Re: [bess] draft-thubert-bess-secure-evpn-mac-signaling and RFC9047 ARP/ND extended community
"Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com> Thu, 18 November 2021 15:30 UTC
Return-Path: <jorge.rabadan@nokia.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E36683A089A; Thu, 18 Nov 2021 07:30:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qjg6m20zFyqL; Thu, 18 Nov 2021 07:30:04 -0800 (PST)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2116.outbound.protection.outlook.com [40.107.94.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214173A08B0; Thu, 18 Nov 2021 07:30:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ERbVqsa6CCZnMF3DYxfEWHR4Ey+CfisdeDEhVNtTZR3HVl1gKOsmE09jd/U7p/RNJLgWsrie0/UNcDYoZWMYnSB9bqzBxfPUGnowHgd3Hhh6PzpaWKDpp7OxGCsXYMbRxZQ4UdcuRB/ihu9Z81cnE8ihoC+Gz1dA6AZQ/JMZZzBBwUynQ6mq+K+D8d3ILO+71WO2614fosYaeZteDa+VFqgLXsN2pepIqz3RkLHoCb80zZ6JoLW0khfXW3sfTwKLgXiuQMSwHvxKU8bJwBEx9pqdUb7iKLWm6sz6SLf2/kTL0htskeqLrzaPvqdpCaodI1Waz+vBCpD42RHivM0/Uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kTFaaYFJm0I76JUahp8l716vvXtsdkf8xidIy53tuWc=; b=fQfunc3z0nJTav5H9ISt1BbTtCVrq7U9xoTtnHvfvR9Xu52erC2tPIQ39xMmaLOvpasBnuMio8YIUFcU38bAvvoi8UX4IdncrP4dCaac8ggTsxq8Qk4OHcWywxWZxMYrcGT1WCPlY3HdvCOCvieAQDPSjFO3pjvfYPSf/pytUzW8tPvgjo2qsTQlIcB+IYFOXW0mTzspNcO0vo0mxSrBgwridBeYXHibOms1/MQN55w1jkvorYHUqi6apNaTV4aEnLNQh7ZfvbUqdRzq1AjU70psbeHk11QM6i4QHv8xMThio1sbGIegI7pYZUlvwRY92JuvT/rPWyUCbgXwPePHOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kTFaaYFJm0I76JUahp8l716vvXtsdkf8xidIy53tuWc=; b=nQaDKo8CoPS4I+68EqkFTF04NoFrHEetF3h0O/xwoQpcm2RhmaSoADNxHHhiyg+CAJi46OK2WWnXmAbBeW1scxfyEP5gpNcRwPqL4r24fTNbbo5XN9OAb23/+8dR7F3rRvkbBqwvi5/07Su3axl7GViOsIR1jPWHTKGwKN4LEAc=
Received: from BY3PR08MB7060.namprd08.prod.outlook.com (2603:10b6:a03:36d::19) by BYAPR08MB5976.namprd08.prod.outlook.com (2603:10b6:a03:121::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.27; Thu, 18 Nov 2021 15:30:01 +0000
Received: from BY3PR08MB7060.namprd08.prod.outlook.com ([fe80::c481:f856:9121:e]) by BY3PR08MB7060.namprd08.prod.outlook.com ([fe80::c481:f856:9121:e%7]) with mapi id 15.20.4669.022; Thu, 18 Nov 2021 15:30:01 +0000
From: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "draft-thubert-bess-secure-evpn-mac-signaling@ietf.org" <draft-thubert-bess-secure-evpn-mac-signaling@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: draft-thubert-bess-secure-evpn-mac-signaling and RFC9047 ARP/ND extended community
Thread-Index: AQHX1wR5Ay/kXnaxBEGBWLmiuGaoeKwEcOXAgAT/s78=
Date: Thu, 18 Nov 2021 15:30:01 +0000
Message-ID: <BY3PR08MB7060FEC30441B2AE814457FCF79B9@BY3PR08MB7060.namprd08.prod.outlook.com>
