Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
Nitin Bahadur <nitin_bahadur@yahoo.com> Mon, 16 November 2015 17:56 UTC
Return-Path: <nitin_bahadur@yahoo.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E77EC1AC449 for <i2rs@ietfa.amsl.com>; Mon, 16 Nov 2015 09:56:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.237
X-Spam-Level:
X-Spam-Status: No, score=-2.237 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MALFORMED_FREEMAIL=1.047, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id taUHCOO7v6OC for <i2rs@ietfa.amsl.com>; Mon, 16 Nov 2015 09:56:43 -0800 (PST)
Received: from nm21-vm7.bullet.mail.gq1.yahoo.com (nm21-vm7.bullet.mail.gq1.yahoo.com [98.136.217.54]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 457111AC44D for <i2rs@ietf.org>; Mon, 16 Nov 2015 09:56:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1447696600; bh=w/VK4t8sxkNHqhKbNHNhXGpIR6CVRSAjvfY8sYeobMs=; h=Date:Subject:From:To:References:In-Reply-To:From:Subject; b=XXHBWWFstOFo8eYrykRy+liwjM8YOziuJo/9BdEL/NnZR1JKEyi7Sc8lAAZd7WUv9vvPls0j/Df7XT1GPRNENFcvWCcH5uiaHDT2IjPt8X8R69bYNYlRDfGloL6RLGWZCQcI7t14GoHfMrKGkHxKspPKtw6y7t9sN2obVcW/biP6SSJarleHLRD+DYSuZ9+6BN94lB4U6t89pzuBVR7dRPMuaMSSfsnETdd4XNDvsReLiuVuaTX3nHoNfxNmwHJ+qpfXtBOOI3nFnMDcuOK+idmjVIzPS6nba5gFq5bfVcpYAnVfiYgEVh3TbE19Fm4JhI+IA5xlconFHRGOk/Lwlg==
Received: from [98.137.12.191] by nm21.bullet.mail.gq1.yahoo.com with NNFMP; 16 Nov 2015 17:56:40 -0000
Received: from [98.136.164.74] by tm12.bullet.mail.gq1.yahoo.com with NNFMP; 16 Nov 2015 17:56:40 -0000
Received: from [127.0.0.1] by smtp236.mail.gq1.yahoo.com with NNFMP; 16 Nov 2015 17:56:40 -0000
X-Yahoo-Newman-Id: 870753.98892.bm@smtp236.mail.gq1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 1wt1434VM1kg4ge2dZMyqcxFcIXLizonWFHmKgG7fsRIcCc 3OXsHdfI2husJASyh8hjrXY1Ri3d3GAgPrFPevILsETx5TiBgtBtMaPiKrHC 7_U7nM8Mb5VIyhveowHJj5_oejAjgU0I2nSH.QfYEY2U5Yikg0_kn8DyOhDk MNs_ibcsrJobHcqMXB8ZLxe2UFaJ_TI5yFR2JOK5D3RCw3EkUCUpdb49JRAM FUtjPJmPHyCu6j9VgI0OkdqiOEgvbvxcwfiAGfsrLfYfmodiMoqiyd8SNlTH nGdz0IAXzaK.QVLsQ7NR58GPSIpEjcea.6Dm8fRbuzqF9UUF0slKAfzm.fvZ J1lqKLh8n8ncenln3BMCCytTqC3wiiEVzjEccHZeuRyPLphMDk5QomsBcfwF Au2PHCq1Cp79VImpViIbgLbSQ1Uwpg2.O2XFlJ0f023ApGRvukr8_8064pBl 826XlQklFS8TPD0JXG0VKUCL._VBbniEp0.CuGOAn6POmvQXEGLMeHSQC8FT 4FCYOXUxxAvur62OeiekL_SP64wWwkGyH_UKTNbg2
X-Yahoo-SMTP: jU6Na92swBBdqSRkLOL9Cp_LhHZgQAQoL10-
User-Agent: Microsoft-MacOutlook/14.4.4.140807
Date: Mon, 16 Nov 2015 09:56:34 -0800
From: Nitin Bahadur <nitin_bahadur@yahoo.com>
To: Mach Chen <mach.chen@huawei.com>, Chris Bowers <cbowers@juniper.net>, "i2rs@ietf.org" <i2rs@ietf.org>
Message-ID: <D26F581B.3132B%nitin_bahadur@yahoo.com>
Thread-Topic: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
References: <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B6270BD@SZXEMA510-MBX.china.huawei.com> <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B6270E9@SZXEMA510-MBX.china.huawei.com> <BY2PR05MB6149CA1FCEEBFE234D4E1A3A9100@BY2PR05MB614.namprd05.prod.outlook.com> <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B64A99E@SZXEMA510-MBX.china.huawei.com>
In-Reply-To: <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B64A99E@SZXEMA510-MBX.china.huawei.com>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/7LDUUn1RVHLppiFrSFdiOeXPauU>
Subject: Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2015 17:56:46 -0000
Chris, I agree with Mach¹s comment. To actually decap VxLan and do something intelligently, one needs something like a firewall rule. There is no routing protocol that provides rules on decap of VxLan packets. So the RIB in general does not contain this information in today¹s routers (AFAIK). IMO, the content for this should go into http://tools.ietf.org/id/draft-kini-i2rs-fb-rib-info-model-02.txt Thanks Nitin On 11/15/15, 7:05 PM, "Mach Chen" <mach.chen@huawei.com> wrote: >Hi Chris, > >Much thanks for the detailed explanation! > >In my understanding, the I2RS intends to leverage the existing RIB >design. Regarding to tunnel decap, normally, the protocol number and udp >port belong to the protocol stack process, they are not parts of the rib. >As for the VNI and VSI, since they are new, the implementations may be >different. But they may also not be necessary as part of a route to be >installed in the rib. They can just be decapsulated by the VxLan/NvGRE >protocol stack process and used as an identifier to find the next rib >(e.g., the