IETF Logo Mail Archive

Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03

Chris Bowers <cbowers@juniper.net> Mon, 16 November 2015 18:31 UTC

Return-Path: <cbowers@juniper.net>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D11BA1A86FA for <i2rs@ietfa.amsl.com>; Mon, 16 Nov 2015 10:31:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YEGpPIGsP3LM for <i2rs@ietfa.amsl.com>; Mon, 16 Nov 2015 10:31:12 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0758.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:758]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA0641A86F7 for <i2rs@ietf.org>; Mon, 16 Nov 2015 10:31:11 -0800 (PST)
Received: from BY2PR05MB614.namprd05.prod.outlook.com (10.141.218.148) by BY2PR05MB613.namprd05.prod.outlook.com (10.141.218.145) with Microsoft SMTP Server (TLS) id 15.1.318.15; Mon, 16 Nov 2015 18:30:51 +0000
Received: from BY2PR05MB614.namprd05.prod.outlook.com ([10.141.218.148]) by BY2PR05MB614.namprd05.prod.outlook.com ([10.141.218.148]) with mapi id 15.01.0318.003; Mon, 16 Nov 2015 18:30:51 +0000
From: Chris Bowers <cbowers@juniper.net>
To: Nitin Bahadur <nitin_bahadur@yahoo.com>, Mach Chen <mach.chen@huawei.com>, "i2rs@ietf.org" <i2rs@ietf.org>
Thread-Topic: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
Thread-Index: AQHRG1IjVu9gg5MiSU6fmCG9ahcIBp6XN3YAgAJ8vKCAAAAhwIAA2Y5QgANyyICAAPj1AIAAA0ug
Date: Mon, 16 Nov 2015 18:30:51 +0000
Message-ID: <BY2PR05MB614E1871E6378A0F953872AA91E0@BY2PR05MB614.namprd05.prod.outlook.com>
References: <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B6270BD@SZXEMA510-MBX.china.huawei.com> <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B6270E9@SZXEMA510-MBX.china.huawei.com> <BY2PR05MB6149CA1FCEEBFE234D4E1A3A9100@BY2PR05MB614.namprd05.prod.outlook.com> <F73A3CB31E8BE34FA1BBE3C8F0CB2AE28B64A99E@SZXEMA510-MBX.china.huawei.com> <D26F581B.3132B%nitin_bahadur@yahoo.com>
In-Reply-To: <D26F581B.3132B%nitin_bahadur@yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cbowers@juniper.net;
x-originating-ip: [66.129.239.14]
x-microsoft-exchange-diagnostics: 1; BY2PR05MB613; 5:FQqAkKpmL+Z9knOn161FZLkHWYcJrl93K4vyV5Q4hxFjkYmguJpAojIRIOuFdI18vQV9aefygyCg9B4srhVs13WNxGYvhNdzIv1JnO0dl2+hyc4o8GvzcBtw0LVOShCL47sHQIFVmL5rp4fnOrSWPA==; 24:f6A8BrNp4QACa0XIYwqKy8sQGciFzXabrXOzekPJmdKLNE55cWwYwjmN2x9pG7J2GQTC7PpathCW3cF13KE2rw5U0415LMHTyliNYk+w64M=; 20:sbGcqqrCQ8f/FpzYOAxGGD9werVeGmKjY3u5zz3mdnMw7hzFhddCP4xg33jjpR2rAcO2XWyw/39TMTRdGbGzGw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR05MB613;
x-microsoft-antispam-prvs: <BY2PR05MB61358E5CD195A16817A89FBA91E0@BY2PR05MB613.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(201166117486090)(138986009662008);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046); SRVR:BY2PR05MB613; BCL:0; PCL:0; RULEID:; SRVR:BY2PR05MB613;
x-forefront-prvs: 0762FFD075
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(479174004)(52604005)(52044002)(189002)(164054003)(31014005)(24454002)(13464003)(377454003)(51914003)(93886004)(586003)(5003600100002)(230783001)(76576001)(107886002)(189998001)(5001960100002)(50986999)(54356999)(5001770100001)(11100500001)(74316001)(76176999)(40100003)(33656002)(122556002)(86362001)(101416001)(5008740100001)(15975445007)(87936001)(2521001)(1720100001)(5004730100002)(81156007)(19580395003)(10400500002)(77096005)(97736004)(2900100001)(5007970100001)(19580405001)(2501003)(102836002)(66066001)(99286002)(106116001)(105586002)(2950100001)(106356001)(92566002)(5002640100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR05MB613; H:BY2PR05MB614.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2015 18:30:51.2223 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR05MB613
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/pH_Q010h7reKjWPDEB2Onk2SLW0>
Subject: Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2015 18:31:17 -0000

Nitin and Mach,

I think we are in agreement that VXLAN decapsulation should NOT be included in the rib-data-model.

