Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06

"Black, David" <david.black@emc.com> Tue, 06 October 2015 16:44 UTC

Return-Path: <david.black@emc.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D0E11ACE0F; Tue, 6 Oct 2015 09:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P5Hzh1pC2PQT; Tue, 6 Oct 2015 09:44:52 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E574C1ACE25; Tue, 6 Oct 2015 09:44:51 -0700 (PDT)
Received: from maildlpprd03.lss.emc.com (maildlpprd03.lss.emc.com [10.253.24.35]) by mailuogwprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id t96GiZQp013633 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 6 Oct 2015 12:44:36 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com t96GiZQp013633
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1444149876; bh=yNHzJj0NnJzZygS5ctRKLXMBLs8=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=t/NyGV3PI5mwQCwaSX4MbRjbzD1K4Hw3zH65wh1MeqC7v7z6aYXof4FGuaT5u6Cos h0fkuh/MGBeDEq5LmF6KYknRvl1YDzmg0EFNQnCfvg/CWIfcYTLgIT4r18ZcwDJFWP 9hJxxc6r9YoevxfcCq+sEnA9EXmCaTHNw9mb+y3g=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com t96GiZQp013633
Received: from mailusrhubprd03.lss.emc.com (mailusrhubprd03.lss.emc.com [10.253.24.21]) by maildlpprd03.lss.emc.com (RSA Interceptor); Tue, 6 Oct 2015 12:44:19 -0400
Received: from mxhub03.corp.emc.com (mxhub03.corp.emc.com [10.254.141.105]) by mailusrhubprd03.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id t96GiKuJ012504 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO); Tue, 6 Oct 2015 12:44:20 -0400
Received: from MXHUB209.corp.emc.com (10.253.68.35) by mxhub03.corp.emc.com (10.254.141.105) with Microsoft SMTP Server (TLS) id 8.3.327.1; Tue, 6 Oct 2015 12:44:19 -0400
Received: from MX104CL02.corp.emc.com ([169.254.8.74]) by MXHUB209.corp.emc.com ([10.253.68.35]) with mapi id 14.03.0224.002; Tue, 6 Oct 2015 12:44:19 -0400
From: "Black, David" <david.black@emc.com>
To: Rob Shakir <rjs@rob.sh>, "as@cisco.com" <as@cisco.com>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "shraddha@juniper.net" <shraddha@juniper.net>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "lizhenbin@huawei.com" <lizhenbin@huawei.com>
Thread-Topic: Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
Thread-Index: AdD/xnlyIy25ziWfRACBnPhaH7xx5wApfIGAAAWtw0A=
Date: Tue, 06 Oct 2015 16:44:18 +0000
Message-ID: <CE03DB3D7B45C245BCA0D24327794936166B1447@MX104CL02.corp.emc.com>
References: <CE03DB3D7B45C245BCA0D24327794936166B079B@MX104CL02.corp.emc.com> <etPan.5613e757.1304c9b1.208@corretto.local>
In-Reply-To: <etPan.5613e757.1304c9b1.208@corretto.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.251.40.244]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd03.lss.emc.com
X-RSA-Classifications: public
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/8H5U3IQ5VwLimboCzZaMPE54vXA>
Cc: "ospf@ietf.org" <ospf@ietf.org>, "acee@cisco.com" <acee@cisco.com>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 16:44:54 -0000

Rob,

> Given that we are really selecting candidates from within a set of paths that
> have already been selected by OSPF as valid, and usable - then I’m not sure
> that I can understand the logic behind this sentence from your review: "There
> appears to be more than enough enabled by this draft to wreak serious
> operational havoc”.

Perhaps, I'm not understanding something, but I thought I saw an unreachability
problem in the example in Section 4.5/Figure 3:

- The following example of an explicitly routed policy:

      - Traffic from A nodes to I nodes must not go through R and T
      	nodes

    prevents the leftmost pair of A nodes from sending traffic to the
    I nodes.  Was this "black hole" intended as part of the example?

Was that a mistake, and at least one path from the leftmost pair of A nodes
to the I nodes will be selected despite that "explicitly routed policy"?