MAC rib), and then perform another rib lookup. If I am wrong, >please correct me. > >Regarding to the suggestion to change tunnel-decap to tunnel-interface, >this will require not only to modify the current data model, but to >modify the info model that has already passed the WG last call. I hope to >hear the opinions of the WG. > >Best regards, >Mach > >> -----Original Message----- >> From: Chris Bowers [mailto:cbowers@juniper.net] >> Sent: Sunday, November 15, 2015 12:38 AM >> To: Mach Chen; Nitin Bahadur; i2rs@ietf.org >> Subject: RE: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03 >> >> Mach, >> >> I may be overlooking something, but I don't see how one can use the >>elements >> in the current data model to configure a router to decapsulate GRE, >>NVGRE or >> VxLAN in the following scenario. >> >> Assume we have 4 types of tunneled traffic arriving at the router with >>the same >> source and destination IP address. The decapsulated packets need to be >> processed by 4 different rib-name-nexthops depending on information in >>the >> encapsulation header. In this example, the four different tunneled >>traffic >> types are IP-in-IP, IP in GRE, and VxLAN encapsulated traffic with two >>different >> VNIs, so the different packet headers look like this (only the relevant >>fields are >> shown): >> >> 1) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=4 , inner IP packet >> 2) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=47, inner IP packet >> 3) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=17, udp dest port= >>4789, >> VNI=920, inner Ethernet frame >> 4) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=17, udp dest port= >>4789, >> VNI=921, inner Ethernet frame >> >> There are a few ways that one might think about accomplishing >>decapsulation >> of these packets into different rib-name-nexthops using the next-hop >>chaining >> in the data model. However, regardless of the particular choice of how >>to >> chain next-hops and route matches, at some point one needs to be able >>to do a >> route match based on IP protocol number to distinguish between IP in >>IP, GRE, >> and UDP. In addition, one needs to be able to match on UDP destination >>port >> to distinguish VxLAN from other UDP traffic with the same src/dest >>address. >> Finally one needs to be able to match on VNI in order to be able to >>demultiplex >> the two streams of VxLAN traffic into different rib-name-nexthops. >> >> I don't see that these values (IP protocol number, UDP dest port, or >>VNI) are >> currently included in the route match conditions in the model, so I >>don't see >> how the current data model can be used to configure a router to >>distinguish >> between these traffic types while performing decapsulation. >> >> If the above analysis is correct, then one might consider adding >>additional route >> match conditions to cover these decapsulation cases. However, it may >>also >> make sense to consider other approaches to modeling tunnels. >> >> Thanks, >> Chris >> >> -----Original Message----- >> From: Mach Chen [mailto:mach.chen@huawei.com] >> Sent: Friday, November 13, 2015 3:37 AM >> To: Chris Bowers <cbowers@juniper.net>; Nitin Bahadur >> <nitin_bahadur@yahoo.com>; i2rs@ietf.org >> Subject: RE: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03 >> >> Hi Chris, >> >> Thanks for raising the issue and putting it on the I2RS wiki! >> >> The current data model is aligned with the info model. Regarding the >>tunnel >> encap and decap, the info model is defined as is. >> >> Regarding GRE, NvGRE or VxLAN decapsulation, in my understanding, they >>are >> actually IP tunnels, and the current model has already support >>IPv4/IPv6 IP >> tunnel decapsulation. Or maybe I missed something? >> >> Best regards, >> Mach >> >> > From: Chris Bowers [mailto:cbowers@juniper.net] >> > Sent: Thursday, November 12, 2015 11:28 AM >> > To: Nitin Bahadur; i2rs@ietf.org; Mach Chen >> > Subject: RE: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03 >> > >> > Nitin and Mach, >> > >> > Thanks for your responses. Jeff Haas suggested to me that we keep >> > track of issues for this on the I2RS wiki at: >> > >> > http://trac.tools.ietf.org/wg/i2rs/trac/wiki/IssuesRibDataModel >> > >> > So far, I posted one issue that I think needs more discussion. I >> > copied it below. Please feel free to edit the Wiki as part of the >>discussion as >> well. >> > Issue 