On 1/23/2014 7:20 PM, Curtis Villamizar wrote:
...
Joe,
I agree with you that the word SHOULD is not an automatic pass and
quoted from RFC 2119 because I think that on this thread the criteria
"valid reasons in particular circumstances" and "implications
... carefully weighed" have both been met.
Perhaps you joined the discussion a little late.
Please allow me to recap. There are two issues under discussion, UDP
checksums and congestion control.
All parties seem to be OK with limiting the use of MPLS over UDP to
service providers only within their own infrastructure only, except
among cooperating service providers with explicit agreement
(consenting adults).
Within that context, some service providers find that parts of their
infrastructure either doesn't support MPLS at all or doesn't support a
usable variation of multipath for MPLS but does support IP ECMP (as I
understand it, this is primarily in the fringes, access and less so
edge - but someone who knows for sure please correct me if not).
This eliminates the "expands the reach of MPLS argument".
First UDP checksums:
The UDP checksum is at the beginning of the payload. Please see
http://www.ietf.org/mail-archive/web/mpls/current/msg11279.html
This makes filling in a new UDP checksum infeasible on most high end
hardware.
That argument would make sense if most hardware wasn't store-and-forward
on a per-packet basis.
Within all of that context, all of the links have at least 32 bit
FCS (either Ethernet framing or SONET or OTN) and some has much
better such as the FEC found in OTN. This makes undetected
corruption by any of the links extremely unlikely.
Corruption internal to the router the only potential impact. There
is good reason to think that this is extremely rare.
I don't buy the argument that per-hop checksums replace the need for
end-to-end checksums; that's part of why more modern tunneling systems
(e.g., SEAL) include their own head-to-tail checksum. So while I agree
that UDP checksums may not be strong enough here, that might be an
argument for a better tunneling mechanism than raw MPLS in IP, rather
than ditching UDP checksums.
Infeasibility of doing UDP checksums in some instances (not just
performance concerns) is sufficient to make use of UDP checksums a
SHOULD.
Your argument hinges on feasibility, but that doesn't hold water (esp.
given I've designed hardware that does Internet checksums - including
some recent all-optical designs).
On to congestion control:
Some MPLS payloads such as IP over MPLS have congestion control.
While it can't be assured that all IP traffic makes use of
congestion control, the problem is in the UDP services carried over
MPLS regardless of whether MPLS over UDP is used.
That is the key problem. As you point out below, other traffic is
somewhat 'noise' on the overall equation.
The only other type of traffic carried by MPLS in any volume (not
counting ISIS control traffic carried as CLNP over MPLS, for
example) is PW.
PW in turn supports Ethernet, FR, ATM, TDM, and maybe a few
others. The vast majority of payload in Ethernet, FR, ATM, is IP
so were are back to the prior bullet. It PW packlet carrying
Ethernet, FR, or ATM are dropped the congestion response is
virtually identical to IP because the payload is IP.
The other PW case is TDM. TDM serves two purposes in SP networks.
A small number of legacy customers circuits, generally T1 or T3
use it. These are 1.5 and 45 Mb/s services on 1 Gb/s and 10 Gb/s
links. Hardly a source of congestion, plus they pay a lot more
and therefore are priority traffic. Another is 3G mobile
backhaul. Again this is T1 or T3, but maybe as much as small
multiples of T3. Still very low capacity.
You can't know whether the PW cases you expect will change over time, or
are accurate as per above. I would not be surprised if someone started
(or is already) using PW to connect datacenters to exchange bulk data
using non-CC protocols.
TCP-like congestion control in a tunnel is very bad for any TCP
carried within the tunnel. The vast majority on MPLS traffic is IP
and therefore is TCP.
Yes, and that's why nobody is asking for that.
Regardless of the weak argument in favor of it given the operational
reality, the authors have conceded to state that "MPLS over UDP
SHOULD have congestion control" in the document.
OK (that matches RFC 5405).
Because in the scenario it is intended to be deploy congestion
control is very unlikely to prove to be needed,
That's pure speculation, and more importantly undermines the SHOULD
you've just conceded.
defining the exact
form of congestion control is deferred to a later document which
will be written only if needed.
That document is needed now, exactly because of the SHOULD. You can't
make a SHOULD recommendation without backing it up with the detail
needed to implement it.
Other wise, it's a MAY, or (more to the point), a (nonexistent) MIGHT
SOMEDAY.
That said, I have in the past argued that the "circuit breaker" form
of congestion control would be one of the worst things we could
possibly do. It would be terrible for TCP and most anything else.
Maybe, but if so, then you need the head-end to employ that breaker only
on non-CC traffic.
See http://www.ietf.org/mail-archive/web/mpls/current/msg11262.html
The right place to put any circuit breaker would be TDM over PW, but
given the capacities involved, that is not really needed either.
In the past I've said:
The technical sticky point is knowing that the congestion is
occuring. Perhaps a LM like packet on another UDP port could be
exchanged with the same caveats about inaccuracy if implemented in
software and inaccuracy if reordering occurs, and a recommendation
can be made to do something to introduce drop if congestion is
indicated by this method. How to introduce drop should be an
implementation detail, a form of AQM or leaky bucket being possible
choices, but entirely a local matter.
