On 8/6/19, 8:15 AM, "Joe Clarke (jclarke)" <[email protected]> wrote:
> On Aug 5, 2019, at 18:29, Gray, Andrew A <[email protected]> wrote:
>
> Joe,
>
> Thanks for your review and comments. Responses in-line.
>
> On 8/5/19, 3:20 PM, "Joe Clarke (jclarke)" <[email protected]> wrote:
>
>> On Aug 5, 2019, at 10:45, Gray, Andrew A <[email protected]> wrote:
>>
>> Hello opsawg,
>>
>> I spoke to a number of IETF folks at IETF 105, along with Tianran and
Ignas (who I thank for their feedback and suggestions), and it was decided that
opsawg would be the best place to at least start the conversations about a new
draft I am proposing, as detailed below.
>>
>> I document several use cases in the draft, but the short version is we
are wanting to standardize a method for different vendors to handle ASIC-level
replication of packets, to a remote server, including any and all information
that ASIC may have about the packet, along with at least part of the payload,
with a configurable sampling rate and filtering capabilities.
>>
>> Some things on my TODO list for it still:
>>
>> 1. I want to take a closer look at Flowspec rule definition, and see if
that can be adequately encoded here. It looks like the YANG model for Flowspec
rules was draft-wu-idr-flowspec-yang-cfg but that has since expired.
>> 2. I'm planning on talking at NANOG 77 in Austin with other operators to
see if there's additional use cases and how much appetite there is.
>> 3. I'm talking with a couple vendors about implementations - there is
interest here about it as well.
>>
>> I am sending out the -00 version of this draft and very much welcome
comments and feedback.
>
> Hello, Andrew. I’ve read through this draft, and I have a few
comments. I put it up in GitHub to make it a bit easier. In addition to your
TODO, I know Cisco proposed ERSPAN to the IETF a few years ago, but I do not
know what the discussion was around that
(https://tools.ietf.org/html/draft-foschiano-erspan-03). Conceptually, your
idea seems very similar. It is perhaps worth exploring what happened with that
work.
>
> [AG] ERSPAN doesn't include the potentially useful information the ASIC
has about the packets (i.e. what it's going to do with it, what the receive
timestamp was). That draft seems to only standardize a single encapsulation -
my desire is to get as much information out of the forwarding ASICs as
possible, in whatever format works best for the chipset, but still allow
interop with different receiving packets.
It seems like the ASIC bit blends with what IOAM is doing. In fact, the
“framework” you describe might incorporate work like
https://tools.ietf.org/html/draft-spiegel-ippm-ioam-rawexport-02 with the
exception that it is using IPFIX for export (which is more overhead than you
want). My overarching point is that there is similar work, and it sounds like
you’re making the right connections to understand what is out there.
[AG] Yes - there are a number of drafts that are doing different things, but we
have the two requirements of getting at least partial packet payloads and
wanting the information the forwarding ASIC has (i.e. being able to catch
packets the ASIC would normally drop) that seems at this point to be different
enough to warrant a new doc.
>
> More to the contents of your doc, you have it marked informational,
but you mention a few times about standardizing the interactions between
components. You’re not standardizing as much as you’re defining a specific
interaction.
>
> [AG] True - it started as informational but has become more standards
track - will update.
Well, for a standards track, you would have to determine an encap. And
then it might be worth breaking out the encap from the YANG module.
[AG] The encap I have proposed in the document is a simple UDP tunnel. I
pondered adding GRE in it, but I at least don't have a great use case that GRE
solves that a basic UDP tunnel doesn't.
>
> In
https://github.com/xorrkaz/ietf-docs/blob/master/draft-gray-sampled-streaming-00#L195
you mention NETCONF explicitly. Why can’t this be done with RESTCONF, gRPC,
etc.?
>
> [AG] Good point - it very well could be. I suppose that could be
reworded to be more as an example.
>
> In
https://github.com/xorrkaz/ietf-docs/blob/master/draft-gray-sampled-streaming-00#L249,
why must a Client re-query? This seems like telemetry would be ideal to
update the Client about configuration changes to the stream.
>
> [AG] The re-query is basically the response to the initial configuration
request - in effect the client pushes part of the configuration (the desired
filters and such), and the Replicator fills in the rest (what the resulting
packet format will be, based on ASIC or location or capability or
what-have-you). Telemetry seems a bit overkill for what was intended to be a
single re-pull, but I am open to input?
There has been examples of using YANG push as a way push config and then
look to see what is actually applied. This seems to fit in that paradigm of
use case.
>
>
https://github.com/xorrkaz/ietf-docs/blob/master/draft-gray-sampled-streaming-00#L298,
are these bit widths or byte? Either way, they seem too short for things like
an interface-ref list. If it is bit width, then it wouldn’t even be long
enough for a list of actions.
>
> [AG] Those are bits, and it's an example of the resulting data format -
the actual format returned by the device could be whatever bit width is
desirable for it. A few reviewers have thought that packet header and table
are requirements - I added "example" language to a few different places to try
and fix that, but apparently it's still too easy to assume those listings are
the requirements.
I did understand that this was an example. My point is that I don’t see
how this is a feasible example. Based on your description of the fields, I
couldn’t rationalize how they are used or how they would look. How could a
8-bit field present a list of interface-refs?
[AG] The trick here is there's a mapping provided back in the "filled in
response" portion that gets re-queried (stream-format/port-mappings). This
(hypothetically) says "a value of 20 in the data stream means interface-ref 72,
a value of 33 means interface-ref 73, a value of 97 means interface-ref 74" or
whatever works best. An ASIC could say this is 32 bits or what-have-you
instead, but the full mapping is provided by the control plane in the filled in
response portion describing the data structure.
>
https://github.com/xorrkaz/ietf-docs/blob/master/draft-gray-sampled-streaming-00#L309,
if this is 24 bytes, that seems excessive for two 32-bit integers. If it’s
bits, it’s not long enough.
>
> [AG] See previous comment.
>
> I have other more typographical comments at
https://github.com/xorrkaz/ietf-docs/commit/7a849d2b12cd2dff151654f3ef37a87ac870a452#diff-580cadc3568cc3a979bb37410222e08b
.
>
> [AG] I'll roll those in - I'm working from a .xml version and separate
.yang file, then regenerating the .txt using xml2rfc (but I can't quite upload
the .xml as I use a <xi:include href="[email protected]"
parse="text" /> to have the parser pull in the separate yang file for
formatting. I can upload those to the Git repository and use those for work,
if that's easier?
As I said in unicast, I think if you could spin up your own repo, it would
be easier to add comments/issues or PRs.
[AG] Thanks for that advice - I have done so at
https://github.com/AGray-Charter/ietf-work and welcome comments/feedback there
as well.
Additionally, as a co-chair, I’d like to add that it is always good to see
operators presenting work to the IETF that would make their lives easier. I
appreciate you bringing this discussion to opsawg.
[AG] Thanks - this is a problem we see coming up on us very soon, generally
with the next generation of platforms where the forwarding/data plane has so
far surpassed the control plane that we will need to rethink how we're doing
data analytics. It's one of the use cases I mention in the draft (and the
strong desire to standardize how this works as opposed to everyone doing their
own thing), so we're pretty motivated to get traction here.
Joe
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for
the addressee(s) and may contain confidential and/or legally privileged
information. If you are not the intended recipient of this message or if this
message has been addressed to you in error, please immediately alert the sender
by reply e-mail and then delete this message and any attachments. If you are
not the intended recipient, you are notified that any use, dissemination,
distribution, copying, or storage of this message or any attachment is strictly
prohibited.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
