Re: [Bier] draft-xie-bier-ipv6-mvpn question:

"Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net> Thu, 26 November 2020 15:06 UTC

Return-Path: <zzhang@juniper.net>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DED653A1363 for <bier@ietfa.amsl.com>; Thu, 26 Nov 2020 07:06:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=lKhy2bAE; dkim=pass (1024-bit key) header.d=juniper.net header.b=LmVf367W
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b9-xRcaesyLC for <bier@ietfa.amsl.com>; Thu, 26 Nov 2020 07:06:52 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05CDA3A1361 for <bier@ietf.org>; Thu, 26 Nov 2020 07:06:51 -0800 (PST)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0AQF0Rl5004657; Thu, 26 Nov 2020 07:06:42 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=bhNIoQkZK2KxVLoWGIF6m6vD3AqqoBpjjbH1m/ItLtY=; b=lKhy2bAECWRwSV3vM1lqgXk0diYCUl0W3TY3bFapGkap0Usz6pUn1uypDQh+5OoHXNSL /fD0qrSEp5mMz0d65uQLIZwbZO5u2iNy8aOb0nZXzSODxTnkEprUEE6XUq2y9HaKqzZC 7ViB74RRZZGvWHGEtH/5Dwt/CvUJ2ub2rG49Npxjb2xWOiRrX7OaOMzu+eQ5IMxyuMML nCGNCD7LErdLmfBMnFwugDRUyHRiToDF3k1/cHZVEJuLKATQadhcoQ/6/huEzv7RaK5G fRKgSSyvAZqjaX9+m0Z5kqAOwf2UO5mYPZY1Hm2fidQ5g3EghPbVGLG0tXf7vSJ3cKUX PQ==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2174.outbound.protection.outlook.com [104.47.56.174]) by mx0a-00273201.pphosted.com with ESMTP id 351s4bjd9f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Nov 2020 07:06:42 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CuVrsLjcF0k+hiYn1ehDrI/1rGqU9+wa0lcW9Y3CvMEINI1Had+XHM06rbE454QENEULZn/rB3aSWqloKg4U5R8LhmEnUf12jg2u2c5FAthxBk6OVOWAEf4zLaUzsAbHA/rZYJ2QzdwxXskYaunAYWrzHClE00F3pfZa8KtEiW3CRoJ5KZKNO10azjhY7PL7R6u5yj8cdnzcKzM1ayH/ypuxbg38RirFS/mqajbCpDQSfnsfWOc7X3R3Xd8l+ouFxI7zItiXrcDLd3wKGm3Qian5RKyN0erxier6OuotszQoUOHTCB2oAzSTnbtwurFVNrf5TLG0mtIBhjCRzmiDkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bhNIoQkZK2KxVLoWGIF6m6vD3AqqoBpjjbH1m/ItLtY=; b=CjPiB14bvAweva/UYV4pLQlL9LPes0SD3r4kAqNsKRhrFChvvyFBRz7fP4XfSMcW1Sg5vtSq1fDHPmpg9fbPy0PL+jquCVG2uTbx43+W1GeTJ8RsimrdgruJcI9RXFU2D9PoA2jEzECz5WZiMS0uxMjzqjt8xgxIpqQnLwuAOnU1e9tupYNrsyq1o7gIf1tU5sWzny2xzQMKlIi9/bJazByID50x2TFVkR2zh83MrGW/d/rW3BqoOOo7KYwT1Db2brn+Bp+lzDcCgQSvFxSYAa6jy5C1ApEfOXG4HQiHTPGpzXWNeUCdA1eA+IhfDB9V7JosVhxOo1PUOqa3/Rwjkg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bhNIoQkZK2KxVLoWGIF6m6vD3AqqoBpjjbH1m/ItLtY=; b=LmVf367W+DHs9s/harxHAPMTjwxv+VgeLj+KYw+mAOgTlpZYFPAPaslnjcUrxb6JZFW8grc/2GDhLmATeV0sz4R2gAPGBgRojHAOabIq0AXnPmaduzmkGmKx7UW2bxI/r3APAHDsCGKVXGmMVavq8MWdMpV5eyyei+Bl4tG6+ks=
Received: from MN2PR05MB5981.namprd05.prod.outlook.com (2603:10b6:208:c3::15) by MN2PR05MB6126.namprd05.prod.outlook.com (2603:10b6:208:d2::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.6; Thu, 26 Nov 2020 15:06:38 +0000
Received: from MN2PR05MB5981.namprd05.prod.outlook.com ([fe80::2cd5:f786:c003:42c6]) by MN2PR05MB5981.namprd05.prod.outlook.com ([fe80::2cd5:f786:c003:42c6%7]) with mapi id 15.20.3589.021; Thu, 26 Nov 2020 15:06:38 +0000
From: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
To: BIER WG <bier@ietf.org>, "Xiejingrong (Jingrong)" <xiejingrong@huawei.com>
Thread-Topic: draft-xie-bier-ipv6-mvpn question:
Thread-Index: AdZw6Yw4P4783jMOTziUSmhOVRVLCQWUiiOgAAktZIAAA2fmEA6Nih6w
Date: Thu, 26 Nov 2020 15:06:38 +0000
Message-ID: <MN2PR05MB5981EF6A7ED69253E66C0283D4F90@MN2PR05MB5981.namprd05.prod.outlook.com>
References: <MN2PR05MB59813797A2F540D696FD71C8D4260@MN2PR05MB5981.namprd05.prod.outlook.com> <5c3edd2a5a4444779e953542e5dfb720@huawei.com> <MN2PR05MB5981515FCA77F946376A20FCD4270@MN2PR05MB5981.namprd05.prod.outlook.com> <f3dbbb6691bd4b5d8c6993d3219383c3@huawei.com>
