Re: [Idr] draft-dong-idr-node-target-ext-comm-05.txt - WG Adoption and IPR call (9/27 to 10/11/2022)
Robert Raszuk <robert@raszuk.net> Wed, 19 October 2022 21:54 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B0B0C152562 for <idr@ietfa.amsl.com>; Wed, 19 Oct 2022 14:54:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8BC9ke0lCx1I for <idr@ietfa.amsl.com>; Wed, 19 Oct 2022 14:54:39 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47C02C1524C2 for <idr@ietf.org>; Wed, 19 Oct 2022 14:54:39 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id e18so27211815edj.3 for <idr@ietf.org>; Wed, 19 Oct 2022 14:54:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Zlt1qzBLCqr90Oun8hyZMVlKgpsZl8p6aa0f0ixhM38=; b=RqlfsjzYjf35hWb9lwJJEeVAtA8CkAdNJ2HF7B4sOHDFjsxLF9nDBifE2DY0gYYlCy 6E3Aw+cN8KW/ExrkSz7xcWEQHMpg+qXbnrrIILrkh/q/MWiHqLzL1mKKwX9+Er2hNu8e Vw1vURINe6l5POmVFc2HprePFJEbejJgVc4GA2FxLp2825lXDJOwxiKJChuw1VTcyxyM 3NxjBD21uFYa7m6yPwzQZAG3Hkm38vfGZzCPJf/aoxQEhCfJhGH9WGJmoHjjrZXN3bUM JfLSYet8Q0kmzwerDvofnuT3qXrujfxm7XaMlT4T155tJmDaFvJrqjlYIwk+tMPIC4sn nLpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Zlt1qzBLCqr90Oun8hyZMVlKgpsZl8p6aa0f0ixhM38=; b=muDALHVQPMJxHGW8u92wwHAqQKNmqY8ZNDnADCs4Jhyr0IStZ7Ahtdflb4yyr3wfPK N432A2Mo34LHThGYCoqfkFPOpCv5ZfUuvIno9SBxr8xWJ02ECyMzt9o/55j9X3BnOaTO MIdbhaw0zDQzTdxE0rIAcgqH9PUp56wglvXjtAfugez41kBgB5wuqhSfyboFYmvVyq9M tKRqe2Q0YSTVQEY5TDXPtokZjd6C/UOE2k9zrjwv9BBDF/0QSo9rwZG0Vjs/aFHsOhKG G0n9yg0Jkga7NkIrwgnIRMambAaB7p9OCHT6Ivw0APDTwjhuhxYQ7ODBAzKqeeQ2N8Ci fTug==
X-Gm-Message-State: ACrzQf3aZKv9myqSk2YSsbXhBcSolKVlMy4NmcnKGNIEQRz9nUy/RudV E0mLV5N+twnFQzw6deFA5JphsqDJijol0JVrEA/vNA==
X-Google-Smtp-Source: AMsMyM5dIxH6LK6OuVImG2wGC0VGCTjLdsXqBdRDo5QPkFpDVPY+SJ1dCJVf4Q+tuxqQKWi7YhtE9KnzCnv8MsxM9xY=
X-Received: by 2002:a05:6402:2b85:b0:457:6216:d251 with SMTP id fj5-20020a0564022b8500b004576216d251mr9624290edb.56.1666216477516; Wed, 19 Oct 2022 14:54:37 -0700 (PDT)
MIME-Version: 1.0
References: <39a075e7afd04d94b324075a5c696b84@huawei.com> <028ECC42-2021-4D00-9B31-B323F2480DAA@gmail.com> <Y0mJ2CJQbUbf6pzO@Space.Net> <20221014182353.GF2066@pfrc.org> <CAOj+MMGr3X58yCoR9uLXmoNUtk4b+=00o2JB9tEKpENTU6M6Yw@mail.gmail.com> <20221019214126.GB10497@pfrc.org>
In-Reply-To: <20221019214126.GB10497@pfrc.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Wed, 19 Oct 2022 23:55:29 +0200
Message-ID: <CAOj+MMHafWNKaDBfcvdVKz7RoX4eFxkk2KjVvqN9vS=2+vNeGw@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Gert Doering <gert@space.net>, idr@ietf.org, Susan Hares <shares@ndzh.com>, "Dongjie (Jimmy)" <jie.dong=40huawei.com@dmarc.ietf.org>, "Van De Velde, Gunter \\(Nokia - BE/Antwerp\\)" <gunter.van_de_velde@nokia.com>
Content-Type: multipart/alternative; boundary="00000000000043038d05eb6a4186"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/2d3W07WlYi9qzZGVeaG7u69ia9Q>
Subject: Re: [Idr] draft-dong-idr-node-target-ext-comm-05.txt - WG Adoption and IPR call (9/27 to 10/11/2022)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 21:54:43 -0000
Hi Jeff, Thank you for some of your comments. Let me just observe one fundamental point. You said: > Processing of community membership by importing nodes a) This draft (at least the way I read the juice of it) use case focuses on using the community on the sender not receiver. It is BGP OPEN BGP Identifier which they intend to use as a input for sending some UPDATES to only one (or a few peers) from RRs or ASBRs. *If this draft would be just adding a community like this I think there would be zero objections.* b) As observed today BGP Identifier is both global and per VRF. They are clear that targeted data in some cases must be imported to a VRFs. So I do see a collision of at least two BGP Identifiers. To your point of withdrawal, I see that the extended community is linked with MP_REACH. If MP_UNREACH is in the same UPDATE the nodes which should get the MP_UNREACH may not even get the withdrawal. As you know the key for withdrawal is self contained in the MP_UNREACH .. here we are adding another layer of filtering on the sender. If you are always ok to split the non congruent (node target ext comm wise) MP_REACH with MP_UNREACH I am fine. But this needs to be observed IMO up front when we are talking about nodes not even getting the UPDATES. Many thx, R. On Wed, Oct 19, 2022 at 11:41 PM Jeffrey Haas <jhaas@pfrc.org> wrote: > On Sat, Oct 15, 2022 at 01:00:22AM +0200, Robert Raszuk