgX8G3dIsi33osOeoKLj9gq+heCfAopoL/7FmVadfPZCJCFlCskymxrPYhvH5r7Re56SuJDHVQsXLiNaYR7jg3i2h3TBSQIJ6D8YP8O5CUi9FP+BVhhf8FxuGhFgapetx+CmzsvwUgnwEZ5W2oXYYmS8lGiKPq11w9n8ID7n+q4+HBiz6793omH1SJQC7nlqmSR9Mr/bH/WFompsWyv8gVBQnW7TDGAAQvUsOqXz40F9rJRhn8p4gf05ZkH15oEcHxSIfqg1IvEltIcEx5q17b6rIzen5EnDi4ZLtVBaqUNYc+Xc5Y7FbgxEMSHEgTkZQ9a5SYjOZ++hX2eWrw8BmHzI7WmWLI+fLFxveC4aXusT7je520Eqxh37volZtd8cG4adMNaGTfQnCP70RD7Boix+QqjxWDHlOlYdjoT9oaHJc3aif76t4d6I/qJXqmvwsgJxjBl1uJ13JA2wYz3tmaRjFAiNGDPSl8AhBzi3Jg/01o3ZqoMiXvLZblDrJiYVyL891C7RYzMR6tUdrlKDfamB0sNwBD0DvGKRcC2HARSEmNvQa5fNLu6yGaSW+aCSMhq9hvL7/LBvTBLQNiW4pTLtmSzWH7vCWHZszPxjB2U26Vbh6m5c6tSVZLnPf4U0rh8iYyqlR9nceea/nr86i6aAsypy+H57M7qwRTTVGTeuN6vcl3KAra1Kkas2LkrtFlpFhuUr8VW88LsRFxPIgqwuJDBYUHLRM8Xo8OmZZKD7DF81NHv5mfqM/x7MoWcAC/VQue6Tx2b2A44o9PRgBY5+BN/tn9eqcE0Jw5bUFNbvmgopLHdL+Ww+S3rijw5WCZLbEuUa8G7teBh914XE+914yjrcRE6pEWQR0lrudp7DEVfQ+0NKm6QLIBymWKhT8QuWKvLk50L1
X-Microsoft-Antispam-Message-Info: 7tjFDVrn7CkMy9M3qJ1wlXOYE5fiTOq9i6C6vsM7dXvRffOuigQ3LpIJPaucKOvPqY8+Ixl/Lc2f3axX5hXmU4isZcQI3RaxaoQHzYFOV/RZ9e75yHNGAenz3qM1zzv5GJR6arLlYTMjYvJWJKf2hT36IrHbf/FbrHCfPAuej3ZS/sTbNTU5jlqZeDQJGbTfkkvI3ydVmExKbeeCGErHFRFnH4WBzjkE9HCgHmKyrYenlpmxofV6ObvQHTx8m5QF
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0701MB2144; 6:plMedcQ4ksOGDhpEVUwJdpIc5ick12Yee2/KhJyb1jEisdMQdq4TMUikogyrR/hXqvSgaHwzM763qUIL3NWfjtobYVU316G0InFd4oY9x2Gqs2FXR8EqoM9kVw4Q1ATY/3t+pEuBzSrJs28ENQUMlCTPY/+Xm2dt2xhqP7V/jFK2xDpxc7ooYvM8AcbrrOE3X1zTklVnC1RW2dGk7/8QHKd8B95Dkgs8z7j10X59cB8xtklT11D+NTjCmjRdL6mxNSnphElKa4J2Eh+EM0J0Xq7pqB48WzuUWgtp5D6J06aasMe0oXZaK159vKM/SfgRnB1vvLc8oFRwNa1lAcdDwsU0Yd016Rk935CQTjKIPG0zJR+u0Yq48yuYkcoE4YcxZYV2C+wfnLpxLP+QF7VZ4NNLVzaODcY+YyzIY/DUnp6WsS6iK6j0bZn2OY0OhQXb5CyxVolMVmTkCTXHIufc0A==; 5:xE2yaZzveFdGGvfOqrUCaFni7M05tX0DUe2su9FbXeaYmJmA9H9nXgIY8MH4z4l94xNnuTuyH2cwTVwz02vsyh6b0rw59XKUFUfyoEqt9gJqnoWLn2LcKib+0iljySNbAz7doBTlxBJQJRNveAQlbUY76tkcoGc1dQWBs5j32hk=; 24:9lcVxONRIBIyzp6oZ2zjwT4SD1lyn4d5q7bq3nenc9wk+r/ks7dJR8Xdec6Ob4cTBxUVqJ3iX4qi4Xc0f8chjwXLiOp/1/uO85SJCb5ILOY=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0701MB2144; 7:dE2uzCPFnjptyntpiQ1/6VXmqCZCe3khhj8w6Xx5uOlESFt+JJ/DhevEE4MNuyDgkZiGDpZ48fRXuh70x99Np+qBWcmN22O1epi1xkwYrVo6S7L25h1ttS+Otfb+GmGDKRnMFphrllfnwCef8F/d/ixyRDtm6GS8aPOfxQRufiO6+PJBe4WDqaNe3C72hrD/uPXCVAW9AIxvufKU12eMEEkciYycFd+DWdqJCr8apjHbLWiy8K6qCfo3KVKY7eBL
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2018 10:11:12.2054 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 632c8973-6aa4-4c48-abb6-08d59ecb6340
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2144
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/-5_wdsYQC5e9r1tPemftIpN_yeA>
Subject: [sfc] AD review for draft-ietf-sfc-hierarchical-07
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2018 10:11:21 -0000
Hello, I have reviewed this document, thanks to all of you for putting it together. Please see my comments below. Thank you -m General: I am in two minds about this document and maybe because the document itself seems to not have clear intent. It is not clear whether this is simply describing what could be done or prescribing what should be done. I take the fact that this is an Informational document as leaning towards "description" but there are pieces of text which clearly look like prescriptive protocol/functional behaviour (although some are not detailed enough to allow for an implementation). I would really appreciate if the objective of this document could be clarified so that the reader knows what to expect. Also, I am not advocating for making this a Standard Track document as I believe it would require a lot of rework but on the other hand I am not sure how much help it provides to the persons that would want to use the concept of hierarchy when deploying SFC in a large domain, nor to those that would need to implement it before that. You'll find specific comments below but that bigger question remains. Also, the Shepherd write-up does not seem to follow the template. Any reason for that? I'd prefer if it was re-written according to the template. Thanks. Specific: Header: please write the submission date in the correct format 1. Introduction Service Function Chaining (SFC) is a technique for prescribing differentiated traffic forwarding policies within an SFC-enabled domain. I am concerned by