Bob --
Thanks for taking the time to explain the history and rationale of Table
3 to me. I'm going to clear my DISCUSS based on this explanation, since
it seems that the technical solution in the document is correct, if a
bit non-obvious. Some additional comments inline.
[For those of you who did not see Bob's response: it appears that my
original DISCUSS email did not reach him, so he replied to a reduced
audience. I have restored the traditional IESG review distribution to
this email. For this reason, I am eliding less of Bob's response than I
usually would]
On 2/20/18 12:51 PM, Bob Briscoe wrote:
On Thu, Feb 8, 2018 at 2:15 PM, Adam Roach
<[email protected] <mailto:[email protected]>> wrote:
On 2/8/18 11:53 AM, Donald Eastlake wrote:
Hi Adam,
On Wed, Feb 7, 2018 at 8:12 PM, Adam Roach
<[email protected] <mailto:[email protected]>> wrote:
> Adam Roach has entered the following ballot position for
> draft-ietf-trill-ecn-support-05: Discuss
>
> ...
>
>
----------------------------------------------------------------------
> DISCUSS:
>
----------------------------------------------------------------------
>
> Thanks to the authors, chairs, shepherd, and working
group for the effort that
> has been put into this document.
>
> I have concerns about some ambiguity and/or
self-contradiction in this
> specification, but I suspect these should be easy to
fix. In particular, the
> behavior defined in Table 3 doesn't seem to be
consistent with the behavior
> described in the prose.
>
> For easy reference, I've copied Table 3 here:
>
>>
+---------+----------------------------------------------+
>> | Inner | Arriving TRILL 3-bit ECN
Codepoint Name |
>> | Native
+---------+------------+------------+----------+
>> | Header | Not-ECT | ECT(0) | ECT(1)
| CE |
>>
+---------+---------+------------+------------+----------+
>> | Not-ECT | Not-ECT | Not-ECT(*) | Not-ECT(*)
| <drop> |
>> | ECT(0) | ECT(0) | ECT(0) | ECT(1)
| CE |
>> | ECT(1) | ECT(1) | ECT(1)(*) | ECT(1)
| CE |
>> | CE | CE | CE | CE(*) |
CE |
>>
+---------+---------+------------+------------+----------+
>>
>> Table 3. Egress ECN Behavior
>>
>> An asterisk in the above table indicates a
currently unused
>> combination that SHOULD be logged. In contrast to
[RFC6040], in TRILL
>> the drop condition is the result of a valid
combination of events and
>> need not be logged.
>
> The prose in this document indicates:
>
> 1. Ingress gateway either copies the native header
value to the TRILL ECN
> codepoint (resulting in any of the four values
above) or doesn't insert
> any ECN information in the TRILL header.
>
> 2. Intermediate gateways can set the CCE flag,
resulting in "CE" in the
> table above.
>
> Based on the above, a packet arriving at an egress
gateway can only be in one of
> the following states:
>
> A. TRILL header is Not-ECT because no TRILL node
inserted ECN information.
>
> B. TRILL header value == Native header value
because the ingress gateway
> copied it from native to TRILL.
>
> C. TRILL header is "CE" because an intermediate
node indicated congestion.
Sort of... But note that the TRILL header ECN bit s
can indicate non-ECT while the CCE bit is set making
the overall TRILL Header "CE".
Right. That's part of case C. My states above assume
application of Table 2 has already taken place.
> If that's correct, I would think that any state
other than those three needs
> to be marked with an (*). In particular, these two
states fall into that
> classification, and seem to require an asterisk:
[BB] These states are not tagged (*) cos they can arise with variants
of ECN marking behaviour referred to in Section 4 (explained beneath
each bullet below). By design (explained further below), a consistent
encap and decap behaviour is intended to support all variants of ECN,
because subnet ingress and egress nodes will very probably be deployed
independently of each other and of intermediate nodes and/or L4 endpoints.
Nonetheless, you're right that this is completely non-obvious to a
reader coming to this new. So let's change the text:
CURRENT:
An asterisk in the above table indicates a currently unused
combination that SHOULD be logged. In contrast to [RFC6040
<https://tools.ietf.org/html/rfc6040>], in TRILL
the drop condition is the result of a valid combination of events and
need not be logged.
SUGGESTED
An asterisk in the above table indicates a combination that is currently
unused in all variants of ECN marking (see Section 4) and therefore
SHOULD be logged. In contrast to [RFC6040
<https://tools.ietf.org/html/rfc6040>], in TRILL
the drop condition is the result of a valid combination of events and
need not be logged.
Thanks. That definitely helps; but see my comments below.
