[Idr] Re: draft-ietf-idr-flowspec-redirect-ip-04 - Shepherd's review prior to WG LC
Susan Hares <shares@ndzh.com> Fri, 31 October 2025 13:40 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: idr@mail2.ietf.org
Delivered-To: idr@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 47F3B7F81F97 for <idr@mail2.ietf.org>; Fri, 31 Oct 2025 06:40:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lW-iZxM2vCye for <idr@mail2.ietf.org>; Fri, 31 Oct 2025 06:40:49 -0700 (PDT)
Received: from DM1PR04CU001.outbound.protection.outlook.com (mail-centralusazhn15010019.outbound.protection.outlook.com [52.102.139.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 479F77F81F65 for <idr@ietf.org>; Fri, 31 Oct 2025 06:40:49 -0700 (PDT)
Received: from SJ0PR03CA0289.namprd03.prod.outlook.com (2603:10b6:a03:39e::24) by MN2PR08MB6397.namprd08.prod.outlook.com (2603:10b6:208:1aa::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9298.6; Fri, 31 Oct 2025 13:40:45 +0000
Received: from SJ5PEPF00000209.namprd05.prod.outlook.com (2603:10b6:a03:39e:cafe::f6) by SJ0PR03CA0289.outlook.office365.com (2603:10b6:a03:39e::24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9275.14 via Frontend Transport; Fri, 31 Oct 2025 13:40:24 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.93.1.73) smtp.mailfrom=ndzh.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=ndzh.com;
Received-SPF: Pass (protection.outlook.com: domain of ndzh.com designates 40.93.1.73 as permitted sender) receiver=protection.outlook.com; client-ip=40.93.1.73; helo=SJ0PR08CU001.outbound.protection.outlook.com; pr=C
Received: from us-west-2d.obx-outbound.inkyphishfence.com (44.224.15.38) by SJ5PEPF00000209.mail.protection.outlook.com (10.167.244.42) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9275.10 via Frontend Transport; Fri, 31 Oct 2025 13:40:44 +0000
Received: from SJ0PR08CU001.outbound.protection.outlook.com (mail-sj0pr08cu00101.outbound.protection.outlook.com [40.93.1.73]) by obx-inbound.inkyphishfence.com (Postfix) with ESMTPS id 71BB698B54; Fri, 31 Oct 2025 13:40:43 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=R6pV1z4EgFM6gEoc7yj9jWNC+SVU9d4tCG6q6t/AGHrsmAskG5SO5zoJQQ+g+NiRY62YSw0zO8pe4IfmxOjAEB8QzK+qTzdfCEEc9pUK13vABT3t7GSGJHiBtBV6M1iH0Wg9eP+C5wTBq4zAkgh4cDZ4+qotArhY2GwHHMzCo3ic+or1IxRXKf68RKvj3s014R1F61j8NDsYkRyVZpK//DDlb/yc2PjkzVIsGzM+yWWEaYFqTkFwyNUeUDilMX+oUucmBzZM4xgBY3w5uH510RD9dnwuvuvGaGrHDsaW5lOqd0X1f4iXt0fzxyS4GSJp70TRaZsWn9+M8nk1zUGKsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7DxwORp2W/OXFvZ0crng/1N73omV/nRmQOVfOi/cHc8=; b=sw6HazJ9y92MNEG8Wyf+6huddss0UeNJu8+x1U6y9rs13Ifpn1BxEX8owoVVJ0vOTJFQydkzPHM9My8wjbjm3Oxss6LidcwOyAi+f1guI2P30Qr8Ju8vK8aUzc8GfPFRZbMJn33bo63qlvuknRpsEO4OS9pYWMu55w/tD5GhhCWGqivV/kWV4Szp6SmZcNLjt93R/eL7EwESdsty1uD2yjjTnYKNXOy/5kKeuIpAbK8TKRDHj5EgRP+0nCBoLb3ko1+YW0ZR5qk07tcq8u5HTRX5PxfN4ikqhNIWkR1crAPhn950AcER8nya9+Os7zF0yu4hbcAZgo5SYFJoWiimDA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ndzh.com; dmarc=pass action=none header.from=ndzh.com; dkim=pass header.d=ndzh.com; arc=none