I think we disagree about whether or not we should include VXLAN _encapsulation_ (which is currently included in the draft) as part of the rib data model.  To be clear, I do not think that either VXLAN  encapsulation or decapsulation should be part of the rib data model.  

I find it odd that the current data model provides the ability to configure encap, but not decap, for VXLAN.  This would require the user of the data model to configure VXLAN tunnel-encap  using one data model and vxlan-decap using another data model.   I think this is perhaps an indication that VXLAN encap does not belong in the RIB data model either.

Thanks,
Chris



-----Original Message-----
From: Nitin Bahadur [mailto:nitin_bahadur@yahoo.com] 
Sent: Monday, November 16, 2015 11:57 AM
To: Mach Chen <mach.chen@huawei.com>; Chris Bowers <cbowers@juniper.net>; i2rs@ietf.org
Subject: Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03


Chris,

   I agree with Mach¹s comment. To actually decap VxLan and do something intelligently, one needs something like a firewall rule. There is no routing protocol that provides rules on decap of VxLan packets. So the RIB in general does not contain this information in today¹s routers (AFAIK).

IMO, the content for this should go into http://tools.ietf.org/id/draft-kini-i2rs-fb-rib-info-model-02.txt

Thanks
Nitin

On 11/15/15, 7:05 PM, "Mach Chen" <mach.chen@huawei.com> wrote:

