Re: [Idr] [spring] Comments on draft-ietf-idr-bgp-prefix-sid-01

Eric C Rosen <erosen@juniper.net> Tue, 17 November 2015 14:53 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 199BD1A8A98; Tue, 17 Nov 2015 06:53:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R28ROK8TuIds; Tue, 17 Nov 2015 06:53:07 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0119.outbound.protection.outlook.com [65.55.169.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55EFE1A8AC4; Tue, 17 Nov 2015 06:52:50 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
Received: from [172.29.35.205] (66.129.241.11) by BY2PR0501MB2008.namprd05.prod.outlook.com (10.163.197.19) with Microsoft SMTP Server (TLS) id 15.1.325.17; Tue, 17 Nov 2015 14:52:46 +0000
To: "Stefano Previdi (sprevidi)" <sprevidi@cisco.com>
References: <56294416.8030807@juniper.net> <5104A350-EA8D-4824-A396-1DC46140BA5D@cisco.com> <5640BA18.7060807@juniper.net> <D267B645.3D1FF%acee@cisco.com> <5649EBC7.5000505@juniper.net> <7E84CCA4-1BF7-4D9C-A2AF-EC16877F7A90@cisco.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <564B3F3A.3070808@juniper.net>
Date: Tue, 17 Nov 2015 09:52:42 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <7E84CCA4-1BF7-4D9C-A2AF-EC16877F7A90@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [66.129.241.11]
X-ClientProxiedBy: BY1PR19CA0013.namprd19.prod.outlook.com (25.162.139.151) To BY2PR0501MB2008.namprd05.prod.outlook.com (25.163.197.19)
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2008; 2:sjwYtMUpsTmpIAtbAQIJB2mQXvnh6CW1JwvoZrEqYUbSDWeY9Z2w3oeLViopzE5OSo7bOMzMZ3kmCOoKKe5ibakTJ99j00cDBSrWkYtv0AF9V/9+tiGz+egCJVOS+W/XKxg4qJCt+NIh+61A5ZfJvllrdyyfOc5SIVqnJLlEvaQ=; 3:dV8xxi6xsESGMknHOR1Vbfkv/wt0zUkokot3tM44fX0AQnnPFMbXbeu6noF06ryv2LsT4n6o4ulO2cHnsVZACmQAIoolzD+PB3YmYhnlz8jIyMbhNaZWN1rqnVX0nqQcZEv2aKI5v3u5emcewJVdRw==; 25:jME+SiT8IxpP3wBRTvRqN7AGxXnpcGBHnbebgsAiMIaGV27jwBdHqD9DVh7bf8Wbn2/i1bujHllw0vSLsSMgqq7tmR3tNfPtkA0EWf8SgVm//qmAWvGxM6X5aM1EUklHUBiaya/Z3DqiJcKZzW0uQwqDpzAAFFMiiPamH3h0Axb+AVWI8ild3XR45TlO5Ku8+fLyH2+F+Jna12L2alKFs8ZcSYMawogqdiRGrDKkb7wS+nlgtfBnk6ojyu9a4FMwVOVgM5OnrcvxHMX7M7+VPw==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR0501MB2008;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2008; 20:v3pT59vcO7Qf0Hr6cIp6pEDLjQuV738Y5beryq7QajoW+EATmDTRL6LSsybBgPXI9bnM187dm8L2dCDQXBuE+jWQyDySRaIAz4r+yZst3YuAZRjxzeg+wUW9TkNJaxHgI2683OVnodtNKAMKFkmVy3V/OCj+nxgpKl9vnabOZosYEhB2m/cqZ7olwg3uV2ysqYApcd38hLYtG0Br29TbRj3jyjzWxWnnK61UTIRLweEqTej2iN4WNBIbYldLCbv3V6XpM6fpJtRPdkiInkWCn2J++ApgIFS0TOcJjypphR6cJZ5uEYVLqDDiYOiBx0eSG3f6mfbYrMGVU5FqopZmbU2JgHsbH5WRl3FmRIwdI8SDKwU1u7NxSKY8TDo1WZd1/ZrxHNWdZMbNXGpVGgbipPZAfRYDqYXiCE8d/kXWdifHCIu4524+oErMnxXJdmTRd5DF4pX26kS5C0CKlbVwRUuzFn7sTfL2VtIYOEYL39RTL/kIcTrwqbFTKDcQBi9U; 4:gfuo8NrsNkm71yFTleQFG5VBTuNiN/g0NR6gjdYdon8P2I1kX2XM/ELV9qJzxMWJ1qZtADsiLg9uiO51urgFwPEAr+pA/4k9mdDdKBhfoLSg2pbYVF3BJHqftdFA9cnsxmeGDOzKdPV09/Th5c3qx9XDvUmY/mSTr3H+HzLW5tpS7rcYESwJIhb+3JMqGrRij0GWBDS7NGPaNV+2N4IxABjRtvlHPHLA4ixoipjLNcExjqtk1SwodgbtogolhLSZ1sDe6Yc3V81yrUjS0DHJJAdQjQpxkWQjzPnXwAzHWtBeSWn1bBkddLXGTzfgUcdYI0JThzfIKUf6A2zSM25FvZErB+OIGzE3xWz3CQAObinz5iY4ns862O/gnrNbkJ7c