References: <BY3PR08MB70605BEE1DBEDE562A638F8EF7949@BY3PR08MB7060.namprd08.prod.outlook.com> <CO1PR11MB48810FDF1BA5206397F585B0D8989@CO1PR11MB4881.namprd11.prod.outlook.com>
In-Reply-To: <CO1PR11MB48810FDF1BA5206397F585B0D8989@CO1PR11MB4881.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 80d9bd0c-d219-406f-79cb-08d9aaa8496b
x-ms-traffictypediagnostic: BYAPR08MB5976:
x-microsoft-antispam-prvs: <BYAPR08MB597682E829DF65C85CF55C7AF79B9@BYAPR08MB5976.namprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 61VYSp6heCKXV+JyFppAGRyeX0rHvdCm2b7lOlSrQw5SrtB5itgRE+zjbjwYDwRqS4U+e/vx/l3EL5lbR5jK8l0/8yaEOIogx59ESdYVSGeIN7XMFqfe/mSLQetMtsMimeD/dGOvO68QPybuvO1WgdKc0p9e9PwyuOijSwYVc0tmajr8dc9kkfvwGVdYehTVmPS1joPlaRXIhpw1SGWo9ExqJdiYIcseiwmk4Z3ADWsv08c8JSWwJurZpMJJvecXsWjkVfiDcee0xhx8U8bdupm2AlDD0izJeUohdCcA28aREP+Y1MHwxIHDF3ZOYci+Uza5ok6W4jZO5GRuh80jlxqdw5jbWJllCUbknyye5KlscNx3FSb2l1JoKmGjq4cmL5iCnFcNN8r1X1dLdQOBRW32q/f44jP9mdu9a/p6zMxp8UN5YbeS7T9R5Vxrbm/aNKWzb5SbujV4CXsRuIpW9vGVXgZwwezkeUQBzv0YW8LBuJ5hg14ko6fWY0WL5d5ysEG7Jgi3sagnf3rNHC6oUeLHsBz9ztCP4jqsFAabsLY8qvlTz1TW6MnKu7Q7UAOMCB3mUNGZAIyZxj27vbGU6nMyPVcORljTmZYCk597O/LygI3o0Jc+ry2VHle6kfxkqJpQIbj3cc1Gc0uXFP3gEZKK+ZfmqV3M0TXeztlCBeXKpah5IB3N9PxzREMGY7ObkbBwQMChXHcSUK6VjSTGBhF/001aa2vyoWjNSNaCcaAK1Zys4zAoADALbjNkxZ8JvriIdVI2feXtmQcEl/paJ1Ne8gI59HbYjQt7SYo+GYo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY3PR08MB7060.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(9326002)(7696005)(2906002)(21615005)(86362001)(66946007)(8936002)(26005)(55016002)(33656002)(71200400001)(82960400001)(8676002)(6506007)(83380400001)(66446008)(91956017)(76116006)(166002)(53546011)(66476007)(64756008)(122000001)(66556008)(110136005)(966005)(316002)(38070700005)(38100700002)(52536014)(508600001)(5660300002)(9686003)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +nOrNIoNr/DbGsilHFTJsH+sTrlgD9QV+3PZqo1Wb32Y7ksdscZTUa+2VcH8Ubaz7hd4mgZ0Zt/+ZCe39RaQCtRc992n5uXYXXDlQoO3Vwn4OLlVsKbE3vyyuwoJIof+M9lcbpg9Bogdv/xDkf7SG9GGQNu8itvHP0v4D7+Jig2+9nw+k1Xli+BtGOCCx2X7T6iQ0kl/l1FDafkHUu/1mhLuuqMuAYJIArV6u1fO1IuBm64OuwnvWxhv3dp/W5DPiHPXiDJqqokORkrO58QlDuVSJa/H3tahOcYJoM/U4L35oxdgSaUVpnliANjmEtGxWT5+/uTSXYV6u7FCr4N6dJcx+HhuqWNvKtW3hwYr1Is1/82TgN0hsPPr4pN020kEDGda+Hf7FaJyaRQ8UqECZcQLU2JxG0JO51DEhOntFP4X8QAKBMYmPRqyJ9QKdI2T+mudleBfM3RmEAjgFJispNS62sHx/tMTdLeL4fNCOQxZfRDqY3PWdzUtaA4Ctretwb9hr8CM+ai1EJwlxHvSG1VeppUS6Pg7VMrffTN3komP3ARDjUqcaYJR7kpMmK29Bt6Jw2GircxquazNEJ7jzi2MgnlizoCu3YdNcBE/nlru1J0x8fElIIHhyZ5Bd01b4sPHH3eMIvOKbpOYWts8zE6dcn33CXgCPVR1y5ZWDmjqcEMHzG0X7I8k6W1HC2pQfMityyi9qpViD+ocCUm/dbQXa68mpYhHj177LMkzjspAv5QmojSE2n4NL+E1Jw9cV3IVrWA6yi1e+m1hmlpI5q9QqMC5RhIJRMmLOsS0JBOktwMcBevbMp0mEmEf4Fn1qOsa9cUbdB8nFh8Tfn7bZZQUmT/j2HQEtbgAPq74BDGh7YuAkx7+9Wfp3xIWw8g97DBirEKa+BTYiiEmfyWRZuDrWw3H6l7ngvQuZV4CbKZAsuqJvBFVOQWEJSutojvbWEVfmcisjnHpXr1IS7txF/U2sHtgC9/gNNQWmnPtBXxEI8v0aJmvUh5TolXc8vbKPu8hA6/KWHlfy1dRehluSjXwjRjz84Lpckm4xEZBDXDrT1KdG5kJwCeMREmYvM6Dm6my2J6wuxbgWkBq2OE8IbYbvaWsGfEoCaUEUi7+NoFw3TudSXgygXWbxiJdSPmcrQFixV4ptheuCaq2tQwZ6q2BSDcM51Jle9aod5+zsQQ97Y2sLyQ6LEeHGooHeg9MUFgby+plqGfm3A3YiD0a94HhHC41yP1yDKLiGdiI0iOop79IzJygVXl5Lu7rE9BtErkr6r6Wexk4pL+MPBiLOruB0OqRQrdwCLsrPPoBpdsCtt2Ylz/11XYCOmikxvBb4AJ5WDP0jQx1uqhzSCdz3RB+2wceiHYXeC3Ulu6xMylwvGX/XQL2++ijXqMnQmwDptp01u4hMgt2iawsAxAjXr9qLJgUmtxz8VdXUZl6PztO1fziPc90iP5/FZjlcWsJEqDKsTS+aIPmyamLRClf9b0ZbqD79paD7VNvPzPNdJnjoPV9bxmrx0+7vwnIl97NtgE+G0+GQQVpoeY7oYwYee1G+cUTfysPctcJ3mvy6FngzAAbWxLDarut7ty31gMtHDnaAvPv2HbMD1Yj6BkX4JmmIrFWMoDCrmCwwJpRWhpGDr4joRa6IIxROnNJ5iCe
Content-Type: multipart/alternative; boundary="_000_BY3PR08MB7060FEC30441B2AE814457FCF79B9BY3PR08MB7060namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY3PR08MB7060.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 80d9bd0c-d219-406f-79cb-08d9aaa8496b
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2021 15:30:01.0861 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qPOgM82y+2MPQVf7MbeCGFTfvCODPFMH3feVDLBnfs4nkgo3q8A4jP1EGn6IjywXY2AKGcSzL/qzFyAm5rZCeg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR08MB5976
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/JlrXZSG4Kv7F51QkHOS0Cic4PgI>
Subject: Re: [bess] draft-thubert-bess-secure-evpn-mac-signaling and RFC9047 ARP/ND extended community
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 15:30:09 -0000
Hi Pascal, 3: Sounds good. About the highly mobile host, I see what you are saying, although it might not be a real life issue: * The sequence number is 4 bytes, so 4,294,967,295 moves! * And the sequence number ‘should’ be reset if the MAC is flushed for some reason 4: No objection 😊 Thanks. Jorge From: Pascal Thubert (pthubert) <pthubert@cisco.com> Date: Monday, November 15, 2021 at 12:11 PM To: Rabadan, Jorge (Nokia - US/Mountain View) <jorge.rabadan@nokia.com>, draft-thubert-bess-secure-evpn-mac-signaling@ietf.org <draft-thubert-bess-secure-evpn-mac-signaling@ietf.org>, bess@ietf.org <bess@ietf.org> Subject: RE: draft-thubert-bess-secure-evpn-mac-signaling and RFC9047 ARP/ND extended community Hello Jorge Many thanks for all! 1 and 2: will do 3: Ideally we’d move both the flags and the ROVR hash to the ARP/ND community since it is really a proof of ownership (akin to identity as opposed to sequence number), and keep only the TID in the sequence counter. The idea is that when present the TID always wins vs a legacy sequence. On paper that’s not doable if the