Re: [Idr] draft-wang-idr-vpn-routes-control-analysis (was Re: rd-orf problem clarification at the local level)
Jeffrey Haas <jhaas@pfrc.org> Thu, 25 February 2021 14:01 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4333A1A38; Thu, 25 Feb 2021 06:01:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPIcgcESKdjt; Thu, 25 Feb 2021 06:01:24 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 3383E3A1A37; Thu, 25 Feb 2021 06:01:23 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 1FDDE1E3D0; Thu, 25 Feb 2021 09:21:56 -0500 (EST)
Date: Thu, 25 Feb 2021 09:21:55 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: Aijun Wang <wangaj3@chinatelecom.cn>
Cc: 'Aijun Wang' <wangaijun@tsinghua.org.cn>, draft-wang-idr-rd-orf@ietf.org, idr@ietf.org
Message-ID: <20210225142155.GA27005@pfrc.org>
References: <FD5D3158-FA7D-4C57-932D-4A0A421621F3@chinatelecom.cn> <00d501d70906$f4625de0$dd2719a0$@tsinghua.org.cn> <20210224212137.GE18618@pfrc.org> <00a801d70b2b$cae5b530$60b11f90$@chinatelecom.cn>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <00a801d70b2b$cae5b530$60b11f90$@chinatelecom.cn>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/-02Fpo-Y5oUY3XrBmxa8KALRXeM>
Subject: Re: [Idr] draft-wang-idr-vpn-routes-control-analysis (was Re: rd-orf problem clarification at the local level)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 14:01:26 -0000
Aijun, On Thu, Feb 25, 2021 at 12:07:49PM +0800, Aijun Wang wrote: > > In the prior discussions, it was clear that remediation was trying to be > > done on a per-RD basis. The text in this draft seems to be a larger scope > > than that; perhaps per VPN (and thus route-target?). Is that your > > intention? > [WAJ] Yes. We are considering to add RT information to the current RD-ORF > semantic, to identify/control the "excessive routes" in more granular. Thanks for the clarification. That expands the scope of the original discussion, but might be helpful for the solution. > > For a route reflector, it would require that all possible receivers for a > > RD/RT have no interest in the routes, and that the source of the routes is > > clearly directional. BGP does not provide such a distribution graph. > > [WAJ] " all its downstream BGP peers can't or don't want to process it" > means RR receives the RD-ORF messages for the same set of VPN routes from > all of its clients. This can be achieved by RR For my point, consider a trivial case: PE1 --- RR --- PE2 PE2 is the source of the excess routes. PE1 is the impacted router. RR has only PE1 and PE2 as peers. By your current text, RR can only do something if PE1 and PE2 say they're not interested. It can be observed here that if we have exactly one peer left, we could signal to that one peer. I suspect your intent is to cover situations where you can distinguish PE routers from solely internal route distributuion infrastructure, such as route reflectors. So, using a slighly more interesting topology: PE1 --- RR1 --- RR2 --- PE2 PE2 is the source of the excess routes. PE1 is the impacted router. RR1 has only PE1 as a PE device. If PE1 signals to RR1 that it isn't interested in the offending routes, RR1 may propagate the filter. The issue here is that BGP does not specifically distinguish whether an attached BGP Speaker is a PE or not. The protocol doesn't help you make this determination. > > In a network using RT-Constrain without a default RT-Constrain route, such a >> graph potentially exists. > [WAJ] RT-Constrain can only express explicitly "what I want" and the > distributed graph. It can't express explicitly "what I don't want" now, also > the distribution-block graph. Is that right? That is correct. But consider the following example: PE3 | PE1 --- RR1 --- RR2 --- PE2 PE2 is the source of the excess routes for VPN RT-A. PE1 is the impacted router. RR1 has PE1 and PE3 as attached PE routers. All routers are configured to use RT-Constrain PE1 and PE2 source RT-Constrain routes for RT-A. PE3 does not. If PE1 signals to RR1 that it isn't interested in the offending routes, and that signal not only includes the offending RD, but also the matching RTs, RR1 can determine that there are no further interested receivers for that RD+RT and propagate that to RR2. RT-Constrain provides the ability to figure out what the interested receivers are for a VPN defined by a route-target. This provides a restricted subset of the attached routers for propagation purposes. -- Jeff
- [Idr] rd-orf problem clarification at the local l… Jeffrey Haas
- Re: [Idr] rd-orf problem clarification at the loc… Robert Raszuk
- Re: [Idr] rd-orf problem clarification at the loc… Aijun Wang
- Re: [Idr] rd-orf problem clarification at the loc… Aijun Wang
- Re: [Idr] rd-orf problem clarification at the loc… Jeffrey Haas
- [Idr] draft-wang-idr-vpn-routes-control-analysis … Jeffrey Haas
- Re: [Idr] rd-orf problem clarification at the loc… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Susan Hares
- Re: [Idr] draft-wang-idr-vpn-routes-control-analy… Aijun Wang