Add hashing model

[atmanmehta]

Change Scope

• Introduce a hashing policy which can used to

  • Select an implementation defined algorithm, offset and seed value
  • Select which fields in a packet should be used as an input into a hash function for for load balancing

• Add hashing-policy to interfaces to allow configuration of which algorithm to use on a per interface basis

• Add hashing-policy to /system to allow configuration of an algorithm used by all the ports in an implementation

• It is expected that implementations will vary widely in which specific options they support as these are hardware dependent. The goal is to define a what is operationally useful and supported by at least a subset of hardware. Other hardware may offer only partial support or even no support.

• This change is backward compatible.

Implementations

• Arista EOS - port-channel load-balance - defines a variety of configuration items which are specific to different hardware platforms. They include references to hash policies with attributes including hash polynomials, hash seeds, and hash fields
• JunOS - per flow load balancing on hash values has partial support of the configuration. It defines a way to configure a hash seed on some hardware platforms. forwarding-options/hash-key allow configuration of per-prefix and mac address based balancing. There is no support for configuring different hash algorithms nor to configure per interface.
• Cisco IOS-XR bundle-hash allows configuring the hash key based on a list of fixed options
  • (L3/3-tuple or L4/7-tuple) (L3,L4).
  • Single SA/DA pair (IPv4,IPv6) or range (IPv4 only).
  • There is no support for configuring different hash algorithms.
• Nokia SR Linux system/load-balancing/hash-options allows hash seed and some hash key configuration support. There doesn't appear to be support for configuring different hash algorithms.

Tree view

module: openconfig-hashing
  +--rw policies
     +--rw policy* [name]
        +--rw name                -> ../config/name
        +--rw config
        |  +--rw name?        string
        |  +--rw algorithm?   string
        |  +--rw offset?      uint64
        |  +--rw seed?        uint64
        +--ro state
        |  +--ro name?        string
        |  +--ro algorithm?   string
        |  +--ro offset?      uint64
        |  +--ro seed?        uint64
        +--rw hash-field-modes
           +--rw config
           |  +--rw ipv4?              hash-field-type-ipv4
           |  +--rw ipv6?              hash-field-type-ipv6
           |  +--rw transport-ports?   hash-field-type-transport
           +--ro state
              +--ro ipv4?              hash-field-type-ipv4
              +--ro ipv6?              hash-field-type-ipv6
              +--ro transport-ports?   hash-field-type-transport

module: openconfig-system
  +--rw system
     +--rw config
     |  +--rw hostname?         oc-inet:domain-name
     |  +--rw domain-name?      oc-inet:domain-name
     |  +--rw login-banner?     string
     |  +--rw motd-banner?      string
     |  +--rw hashing-policy?   -> /oc-hashing:policies/policy/name      <-- added
     +--ro state
     |  +--ro hostname?                       oc-inet:domain-name
     |  +--ro domain-name?                    oc-inet:domain-name
     |  +--ro login-banner?                   string
     |  +--ro motd-banner?                    string
     |  +--ro hashing-policy?                 -> /oc-hashing:policies/policy/name.     <-- added
     |  +--ro current-datetime?               oc-yang:date-and-time
     |  +--ro boot-time?                      oc-types:timeticks64
     |  +--ro software-version?               string
     |  +--ro last-configuration-timestamp?   oc-types:timeticks64

module: openconfig-interfaces
  +--rw interfaces
     +--rw interface* [name]
        +--rw name                   -> ../config/name
        +--rw config
        |  +--rw name?                          string
        |  +--rw type                           identityref
        |  +--rw mtu?                           uint16
        |  +--rw loopback-mode?                 oc-opt-types:loopback-mode-type
        |  +--rw hashing-policy?                -> /oc-hashing:policies/policy/name        <--- added
        |  +--rw description?                   string
        |  +--rw enabled?                       boolean
        |  +--rw oc-vlan:tpid?                  identityref
        |  +--rw oc-if-sdn:forwarding-viable?   boolean
        |  +--rw oc-p4rt:id?                    uint32
        +--ro state
        |  +--ro name?                              string
        |  +--ro type                               identityref
        |  +--ro mtu?                               uint16
        |  +--ro loopback-mode?                     oc-opt-types:loopback-mode-type
        |  +--ro hashing-policy?                    -> /oc-hashing:policies/policy/name      <--- added
        |  +--ro description?                       string
        |  +--ro enabled?                           boolean
        |  +--ro ifindex?                           uint32
        |  +--ro admin-status                       enumeration
        |  +--ro oper-status                        enumeration
        |  +--ro last-change?                       oc-types:timeticks64
        |  +--ro logical?                           boolean
        |  +--ro management?                        boolean
        |  +--ro cpu?                               boolean