wrote: > > /* adding GROW WG as what is being discussed is much more operational > topic > > then protocol extension */ > > And subtracting grow because you're bifurcating a long set of threads > unnecessarily. Feel free to prod their list directly with the mailarchive > top of thread. > > > > Minimally, the proposal > > > covers an extended community that can be used by policy to say: > > > > > > Is my BGP Identifier present in this list of extended communities? > > > If so, I'm interested in it. > > > > > > I would like to comment on this point. Looks very innocent on the > surface. > > > > *Point #1: * > > > > At the target deployment (as per current version of the draft) this means > > p2p distribution of information with inherently p2mp protocol. I do not > > think this is efficient. This is trying to use BGP as a policy/config > push > > mechanism only because we do not have a good one yet in IETF. > > As I noted, the community as a marker is a fine and simple thing. I have > concerns about the text for what it's intended to do on the distribution > machinery that I'll be taking up separately. > > Today, we already can use communities of any flavor to accomplish such > goals > using standard policy tooling. The authors point this out directly in > their > draft: > > : Another possible approach is to configure, on each router, a > : community and the corresponding policies to match the community to > : determine whether to accept the received routes or not. Such > : mechanism relies on manual configuration thus is considered error- > : prone. It is preferable by some operators that an automatic approach > : can be provided, which would make the operation much easier. > > RFC 1997 community space is a bit thin on space to do this. Large BGP > Communities have plenty of space to do exactly this without any IETF > coordination required. > > Extended communities have two nice properties for this sort of thing: > 1. They already have structure. > 2. RT-Constrain works on them. > > When we look at the various types of communities used for "targeting" > purposes, the semantic of single-party or multi-party largely depends on > the > thing we're targeting. L3VPN route targets are often targeting VRFs on > multiple PEs, but for scenarios like hub and spoke may target a single > device. Jeffrey Zhang provided a reference for a targeted VRF in MVPN > procedures. EVPN has its ES-Import. > > Similar to how a L3VPN route can have multiple route-targets, routes > containing multiple node-targets mean "distribute to a set of routers". > > If the set of routers becomes large enough, we likely want a community that > covers such a form of group membership. > > > *Point #2: * > > > > I do have some sympathy (as noted already earlier) that if my extended > > community carries a prefix of BGP_ROUTE_IDs this could have potentially > > some useful applications**. But not a list of 1:1 mapped BGP_IDs. That > list > > can get really long and neither processing it at each node now attaching > it > > to each UPDATE is efficient. > > There are BGP Flowspec scenarios where such a behavior would be desirable. > (Target this filter to these specific routers.) > > Aside from the usual consideration of "too many communities", which we > already see on existing VPN technologies, I have no concerns about > processing time. Processing of community membership by importing nodes is > usually O(lg(N)) time on even trivially optimized implementations. If your > implementation is doing O(N), consider having a cranky conversation with > your developers. > > > *Point #3: * > > > > As it has been noted already by Gert you can accomplish what you need > today > > already with just adding a community and applying filtering on it. Of > > course modulo filtering on IBGP has its own risks, but those I assume are > > well understood. > > Yeah, and as I'm noting, I'm fine with a distinguished community format > that > is well understood by implementations. The fact that Jie and company > simply > haven't allocated from FCFS and simply told IDR "we're doing this" is > mostly > community service by letting the IETF participate in refining a more > general mechanism. > > > *Point #4: * > > > > As previously discussed, the draft should discuss handling withdrawals in > > all previously described scenarios. Not only in terms of implementation's > > ability to do so, but actual protocol