Bob --
Thanks for taking the time to explain the history and rationale
of Table 3 to me. I'm going to clear my DISCUSS based on this
explanation, since it seems that the technical solution in the
document is correct, if a bit non-obvious. Some additional
comments inline.
[For those of you who did not see Bob's response: it appears that
my original DISCUSS email did not reach him, so he replied to a
reduced audience. I have restored the traditional IESG review
distribution to this email. For this reason, I am eliding less of
Bob's response than I usually would]
On 2/20/18 12:51 PM, Bob Briscoe wrote:
On Thu, Feb 8, 2018 at 2:15 PM, Adam Roach
<a...@nostrum.com <mailto:a...@nostrum.com>> wrote:
On 2/8/18 11:53 AM, Donald Eastlake wrote:
Hi Adam,
On Wed, Feb 7, 2018 at 8:12 PM, Adam Roach
<a...@nostrum.com <mailto:a...@nostrum.com>> wrote:
> Adam Roach has entered the following ballot
position for
> draft-ietf-trill-ecn-support-05: Discuss
>
> ...
>
>
----------------------------------------------------------------------
> DISCUSS:
>
----------------------------------------------------------------------
>
> Thanks to the authors, chairs, shepherd, and
working group for the effort that
> has been put into this document.
>
> I have concerns about some ambiguity and/or
self-contradiction in this
> specification, but I suspect these should be
easy to fix. In particular, the
> behavior defined in Table 3 doesn't seem to be
consistent with the behavior
> described in the prose.
>
> For easy reference, I've copied Table 3 here:
>
>>
+---------+----------------------------------------------+
>> | Inner | Arriving TRILL 3-bit ECN
Codepoint Name |
>> | Native
+---------+------------+------------+----------+
>> | Header | Not-ECT | ECT(0) | ECT(1)
| CE |
>>
+---------+---------+------------+------------+----------+
>> | Not-ECT | Not-ECT | Not-ECT(*) | Not-ECT(*)
| <drop> |
>> | ECT(0) | ECT(0) | ECT(0) | ECT(1)
| CE |
>> | ECT(1) | ECT(1) | ECT(1)(*) | ECT(1)
| CE |
>> | CE | CE | CE | CE(*) | CE |
>>
+---------+---------+------------+------------+----------+
>>
>> Table 3. Egress ECN Behavior
>>
>> An asterisk in the above table indicates a
currently unused
>> combination that SHOULD be logged. In
contrast to [RFC6040], in TRILL
>> the drop condition is the result of a valid
combination of events and
>> need not be logged.
>
> The prose in this document indicates:
>
> 1. Ingress gateway either copies the native
header value to the TRILL ECN
> codepoint (resulting in any of the four values
above) or doesn't insert
> any ECN information in the TRILL header.
>
> 2. Intermediate gateways can set the CCE
flag, resulting in "CE" in the
> table above.
>
> Based on the above, a packet arriving at an
egress gateway can only be in one of
> the following states:
>
> A. TRILL header is Not-ECT because no TRILL
node inserted ECN information.
>
> B. TRILL header value == Native header value
because the ingress gateway
> copied it from native to TRILL.
>
> C. TRILL header is "CE" because an
intermediate node indicated congestion.
Sort of... But note that the TRILL header ECN
bit s can indicate non-ECT while the CCE bit is
set making the overall TRILL Header "CE".
Right. That's part of case C. My states above
assume application of Table 2 has already taken
place.
> If that's correct, I would think that any
state other than those three needs
> to be marked with an (*). In particular, these
two states fall into that
> classification, and seem to require an asterisk:
[BB] These states are not tagged (*) cos they can arise with
variants of ECN marking behaviour referred to in Section 4
(explained beneath each bullet below). By design (explained
further below), a consistent encap and decap behaviour is
intended to support all variants of ECN, because subnet ingress
and egress nodes will very probably be deployed independently of
each other and of intermediate nodes and/or L4 endpoints.
Nonetheless, you're right that this is completely non-obvious to
a reader coming to this new. So let's change the text:
CURRENT:
An asterisk in the above table indicates a currently unused
combination that SHOULD be logged. In contrast to [RFC6040
<https://tools.ietf.org/html/rfc6040>], in TRILL
the drop condition is the result of a valid combination of events and
need not be logged.
Thanks. That definitely helps; but see my comments below.
>
> - Native==CE && TRILL==ECT(0)
[BB] You have indeed highlighted an awkward wrinkle here - we
could have tagged this combination with '(*)', cos it is
strictly currently unused by trill. However, I'm going to argue
against a '(*)'...
My explanation starts with some history: Back in 2001 when ECN
in IP was first defined [RFC3168], an IP-in-IP tunnel ingress
set the outer to ECT(0) if ECN in the native header was anything
but Not-ECT (0b00). This was intended to close off a perceived
covert channel in IPsec. However, since then the security area
agreed that this added over-paranoid complexity. So, since
[RFC6040] an IP-in-IP tunnel ingress now just copies the native
ECN to the outer, and TRILL ECN follows this new simpler model.
Altho this spec does not allow a TRILL ingress RBrIdge to
exhibit the old IP-in-IP legacy behaviour, I think it best not
to tag this combination as 'currently unused'. Because, wherever
possible, we want trill's ECN encap and decap to mimic IP-in-IP
(a principle explained further down this email).
A more specific reason: there is already a congestion monitoring
technique being proposed that fakes the legacy IP-in-IP
behaviour to measure congestion across a tunnel
(draft-ietf-tsvwg-tunnel-congestion-feedback). Before it becomes
an RFC, I wouldn't be surprised if that draft gets extended from
IP-in-IP to IP-in-TRILL and other L2 protocols as well. If that
likely event happened, we would have to update this trill-ecn
spec to remove the '(*)' again. In the mean time, there's little
harm in not logging a combination that is not harmful, even tho
it is stricty 'currently unused'.
(sry about the triple negative!)
This is a great explanation. I understand the risks of putting
forward-looking speculation in RFCs, but could I convince you to
at least explain in the document that the reason for this state
not being considered out of the ordinary is to mimic legacy
IP-in-IP ECN behavior? Any acknowledgement of why this case is
being treated the way it is would be sufficient to prevent
implementors from deciding that the table is wrong.
>
> - Native==ECT(0) && TRILL==ECT(1)
[BB] The standards track PCN variant of ECN [RFC6660] uses
ECT(1) as a lower severity of congestion notification than CE.
Hence the asymmetry where a native ECT(0) header can have an
ECT(1) outer, but not vice versa.
As with the case above, it would be good (inasmuch as it would
serve to un-confuse implementors) to include an explanation that
this case makes sense due to RFC 6660's handling of ECT(0) versus
ECT(1). Such a comment would also address my concern quoted below.
I would defer to my co-author Bob Briscoe but it
looks to me like you have a good point.
Thanks; I'll wait to hear from Bob.
> In addition, the behavior this table defines for
Native==ECT(0) && TRILL==ECT(1)
> is somewhat perplexing: for this case, the
value in the TRILL header takes
> precedence; however, when Native==ECT(1) &&
TRILL==ECT(0) the Native header
> takes precedence. Or, put another way, this
table defines ECT(1) to always
> override ECT(0). I don't find any prose in
here to indicate why this needs to be
> treated differentially, so I'm left to
conclude that this is a typographical
> error. If that's not the case, please add
motivating text to Table 3 explaining
> why ECT(1) is treated differently than ECT(0)
for baseline ECN behavior.
As noted in Section 4.1, there is an ECN
variation where ECT(0) just indicates ECT while
ECT(1) indicates congestion of a lesser severity
level has been encountered than that indicated
by CE. I believe the dominance of ECT(1) over
ECT(0) is designed to not interfere with this
variation.
Yes, and section 4 opens with the explanation
that "Section 3 specifies interworking between
TRILL and the original standardized form of ECN
in IP [RFC3168]." Beyond that, I wouldn't expect
any of the text in non-normative section 4 or its
subsections to have bearing on the normative
table in Section 3.
[BB]
* PCN is standards track, hence PCN-specific combinations are
not tagged 'currently unused' in (normative) Section 3.
* L4S is experimental track, but it doesn't use any different
combinations of ECN than standard ECN, so it doesn't alter the
CU asterisks in section 3.
Section 4 is informative, only because it doesn't define the
protocol spec; it merely explains how the normative spec in
Section 3 allows for ECN variants (whether stds track or
experimental).
Thanks. The answer to this that I find compelling is your
explanation below about RFC 6040's relative ordering of ECN
markings, which I think should be at least mentioned in passing here.
My reading of RFC 8311 is that it contemplates a
series of experiments beyond those currently
under development. It may well be that the
current experiments consider ECT(1) to have a
higher severity than ECT(0), but that this may
not make sense for future experiments. Even if it
does, I don't see guidance in RFC 8311 (or any
other update to RFC 3168) that suggests such a
relationship between ECT(0) and ECT(1) exists.
As above, the possibility that ECT(1) is a higher severity than
ECT(0) is already on the standards track (PCN [RFC6660]).