[OpenConfigBot]

Major YANG version changes in commit f3f0110:

[OpenConfigBot]

Compatibility Report for commit f3f0110:
✅ pyangbind@6b85c2b

[earies]

Can you provide implementation references as is in the PR template and not delete that section

https://github.com/openconfig/public/blob/master/.github/pull_request_template.md

Especially with respect to configurable algorithms, seeds, policies and the application of these policies to other specific constructs

[atmanmehta]

@dplore mentioned he had some implementations references that he would help add here.

[dplore]

Moved implementation references to the first comment (description) of this PR.

[earies]

Thx for the references @dplore - looking across the implementation references, this PR is appearing to cater to a single implementation by enforcing user-defined hash policies with a superset (looks like some design patterns are off a bit here too w/ nested config/config and state/config containers).

I can't speak for all implementations but it appears various are going to be system wide parameters with only a subset of what is defined in here that is applicable.

Would be curious to hear from @rgwilton, @hellt, @jsterne on this one

[jhaas-pfrc]

@earies has already addressed some of my concerns that this is overly platform specific. Subsets of the parameters may be able to be generically modeled, but in many circumstances it seems likely that they'd be platform or even line-card specific. Given OC's dislike of if-feature, there's not a clean way to model such things generically.

A more specific bit of feedback is that the "algorithm" section is likely very implementation specific. "CRC" against what fields of the forwarding keys? What flavor of CRC? Etc.

For such a field, it'd be more likely to be able to be genericized if the type was an identity and it was implementation specific with explicit documentation as to what fields are being impacted.

For scenarios where a given algorithm was common across implementations, standardizing an identity in the base model would be better than multiple flavors of the same.

[hellt]

adding @LimeHat

[nokia1adam]

I agree with most of the comments that have already been made, in particular:

• the objects against which the policies can be applied needs to be defined; the model should allow for a system-wide policy that can be potentially be overridden by policies applied on a more granular basis (to specific ports or linecards for example)
• use of the groupings from openconfig-packet-match seems wrong for header field selection; @dplore has some better suggestions in his comments
  +1 to all the comments that listing all the possible CRC flavors is unnecessary and unmaintainable

Finally, does hashing really deserve its own top-level directory? Doesn't this belong somewhere in the platform or system hierarchy?

[dplore]

Thanks for the changes @atmanmehta . They address all the issues so far. I have added this PR to the OC Community meeting agenda and will present there to promote greater visibility.

[rszarecki]

In addition to all comments I make in-line, considering heavy dependency on INTEGRATED-CIRCUIT (ASIC, NPU) I would suggest that policy shouyld be attachable to:
/components/component/linecard/config/hashing-policy (chassis may have mix of ASICs)
/components/component/integrated-circuit/config/hashing-policy (to fight polarization)

Considering above, perhaps instead of /system/config/hashing-policy we should use /components/component/chassis/config/hashing-policy ?

Then all atachment,but per-ingress-interface, are under /component/components/.... And per-interface I do not see to be widly supported anyway.

[rszarecki]

I would like to see additionaly:
IPv4_in_IPv4 and IPv6-in-IPv4 where each lement is again list of outher and inner fields:
ipv4_ipv4/outherfields/outherfield type hash-field-type-ipv4
ipv4_ipv4/innerfields/innerfield type hash-field-type-ipv4
ipv6_ipv4/outherfields/outherfield/ipv4 hash-field-type-ipv6
ipv6_ipv4/innerfields/innerfield/ipv6 hash-field-type-ipv6

---

Similiarly fot ip-over-GRE over IPv4/IPv6,
grev4/outherfields/outherfield type hash-field-type-ipv4
grev4/payloads/payload enum(ipv4 ipv6 mpls Eth) // use fields deviend for basic v4,v6,mpls,eth depending on GRE protocol. if not on list
grev6/outherfields/outherfield type hash-field-type-ipv6
grev6/payloads/payload enum(ipv4 ipv6 mpls Eth) // use fields deviend for basic v4,v6,mpls,eth depending on GRE protocol. if not on list

---

Also for MPLS
mpls/labels - number of labels to use
mpls/base enum bottom XOR top default top
mpls/payloads/payload enum (ipv4 ipv6 PWE3 ipv4_grev4 ipv6_grev6 ipv4_ipv4 ipv6_ipv4 ...)