Received: from DM8PR08MB7413.namprd08.prod.outlook.com (2603:10b6:8:a::9) by BN0PR08MB7373.namprd08.prod.outlook.com (2603:10b6:408:166::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.15; Fri, 31 Oct 2025 13:40:35 +0000
Received: from DM8PR08MB7413.namprd08.prod.outlook.com ([fe80::8a0:8971:98a2:37e5]) by DM8PR08MB7413.namprd08.prod.outlook.com ([fe80::8a0:8971:98a2:37e5%5]) with mapi id 15.20.9275.013; Fri, 31 Oct 2025 13:40:35 +0000
From: Susan Hares <shares@ndzh.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Thread-Topic: draft-ietf-idr-flowspec-redirect-ip-04 - Shepherd's review prior to WG LC
Thread-Index: AdxBx69zxGdHcrcATSanobFeKrpkaQIEwheAACPrqAA=
Date: Fri, 31 Oct 2025 13:40:35 +0000
Message-ID: <DM8PR08MB741353FDEA7235E9CA3F5CF8B3F8A@DM8PR08MB7413.namprd08.prod.outlook.com>
References: <DM8PR08MB7413A3AACE9FA36893437495B3F5A@DM8PR08MB7413.namprd08.prod.outlook.com> <E8B330D7-EF49-492D-B5C0-3B9A3D46889F@pfrc.org>
In-Reply-To: <E8B330D7-EF49-492D-B5C0-3B9A3D46889F@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ndzh.com;
x-ms-traffictypediagnostic: DM8PR08MB7413:EE_|BN0PR08MB7373:EE_|SJ5PEPF00000209:EE_|MN2PR08MB6397:EE_
X-MS-Office365-Filtering-Correlation-Id: 053b1d39-5f2f-4673-4183-08de18831779
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;ARA:13230040|376014|19092799006|1800799024|10070799003|366016|38070700021|13003099007|8096899003|7053199007;
X-Microsoft-Antispam-Message-Info-Original: 7FThCJPeT31Xz9Ufli0Buoxi7XsYRq9UMZLN0VmkUu8ro4X6wEbTiJd+s5hsd5M0jIFOX1YUjTyqqLrE1P/kyJ64sNDyj73XwUtmfxyZGoJwSHfnvl5eHYKFVv+tHuaKBbZno6wJeQxZmmuqtBWLDhOkavlvPGbH2V+IeA8SoIxbd3gBC4hR5IVNn/ShymzWSwT4+xfmbS3Ejz10rNlEG/ICmUbC5/FV8LijQPgVH9ADZ98Kblj/HQMQQkRS6bPomJFyi0xxoXaYmctfM9cxPJUMDiXlZyWh4LC8qsfbjTlFv7WwFWRY8VNKX3RZCkoyTRjRg/gYH8L2iz9aKJ6pveFgEe2rjC66U+hdGBwdNuEvtKVlZ7mYJcZ9xXagFSXgDLvsrCElbLK8bjTtgT9DtL2p0EjR6i5cbFfTt3fBKFrC6pKkL//mTuo9JC6i67uh7g7yW+KY8EZerJzO89bgU/FX7XzehfvpOaZkEhU0xKMOqefYdWKwbuhl83BT/cVuQidkIWNICjm+JgnW1Wb5FIM4a6G/PjoYWlt+yfN+GFNiSl35I9AbPSND8Qsz7B8ZKDMv9zjNgkTgBmDBxeNjA/IxvlWmNY2p1chilv8T5zAvoNWwXFpDJF7WE37ObYLYDIU3dUMCxNy2V/YpFRs218CciuiORLDvJJuTMTD1YjhlqDUzS4OtrG/H1tqZbR/24OQOkXScaHV354Ipyz4qjRGvcg0hBN13oHgD2cCfSqw460P47Avlua2No/H6+Rs5ZgV5Xl5wkH78jOirz00YSa+dmZroXJLc3GAJyHhkdY/r4NbGn8BOOxpHTU7mTjBJx0EgQDv91TOjeybm0i86ifxZUHWGdHSdKL7VI/ys/zRbwq8tirf74wIF3D9Kyux3kbANdBSZiLPyqVM2tCqlV9+qw8vKu9hBEySMdqRdEkH36AO4tvqa9Zcf/0Z0SvLnorJbkZgxIDIk7cPbgO6wkQOBay/V+cTIKLYY4VGlc+/cqvwl3w0w6t5vcwqXwWK4hmXAy6hwKc75hPcQ8/McUhuSPhzlqFX4VnlLoaPtL9Ml38Yijy22nIMZIuxOKTCyD9ylNAHMmFnvS989zRhog6wM5z9HlbVjrOA0WAC30XiIk1moTLN4DdjQe0rgnhgW2mg/mf2OPfxB/IB5BkJ7Gp+/29IGdsw4KK12FE2Mez6cP/RJ5fiwBfQEV47QC9MUaUAOLhGgzA8d+ecX+dkFmZE3mFt7+fk3xUVM+Z2iJoS6mXJ+Cet2ngI24iO1gi33dqFkZPiXmjtz3g8JYhAxgFf3Tm9kDT76LK3eGr1HMrf62XG2GxiPMU9X8dKlASbgexFwX5sXIB1ieDcJpeySr9xzlIj0HPV7i8OHNLXEyYbWtbkPxIMibKydVJI236T+iZ9d8rSvX6rydqfRFy0L8N2uugvw9pUVlW8kn5Q1gzSSU7DABM0gg9vE0Qlxy1rwx/Qe5qR2MOyDavo/KK5TrKxRcci/T8kZVknO2+jXXaQA31rc0pV5fPVAX8ntRfkw
