public icon indicating copy to clipboard operation
public copied to clipboard

Published 20 hours ago verified publisher icon openconfig

decap-then-lookup OC schema

Open xw-g opened this issue 2 years ago • 2 comments

Propose an OC schema to support/unify the representation of use cases where

  • The decapsulation action is controlled by SDN controllers populated network-instance (e.g. via gRIBI).
  • And the lookup on the new header happens in another network instance, which is chosen by fields that are not used for resolution.

This will be useful for chained decap-then-lookup TE scenarios.

module: openconfig-network-instance
  +--rw network-instances
     +--rw network-instance* [name]
        +--rw policy-forwarding
           +--rw policies
              +--rw policy* [policy-id]
                 +--rw rules
                    +--rw rule* [sequence-id]
                       +--rw action
                          +--rw config
                             +--rw decap-lookup ,   // <------------------------ ** new container proposed **
                                +--rw network-instance?            -> /network-instances/network-instance/config/name  
                                +--rw fallback-network-instance?   -> /network-instances/network-instance/config/name

xw-g avatar Oct 18 '22 21:10 xw-g

@rolandphung, @aaronmillisor, @adamsimpson1, and @earies to help review before @dplore.

xw-g avatar Oct 18 '22 21:10 xw-g

Compatibility Report for commit 3b408019812cf02b38c7f71781d9e30cd74c1c6b: ⛔ yanglint@SO 1.10.17

OpenConfigBot avatar Oct 18 '22 21:10 OpenConfigBot

I feel this modeling is too specific to one use case. I am wondering if it can be generalized.

A packet matching a PBF rule with this new decap-lookup action is not guaranteed to be a packet that can be decapsulated and even if it can be decapsulated, the PBF action itself has no control on whether the decapsulation is done or not -- this outcome is entirely based on whether the referenced network-instance (or its fallback) has a matching route with next-hop action that performs decapsulation.

Given this, it seems to me that you could support the new functionality just by introducing one new PBF action called fallback-network-instance at the same level as the existing actions.

A complete action configuration could be: action +--network-instance +--fallback-network-instance

If an IPinP packet matches this rule, there will be a first lookup in and if there is a matching entry in it may or may not perform decapsulation; the OC model is agnostic. If the first lookup in finds no matching route, a second lookup will occur in . Again, the matching entry in may or may not perform decapsulation, and the OC model should not care.

My 2 cents.

nokia1adam avatar Oct 25 '22 18:10 nokia1adam

I feel this modeling is too specific to one use case. I am wondering if it can be generalized.

A packet matching a PBF rule with this new decap-lookup action is not guaranteed to be a packet that can be decapsulated and even if it can be decapsulated, the PBF action itself has no control on whether the decapsulation is done or not -- this outcome is entirely based on whether the referenced network-instance (or its fallback) has a matching route with next-hop action that performs decapsulation.

Given this, it seems to me that you could support the new functionality just by introducing one new PBF action called fallback-network-instance at the same level as the existing actions.

A complete action configuration could be: action +--network-instance +--fallback-network-instance

If an IPinP packet matches this rule, there will be a first lookup in and if there is a matching entry in it may or may not perform decapsulation; the OC model is agnostic. If the first lookup in finds no matching route, a second lookup will occur in . Again, the matching entry in may or may not perform decapsulation, and the OC model should not care.

My 2 cents.

I think your proposal missed one more NI that's to be used for post decap lookup? We can sync offline to chat more.

xw-g avatar Oct 27 '22 19:10 xw-g

@nokia1adam, @rolandphung @aaronmillisor, Can you help review again? Thanks.

xw-g avatar Mar 27 '23 18:03 xw-g

Looks OK to me. The description for decap-network-instance states that this network-instance is expected to have entries that perform decapsulation as a next-hop action. What if it has other types of entries? Should those be ignored so they can never match? I think some text should be included about this.

Why are there decapsulate-mpls-in-udp, decapsulate-gue and decapsulate-gre actions but no decapsulate-ip-in-ip action? Including one of these in combination with decap-network-instance could further specify the types of decapsulation entries that are expected in the decap-network-instance.

nokia1adam avatar Mar 27 '23 21:03 nokia1adam

Looks OK to me. The description for decap-network-instance states that this network-instance is expected to have entries that perform decapsulation as a next-hop action. What if it has other types of entries? Should those be ignored so they can never match? I think some text should be included about this.

I think the current wording, It is expected that the NI should only contain routes that have next hop action as decapsualtion indicates that vendors can implement needed precondition to avoid having such entries?

Why are there decapsulate-mpls-in-udp, decapsulate-gue and decapsulate-gre actions but no decapsulate-ip-in-ip action? Including one of these in combination with decap-network-instance could further specify the types of decapsulation entries that are expected in the decap-network-instance.

The usage of those leaves are for the policy rules that does match and then the specific decapsulation action. However, this PR is about rely on NI that is controlled by SDN controllers who push the decapsulation action.

xw-g avatar Mar 28 '23 16:03 xw-g

Do you foresee any further updates to the PR?

adrawatcisco avatar Mar 30 '23 22:03 adrawatcisco

Do you foresee any further updates to the PR?

Not for now.

xw-g avatar Apr 05 '23 16:04 xw-g

We have talked to your team offline several times. I'm not expecting any big concerns.

@adrawatcisco, @nokia1adam, @rolandphung, @aredmon8551 approve to merge? If no objection by 2023-04-11, I"ll go ahead and merge. Thanks.

xw-g avatar Apr 05 '23 16:04 xw-g

Just a nit on the process, can we get the relevant pyang output in the description?

rolandphung avatar Apr 05 '23 18:04 rolandphung

Just a nit on the process, can we get the relevant pyang output in the description?

Ah, forgot that. Done. Thanks!

xw-g avatar Apr 05 '23 18:04 xw-g

This looks good for cisco.

aaronmillisor avatar Apr 11 '23 22:04 aaronmillisor

/gcbrun

xw-g avatar Apr 11 '23 22:04 xw-g

/gcbrun

dplore avatar Apr 11 '23 23:04 dplore

Major YANG version changes in commit 3b408019812cf02b38c7f71781d9e30cd74c1c6b:

OpenConfigBot avatar Apr 12 '23 16:04 OpenConfigBot