In-Reply-To: <f3dbbb6691bd4b5d8c6993d3219383c3@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=ffd65fb1-f44f-4e2b-a0b6-cdb8eba6a35e; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-11-23T14:23:22Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4;
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [71.248.165.31]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b211e577-1fd8-42c9-e818-08d8921cdff6
x-ms-traffictypediagnostic: MN2PR05MB6126:
x-microsoft-antispam-prvs: <MN2PR05MB6126F7E1E79ECECB368F9DF2D4F90@MN2PR05MB6126.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XdHHDTvamGKT6sXWexMc9liiASU8dO4oGYIANstYdvVB0MunCHBoLWg4S7Zv6ywKv0yJfFDDEoKyMflnpChBcN6CBQOgrLapMf/Dj8lZXHbWGhI6gCglZ+tpxsJ/VIbhA1+xyGlXi3JyEJ/stRYAxhsWGmUQOHLCt2n6+vEDEdyZFFp9HXdjOAuIUejW3lOPV+36NNrMOFOzO4EGghZN1FSTetAswrpOOFKu5tV+X0ozKaT9i1qXxWpKWvR+1MDhmpDSQcTQL5QoBUpxTE2iwnaE+ScLYeaRQjQv2E0oepb7nnVHOtULR0Aknj6ef8Tn8diTPWLKusjn/7cNXNbn0tlfiT65dqRdidBgOLcmkDSruBMo9S25syUuaDmoV1/z5RF+DJUihRStq0llLb6v+w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB5981.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(346002)(396003)(366004)(376002)(4743002)(186003)(110136005)(52536014)(8936002)(66446008)(83380400001)(64756008)(66946007)(6506007)(66556008)(66476007)(76116006)(53546011)(316002)(33656002)(71200400001)(86362001)(966005)(9686003)(478600001)(7696005)(8676002)(2906002)(5660300002)(26005)(55016002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?uzQi44y5qBB8rBLozfvw94Ec6HAbgNsOyea2hHFYyJ6MhRjxdxUpe51Xqntf?= =?us-ascii?Q?rf+vrLH94bdNBHgYKnJq/HQe/SyPqEJF0C+ZShF5k9ktMFQPl0KW7p5j5RxS?= =?us-ascii?Q?G0wkMsO+/W8cNfA3++T7vx/ddaQwZURgee+93huDj/K3YVmtJecu4h3qxemD?= =?us-ascii?Q?jVcwgWzjS8K/K4rMsUASeImO3UnWdZjlwXDLgGQln7w8/cqk7VwB2xKN0bTd?= =?us-ascii?Q?IxY+7w/dSedHFsPOZOn89vP9GtUNGtvxULJ8H8Mg95L1B4VQ48D3jsABp4nn?= =?us-ascii?Q?aCrctAUvVU9t4+JAfnyi9NZdMEJCEEBiOzHTLCCUqmfYkWHk9MKJc2PeB88b?= =?us-ascii?Q?DP20QbaxvixJpSoGRJptNC3CwphSBo+H9AZya3onNA1ut3SpU9sWnD/oUdtK?= =?us-ascii?Q?AyAIRSQcR4yPInINwgbK1zDsxeJOocySviFM+mKrGUSxBOdHFrJkUDsUvWD0?= =?us-ascii?Q?1sOjTIZdOh+wersdVyMVmmACbYeENeFb51RzhW7Jvi2iwi6JLKHgkIqdaNbC?= =?us-ascii?Q?UBFmsaa203be1NRddzfeTKc4CJpI8+zlF0UWchzbpftNWjflhDpkq6SdgrPP?= =?us-ascii?Q?9Srkjv/nEgsNuzMn9ESLkHLLFKbj1YF+QKBZ85mRx7Q/8O8xPeYYTSM9C2Z3?= =?us-ascii?Q?Fuk10bZ4okiZ+ygVvCYsUsm0n12vbEj69gyjH74uKmJbJodmtOelLlz6eJFp?= =?us-ascii?Q?82kT9j1GdKIhMFNZVt2CNpBP0qvw1e+UFB8quJzuKzhvBKOnbep+3oafztW7?= =?us-ascii?Q?KFufC4/EsxJtJzSz8rST2cMVaz98apPdzCCt1QzrRIvlW+ivnwdc9G4OgTim?= =?us-ascii?Q?fVXsH/WJGBgvVNlelSBqSiAB6odN9PKjEV74A0cPlZevuvL2y3yeMNo6KXUt?= =?us-ascii?Q?N00MRLSHpca7aX177KHaaSviYFMl8WkgPm4N3USo3upyOW6bGC5HcFFyEt2J?= =?us-ascii?Q?nHWor46y6tMfaMkFwTe51HaqBLZg2DRdjS9iG6x4nRw=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB5981.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b211e577-1fd8-42c9-e818-08d8921cdff6
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2020 15:06:38.6025 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: isHVbC6J186CIaaxVbXKUbHDENly3S4SLgkyDW5brxH2WlfhgdDWENF42hAx0HcKDl3FduXQM5N2U3NUNFTO1w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR05MB6126
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-26_05:2020-11-26, 2020-11-26 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 suspectscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 clxscore=1015 malwarescore=0 phishscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011260092
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/DJ471vm889XjaJc7CQ1eODRdxRk>
Subject: Re: [Bier] draft-xie-bier-ipv6-mvpn question:
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2020 15:06:54 -0000