MPLS LM OAM would be a good choice for detection of congestion (as
evidenced by loss). A leaky bucket (aka shaper) likely with AQM seems
like a reasonable choice. This could be put into another document if
a need ever truly arises for congestion control in MPLS and it could
be applied to MPLS over anything (though it could prove impractical
for MPLS over avian carrier).
See above. MIGHT SOMEDAY isn't a reasonable solution to a problem for
which the need for a solution is already conceded.
Joe
Curtis
On 1/21/2014 12:58 PM, Curtis Villamizar wrote:
Lars,
The IETF consensus in RFC5405 was to put a SHOULD in regarding use of
congestion control in tunneling protocols.
RFC2119 states:
3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
We have discussed the reasons why congestion control is in general a
good thing. We have also discussed why there may be valid reasons to
not include congestion control in MPLS over UDP.
The question is not whether there is already IETF consensus on
congestion control in UDP in general. There is consensus and that
consensus was to use the word "SHOULD".
The question we now face is whether MPLS in UDP needs to up the prior
consensus to a MUST or can keep it as SHOULD. I see one or maybe two
people vigorously arguing to upgrade this to a MUST and otherwise
consensus to keep this as SHOULD. Further I see no objection except
the same one or maybe two people to making the congestion control the
topic of a later work if a need for it arises. Consensus does not
require unanimous agreeement.
If we are trying to gauge consensus, maybe both you and I should sit
back and let other people weigh in.
Curtis
In message <B36BA2A8-0C28-4B88-87BD-51A6F964F893@xxxxxxxxxx>
"Eggert, Lars" writes:
Hi,
On 2014-1-17, at 18:19, Curtis Villamizar <curtis@xxxxxxxxxxxxxx> wrote:
You have made your assertions about your desire to uphold the purity
of any new UDP applications and adhere to the BCP you wrote.
=20
You appear to be very nearly alone in this argument and certainly no
one that works with MPLS is siding with you.
the reason we wrote the RFC when I was TSV AD was that we were seeing a =
whole bunch of questionable uses of UDP over the eyars and we were =
having the same arguments over and over. That's why we decided to write =
down the practices we expect users of UDP to follow. This is yet another =
such questionable use.
(Also, I don't appreciate you turning this into a personal argument.)
Nothing personal intended.
The important point is the sentence "You appear to be very nearly
alone in this argument and certainly no one that works with MPLS is
siding with you." was intended to point out that there is no consensus
behind your argument regardless of how vigorously you make that
argument.
In the end we can put anything we want in the RFC *but* IETF has never
truly had the final word on what vendors and operators do in provider
networks.
Aka the "take my toys and go home" argument. Heard it many times.
It has been successful many times in the past. It turns into the "its
deployed so get over it" argument after a few years.
In this case, regardless of what changes are made to the draft,
implementations will offer at least the option for non-RFC behavior by
using zero checksums and not using any congestion control. And
providers will make use of it, perhaps exclusively.
And there's nothing wrong with that - the BCP even says that one SHOULD =
NOT use congestion control for some deployment cases.
But for others, one SHOULD. For those, a mechanism needs to be =
available, i.e., it needs to be specified and implemented.
The document might as well reflect reality, despite reality not
conforming to your notions of architectural purity.
I'm sorry, but we have certain architectural principles in the Internet =
that we have IETF consensus on. At least since RFC2914, that includes =
the need to have congestion control in place.
There are always special deployment scenarios where these principles do =
not apply, and we typically explain in applicability statements when out =
specifications can only be safely used under certain conditions. I don't =
see any such statement in draft-ietf-mpls-in-udp, which to me means it's =
targeted at general Internet-wide use.
The best course of action is to put a SHOULD in regarding checksums
and put a SHOULD in regarding congestion avoidance. Even the BCP does
not go any further than to say a tunneling protocol SHOULD use
congestion control and there were reasons that the word MUST was not
acceptable in the BCP.
The SHOULD for congestion control needs to actually describe a mechanism =
that can be used when needed. It can't be a blanket "you SHOULD use =
something but we don't tell you what it is"-statement.
If we are still arguing over two instances of SHOULD vs MUST we have
wasted a lot of bandwidth on those two words.
It's not SHOULD vs. MUST. It's two SHOULDs, but in both cases it needs =
to be specified what is to be done. In the case of checksums, that's =
obvious (calculate it and check it); in the case of congestion control, =
some actual mechanism needs to be described (e.g., a circuit breaker).
IMHO The only remaining question is whether the document can go =
forward
with the definition of congestion control for MPLS over UDP left out
of scope and for another document if a need arises.
In my opinion, it cannot.
If this is not acceptable to you (I doubt it is) please indicate what
you would like to see in the document and since this is IETF last call
where consensus matters and no one individual has veto power, we'll
have to see if there is consensus behind your proposed changes.
I would like the document to specify at the very least a circuit breaker =
mechanism, that stops the tunneled traffic if severe packet loss is =
detected along the path.
And this isn't about an "individual veto". This is about a document that =
is at the moment in violation of IETF consensus at least as far back as =
RFC2914.
Lars