Re: [GROW] bmp rib-out pre-policy questions (was Re: I-D Action: draft-ietf-grow-bmp-adj-rib-out-02.txt)
"Tim Evens (tievens)" <tievens@cisco.com> Thu, 04 October 2018 23:42 UTC
Return-Path: <tievens@cisco.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E72E5130E85 for <grow@ietfa.amsl.com>; Thu, 4 Oct 2018 16:42:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.957
X-Spam-Level:
X-Spam-Status: No, score=-14.957 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3tqf7__wtVhK for <grow@ietfa.amsl.com>; Thu, 4 Oct 2018 16:42:36 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17B63129385 for <grow@ietf.org>; Thu, 4 Oct 2018 16:42:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5736; q=dns/txt; s=iport; t=1538696556; x=1539906156; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=LWA/d/rAxD4/RAy4wJzImAvlzdsnnXn5N2ukgkjc8Gg=; b=PtGWkseJX90vbCYg94uKtJJjwcELFQ3Ft5g7tDTl+Ns/6hLo3aTs6T2i Z00WYG/2pFdNnjmPs7nn9c4gIz42YpAswHQkx9RPkukK4JrMHzBhiZfBg d+AE0T9ORscKTGFA6g4GNOUBVb+WftVFCs8BEr08fGO74+++33Da1Ln/5 w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AJAADrpLZb/4gNJK1bGgEBAQEBAgEBAQEHAgEBAQGBUQUBAQEBCwGCBYFlKAqDaogVjCKBaJcCFIFmCwEBhGwCF4QOITQNDQEDAQECAQECbSiFOgYjEVUCAQgODAIRDgcCAgIwFRACBAESgyGCAqR3gS6KFIELiiEXgUE/gRInDBOBTn6EOUU4AgWCQjGCJgKdB1AJAokdhyEXj2uVOAIRFIElHTiBVXAVZQGCQYIlFxGOB2+LACuBAYEfAQE
X-IronPort-AV: E=Sophos;i="5.54,342,1534809600"; d="scan'208";a="180615356"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Oct 2018 23:42:35 +0000
Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id w94NgZrr023649 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 4 Oct 2018 23:42:35 GMT
Received: from xch-rcd-016.cisco.com (173.37.102.26) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 4 Oct 2018 18:42:34 -0500
Received: from xch-rcd-016.cisco.com ([173.37.102.26]) by XCH-RCD-016.cisco.com ([173.37.102.26]) with mapi id 15.00.1395.000; Thu, 4 Oct 2018 18:42:34 -0500
From: "Tim Evens (tievens)" <tievens@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>, "grow@ietf.org" <grow@ietf.org>
Thread-Topic: [GROW] bmp rib-out pre-policy questions (was Re: I-D Action: draft-ietf-grow-bmp-adj-rib-out-02.txt)
Thread-Index: AQHUXBpFTNTSi80US0aDzU3P3MtjAaUPnhyA
Date: Thu, 04 Oct 2018 23:42:34 +0000
Message-ID: <1B3512FE-1387-4281-9C03-489F4934B4D5@cisco.com>
References: <153721439877.24726.5815470155112450557@ietfa.amsl.com> <20181004194052.GF17157@pfrc.org>
In-Reply-To: <20181004194052.GF17157@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.19.26.166]
Content-Type: text/plain; charset="utf-8"
Content-ID: <49F70BFBFB37AA42ADE2844C2F4DC3AE@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.36.7.28, xch-aln-018.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/AIsTv-Fx0Crpv7im2nAbBgLvKgU>
Subject: Re: [GROW] bmp rib-out pre-policy questions (was Re: I-D Action: draft-ietf-grow-bmp-adj-rib-out-02.txt)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2018 23:42:39 -0000
On 10/4/18, 12:41 PM, "GROW on behalf of Jeffrey Haas" <grow-bounces@ietf.org on behalf of jhaas@pfrc.org> wrote: : Depending on BGP peering session type (IBGP, IBGP route reflector : client, EBGP) the candidate routes that make up the Pre-Policy Adj- : RIB-Out do not contain all local-rib routes. Pre-Policy Adj-RIB-Out : conveys only routes that are available based on the peering type. : Post-Policy represents the filtered/changed routes from the available The first one deals with the wording above. I suspect what is intended to be said is effectively that the route considered might not be a BGP route? <Tim> No, it's related to how some prefixes will be advertised while others will not, caused by peering type not egress policies. For example, IBGP excludes routes depending on reflector configuration. This text is trying to articulate to keep it simple and consider prefixes as candidates for Pre-Policy based on the peer configuration. If using RR-client, then include reflected routes, but if not, then don't include those in the pre-policy. Post-Policy is supposed to represent the egress policy filtered/modified NLRI's/attributes. This is to support policy assurance/validation (diff of pre vs post) If Adj-RIB-Out Pre-Policy included all local-rib candidate routes without regard to peering type, then a compare/diff of pre to post policy RIB's would render several routes missing, but are not missing/dropped by the egress policy. This leaves a gap in knowing why those routes are missing. Instead of trying to complicate it, the Adj-RIB-Out Pre-Policy should represent the routes that would actually be advertised sans an egress policy. In other words, the Adj-RIB-Out Pre-Policy is exactly what would be advertised had there been no egress policy applied. This is peer specific. I think this is motivated by the somewhat sloppy meaning of loc-rib in RFC 4271 with respect to non-BGP routes. Section 9.4 in there tries to clarify what happens when you want non-BGP information to be injected (redistribution), but the wording of the Decision Process largely restricts itself to discussing Adj-Ribs-In. This isn't a new issue, it generated a lot of noise during 4271's work in IDR. Where this leads to some interesting ambiguity, and will have impact also in the loc-rib doc (comments sent separately), is whether we're reporting on what systems typically consider the "active" route vs. the best bgp route. The second issue is distinct from the wording above, active or even best bgp route. I suspect that what is typically desired for telemetry purposes is "show me the 'before' view of the route that we're actually advertising in post-policy". This may be very distinct from active or best bgp in some scenarios. A few examples include: - best-external feature - add-paths <Tim> Adj-RIB-Out Pre-Policy should be the routes that would be advertised had there been no egress policy applied. The question of best, add-paths, ... shouldn’t change this as that would be based on the peering configuration. There are some folks that are having a hard time with understanding how we take peering configuration into account, but IMO, we (a) can get some of this via the OPEN messages in PEER UP and (b) consider configuration. No network (or system for that matter) is managed or monitored by a single method of collection. I fully expect and plan that we will be using netconf/restconf/gNMI/whatever to correlate configuration to operational state/monitored data via BMP, similar to ipfix. I do not believe we need to complicate BMP to include configuration as we have better means to obtain that. I consider the OPEN messages in PEER UP operational (not config) as they are a way for us to discover the session parameters and capabilities advertised. It is important that we do have a clear method to correlate the two datasets together. For example, BMP peer X == Configuration Peer X. -- Jeff
- [GROW] I-D Action: draft-ietf-grow-bmp-adj-rib-ou… internet-drafts
- [GROW] bmp rib-out pre-policy questions (was Re: … Jeffrey Haas
- Re: [GROW] bmp rib-out pre-policy questions (was … Tim Evens (tievens)
- Re: [GROW] bmp rib-out pre-policy questions (was … Jeffrey Haas
- Re: [GROW] bmp rib-out pre-policy questions (was … Zhuangshunwan