1: Should we define tunnel encapsulation and tunnel >> > decapsulation as next-hops in the RIB data model? >> > The RIB data model can model some types of encapsulation and >> > decapsulation by treating encapsulation and decapsulation as >> > next-hops. For encapsulation, a route is paired with a >> > tunnel-encap-nexthop. For decapsulation, an initial route match >> > condition is paired with a next-hop chain which consists of a >> > tunnel-decap-nexthop and another nexthop such as rib-name-nexthop or >>an >> egress-interface-nexthop. >> > 1) It is not clear if this model for decapsulation supports all useful >> > encapsulation types. For example, it is not clear that the >> > route-match-types currently in >> > draft-ietf-i2rs-rib-data-model-03 can be used to select traffic for >> > GRE, NVGRE, and VXLAN decapsulation. >> > One could consider extending the route-match-types to include the >> > header information needed to identify other encapsulation types. >> > However, this may also be a sign that the basic approach should be >> > re-evaluated. >> > 2) Does treating tunnel-encap and tunnel-decap as next-hops result in >> > a data model that is easy to use for someone trying to program network >> > forwarding behavior? From the point-of-view of a user of the data >> > model, modeling tunnels as interfaces seems more useful. Treating >> > tunnel decapsulation as a type of ingress interface and tunnel >> > encapsulation as a type of egress interface would fit with the current >> > RIB model (which already has the concept of an interface-route and an >> > interface-nexthop.) And it would reduce the amount of next-hop >> > chaining that is required to make tunnels work compared to the current >> model. >> > Thanks, >> > Chris >> > >> > >> > From: Nitin Bahadur [mailto:nitin_bahadur@yahoo.com] >> > Sent: Monday, November 09, 2015 5:53 PM >> > To: Chris Bowers <cbowers@juniper.net>; i2rs@ietf.org; Mach Chen >> > <mach.chen@huawei.com> >> > Subject: Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03 >> > >> > Hi Chris, >> > >> > Thanks for spending time on the spec. Please see NB> below for >> > some of the issues you have raised. >> > >> > ------------------------ >> > The description of the nexthop-preference-def (see below) is >> > confusing. First, I assume there is an error in the text since the >> > example of downloading primary/standby/tertiary nexthops to the FIB >> > should presumably select three nexthops, but the text refers to >> > selecting the two resolved nexthops with the highest preference . >> > >> > NB> That is a typo IMO. >> > >> > More fundamentally, this example seems to imply that only two >> > next-hops will get downloaded to the FIB, whereas one could imagine >> > an implementation that uses three, four, five or more nexthops of >> > different preferences. If hardware supports more than two next-hop >> > preferences being installed in the FIB, then what is the mechanism for >> > the client to learn how many preference values are supported? This >> > should all be made clearer in the text. >> > >> > typedef nexthop-preference-def { >> > type uint8 { >> > range "1..99"; >> > } >> > description >> > "Nexthop-preference is used for protection schemes. >> > It is an integer value between 1 and 99. A lower >> > value indicates higher preference. To download a >> > primary/standby/tertiary group to the FIB, the >> > nexthops that are resolved and have two highest >> > preferences are selected."; >> > } >> > >> > NB> Would something like this be preferable >> > "To download N nexthops to the FIB, the N nexthops with the lowest >> > value are selected". >> > >> > >> > ------------------------ >> > If I understand the yang syntax and semantics correctly, the "nh-add" >> > RPC creates a nexthop in a given RIB that is not associated with any >> > match condition on a route. I assume the intention is to create a >> > nexthop with a nexthop-id but not associated with any prefix that can >> > then be referenced by multiple other route match conditions. This >> > seems like a reasonable thing to do. However, I can see two possible >>issues >> with this. >> > >> > The first issue is that the structure of the data model doesn't seem >> > to not allow this. "grouping route" uses "grouping route-prefix" >> > next to "container next-hop". It appears to me that as currently >> > written "container match" in "grouping