IETF Logo Mail Archive

Re: [Idr] WGLC for draft-ietf-idr-bgp-optimal-route-reflection-14

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Mon, 09 October 2017 21:11 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1802132D51 for <idr@ietfa.amsl.com>; Mon, 9 Oct 2017 14:11:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.519
X-Spam-Level:
X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kstX4LSvP2Up for <idr@ietfa.amsl.com>; Mon, 9 Oct 2017 14:11:13 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77A5A124B17 for <idr@ietf.org>; Mon, 9 Oct 2017 14:11:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=49508; q=dns/txt; s=iport; t=1507583473; x=1508793073; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=a4RcgZufVIXugeFCjUKc68NtcqqKkd8/wjb5pwc9CmA=; b=jiZwy5PBXB1+i65cEyUMjQiTsrtzlGHpYq1ilYmS02AuJlk0Jnl2+l8V ZojsY7ahmipEjNxU4j8XvtvjIJSV4d4mjk+6oCVDbBYeRJWFM+lnMiFGt EcdyvMEkqNlZfmx4AwlhUxOg+lDvXfgmXn7Qxtcsp98pqSgOAIxsegD/l w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CdAQAu5dtZ/4YNJK1dGQEBAQEBAQEBAQEBBwEBAQEBgm9uZG4nB4NzmhKBdoJthViNaoIPAwoYAQqBXoM6Ahoog3hAFwECAQEBAQEBAWsohRgBAQEBAgEBASEKHgEiCwULAgEIEQICAQEBIAEGAwICAh8EAgsUCQgCBA4FCIlETAMNCBCnVoInhA8BgzQNg1YBAQEBAQEBAQEBAQEBAQEBAQEBAQEdgy2CAoFRgWqCG4EOgl6CXIJdgmEFmFiIITwCj2yEcIIdiW2HCooXgl03iAICERkBgTgBDxIDM4EOeBVJhx12AYcoLIEFgRABAQE
X-IronPort-AV: E=Sophos; i="5.42,501,1500940800"; d="scan'208,217"; a="87666919"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Oct 2017 21:11:12 +0000
Received: from XCH-RCD-013.cisco.com (xch-rcd-013.cisco.com [173.37.102.23]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v99LBCb7001221 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 9 Oct 2017 21:11:12 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-RCD-013.cisco.com (173.37.102.23) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 9 Oct 2017 16:11:11 -0500
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Mon, 9 Oct 2017 16:11:11 -0500
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Robert Raszuk <robert@raszuk.net>
CC: Adam Chappell <adam.chappell@gmail.com>, idr wg <idr@ietf.org>, "ytti@ntt.net" <ytti@ntt.net>
Thread-Topic: [Idr] WGLC for draft-ietf-idr-bgp-optimal-route-reflection-14
Thread-Index: AQHTPsjUdGxuUSTsXEWh+8r87romcqLbgrgAgABob4CAAA96gIAACgcAgAA3pQCAAAKJAP//vGaAgABfCYD//606cA==
Date: Mon, 09 Oct 2017 21:11:11 +0000
Message-ID: <93e440d0bdd54b75b40de2ff0e87d2ec@XCH-ALN-014.cisco.com>
References: <1F4BD63B-3273-469E-A3C6-4365B56724EA@juniper.net> <20171009081140.qram6b2ubl4y3isj@hanna.meerval.net> <CA+b+ERmVAA8eG3cm8++osKS4OmxiBZ6svhNPj8wC7gnQXWWYdg@mail.gmail.com> <20171009152051.GH34236@Vurt.local> <CA+b+ERnTAxra-G8xbtFAoovyCwpOySAuJx52vG3p5g7AdODK2Q@mail.gmail.com> <CAF3K5KtpvYkJM6U_Cw3pbCiMgQvwJOFdMoRGuzGMQFYHA8VLSA@mail.gmail.com> <CA+b+ER=xuh9vD7ksPUY-+WQnfduiQF=gL3=wMxK+p9rCO4s0_w@mail.gmail.com> <6062f554aa904352bc81c80040229d34@XCH-ALN-014.cisco.com> <CA+b+ER==6AKBO6BrcF__jNYmgJWbqjuTX=t213n6S_x8T=Mahg@mail.gmail.com>
In-Reply-To: <CA+b+ER==6AKBO6BrcF__jNYmgJWbqjuTX=t213n6S_x8T=Mahg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.154.162.122]
Content-Type: multipart/alternative; boundary="_000_93e440d0bdd54b75b40de2ff0e87d2ecXCHALN014ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/3wF5rkabt0bIeSTVzU2O77F_xZ8>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-optimal-route-reflection-14
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 21:11:17 -0000

We have been assuming that the metric of a BGP hop is 0. Accordingly:
If it fails to resolve during the recursion, then it is unreachable.
If the recursion ends at the SPF root, without touching an IGP reachable NH, then the metric is 0.

Thanks,
Jakob

From: rraszuk@gmail.com [mailto:rraszuk@gmail.com] On Behalf Of Robert Raszuk
Sent: Monday, October 9, 2017 2:03 PM
To: Jakob Heitz (jheitz) <jheitz@cisco.com>
Cc: Adam Chappell <adam.chappell@gmail.com>; idr wg <idr@ietf.org>; ytti@ntt.net
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-optimal-route-reflection-14

Jakob,

Let me try to describe it in a bit different way ...