>
> - Native==CE && TRILL==ECT(0)
[BB] You have indeed highlighted an awkward wrinkle here - we could
have tagged this combination with '(*)', cos it is strictly currently
unused by trill. However, I'm going to argue against a '(*)'...
My explanation starts with some history: Back in 2001 when ECN in IP
was first defined [RFC3168], an IP-in-IP tunnel ingress set the outer
to ECT(0) if ECN in the native header was anything but Not-ECT (0b00).
This was intended to close off a perceived covert channel in IPsec.
However, since then the security area agreed that this added
over-paranoid complexity. So, since [RFC6040] an IP-in-IP tunnel
ingress now just copies the native ECN to the outer, and TRILL ECN
follows this new simpler model.
Altho this spec does not allow a TRILL ingress RBrIdge to exhibit the
old IP-in-IP legacy behaviour, I think it best not to tag this
combination as 'currently unused'. Because, wherever possible, we want
trill's ECN encap and decap to mimic IP-in-IP (a principle explained
further down this email).
A more specific reason: there is already a congestion monitoring
technique being proposed that fakes the legacy IP-in-IP behaviour to
measure congestion across a tunnel
(draft-ietf-tsvwg-tunnel-congestion-feedback). Before it becomes an
RFC, I wouldn't be surprised if that draft gets extended from IP-in-IP
to IP-in-TRILL and other L2 protocols as well. If that likely event
happened, we would have to update this trill-ecn spec to remove the
'(*)' again. In the mean time, there's little harm in not logging a
combination that is not harmful, even tho it is stricty 'currently
unused'.
(sry about the triple negative!)
This is a great explanation. I understand the risks of putting
forward-looking speculation in RFCs, but could I convince you to at
least explain in the document that the reason for this state not being
considered out of the ordinary is to mimic legacy IP-in-IP ECN behavior?
Any acknowledgement of why this case is being treated the way it is
would be sufficient to prevent implementors from deciding that the table
is wrong.
>
> - Native==ECT(0) && TRILL==ECT(1)
[BB] The standards track PCN variant of ECN [RFC6660] uses ECT(1) as a
lower severity of congestion notification than CE. Hence the asymmetry
where a native ECT(0) header can have an ECT(1) outer, but not vice versa.
As with the case above, it would be good (inasmuch as it would serve to
un-confuse implementors) to include an explanation that this case makes
sense due to RFC 6660's handling of ECT(0) versus ECT(1). Such a comment
would also address my concern quoted below.
I would defer to my co-author Bob Briscoe but it looks
to me like you have a good point.
Thanks; I'll wait to hear from Bob.
> In addition, the behavior this table defines for Native==ECT(0) &&
TRILL==ECT(1)
> is somewhat perplexing: for this case, the value in
the TRILL header takes
> precedence; however, when Native==ECT(1) &&
TRILL==ECT(0) the Native header
> takes precedence. Or, put another way, this table
defines ECT(1) to always
> override ECT(0). I don't find any prose in here to
indicate why this needs to be
> treated differentially, so I'm left to conclude that
this is a typographical
> error. If that's not the case, please add motivating
text to Table 3 explaining
> why ECT(1) is treated differently than ECT(0) for
baseline ECN behavior.
As noted in Section 4.1, there is an ECN variation
where ECT(0) just indicates ECT while ECT(1) indicates
congestion of a lesser severity level has been
encountered than that indicated by CE. I believe the
dominance of ECT(1) over ECT(0) is designed to not
interfere with this variation.
Yes, and section 4 opens with the explanation that
"Section 3 specifies interworking between TRILL and the
original standardized form of ECN in IP [RFC3168]."
Beyond that, I wouldn't expect any of the text in
non-normative section 4 or its subsections to have
bearing on the normative table in Section 3.
[BB]
* PCN is standards track, hence PCN-specific combinations are not
tagged 'currently unused' in (normative) Section 3.
* L4S is experimental track, but it doesn't use any different
combinations of ECN than standard ECN, so it doesn't alter the CU
asterisks in section 3.
Section 4 is informative, only because it doesn't define the protocol
spec; it merely explains how the normative spec in Section 3 allows
for ECN variants (whether stds track or experimental).
Thanks. The answer to this that I find compelling is your explanation
below about RFC 6040's relative ordering of ECN markings, which I think
should be at least mentioned in passing here.
My reading of RFC 8311 is that it contemplates a series
of experiments beyond those currently under
development. It may well be that the current
experiments consider ECT(1) to have a higher severity
than ECT(0), but that this may not make sense for
future experiments. Even if it does, I don't see
guidance in RFC 8311 (or any other update to RFC 3168)
that suggests such a relationship between ECT(0) and
ECT(1) exists.
As above, the possibility that ECT(1) is a higher severity than ECT(0)
is already on the standards track (PCN [RFC6660]).