correctness (case where UPDATE > > carries both MP_REACH and MP_UNREACH and node-target-ext-comm applies to > > the former not the latter. Splitting those into different UPDATE messages > > may not always be easy. > > I'm frankly puzzled by this bit in your initial response and followups. > The > filtering procedures recommended are effectively no different than those > utilized by RT-Constrain. > > BGP is expected to be stateful. If a speaker sends the route to some peer, > it's expected to be able to send a withdraw for it. The contents of the > Path Attributes previously advertised are not relevant for the withdraw > procedures. > > Implementations are expected to handle processing withdraws for routes they > may not have in their Adj-Ribs-In. This is no different than receiving a > withdraw for a route that hasn't been installed in the rib-in due to > policy. > > > *Point #5: * > > > > We are starting to get to the point of ingress inline signalling atomic > > filtering rules. Nothing wrong with this. But if so I would rather see > this > > generalized. With that, Wide-Communities provide such ability. Why define > > more in encoding which by design is limited in size ? What if next would > be > > a request to only accept UPDATE by a node which has a client belonging > to a > > fixed IPv6 prefix ? > > The specified semantic is "target this node". While you could encode this > in a wide community, the semantic would be an atom that contains one or > more > ipv4 addresses but interpreted vs. the node's BGP Identifier. So, you can > encode it that way, but it isn't helpful. > > Additionally, if your desire is to leverage RT-Constrain, that's additional > work. > > > Likewise why not enable sender to advertise routes to only a subset of > > upstream or peer ASNs ? > > Great wide communities use case. :-) > > -- Jeff >
- [Idr] draft-dong-idr-node-target-ext-comm-05.txt … Susan Hares
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… tom petch
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… tom petch
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Loa Andersson
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… tom petch
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Zhuangshunwan
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… tom petch
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Gyan Mishra
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Van De Velde, Gunter (Nokia - BE/Antwerp)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Wanghaibo (Rainsword)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Lizhenbin
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… li_zhenqiang@hotmail.com
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Aijun Wang
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Wanghaibo (Rainsword)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeff Tantsura
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeff Tantsura
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Chongfeng Xie
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… duzongpeng@foxmail.com
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Giuseppe Fioccola
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Chengli
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Yisong Liu
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… UTTARO, JAMES
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Huaimo Chen
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Linda Dunbar
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Gert Doering
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeff Tantsura
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeff Tantsura
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Gert Doering
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeff Tantsura
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Gyan Mishra
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Kausik Majumdar
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Dongjie (Jimmy)
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… pangran@chinaunicom.cn
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Randy Bush
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Susan Hares
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Jeffrey Haas
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk
- Re: [Idr] draft-dong-idr-node-target-ext-comm-05.… Robert Raszuk