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM8PR08MB7413.namprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(19092799006)(1800799024)(10070799003)(366016)(38070700021)(13003099007)(8096899003)(7053199007);DIR:OUT;SFP:1102;
Content-Type: multipart/alternative; boundary="_000_DM8PR08MB741353FDEA7235E9CA3F5CF8B3F8ADM8PR08MB7413namp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR08MB7373
ARC-Seal: i=2; cv=pass; a=rsa-sha256; d=inkyphishfence.com; s=arc-20181011; t=1761918044; b=fg7fSLzk2xY3iTthIlwvuC34IyBNRnQrAicJev6t4FNb7SJjNrCnntIzn5saO0jQJ59Nd qMJoYfyPetrcb8r3IAU33sYJJGwkYUUVsgbczE2wwAdBU+eAK590uaAwAVX2rnLoET7MRBg YDOQHM2BJiQR+d4dNy0+BSvjMaQvtLo=
Authentication-Results-Original: obx-inbound.inkyphishfence.com; spf=pass smtp.mailfrom=ndzh.com; dmarc=pass header.from=ndzh.com; dkim=pass header.d=ndzh.com; arc=pass
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=inkyphishfence.com; s=arc-20181011; t=1761918044; h=mime-version : message-id : date : subject : to : from; bh=xlHWZ+cWet2ZZunDQu8oQAaX/0hxzKGWtVWIrKYQqCo=; b=wuKgvzCUiBmCauJzCJemiIz/t01Kg+LXv6F3ECYbZ0y47MXOx5buuAl+oatZujvdTP2GK OgCwmF1qvD8wbk6TuXFvDElN0ALWZQ0mBaAxGoD3ThAKE2ROFugOaTv1TrDwbAaXRUCcQfp JKgoTYuJ6/mJrFJCFWAcVgKPfCj4mJg=
ARC-Authentication-Results: i=2; obx-inbound.inkyphishfence.com; spf=pass smtp.mailfrom=ndzh.com; dmarc=pass header.from=ndzh.com; dkim=pass header.d=ndzh.com; arc=pass
X-Inky-Outbound-Processed: True
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender: ip=[40.93.1.73];domain=SJ0PR08CU001.outbound.protection.outlook.com
X-MS-Exchange-ExternalOriginalInternetSender: ip=[40.93.1.73];domain=SJ0PR08CU001.outbound.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: SJ5PEPF00000209.namprd05.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 52701793-584a-4cc5-d66c-08de188311f8
X-IPW-GroupMember: False
X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|19092799006|14060799003|1800799024|82310400026|36860700013|156008|35042699022|13003099007|8096899003|7053199007|11100799054;
X-Microsoft-Antispam-Message-Info: GpiwBpqfcPPS4lYec5h0G0EFNqdznv8Y7V7wQflem7hEafX5woWqfIpuuIMpuw2lq8XkmjDJ171w0X0PvB5OYm5YEEtyDRL5Lcy1m+FJkm7nIk233p4SVjcjbC47vOyHFkf0ual7UMlSCMS3Tswb7ZGiJg02G8APbOwZSsYvOVbyTKuyS2aa+Qf+90OCmnf2RruV39KJ/dGz4rGUkKPsd8HAwVGR8rto8hfaZF84rrjE24MC1B5+wt1tEd36ZV7KHDdViu56O70RjexSNhUj7I4lYk0OFUfUDoL3zrjvBkhNcqQ3uQ1BtYusYf1OTkNtJztks5RcNXIdutc4cmY4tfpFjtFCetTXnjiO6iOOqaZCG2NW8kExvvNpl/gLo7hIE0vB7Mbua8TxG6hfv2MUfmHRmtpAlHlFWnYyYt7THdelu8X0xuhf+t5mNbhrIJ7h+4xl3aAwwzypTHDH2C3qZ8z+JmnXOvPQ+ExGNEc/9zyQZUzlxDmTI21gb5kYu4IRcuJgmQo9f8FrqD7/OVZlmL944uG0S2SdpUsPBEUNGiWsc1GOCIrfI8VZuKJgjn85vkWEUzP1m8RbONhQ2jKlJ80zfKoT/+2bvjYntR0CgnaVsVOhGs3sPc5bfI/+mCIBX9yGB2CZacJK0wOiHUQ8qIdpr9P0byc1mEAit64spJ7rSEK8xoOZb9wCzMpKSlRM6CdGFauRzcDrPSDCccx0Co2CcpOaZcc+CNSxUHiOMpOJsJD24N0yutnt6rCFwdkgWooO1lq3r0c1dFMs7YcslFumHtvWZaIyZcNVqEGqj+c=