route-prefix" is a mandatory >> > node based on section 3.1 of RFC6020 , since the "mandatory" >> > statements below choice/cases cascade up to the container. So the >> > current form of the "nh-add" RPC may not be consistent with the data >>model >> as currently defined. >> > >> > The second issue is that creating a next-hop without an associated >> > match appears to differ from the RIB grammar defined in section 6 of >> > draft-ietf-i2rs-rib-info-model-08. In the RIB info model, it seems >> > that the only way for a <nexthop> to appear is together with a >><match>. >> > >> > <route> ::= <match> <nexthop> >> > [<route-attributes>] >> > [<route-vendor-attributes>] >> > >> > >> > NB> I'm not sure if I agree with the creation of nexthop discrepancy. >> > NB> A nexthop >> > can be created independently and then in the <route>, you can >> > reference the relevant nexthop-id. >> > >> > <route> ::= <match> <nexthop> >> > = <match> <nexthop-base> >> > = <match> <NEXTHOP_ID> >> > >> > >> > ------------------------ >> > Treating tunnel-decap as a type of next-hop doesn't make sense to me. >> > I assume the desire to include tunnel-decap as well as tunnel-encap is >> > to have a usable stand-alone data model module which to deal with some >> > use cases without having to rely on another module that defines >> > tunnel-decap. However, the result doesn't make sense. I think the >> > most common scenario involving routers would be to install a route on >> > router A for prefix P whose nexthop is a tunnel-encap whose >> > destination is router B. One router B one would need to install a >> > corresponding tunnel-decap whose source is router A. The most common >> > scenario is then that router B does a normal route lookup on the >> > decapsulated packet independent of the interface it entered on. >> > >> > I don't see how this most common use case would be handled with the >> > tunnel-decap next-hop in this document. >> > >> > NB> On router B, <match> condition would be the incoming label and the >> > "action" to be taken on that would be "decap" the MPLS label. And you >> > can chain that with <RIB_NAME> to say continue the route lookup in say >> "inet.0". >> > The draft says, "RIB_NAME: A nexthop pointing to a RIB indicates that >> > the route >> > lookup needs to continue in the specified RIB." >> > >> > NB> Does that address your concern? >> > >> > >> > Section 7.2.5. of draft-ietf-i2rs-rib-info-model-08 gives an example >> > usage for tunnel-decap where the tunnel-decap nexthop is used to pop >> > an MPLS label and send the traffic out an egress interface next-hop. >> > This example is not the most common scenario. And if we want to >> > accomplish this scenario of decapsulating and sending to a particular >> > nexthop, it makes more sense to treat tunnel-decap as a route match >> > condition similar to an interface-route in the existing data model. >> > However, I think the model should be able to handle the more common >> > scenario described above when traffic needs to be decapsulated and >>routed >> based on a normal route lookup. >> > >> > Treating tunnel-decap as a next-hop type really makes no sense to me. >> > I think this aspect of the model should be changed. >> > >> > NB> See above comment. >> > >> > Thanks >> > Nitin
- [i2rs] feedback on draft-ietf-i2rs-rib-data-model… Chris Bowers
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Nitin Bahadur
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Mach Chen
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Chris Bowers
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Mach Chen
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Chris Bowers
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Mach Chen
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Nitin Bahadur
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Chris Bowers
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Nitin Bahadur
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Manish Kumar (manishkr)
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Linda Dunbar
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Nitin Bahadur
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Jeffrey (Zhaohui) Zhang
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Mach Chen
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Alia Atlas
- Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-m… Mach Chen