[bess] Re: Questions about route selection in draft-ietf-bess-evpn-dpath-00
Jeffrey Haas <jhaas@pfrc.org> Sun, 23 June 2024 16:23 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4699EC14F602; Sun, 23 Jun 2024 09:23:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RIPrdE8DxyYa; Sun, 23 Jun 2024 09:23:08 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 47D02C14F693; Sun, 23 Jun 2024 09:23:08 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 8D1211E28C; Sun, 23 Jun 2024 12:23:07 -0400 (EDT)
Date: Sun, 23 Jun 2024 12:23:07 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Jorge Rabadan (Nokia)" <jorge.rabadan@nokia.com>
Message-ID: <20240623162307.GB21586@pfrc.org>
References: <171206184624.18356.7891001527073621519@ietfa.amsl.com> <20240425145537.GA12879@pfrc.org> <SA1PR08MB721526C32B8FDC49EFF57C13F7CE2@SA1PR08MB7215.namprd08.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <SA1PR08MB721526C32B8FDC49EFF57C13F7CE2@SA1PR08MB7215.namprd08.prod.outlook.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Message-ID-Hash: ZBXOTSHUEMR37YYFA44CLJQ3WBA5TR4X
X-Message-ID-Hash: ZBXOTSHUEMR37YYFA44CLJQ3WBA5TR4X
X-MailFrom: jhaas@slice.pfrc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-bess.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-bess-evpn-dpath@ietf.org" <draft-ietf-bess-evpn-dpath@ietf.org>, "bess@ietf.org" <bess@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [bess] Re: Questions about route selection in draft-ietf-bess-evpn-dpath-00
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/kxbQXa1S7JYFbiG0FvaYqhftxgA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Owner: <mailto:bess-owner@ietf.org>
List-Post: <mailto:bess@ietf.org>
List-Subscribe: <mailto:bess-join@ietf.org>
List-Unsubscribe: <mailto:bess-leave@ietf.org>
Jorge, I'm responding to the second part of the point since it covers my concern: On Tue, Jun 18, 2024 at 01:35:09PM +0000, Jorge Rabadan (Nokia) wrote: > > In section 4.1, the cited rules for route selection change are: > > > > : If none of the tie-breaking rules up to (and including) rule 5 > > : produces a single route, the router compares the D-PATH attribute in > > : the remaining candidate routes: > > : [...] > > A consequence of this second step is that the configured domain ID, when > > routes are redistributed between domains, becomes a "hard yank" to influence > > routes to pick a specific domain. [...] > > This is somewhat similar to taking BGP's BGP Identifier check at the *end* > > of the route selection process and moving it near to the top. I suspect > > this is not what you want. > [jorge] Yes, that’s the intend. Huh. Well, I'm glad I'm at least I'm understanding this. I suspect this is a Bad Idea. So, consider this flagging it as a concern that I'd suggest BESS discuss and that the AD's conciser in their review. Part of my motivation for discussing the BGP Identifier as a tie-breaker is that service providers are known to play games with this bit of BGP configuration in circumstances solely to try to capture traffic when route selection otherwise falls to this point of the Decision Process. For normal BGP, it's so low in the list that if it's a major concern, there are plenty of other ways to bias the traffic using route selection. However, as documented for EVPN IPVPN procedures, this means that in inter-provider scenarios you're encouraging people to play games with the values they use in order to bias route selection, and thus traffic. Unlike normal BGP, it's high enough that there's very little tooling to avoid this. As discussed in the prior mail, while the D-PATH values are "opaque" but have common configuration practice, that practice may not be enough to avoid such games. I understand that for this D-PATH feature that the providers should be "mutually cooperating" and thus this may be a trivial or even silly concern. But if it ever becomes competing providers, this becomes a conversation about money. > > Other issues: > > > > "numerically lower" isn't clear with respect to a domain-id, especially > > with regard to the ISF_SAFI_TYPE component of it. Is that used? > [jorge] no, it is not used. The text refers to the domain-ID which is excluding the ISF_SAFI_TYPE. But if you think it is not clear, we can add some text of course. > > Ignoring > > that, is the result the same as running C's memcmp() on the two six byte > > values? > [jorge] yes, that was the idea. We can clarify. It'd be helpful if you did. I'm glad I came to the appropriate conclusion as a semi-informed reader, but for these sorts of steps having the algorithm explicitly written out can remove doubt. > > As discussed in the context of the ipvpn interworking draft, changing route > > selection after the fact is messy and could in some cases lead to > > inconsistent selection within a network. However, for the route types that > > this procedure is recommended for, have you convinced yourselves that > > inconsistent selection is fine? Or will your recommendation be, similar to > > the ipvpn interworking draft, that the entire deployment must be upgraded to > > support the new procedure? > [jorge] we can add similar text with regards to upgrades if the WG thinks so, but this is a more constrained environment. There is no leaking into any family that facilitate the attribute escape, and the GWs only redistribute MAC/IP routes in the case of EVPN L2 ELAN, and AD per EVI routes in the case of EVPN VPWS. So I don’t think we as authors have any concern, but I agree with your points that we need to provide text warning the implementer about the potential consequences of inconsistent best path selection. Some explicit text would be appreciated. While escape isn't expected, we're partially having some of this review because escape has been observed from existing implementations. -- Jeff
- [bess] I-D Action: draft-ietf-bess-evpn-dpath-00.… internet-drafts
- [bess] Questions about route selection in draft-i… Jeffrey Haas
- [bess] Re: Questions about route selection in dra… Jorge Rabadan (Nokia)
- [bess] Re: Questions about route selection in dra… Jeffrey Haas
- [bess] Re: Questions about route selection in dra… Jorge Rabadan (Nokia)
- [bess] Re: Questions about route selection in dra… Jeffrey Haas
- [bess] Re: Questions about route selection in dra… Jorge Rabadan (Nokia)
- [bess] Re: Questions about route selection in dra… Jeffrey Haas
- [bess] Re: Questions about route selection in dra… Jorge Rabadan (Nokia)