>Hi Chris,
>
>Much thanks for the detailed explanation!
>
>In my understanding, the I2RS intends to leverage the existing RIB 
>design. Regarding to tunnel decap, normally, the protocol number and 
>udp port belong to the protocol stack process, they are not parts of the rib.
>As for the VNI and VSI, since they are new, the implementations may be 
>different. But they may also not be necessary as part of a route to be 
>installed in the rib. They can just be decapsulated by the VxLan/NvGRE 
>protocol stack process and used as an identifier to find the next rib 
>(e.g., the MAC rib), and then perform another rib lookup. If I am 
>wrong, please correct me.
>
>Regarding to the suggestion to change tunnel-decap to tunnel-interface, 
>this will require not only to modify the current data model, but to 
>modify the info model that has already passed the WG last call. I hope 
>to hear the opinions of the WG.
>
>Best regards,
>Mach
>
>> -----Original Message-----
>> From: Chris Bowers [mailto:cbowers@juniper.net]
>> Sent: Sunday, November 15, 2015 12:38 AM
>> To: Mach Chen; Nitin Bahadur; i2rs@ietf.org
>> Subject: RE: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
>> 
>> Mach,
>> 
>> I may be overlooking something, but I don't see how one can use the 
>>elements  in the current data model to configure a router to 
>>decapsulate GRE, NVGRE or  VxLAN in the following scenario.
>> 
>> Assume we have 4 types of tunneled traffic arriving at the router 
>>with the same  source and destination IP address.  The decapsulated 
>>packets need to be  processed by 4  different rib-name-nexthops 
>>depending on information in the  encapsulation header.  In this 
>>example, the four different tunneled traffic  types are IP-in-IP, IP 
>>in GRE, and VxLAN encapsulated traffic with two different  VNIs, so 
>>the different packet headers look like this (only the relevant fields 
>>are
>> shown):
>> 
>> 1) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=4 , inner IP 
>>packet
>> 2) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=47, inner IP 
>>packet
>> 3) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=17, udp dest port= 
>>4789,  VNI=920, inner Ethernet frame
>> 4) ip src=1.1.1.1, ip dest=2.2.2.2,protocol number=17, udp dest port= 
>>4789,  VNI=921, inner Ethernet frame
>> 
>> There are a few ways that one might think about accomplishing 
>>decapsulation  of these packets into different rib-name-nexthops using 
>>the next-hop chaining  in the data model.  However, regardless of the 
>>particular choice of how to  chain next-hops and route matches, at 
>>some point one needs to be able to do a  route match based on IP 
>>protocol number to distinguish between IP in IP, GRE,  and UDP.  In 
>>addition, one needs to be able to match on UDP destination port  to 
>>distinguish VxLAN from other UDP traffic with the same src/dest 
>>address.
>> Finally one needs to be able to match on VNI in order to be able to 
>>demultiplex  the two streams of VxLAN traffic into different 
>>rib-name-nexthops.
>> 
>> I don't see that these values (IP protocol number, UDP dest port, or
>>VNI) are
>> currently included in the route match conditions in the model, so I 
>>don't see  how the current data model can be used to configure a 
>>router to distinguish  between these traffic types while performing 
>>decapsulation.
>> 
>> If the above analysis is correct, then one might consider adding 
>>additional route  match conditions to cover these decapsulation cases.  
>>However,  it may also  make sense to consider other approaches to 
>>modeling tunnels.
>> 
>> Thanks,
>> Chris
>> 
>> -----Original Message-----
>> From: Mach Chen [mailto:mach.chen@huawei.com]
>> Sent: Friday, November 13, 2015 3:37 AM
>> To: Chris Bowers <cbowers@juniper.net>; Nitin Bahadur 
>> <nitin_bahadur@yahoo.com>; i2rs@ietf.org
>> Subject: RE: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
>> 
>> Hi Chris,
>> 
>> Thanks for raising the issue and putting it on the I2RS wiki!
>> 
>> The current data model is aligned with the info model. Regarding the 
>>tunnel  encap and decap, the info model is defined as is.
>> 
>> Regarding GRE, NvGRE or VxLAN decapsulation, in my understanding, 
>>they are  actually IP tunnels, and the current model has already 
>>support
>>IPv4/IPv6 IP
>> tunnel decapsulation. Or maybe I missed something?
>> 
>> Best regards,
>> Mach
>> 
>> > From: Chris Bowers [mailto:cbowers@juniper.net]
>> > Sent: Thursday, November 12, 2015 11:28 AM
>> > To: Nitin Bahadur; i2rs@ietf.org; Mach Chen
>> > Subject: RE: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
>> >
>> > Nitin and Mach,
>> >
>> > Thanks for your responses. Jeff Haas suggested to me that we keep 
>> > track of issues for this on the I2RS wiki at:
>> >
>> > http://trac.tools.ietf.org/wg/i2rs/trac/wiki/IssuesRibDataModel
>> >
>> > So far, I posted one issue that I think needs more discussion.  I 
>> > copied it below.  Please feel free to edit the Wiki as part of the
>>discussion as
>> well.
>> > Issue 1: Should we define tunnel encapsulation and tunnel 
>> > decapsulation as next-hops in the RIB data model?
>> > The RIB data model can model some types of encapsulation and 
>> > decapsulation by treating encapsulation and decapsulation as 
>> > next-hops. For encapsulation, a route is paired with a 
>> > tunnel-encap-nexthop. For decapsulation, an initial route match 
>> > condition is paired with a next-hop chain which consists of a 
>> > tunnel-decap-nexthop and another nexthop such as rib-name-nexthop 
>> > or
>>an
>> egress-interface-nexthop.
>> > 1) It is not clear if this model for decapsulation supports all 
>> > useful encapsulation types. For example, it is not clear that the 
>> > route-match-types currently in
>> > draft-ietf-i2rs-rib-data-model-03 can be used to select traffic for 
>> > GRE, NVGRE, and VXLAN decapsulation.
>> > One could consider extending the route-match-types to include the 
>> > header information needed to identify other encapsulation types.
>> > However, this may also be a sign that the basic approach should be 
>> > re-evaluated.
>> > 2) Does treating tunnel-encap and tunnel-decap as next-hops result 
>> > in a data model that is easy to use for someone trying to program 
>> > network forwarding behavior? From the point-of-view of a user of 
>> > the data model, modeling tunnels as interfaces seems more useful. 
>> > Treating tunnel decapsulation as a type of ingress interface and 
>> > tunnel encapsulation as a type of egress interface would fit with 