X-Forefront-Antispam-Report: CIP:44.224.15.38;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR08CU001.outbound.protection.outlook.com;PTR:mail-sj0pr08cu00101.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(376014)(19092799006)(14060799003)(1800799024)(82310400026)(36860700013)(156008)(35042699022)(13003099007)(8096899003)(7053199007)(11100799054);DIR:OUT;SFP:1501;
X-OriginatorOrg: ndzh.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Oct 2025 13:40:44.5970 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 053b1d39-5f2f-4673-4183-08de18831779
X-MS-Exchange-CrossTenant-Id: d6c573f1-34ce-4e5a-8411-94cc752db3e5
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d6c573f1-34ce-4e5a-8411-94cc752db3e5;Ip=[44.224.15.38];Helo=[us-west-2d.obx-outbound.inkyphishfence.com]
X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF00000209.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR08MB6397
Message-ID-Hash: LN7356WRWNKIP3CPFPVEWS4372DI4QLP
X-Message-ID-Hash: LN7356WRWNKIP3CPFPVEWS4372DI4QLP
X-MailFrom: shares@ndzh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-idr.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: idr <idr@ietf.org>, "wim.henderickx@gmail.com" <wim.henderickx@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Idr] Re: draft-ietf-idr-flowspec-redirect-ip-04 - Shepherd's review prior to WG LC
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/-4RJ9iiMcg9bsvRVfJ5xkNTcffI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>
Jeff: Thank you for the examples. 1. The statement: “If the BGP speaker is not capable of redirecting and copying the same packet, it SHOULD ignore the extended communities with C=0. “ I suggest that this statement could be improved with a parenthetical “(that is, only redirect the copy).” 2. The set of examples you gave were complete and useful. However, I was looking for an example with a mixture of the C=0 and C=1 in the extended communities. Could you please send these to the list? 3. Nokia’s implementation notes (either in the IDR wiki or the text) are necessary to really support 2 implementations of this draft. Cheerily, Sue From: Jeffrey Haas <jhaas@pfrc.org> Sent: Thursday, October 30, 2025 4:21 PM To: Susan Hares <shares@ndzh.com> Cc: idr <idr@ietf.org>; wim.henderickx@gmail.com; adam.1.simpson@nokia.com Subject: Re: draft-ietf-idr-flowspec-redirect-ip-04 - Shepherd's review prior to WG LC Sue, > On Oct 20, 2025, at 10:03 AM, Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>> wrote: > > Greetings Jeff, Wim, and Adam: > > The Flow-Specification V1 action