---

Also Eth- usefull for PWE3 services or L2 switching devices
eth/fields/fild enum (srcMAC,dstMAC,Vlan-ID, EtherType/payload, ingress_subinterface)
eth/payloads/payload enum ((ipv4 ipv6 PWE3 ipv4_grev4 ipv6_grev6 ipv4_ipv4 ipv6_ipv4 ...)

[dplore]

For this PR we will only introduce the simple field selection which is targeted for gPINS release and is at least partially supported by the referenced implementations in this PR.

It is possible to add additional encapsulations in the future without breaking changes to the model by adding additional leafs to this hashing-inputs grouping. The additional leafs may be added to the public OC model in the future, or they can be vendor augments.

Since there are many constraints in hardware as to which encapsulations may be supported, especially for more complex use cases, we should leave open the option that vendors are expected to augment the model with the specific scenarios they support. These are often custom or one-off items that are not generally available and may also not be formally documented, which is a good reason to use a vendor provided augment. These 'custom' options may also not be very 'configurable'. For example, hardware may support only using a subset of the bits of some fields (ipv6 comes to mind). Which bits are used may not be configurable or even exposed to the user through the model, config or even the SDK. Using a vendor augment, a vendor can expose the ability to turn on or off these capabilities.

[rszarecki]

I only see that Arista allows for some hash configuration on per ingress interfaces basis. And it is not clear form referenced documentation on which platform/chipset.

[dplore]

The intent here is that this is a list of policies. We'll update the description to not reference 'packets coming in the interface'. gPINS will add support for multiple policies and Arista EOS is an existing implementation

[robshakir]

Can you link to the documentation that shows this being configurable per ingress /interface/ please? It's not clear to me that this is widely supported.

[dplore]

Per interface is not widely supported. gPINS plans to add support for this to Sonic. Should we include this leaf in the model or only augment /interfaces in a gPINS/SONIC yang? Please follow up with comments at #959

[rszarecki]

There is one more area not explored.
When hash-function output is calculated it is a n-bit value. Say 16-bit. There is a mapping function from 2^16 potential values to N (weighted-)load-balanced forwarding-hops.
This could be 2 stage process with fixed buckets in between (say 1024). So 2^16 is mapped to 1000 bucket which then are mapped to N fwd-nh.
Some implementation alows to interfere with it. 2 simple example would be use 10 LSB of hash output or 10 MSB.

[rszarecki]

I would ass 2 boolena leafs:
symmetric - ensured that traffic of bi-dir session produce same hash. (e.g. src/dst fields are ordered before feeding hash function)
persistent - ensures that if fwd-nh (e.g. LAG member) fails, flows that was on other members are not re-hashed. only affected flows are re-distributed among remaining fwd-nh.

[dplore]

References to implementation needed for this?

[rszarecki]

Suggested change

	leaf symmetric {
	type boolean;
	default false;
	description
	"Hash is sematrical - returns same value regardless of traffic direction of same flow/session. Also regardless of ingress interface";
	}
	leaf persistent {
	type boolean;
	default false;
	description
	"In case of output inteface/forwarding-nh failure/removal, only flows that have used this interface/nexthop are re-hashed";
	}

[dplore]

References to implementation needed for this?

[rszarecki]

The reference to Cisco IOS-XR bundle-hash is wrong. This is just utility that alows execute hash against mocked-up packet and see what is result.
It is not a configuration of hash input not algorithm.

[robshakir]

Can you link to the documentation that shows this being configurable per ingress /interface/ please? It's not clear to me that this is widely supported.

[robshakir]

How does one test this configuration parameter?

[dplore]

A test would require target specific knowledge to create a test for this particular enum. Use of this enum is expected when the target contains some default or hardcoded selection of fields which are not described by the model.

For example, an asic may select only a portion of the bits in the src and dest ip address fields and port number fields. Which bits are used may not be exposed and may not be configurable by the user, by the NOS or by the ASIC SDK. Yet they are still "target defined" and don't match the other enums presented here.

If a target defined mode isn't available on an implementation, then the implementation should return an UNIMPLEMENTED (12) error.

[dplore]

We can update the description for this enum in #959

[dplore]

Continue the discussion here as desired: https://github.com/openconfig/public/pull/959/files#r1337998777

[robshakir]

Suggested change

	description "The trasport layer fields that should be used to
	description "The transport layer fields that should be used to

[dplore]

Please refer to #959 for comments. Closing this PR as it is now stale.