>> > the current RIB model (which already has the concept of an 
>> > interface-route and an
>> > interface-nexthop.) And it would reduce the amount of next-hop 
>> > chaining that is required to make tunnels work compared to the 
>> > current
>> model.
>> > Thanks,
>> > Chris
>> >
>> >
>> > From: Nitin Bahadur [mailto:nitin_bahadur@yahoo.com]
>> > Sent: Monday, November 09, 2015 5:53 PM
>> > To: Chris Bowers <cbowers@juniper.net>; i2rs@ietf.org; Mach Chen 
>> > <mach.chen@huawei.com>
>> > Subject: Re: [i2rs] feedback on draft-ietf-i2rs-rib-data-model-03
>> >
>> > Hi Chris,
>> >
>> >       Thanks for spending time on the spec. Please see NB> below 
>> > for some of the issues you have raised.
>> >
>> > ------------------------
>> > The description of the nexthop-preference-def (see below) is 
>> > confusing.  First, I assume there is an error in the text since the 
>> > example of downloading primary/standby/tertiary nexthops to the FIB 
>> > should presumably select three nexthops, but the text refers to 
>> > selecting the two resolved nexthops with the highest preference .
>> >
>> > NB> That is a typo IMO.
>> >
>> > More fundamentally, this example seems to  imply that only two 
>> > next-hops will get downloaded to the FIB, whereas  one could 
>> > imagine an implementation that uses three, four, five or more 
>> > nexthops of different preferences.  If hardware supports more than 
>> > two next-hop preferences being installed in the FIB, then what is 
>> > the mechanism for the client to learn how many preference values 
>> > are supported?  This should all be made clearer in the text.
>> >
>> >     typedef nexthop-preference-def {
>> >        type uint8 {
>> >          range "1..99";
>> >        }
>> >        description
>> >          "Nexthop-preference is used for protection schemes.
>> >           It is an integer value between 1 and 99.  A lower
>> >           value indicates higher preference.  To download a
>> >           primary/standby/tertiary group to the FIB, the
>> >           nexthops that are resolved and have two highest
>> >           preferences are selected.";
>> >      }
>> >
>> > NB> Would something like this be preferable
>> > "To download N nexthops to the FIB, the N nexthops with the lowest 
>> > value are selected".
>> >
>> >
>> > ------------------------
>> > If I understand the yang syntax and semantics correctly, the "nh-add"
>> > RPC creates a nexthop in a given RIB that is not associated with 
>> > any match condition on a route.  I assume the intention is to 
>> > create a nexthop with a nexthop-id but not associated with any prefix that can
>> > then be referenced by multiple other route match conditions.   This
>> > seems like a reasonable thing to do.  However, I can see two 
>> > possible
>>issues
>> with this.
>> >
>> > The first issue is that the structure of the data model doesn't seem
>> > to not allow this.   "grouping route" uses "grouping route-prefix"
>> > next to "container next-hop".  It appears to me that as currently 
>> > written "container match" in  "grouping route-prefix" is a 
>> > mandatory node based on section 3.1 of RFC6020 , since the "mandatory"
>> > statements below choice/cases cascade up to the container.    So the
>> > current form of the "nh-add" RPC may not be consistent with the 
>> > data
>>model
>> as currently defined.
>> >
>> > The second issue is that creating a next-hop without an associated 
>> > match appears to differ from the RIB grammar defined in section 6 
>> > of draft-ietf-i2rs-rib-info-model-08. In the RIB info model, it 
>> > seems that the only way for a <nexthop> to appear is together with 
>> > a
>><match>.
>> >
>> >   <route> ::= <match> <nexthop>
>> >               [<route-attributes>]
>> >               [<route-vendor-attributes>]
>> >
>> >
>> > NB> I'm not sure if I agree with the creation of nexthop discrepancy.
>> > NB> A nexthop
>> > can be created independently and then in the <route>, you can 
>> > reference the relevant nexthop-id.
>> >
>> > <route> ::= <match> <nexthop>
>> >                   = <match> <nexthop-base>
>> >                   = <match> <NEXTHOP_ID>
>> >
>> >
>> > ------------------------
>> > Treating tunnel-decap as a type of next-hop doesn't make sense to me.
>> > I assume the desire to include tunnel-decap as well as tunnel-encap 
>> > is to have a usable stand-alone data model module which to deal 
>> > with some use cases without having to rely on another module that 
>> > defines tunnel-decap.  However, the result doesn't make sense.  I 
>> > think the most common scenario involving routers would be to 
>> > install a route on router A for prefix P whose nexthop is a tunnel-encap whose
>> > destination is router B.   One router B one would need to install a
>> > corresponding tunnel-decap whose source is router A.  The most 
>> > common scenario is then that router B does a normal route lookup on 
>> > the decapsulated packet independent of the interface it entered on.
>> >
>> > I don't see how this most common use case would be handled with the 
>> > tunnel-decap next-hop in this document.
>> >
>> > NB> On router B, <match> condition would be the incoming label and 
>> > NB> the
>> > "action" to be taken on that would be "decap" the MPLS label. And 
>> > you can chain that with <RIB_NAME> to say continue the route lookup 
>> > in say
>> "inet.0".
>> > The draft says, "RIB_NAME: A nexthop pointing to a RIB indicates 
>> > that the route
>> >       lookup needs to continue in the specified RIB."
>> >
>> > NB> Does that address your concern?
>> >
>> >
>> > Section 7.2.5. of draft-ietf-i2rs-rib-info-model-08 gives an 
>> > example usage for tunnel-decap where the tunnel-decap nexthop is 
>> > used to pop an MPLS label and send the traffic out an egress interface next-hop.
>> > This example is not the most common scenario. And if we want to 
>> > accomplish this scenario of  decapsulating and sending to a 
>> > particular nexthop, it makes more sense to treat tunnel-decap as a 
>> > route match condition similar to an interface-route in the existing data model.
>> > However, I think the model should be able to handle the more common 
>> > scenario described above when traffic needs to be decapsulated and
>>routed
>> based on a normal route lookup.
>> >
>> > Treating tunnel-decap as a next-hop type really makes no sense to me.
>> > I think this aspect of the model should be changed.
>> >
>> > NB> See above comment.
>> >
>> > Thanks
>> > Nitin

v2.23.0 | Report a Bug | By Email