Thanks,
--David

> -----Original Message-----
> From: Rob Shakir [mailto:rjs@rob.sh]
> Sent: Tuesday, October 06, 2015 11:23 AM
> To: as@cisco.com; Black, David; bruno.decraene@orange.com; ops-dir@ietf.org;
> shraddha@juniper.net; General Area Review Team (gen-art@ietf.org)
> lizhenbin@huawei.com
> Cc: acee@cisco.com; Black, David; ospf@ietf.org; ietf@ietf.org
> Subject: Re: Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
> 
> Hi David,
> 
> On October 6, 2015 at 00:37:42, Black, David (david.black@emc.com) wrote:
> > > As an OPS-Dir member, I'm concerned by the above RFC 5706 answers,
> > and in particular treating all operational issues as vendor-
> > and/or
> > operator-specific. One possible alternative would be to scope
> > the
> > draft down to interoperably specify what's needed for LFA
> 
> I’ll quote this part of your mail, but respond to the general question around
> whether this draft should be tighter scoped (and the operational
> considerations of what one can do with the mechanism).
> 
> In general, this mechanism is meant to give ways for an operator to add their
> own logic on-top of the routing protocol selection of the OSPF protocol.
> Specifically, this is for the case where there are sets of paths that OSPF
> considers valid, but the operator has a particular preference for a particular
> subset to be included or excluded. To this end, the harm that one can do by
> preferring paths with a particular admin tag (or set of admin tags) on them is
> simply to select a subset of the paths that would have been used anwyay.
> 
> So, from the examples in the document, the admin tag lets one:
> 
> 	* Prefer a specific LFA from a set of valid LFAs. The operator has a
> business reason to prefer specific ones (e.g., OSPF metric is set based on
> bandwidth, but we want to minimise latency, or we only want to capacity plan
> for FRR between P nodes never transiting a PE). There are many different
> reasons that one might have this preference, and they will be different by
> operator - so, removing the ability of an operator to specify arbitrary tags
> will make this mechanism ineffective. Whilst there could be unintended
> consequences of preferring specific LFAs, actually there are probably worse
> consequences of NOT preferring particular LFAs, such as traffic going via a PE
> in another country such that latency is increased over all other LFAs. Bruno
> and Stephane from FT have given many examples of this in the LFA manageability
> drafts presented in RTGWG. The admin tag will never result in a new LFA that
> would never have been selected via the standardised mechanisms being selected
> - so, in my view, has little potential to cause new ‘harm’.
> 
> 	* Prefer a specific path from a set of paths. This is similar to the
> case above. No new candidate path is being added to the routes that could be
> used by the admin tag mechanism. It simply says that when a device that must
> select N ECMPs to install from M candiates (N < M), then the operator can
> influence which based on the admin tag. All are still valid ECMPs - so new
> risk is created. Again, selecting a particular subset of that M without any
> consideration may be more harmful than doing the operator-specific selection.
> Again, the logic of which are ‘OK’ PEs and which are not is something that is
> operator specific, and may only apply to a subset of applications using OSPF
> to select paths (an example of this is devices that do not scale well as MPLS-
> TE midpoints, but are OK for transit IP traffic - at this point, we may want
> to influence CSPF to stay away from them, but not IP - the fact that these
> devices are ‘not-OK-for-transit-MPLS-TE’ is not something that we can easily
> enumerate and standardise).
> 
> Given that we are really selecting candidates from within a set of paths that
> have already been selected by OSPF as valid, and usable - then I’m not sure
> that I can understand the logic behind this sentence from your review: "There
> appears to be more than enough enabled by this draft to wreak serious
> operational havoc”.
> 
> I strongly disagree with the idea that we should try and enumerate what the
> tags should be, rather than maintain the ability of an operator to add their
> own specific logic with these tags. This is what is done today with link
> affinity, or tags elsehwere in the IGP protocols.
> 
> Re-reading the draft, perhaps we need to clarify that this does not change the
> underlying SPF process that OSPF uses today - would this address your concern?
> 
> Regards,
> r.
> 
>