described in > draft-ief-idr-f External (jhaas@pfrc.org<mailto:jhaas@pfrc.org>) Report This Email<removed-link> On Oct 20, 2025, at 10:03 AM, Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>> wrote: > > Greetings Jeff, Wim, and Adam: > > The Flow-Specification V1 action described in > draft-ief-idr-flowspec-redirect-ip-04 > (https://datatracker.ietf.org/doc/draft-ietf-idr-flowspec-redirect-ip/<https://shared.outlook.inky.com/link?domain=datatracker.ietf.org&t=h.eJw9zk0OgyAQhuGrNKyr_CigrrzKZIBqtUIGmiZtevfKptvny7yZD3vSzqYLW0pJeeLcQYFCgJundvUltJFu3EXkjiCUplKzOmrCHl85eWzIu5U8nlPi7HphW60dvpx3UujBjFLxvAD5PB_uvbQYH3xUqgfZKYudxl4LtNpYpSw4EdAawaU1ctAnilbK0Vira9rX9H0ByHMKhPW1yq7yH74_Z7pAhw.MEUCIQDWpql5IjKUbT08lZ_xS3XScOW0YVhKHjRvf_tnUH73sQIgPmirf8na9Nb9Fof2aR3xO9QULZsAUww2kymPn_YD63s>) > is an old draft. It is reported to have many implementations > (juniper, Cisco, Huawei). > > This is a shepherd’s review of draft-ietf-idr-flowspec-redirect-ip-04.txt prior to WG LC. > > I have three high-level questions. > > 1) Is the “C=0” correct in the following paragraph in section 2.2? > > If a BGP speaker receives a flow-spec route with multiple "redirect- > to-IP" extended communities and this route represents the one and > only best path, it SHOULD load-share the redirected/copied packets > across all the "target addresses" according to its ECMP > configuration. If the BGP speaker is not capable of redirecting and > copying the same packet it SHOULD ignore the extended communities > with C=0. If the BGP speaker is not capable of redirecting/copying a > packet towards multiple "target addresses" it SHOULD > deterministically select one "target address" and ignore the others. > > The logic starts with : > a) multiple redirect-to-ip Ext-Communities on 1 NLRI with one and only best path > result: load share redirected/copied packets to target addresses via ECMP > b) what appears to be an exception in 2nd sentence. > > Can you clarify this text please with an example to the list? It's all NLRI for the UPDATE like everything else in BGP, but let's stick with 1 for the example. The logic here says: - If you can't redirect and copy at the same time, only copy. - If you can't load balance for redirect and/or copy, your implementation should pick one target address. > 2. The following paragraph in section 2.2 depends on the above paragraph. > If (C=0) is correct, could you give an example of how the logic below works. > > If a BGP speaker receives multiple flow-spec routes for the same > flow-spec NLRI and all of them are considered best and usable paths > according to the BGP speaker's multipath configuration and each one > carries one or more "redirect-to-IP" extended communities, the BGP > speaker SHOULD load-share the redirected/copied packets across all > the "target addresses", with the same fallback rules as discussed in > the previous