Happy Thanksgiving (to those who celebrate this holiday)!
Now that my turkey is roasting in oven let me continue with the discussion.

-------

Reviving this old thread that I had with Jingrong on the BIER mailing list some time ago. I see that a new revision was posted recently, but it does not address the points below.

There are three main issues with BIERv6+MVPN solution. The last two below were already mentioned in the old thread.

1. On the egress, when you use the src address to do the lookup, you need a separate routing table, not the existing unicast table for it. I understand that one could argue that is ok. In addition, if a BFR in the middle somehow needs to send an ICMP back to the BFIR, would the src.DT4, src.DT6, src.DT46 in the original IPv6/BIER packet, now used as destination address of the ICMP packet, cause trouble on BFIR (would it be treated as a customer packet for the VPN)?
2. To address scaling problem described in draft-ietf-bess-mvpn-evpn-aggregation-label (and earlier in this thread), you have to use a common function/arg part in different source addresses, and when doing the lookup, you have to extract that function/arg part out to do the lookup (instead of using the whole address as in unicast case). Now that is not much different from using MPLS label (for service only, not for transportation).
3. In case segmentation is needed (which I believe will be quite common - when you have a large BIER domain with say thousands of BFERs), this draft does not provide a solution (yet).

For #3, with BIER-MPLS, when the segmentation point, which is a BFER in the upstream sub-domain, removes the BIER header, it'll see an MPLS service label for stitching  purpose - it swaps the label to a new service label associated with the PMSI, and impose a new BIER header for the downstream sub-domain (it's a BFIR in the downstream sub-domain). An alternative, which is not desired in my view, is not to use label stitching but do IP lookup in VRFs that is not needed in label stitching solution. This is discussed in https://tools.ietf.org/html/draft-zzhang-bess-mvpn-evpn-segmented-forwarding-00.

Now come back to BIERv6. When segmentation is needed, you'll either have to do IP lookup, or use the func/arg part of the source address to do "stitching", which is really just reinventing the MPLS wheel.