X-Microsoft-Antispam-PRVS: <BY2PR0501MB2008E25E1040D82A913C4B54D41D0@BY2PR0501MB2008.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(10201501046); SRVR:BY2PR0501MB2008; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0501MB2008;
X-Forefront-PRVS: 07630F72AD
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(6049001)(189002)(199003)(77096005)(5008740100001)(2950100001)(5001960100002)(5890100001)(80316001)(50986999)(64126003)(97736004)(4001350100001)(76176999)(110136002)(189998001)(50466002)(23676002)(586003)(54356999)(5007970100001)(87266999)(65816999)(92566002)(65806001)(33656002)(81156007)(86362001)(101416001)(40100003)(83506001)(230783001)(47776003)(87976001)(5004730100002)(59896002)(36756003)(105586002)(93886004)(122386002)(42186005)(65956001)(66066001)(106356001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0501MB2008; H:[172.29.35.205]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BY2PR0501MB2008;23:Za2JuXc23ooVW/0H7B2k6Ir+tCFQjLa5r3vYNZm2ra6zJ7Uc9s18BQ2rGfVMSaPEJmdmZavY0IzrVQeFrpgxFFyNQDOUmnRFxpfO2vzanfpTtJzRPTUKDAOnEoRbi3VeyCMG2Y3OYJ9pe6AnoyYJQ560+jUUvzykED5D6xua3R4xCTfpC9lvTEAU+oYRIBdlEJ8Z/QNEplHjIWZsnqNGqmUFMyRX6FYXnrbfuXUJWkAhQvcDcnz+VCjkgxpS+2b8nS3MtUi4gZjBsD6Tv5/7V1R5jDcPoyfcgWc30dIHVDdRg0/sRFkdyUXU9I7VRbG+Rh/4k5Z9jidCLTpfkvEpXCX2Fo5SnUci1d8hrXpW4sjFpq1r1d0uoVAAxD3WxKRTJJTIFXEpDUGC/B6bKCai9E21j4y8/N7hebdZYb1cADeTcrJMgr799uu0Bh56TwYoyL5zKkoP/tVdbok4eLSl+K4KcjR0ZbUWSRbVr09GMjr0+fDl/mKXcIYYXdo1+9VYEoBy9cWuyrDCpBIqWCvq2CEieu5yF/htGvh56auUNTte1Kav+ajESYX2lPTNS4MMGqPuWB6qff3ir5eKEWwMoMAR8Jw9u2EU2Uku0spJOJe/WGp8oA4k8jKotqgGCkO1Pvxuqc/VgFEcfqSUYJJZNQOT+2kLlElNCMFGemiuKKshLDnACEsRUVuvi1cTB+wG9wpKKqva+foIw9qm+G5FjqyXmzOg7kGWGdguRQJH39fnRPhgg7iCnROG5Vlk7XBh5m0+RxHIAsj2K5xRjqu2zKjyC9QfGJXBmt3Di4NGC8329ArB7UP/EFQVlOyhJ+5fXo6FwjJBpoPgaDqBL0lPYGDafvR/MK4NoP5nZQ0x2JP5Fy8T2XubcgcicBjeZRLPaZAxr55zYxKnN0MwFvUp717YYbGEFuAhmE6xN7RRdh75E7Y6GUd6X8YvBlnwUvjooCFFTggYqMVa/qP/Q9j91K2Hwy64pYMt/D+B0k/gOa9/eSl2WRNGP3tI7nV9ws1vMuAcFQMolvwBpsiody8nl29r8ez4lEnVks5iqutdMsw3toTCaaA/MFx0Kp+ktOuIJNA2rX45VszdRxzHymF9GhUL3b41bsl7u2HLZdKeZT2bYZLUrk0eMEULDjPoW43nqLsueYXinjyWgCBpsIIoZTwoDGYF4X2BH/qu6baxP84=
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2008; 5:PtkoiQkxoDvo/d+O00e+gA2HZoL4jK2SvPn1YDnyrF2YMSSjp6ATOGC4pIwO1JGgxY104+7W5evnWgv+9ne1luagi2zlNr6KRdAgobo8/xmOfyeogGBErm8yQuE6vk80InAGG4jIKipHGkpmqitvrw==; 24:NV/1i20DkczMiLLOQmPwkMeuU236NGFBJIq/mD5jscsNV/G2AIO8ZpLM48Qd6obAmmudI5QoIYhtqK7wj6rIJIHSadWsPvz/sDXl4t7Nz10=; 20:AYxa9sy5+MGnO+3tOrBo1rjGgeAHOJPpAOlvnK139BUuh+TbpCqUwT8b90mqI55H4isIGJ80H75uzAtopnXKnw==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2015 14:52:46.6395 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0501MB2008
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/-N3gMdLhgUnC3Y8p1xuLozvBLjE>
Cc: idr wg <idr@ietf.org>, SPRING WG <spring@ietf.org>
Subject: Re: [Idr] [spring] Comments on draft-ietf-idr-bgp-prefix-sid-01
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 14:53:09 -0000

