Re: [Idr] WGLC for draft-ietf-idr-rfc5575bis-04

Christoph Loibl <c@tix.at> Mon, 16 October 2017 13:00 UTC

Return-Path: <c@tix.at>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1EF4133347; Mon, 16 Oct 2017 06:00:36 -0700 (PDT)
X-Quarantine-ID: <RhFAGgeCd6YH>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char E2 hex): X-Spam-Report: ...s: >> >> 1)\n\tcompare the \342\200\234common\342\200\235 pre[...]
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RhFAGgeCd6YH; Mon, 16 Oct 2017 06:00:30 -0700 (PDT)
Received: from mail.hated.at (mail.hated.at [IPv6:2001:858:2:8::235]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B903813214D; Mon, 16 Oct 2017 06:00:30 -0700 (PDT)
Received: from [2a01:190:1702:0:2813:ab60:d8d9:4caa] by mail.hated.at with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <c@tix.at>) id 1e44kU-0002tb-Fh; Mon, 16 Oct 2017 14:44:02 +0200
From: Christoph Loibl <c@tix.at>
Message-Id: <5B6788C8-6E39-4CF0-880A-2D35DCCEEB82@tix.at>
Content-Type: multipart/signed; boundary="Apple-Mail=_F6F73D6C-EA6C-47BB-A6CF-9A4E5391BC6D"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 16 Oct 2017 15:00:26 +0200
In-Reply-To: <20171016120520.GM19142@Vurt.local>
Cc: draft-ietf-idr-rfc5575bis@ietf.org, idr@ietf.org
To: Job Snijders <job@ntt.net>
References: <00A83D9A-C00E-4A91-8007-421067DCE879@juniper.net> <20171014153402.GY19142@Vurt.local> <55EAFCD6-4783-4DDD-B1B9-30AF18FD2342@tix.at> <20171016120520.GM19142@Vurt.local>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/0uwC2baiL0cY0eN-000VsA_DZD0>
Subject: Re: [Idr] WGLC for draft-ietf-idr-rfc5575bis-04
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 13:00:37 -0000

Hi Job,

>> 
>> No. What actually should happen is:
>> 
>> 1) compare the “common” prefix (in this case the common prefix length = 8)
>> 
>> 10.0.0.0/8 == 10.5.0.0/8 -> the common prefix is equal.
> 
> Why would you ever see 10.5.0.0/8 - that looks like an incorrect CIDR
> notation to me?

Yes - 10.5.0.0/8 - no “correct” cidr notation. I just wanted to express that we look at the first 8 bits of the 10.5.0.0 - and compare it to the first 8 bit of 10.0.0.0 - both times this is 10 => they match.

>> 2) if the common prefix is equal (which is the case) the prefix with
>> the longest match takes precedence:
>> 
>> 10.0.0.0/8 <- 8 bit
>> 10.5.0.0/24 <- 24 bit <- this one wins!
>> 
>> Another example: 9.0.0.0/8 vs 10.5.0.0/24
>> 
>> 1) compare the “common” prefix (in this case the common prefix length = 8)
>> 
>> 9.0.0.0/8 == 10.5.0.0/24 -> the common prefix is _not_ equal
>> 
>> 2) lower value takes precedence:
>> 
>> 9.0.0.0 < 10.5.0.0/24
>> 
>> 9.0.0.0/8 wins!
> 
> I'm sorry, but I still don't understand. 9.0.0.0/8 and 10.5.0.0/24 don't
> overlap, shouldn't they both be installed as ACLs? Maybe I don't
> understand when this algorithm is used?

Both are actually installed (but the order is determined). This algorithm is used for sorting the ACL terms. In our case 9.0.0.0/8 will get sorted “above” 10.5.0.0/24. (In case of overlapping prefix the match behaviour is changed to longest prefix-length “first").

Since the arrival-time of the BGP updates is non predictable some sorting is needed to have a consistent order of ACL-terms in the network.

When programming a “sorting” algorithm you usually need a compare function that allows to compare items. In python I think you need to implement __lt__ for classes that you want the built-in sort() to work. The code that I put on github can be easily adopted to be used for sorting “flowspec_nlri” objects.

> 
>>>   Another question, and I realise this is a big ask: Is it possible to
>>>   replace the pseudocode with an actual code example? Pseudo languages
>>>   tend to not follow any specific set of rules and therefor oftentimes
>> 
>> IF the group thinks we shall use this - please carefully analyse the
>> behaviour. I am sure I have hidden some bugs in there and I am sure it
>> is possible to beautify what I came up with (I am not the programmer).
> 
> I think this is a very good direction and I hope the WG sees this as
> path forward too.
> 
> In the I-D I'd leave out the unittest part for the sake of brevity. I'd
> also specify what version of python this code was tested against. And
> of course you can include a link to that github repository in the I-D.
> For other drafts we've taken a similar approach.

Can you point me to some I-Ds that use a similar approach - maybe one can learn from that.

Cheers Christoph