In summary, while BIERv6's BFIR->BFER encapsulation seemingly gives you parity with SRv6 based VPN solution, it actually deviates from SRv6 VPN unicast model significantly, and possible optimizations end up as reinventing the MPLS wheel.

I can understand that some operators want to move away from MPLS transport, but I still think MPLS based solutions for services are superior when it comes to multicast.

Having said that, I understand that there will be operators insisting on using SRv6 based MVPN/EVPN and BIERin6 still works with it nicely due to its clean layering. The BFIR puts on the SRv6 header, optionally with fragmentation and ESP, and then hand the IPv6 packets to BIER layer, which treats the IPv6 packets as BIER payload. In this model, the destination address is a well-known (either IANA assigned or operator configured) multicast locator plus the func/arg portion that identifies the l2/l3vpn - well aligned with unicast model.

Jeffrey

-----Original Message-----
From: Xiejingrong (Jingrong) <xiejingrong@huawei.com>
Sent: Thursday, September 10, 2020 8:40 AM
To: Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>et>; BIER WG <bier@ietf.org>
Subject: RE: draft-xie-bier-ipv6-mvpn question:

[External Email. Be cautious of content]


Hi Jeffrey,
Thanks for your response !
Please see below inline (stripped unneeded text) marked with [xjr2].

Thanks
Jingrong

-----Original Message-----
From: Jeffrey (Zhaohui) Zhang [mailto:zzhang@juniper.net]
Sent: Thursday, September 10, 2020 8:04 PM
To: Xiejingrong (Jingrong) <xiejingrong@huawei.com>om>; BIER WG <bier@ietf.org>
Subject: RE: draft-xie-bier-ipv6-mvpn question:

Jingrong,

Please see zzh> below.


Juniper Business Use Only

-----Original Message-----
From: Xiejingrong (Jingrong) <xiejingrong@huawei.com>
Sent: Thursday, September 10, 2020 3:41 AM
To: Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>et>; BIER WG <bier@ietf.org>
Subject: RE: draft-xie-bier-ipv6-mvpn question:

[External Email. Be cautious of content]


Hi Jeffrey,
Appreciate sincerely for raising discussions about the draft.
Please see my response inline below marked with [xjr]

Thanks
Jingrong

-----Original Message-----
From: Jeffrey (Zhaohui) Zhang [mailto:zzhang@juniper.net]
Sent: Thursday, September 10, 2020 4:36 AM
To: Xiejingrong (Jingrong) <xiejingrong@huawei.com>om>; BIER WG <bier@ietf.org>
Subject: draft-xie-bier-ipv6-mvpn question:


Zzh> While this draft is about MVPN (though you did talk about VNI below), there is no reason to have a different solution for EVPN, in which case every PE could be a BFIR.
[xjr2] OK. This draft has the same scaling problem surely, and DCB/VNI is particularly needed for such MP2MP model.

Zzh> Whether by signaling or by configuration, the key point is that the egress must carve out the same function portion of the source address for lookup. My understanding is that the locater/function/argument portions are not fixed.
[xjr2] Got it!

Besides, would you think it necessary to extend the "DCB label" to 24bit to cover the VNI length ?
Zzh> This is already covered in RFC8365:
[xjr2] Thanks ! Good to see the example exactly!

Can you elaborate the above scenario (BIERv6 packets unicast to BR and then replicated)? Is it a scenario that must be supported?
[xjr] The above scenario is covered in <draft-geng-bier-ipv6-inter-domain>, so it is not covered in this document, as this document mainly focuses on the "BGP-MVPN" protocol extension.
Zzh> If you're referring to the "peering" model in that draft, which is very controversy, it's better to not mention it here at all. That entire draft should be adequately discussed before other drafts start referring to it.
[xjr2] Got it!

When/where would the above two scenarios (non-segmented and segmented) be covered?
Zzh> I agree the BIFT construction is not the concern of this document - whether segmentation is used or not - and we don't even need to list BIFT construction as "out of scope" (this is referring to the non-segmentation case earlier).
[xjr2] Got it!

[xjr] Haven't considered segmented MVPN in detail yet, Will come back if I have any further thoughts.
Zzh> So the segmentation is not "out of the scope" (otherwise there is no complete solution) - it should be "for further study" or "provided in future revisions".
[xjr2] Good to learn the distinction of these terms in draft writing! Thanks!

Zzh> Thanks.
Zzh> Jeffrey

Thanks.
Jeffrey

Juniper Business Use Only

Juniper Business Use Only