[Eric] Do you have an example in mind where it is useful to advertise
an Originator SRGB when the prefix in the NLRI is not a host
address?

[Stefano] in fact I don’t have any good example where a /32 (/128) must be
enforced…

Well, that's not the question I asked ;-)

Given that the SRGB is a property of a node, it seems to make sense to 
associate an advertised SRGB with the address of a node.  As I 
explained, one can use this by pushing on a label that is computed by 
combining a domain-wide unique SID with the node's SRGB, and then 
pushing on a label that causes the packet to be delivered to the node in 
question.

However, I can see Acee's point that (if I understand it correctly) that 
all the nodes on a given subnet might use the same SRGB.

Suppose we modify my suggested text as follows:

---------------------------
OLD

    When a BGP speaker attaches a Prefix-SID attribute to a given route,
    the Originator SRGB TLV MUST NOT be included in the attribute unless
    the following conditions hold:

    - The prefix field of the route's NLRI contains a host address
      (i.e., a /32 IPv4 address or a /128 IPv6 address).

    - The value of the Originator SRGB TLV specifies the SRGB of the node
      that is identified by the prefix field of the NLRI.

    If a BGP route is received that contains a Prefix-SID attribute with
    an Originator SRGB TLV, but the prefix field of the NLRI does not
    contain a host address, the attribute SHOULD be regarded as
    malformed. If aPrefix-SID attribute contains more than one SRGB TLV,
    it SHOULD be regarded as malformed.  See section 7 for the treatment
    of a malformed Prefix-SID attribute.

    When a route carrying the Prefix-SID attribute is propagated, the
    Originator SRGB TLV (if present) MUST NOT be changed.

NEW

If a BGP speaker attaches a Prefix-SID attribute to a given route, and 
if the Prefix-SID attribute includes the Originator SRGB TLV, then:

- If the prefix field of the route's NLRI contains a host address
(i.e., a /32 IPv4 address or a /128 IPv6 address), the Originator SRGB 
TLV specifies the SRGB of the node to whom the host address belongs

- If the prefix field of the route's NLRI does not contain a host 
address, the Originator SRGB TLV specifies the SRGB that is used by the 
set of nodes whose host addresses match the prefix, but for which there 
is no "more specific" match that specifies a different Originator SRGB.

When a route carrying the Prefix-SID attribute is propagated, the
Originator SRGB TLV (if present) MUST NOT be changed.

--------------------

This new text omits the enforcement, allows an SRGB to be advertised for 
an entire subnet (as suggested by Acee), but still explains how to 
figure out which nodes are using the specified SRGB.

Does this modification satisfy your objection?