As far as possible, we want trill subnet endpoints to follow the
same ECN behaviour as IP-in-IP tunnel endpoints [RFC6040]. The
explicitly stated philosophy of RFC6040 and [ECNencapGuide]
(which is referred to from the Intro to this trill spec), is for
respectively all tunnel endpoints and subnet endpoints to have
the same mechanical, dumb ECN behaviour, whatever the variant of
ECN in use. Because in the incrementally deployed public
Internet, one cannot know what tunnels and subnets might be
encountered across different paths.
On top of this (as implied by the existence of
section 4), the TRILL handling for ECN will need
to vary from experiment to experiment. It seems
reasonable that part of this variability would
include different mapping of ECN bits by the
egress gateway.
Nope. By design, all variants of ECN use the same encap and
decap behaviours, otherwise they would be undeployable to all
intents and purposes. Perhaps we should make that clearer in
this sentence introducing Section 4:
CURRENT:
The ECN wire protocol for TRILL (Section 2
<https://tools.ietf.org/html/draft-ietf-trill-ecn-support-05#section-2>)
has been designed to
support the other known variants of ECN,
SUGGESTED:
The ECN wire protocol for TRILL (Section 2
<https://tools.ietf.org/html/draft-ietf-trill-ecn-support-05#section-2>)
and the ingress (Section 3.1)
and egress (Section 3.3) ECN behaviours have been designed to
support the other known variants of ECN,
This sounds good. It might be worth mentioning that this behavior
is intended to also be forward-compatible with future ECN
variants, as long as they conform to RFC 6040's notion of
relative codepoint priorities.
Basically, I see two ways this can be resolved,
although I'm happy to hear alternatives so long
as they end up with the ECN and TRILL documents
being in a consistent and future-proof state:
Approach 1: Revise Table 3 so that ECT(0) and
ECT(1) are treated the same (i.e., pick one of
"TRILL header wins" or "Native header wins" -- I
would suggest "Native header wins," for maximal
compatibility with older ECN clients but I'm not
dogmatic on this point), and then include a
normative statement that allows RFC 8311
experiments to override this mapping as makes
sense for their design.
Approach 2: Leave the table as is, but add an
explanation of why ECT(1) is given preferential
treatment over ECT(0).
[BB] I hope you're happy with the additional text I've suggested
for why Table 3 was like it was. In summary, consistency with
IP-in-IP is paramount wherever possible.
That's exactly what the additional text should say. :) I don't
see that in your current proposal.
Add a normative dependency from this document to
a new document that updates RFC 8311 to add a
requirement that any experiments that treat
ECT(0) differently than ECT(1) MUST be designed
such ECT(0) always indicates a lower severity of
congestion than ECT(1). I presume that this new
document would need to be done in coordination
with TSVWG.
[BB] That's already catered for in [RFC6040] (stds track) for
IP-in-IP, quoting:
o In all other cases where the inner supports ECN, the decapsulator
MUST set the outgoing ECN field to the more severe marking of the
outer and inner ECN fields, where the ranking of severity from
highest to lowest is CE, ECT(1), ECT(0), Not-ECT. This in no way
precludes cases where ECT(1) and ECT(0) have the same severity;
and in [ECNencapGuide] (intended BCP) for IP-in-any-L2, quoting:
4. Congestion indications may be encoded by a severity level. For
instance increasing levels of congestion might be encoded by
numerically increasing indications, e.g. pre-congestion
notification (PCN) can be encoded in each PDU at three severity
levels in IP or MPLS [RFC6660
<https://tools.ietf.org/html/rfc6660>].
If the arriving inner header is an ECN-PDU, where the inner and
outer headers carry indications of congestion of different
severity, the more severe indication SHOULD be forwarded in
preference to the less severe.
I think Approach 1 is more straightforward, but
if there's a feeling in the working group that we
need default egress behavior that is
forwards-compatible with yet-undesigned
experiments, then I think Approach 2 is what you
need.
/a
The way ECN encap & decap has been designed already follows your
'approach 2'; where the same consistent behaviour at all encaps
and decaps can be exploited in both backward and forward
compatible ways.
Given your explanation above, I agree that such is the case. I
think including enough of that explanation that implementors
don't find themselves double-guessing the specification in Table
3 would ultimately aid in interoperability.
Indeed, here's proof that this forward compatibility is not just
theoretical...
L4S came along after all this, and required drop probability to
be the square of the marking probability, but only for one of
the ECN codepoints. We managed to contrive the marking behaviour
of an intermediate trill RBridge that supports L4S so that any
trill egress will achieve this precise squaring, even an egress
without any ECN or L4S logic, and no squaring logic either (see
Appendix A).
Cheers, and thx again for noticing all this.
Bob
_______________________________________________
trill mailing list
trill@ietf.org <mailto:trill@ietf.org>
https://www.ietf.org/mailman/listinfo/trill
<https://www.ietf.org/mailman/listinfo/trill>