paragraph. Note that this situation does not require > the BGP speaker to have multiple peers. (For example, BGP Add-Paths > [RFC7911] could be used for the flow-spec address family.) The short form of this is "if you are willing to do ECMP load balancing in your BGP implementation across multipath paths for the same destination, do so using the redirect target addresses". The first and second section are concerned with load balancing. These examples only discuss redirect rather than copy for simplicity. Example 1: Route 1 from peer: 10.0.0.1 NLRI1 redirect-ip:192.0.2.1 redirect-ip:192.0.2.2 For the above NLRI with two redirect-ip communities, the desired ECMP for flowspec NLRI1 is { 192.0.2.1, 192.0.2.2 } Example 2: Route 1 from peer: 10.0.0.1 NLRI1 redirect-ip:192.0.2.1 Route 2 from peer: 10.0.0.2 NLRI1 redirect-ip:192.0.2.2 If the implementation is willing to build a BGP ECMP according to its local rules, the desired ECMP for flowspec NLRI1 is { 192.0.2.1, 192.0.2.2 } Example 3: Route 1 from peer: 10.0.0.1 NLRI1 redirect-ip:192.0.2.1 redirect-ip:192.0.2.2 Route 2 from peer: 10.0.0.2 NLRI1 redirect-ip:192.0.2.3 redirect-ip:192.0.2.4 The desired ECMP for NLR1 is { 192.0.2.1, 192.0.2.2, 192.0.2.3, 192.0.2.4 } > > Please provide an example of how this logic is applied. > > 3. What does the Cisco IOS-XR support in this draft? I don't speak for the implementation. Per prior correspondence from Jakob Heitz, no support for the type=0x01 subtype=0x0c redirect-ip extended community exists in their implementation. > > According to the text, it does not support the following: > • Section 2 - IPv4 Extended Community, > • Section 2 - IPv6 Extended Community, > • Section 2 - Redirect (C==0) > • Section 2 – Redirect (C=1) > • Section 2.1 – Validation > • Section 2.2 – Redirecting - Longest prefix match > • Section 2.2 – Redirection – Best path ECMP > • Section 2.2 – Multiple community with ECMP load sharing > • Section 2.2 – Redirect-to-IP in Redirect-to-VRF > > How does the cisco implementation qualify for as a 2nd implementation. The intention here is not to show that it implements -04 of the draft, only that it supports -00. They do not support the redirect-ip extended community in the draft. They have support for the prior code point and procedure governed by the type=0x08 subtype=0x00 point. This code point is flagged as deprecated in the draft. If you have suggestion for the contents that align with the suggestions from RFC 7942 for non-conformance to the current draft, please let me know. One option is to omit it. Nokia has support as well and I'm hoping the coauthors will supply the contents for their end of the implementation report. -- Jeff
- [Idr] draft-ietf-idr-flowspec-redirect-ip-04 - Sh… Susan Hares
- [Idr] Re: draft-ietf-idr-flowspec-redirect-ip-04 … Jeffrey Haas
- [Idr] Re: draft-ietf-idr-flowspec-redirect-ip-04 … Susan Hares