As far as possible, we want trill subnet endpoints to follow the same
ECN behaviour as IP-in-IP tunnel endpoints [RFC6040]. The explicitly
stated philosophy of RFC6040 and [ECNencapGuide] (which is referred to
from the Intro to this trill spec), is for respectively all tunnel
endpoints and subnet endpoints to have the same mechanical, dumb ECN
behaviour, whatever the variant of ECN in use. Because in the
incrementally deployed public Internet, one cannot know what tunnels
and subnets might be encountered across different paths.
On top of this (as implied by the existence of section
4), the TRILL handling for ECN will need to vary from
experiment to experiment. It seems reasonable that part
of this variability would include different mapping of
ECN bits by the egress gateway.
Nope. By design, all variants of ECN use the same encap and decap
behaviours, otherwise they would be undeployable to all intents and
purposes. Perhaps we should make that clearer in this sentence
introducing Section 4:
CURRENT:
The ECN wire protocol for TRILL (Section 2
<https://tools.ietf.org/html/draft-ietf-trill-ecn-support-05#section-2>) has been designed to
support the other known variants of ECN,
SUGGESTED:
The ECN wire protocol for TRILL (Section 2
<https://tools.ietf.org/html/draft-ietf-trill-ecn-support-05#section-2>) and the ingress (Section 3.1)
and egress (Section 3.3) ECN behaviours have been designed to
support the other known variants of ECN,
This sounds good. It might be worth mentioning that this behavior is
intended to also be forward-compatible with future ECN variants, as long
as they conform to RFC 6040's notion of relative codepoint priorities.
Basically, I see two ways this can be resolved,
although I'm happy to hear alternatives so long as they
end up with the ECN and TRILL documents being in a
consistent and future-proof state:
Approach 1: Revise Table 3 so that ECT(0) and ECT(1)
are treated the same (i.e., pick one of "TRILL header
wins" or "Native header wins" -- I would suggest
"Native header wins," for maximal compatibility with
older ECN clients but I'm not dogmatic on this point),
and then include a normative statement that allows RFC
8311 experiments to override this mapping as makes
sense for their design.
Approach 2: Leave the table as is, but add an
explanation of why ECT(1) is given preferential
treatment over ECT(0).
[BB] I hope you're happy with the additional text I've suggested for
why Table 3 was like it was. In summary, consistency with IP-in-IP is
paramount wherever possible.
That's exactly what the additional text should say. :) I don't see that
in your current proposal.
Add a normative dependency from this document to a new
document that updates RFC 8311 to add a requirement
that any experiments that treat ECT(0) differently than
ECT(1) MUST be designed such ECT(0) always indicates a
lower severity of congestion than ECT(1). I presume
that this new document would need to be done in
coordination with TSVWG.
[BB] That's already catered for in [RFC6040] (stds track) for
IP-in-IP, quoting:
o In all other cases where the inner supports ECN, the decapsulator
MUST set the outgoing ECN field to the more severe marking of the
outer and inner ECN fields, where the ranking of severity from
highest to lowest is CE, ECT(1), ECT(0), Not-ECT. This in no way
precludes cases where ECT(1) and ECT(0) have the same severity;
and in [ECNencapGuide] (intended BCP) for IP-in-any-L2, quoting:
4. Congestion indications may be encoded by a severity level. For
instance increasing levels of congestion might be encoded by
numerically increasing indications, e.g. pre-congestion
notification (PCN) can be encoded in each PDU at three severity
levels in IP or MPLS [RFC6660 <https://tools.ietf.org/html/rfc6660>].
If the arriving inner header is an ECN-PDU, where the inner and
outer headers carry indications of congestion of different
severity, the more severe indication SHOULD be forwarded in
preference to the less severe.
I think Approach 1 is more straightforward, but if
there's a feeling in the working group that we need
default egress behavior that is forwards-compatible
with yet-undesigned experiments, then I think Approach
2 is what you need.
/a
The way ECN encap & decap has been designed already follows your
'approach 2'; where the same consistent behaviour at all encaps and
decaps can be exploited in both backward and forward compatible ways.
Given your explanation above, I agree that such is the case. I think
including enough of that explanation that implementors don't find
themselves double-guessing the specification in Table 3 would ultimately
aid in interoperability.
Indeed, here's proof that this forward compatibility is not just
theoretical...
L4S came along after all this, and required drop probability to be the
square of the marking probability, but only for one of the ECN
codepoints. We managed to contrive the marking behaviour of an
intermediate trill RBridge that supports L4S so that any trill egress
will achieve this precise squaring, even an egress without any ECN or
L4S logic, and no squaring logic either (see Appendix A).
Cheers, and thx again for noticing all this.
Bob
_______________________________________________
trill mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trill