the fact that this document seems to give another definition to SFC. I'm not saying this is wrong but I'd be much more comfortable if it was simply saying: The SFC architecture is described in detail in [RFC7665], and is not repeated here. This document simply uses that architecture. We assume that some Service Function Paths (SFPs) need to be selected on the basis of application-specific data visible to the network What are the security implications of this assumption? Can we remove that? I think SFC has had it's share of security related discussions. So instead of considering a single SFC Control Plane ([I-D.ietf- sfc-control-plane]) I'd prefer not to reference a document which has been abandoned by the WG Decomposing a network into multiple SFC-enabled domains should permit end-to-end visibility of SFs and SFPs. Is that a wishful outcome or a requirement? The criteria for decomposing a domain into multiple SFC-enabled sub-domains are beyond the scope of this document. These criteria are deployment-specific. While I understand this statement, it kind of defeats a good part of the purpose of the document, doesn't it? 2. Hierarchical Service Function Chaining (hSFC) A hierarchy has multiple levels: the top-most level encompasses the entire network domain to be managed, and lower levels encompass portions of the network. These levels are discussed in the following sub-sections. Should it always be like that or is that just a way and there could be other ways? Can we have more-than-two-levels hierarchies or should they all be top-and-lower? 2.1. Top Level This section describes at length the figure/example but what are the take-aways? Considering the example depicted in Figure 1, a top-level network domain includes SFC data plane components distributed over a wide area, including: o Classifiers (CFs), o Service Function Forwarders (SFFs) and o Sub-domains. Is that an illustrative way to partition the components (e.g., CFs and SFFs part of the top-level) or is that the recommended way? We expect the system to include a top-level control plane having responsibility for configuring forwarding policies and traffic classification rules (see for example, [I-D.ietf-sfc-control-plane]). again, I'd prefer not to reference this doc. More generally, is that needed? I don't think so. 2.2. Lower Levels Same general comment than 2.1. Also, in this section you largely discuss the IBN, which is in fact only introduced after. 3. Internal Boundary Node (IBN) This is the core of the proposal, in my opinion, but it comes very late in the document. If you don't want to rearchitect the whole document you should at least have some text (a sentence at bare minimum) early in the document that says something like : we introduce the concept of an IBN which acts as the gateway between the levels of the hierarchy. We also discuss the options for realizing this function. 3.1.x Is there a recommended way of doing IBN Path Configuration out of the 5 listed? 4. Sub-domain Classifier Another goal of the hierarchical approach is to simplify the mechanisms of scaling in and scaling out SFs. All of the complexities of load-balancing among multiple SFs can be handled within a sub-domain, under control of the classifier, allowing the higher-level domain to be oblivious to the existence of multiple SF instances. I don't see the simplification here. You hide the complexity to the higher level, but it remains in the lower one, doesn't it? 9.1 Please remove: Generic security considerations related to the control plane are discussed in [I-D.ietf-sfc-control-plane]. These considerations apply for both high-level and low-level domains. Nits: s/NSH [RFC8300] or a similar/NSH [RFC8300] or a similar/ One path is shown from edge classifier to SFF1 to Sub-domain#1 (residing in data-center1) to SFF1 to SFF2 (residing in data-center 2) to Sub-domain#2 to SFF2 to network egress. Shouldn't this text be taken out of the figure and integrated in the body of the doc?
- [sfc] AD review for draft-ietf-sfc-hierarchical-07 Martin Vigoureux
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Behcet Sarikaya
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Dave Dolson
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Dave Dolson
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Martin Vigoureux