node is highly mobile and roams for a very very long time. I’m open t suggestion on the best thing to do. 4: very cool. Not that we can now register multicast addresses with https://www.ietf.org/archive/id/draft-thubert-6lo-multicast-registration-02.html. Would you agree to have a new M flag, that would serve as a MLD snooping replacement? Keep safe Pascal From: Rabadan, Jorge (Nokia - US/Mountain View) <jorge.rabadan@nokia.com> Sent: jeudi 11 novembre 2021 19:59 To: draft-thubert-bess-secure-evpn-mac-signaling@ietf.org; bess@ietf.org Subject: draft-thubert-bess-secure-evpn-mac-signaling and RFC9047 ARP/ND extended community Dear authors, As requested by Pascal, this is an email mostly to suggest the use of the ARP/ND ext community. Also some additional comments about this draft: 1. Minor one: the acronym that we are using in all the EVPN specs is “EVPN” and not “eVPN” – it seems the document is using both, it would be good to just use “EVPN”. 2. About this sentence – “Nevertheless, primary key of NRLI is still the IP/MAC/ESI combination” -> I think this is a mistake, the ESI is not part of the route key. The Ethernet Tag ID is, in addition to the MAC/IP and lengths. 3. As I suggested during the BESS session, the ARP/ND extended community might be a better fit for the some of the extensions, as opposed to the MAC mobility extended community. The ARP/ND extended community is defined in RFC9047. o One of the reasons why I think the ARP/ND is a better fit is because the MAC Mobility ext community is used also with MAC/IP routes with IP=0, whereas the ARP/ND ext community is only used in MAC/IP routes with non-zero IP. Many times, a leaf will advertise first a MAC/IP route with IP=0 and later a MAC/IP route with a non-zero IP, both for the same MAC. o An option could be to keep the TID+hash in the Mobility ext community sequence number, since from an EVPN perspective those two are really a sequence number, and move the rest of the flags defined in this document to the ARP/ND ext community. 4. Related to (3), the ARP/ND extended community already defines a way to signal that an IP->MAC binding belongs to an anycast IP (the O flag). Based on what I understood in your document, I think it would be ok to reuse that bit in your procedures, as opposed to define a new flag “A” Thank you. Jorge
- [bess] draft-thubert-bess-secure-evpn-mac-signali… Rabadan, Jorge (Nokia - US/Mountain View)
- Re: [bess] draft-thubert-bess-secure-evpn-mac-sig… Pascal Thubert (pthubert)
- Re: [bess] draft-thubert-bess-secure-evpn-mac-sig… Rabadan, Jorge (Nokia - US/Mountain View)
- [bess] FW: draft-thubert-bess-secure-evpn-mac-sig… Pascal Thubert (pthubert)