Prefix 1.1.1.1/24<http://1.1.1.1/24> has 3 paths each with different next hop: NH1, NH2, NH3

NH1 is an NLRI in BGP1 and it's next hop is NNH1 (IGP metric 100).

NH2 is an NLRI in BGP2 with next hop NNH2 which is again a NLRI of BGP3 and next hop NNNH3 (IGP metric 90)

NH3 is native IGP next hop with IGP metric 110

So when you run (regular or ORR) best path on 1.1.1.1/24<http://1.1.1.1/24> you should have all three metrics 90, 100, 110 there to pick the best path. If next hop is not in IGP with or without recursion such path is invalid so we should not worry about it here.

Thx,
R.





On Mon, Oct 9, 2017 at 10:41 PM, Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>> wrote:
I don't understand the phrase " if implementation can not propagate such metric ".

Suppose we have a BGP nexthop NH1.
There are two BGP routes to NH1: BGP1 and BGP2.
BGP1 has nexthop NNH1.
BGP2 has nexthop NNH2.
BGP1 is the BGP best path, however, NNH2 has a lower (better) metric.
Using the stated algorithm would choose NNH1, whereas NNH2 is actually better.
Networks with BGP nexthops out of reach of the IGP are susceptible to this issue.
I'm sure this is fine in most cases, but it is good to be aware.
You could add it to a "deployment considerations" section.

Thanks,
Jakob

From: Idr [mailto:idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>] On Behalf Of Robert Raszuk
Sent: Monday, October 9, 2017 12:25 PM
To: Adam Chappell <adam.chappell@gmail.com<mailto:adam.chappell@gmail.com>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>; ytti@ntt.net<mailto:ytti@ntt.net>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-optimal-route-reflection-14

Hi Adam,

> where an NLRI was simply omitted because the NH wasn't comparable

If I have single path to a net there is nothing to compare it with so this step of best path does not matter regardless if you use regular RR, add-paths or ORR. So none of those means that we are not sending such NLRI in iBGP.

The way I understood Job's case it is not the "NLRI itself which was ommited", but one recursive path to such NLRI was not considered in the comparison with other paths (next hops) as metric to its recursive next hop was not there.

Thx,
R.


On Mon, Oct 9, 2017 at 9:15 PM, Adam Chappell <adam.chappell@gmail.com<mailto:adam.chappell@gmail.com>> wrote:
Perhaps resolve/recurse as far as is possible/feasible and eventually fall back to max metric for a comparison in absence of anything else?  Would certainly be principle of least astonishment in Job's case where an NLRI was simply omitted because the NH wasn't comparable. Optimal should be better, but not really any worse than classic, right?  :)

I don't think the recursion needs to be mandated though, much as the supported IGP protocols aren't mandated. It is putting the the ORR's Loc-RIB and selection policy into play which is what we'd avoided.




On 9 October 2017 at 17:56, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:
Job,

> I think you are overestimating the impact of the proposed change.

It would be helpful to hear from vendors how propagating to BGP an IGP metric in the scenario
of N-level of recursion is easy or hard for them.

> The fact that they released software without this capacity, implies draft has ambiguity
> which causes operational inconsistency in best path algortihm (with possibility for blackholing).

Ok in such a case I don't see any problem of addressing the ambiguity with the below sentence
added to section 4.1:

Current text:


   "In this document we refer to optimal as the decision made during best

   path selection at the IGP metric to BGP next hop comparison step."



New text:



   "In this document we refer to optimal as the decision made during best

   path selection at the IGP metric to BGP next hop comparison step.


   In the scenario of BGP route's next hop resolving via N level recursion
   the metric used for given path's comparison (provided implementation
   supports it) should be equal to IGP metric of the final IGP route the
   N level recursion resolves via. Similarly next hop reachability validation
   should be based on the state of such IGP route."

Would WG and yourself be fine with this change ?

The only problem is what to do if implementation can not propagate such metric .. should the N-level recursive path be less preferred and assumed having max metric in such cases ?

Thx,
R.


On Mon, Oct 9, 2017 at 5:20 PM, Job Snijders <job@ntt.net<mailto:job@ntt.net>> wrote:
On Mon, Oct 09, 2017 at 04:25:27PM +0200, Robert Raszuk wrote:
> 1. Are you using the same implementation on both client and RR with
> ORR ?

Sometimes.

> The problem usually is related here not to BGP implementation but to
> RIB. Not all RIBs reference a metric of N-level recursive route to
> the child.

No, this is an optimal route reflection specific challenge. A vendor
read the document, and didn't consider the case where a BGP next-hop
may recurse through another BGP route to an IGP route. This is a simple
oversight that probably would not have happened if the document
specified how to consider route recursion from via one or more
protocols.

> When BGP registers its next hop with RIB for state/metric tracking
> (assuming that implementation even does that rathere then a single
> call to RIB) the metric it get's is the one attached to the specific
> next hop which is being queried.
>
> Bottom line is that mandating suggested text to the current spec may
> very likely result in number of implementations to become
> non-compliant and what is worse the proper fix may require in some
> cases complete RIB redesign which is far from BGP and IDR area.

I think you are overestimating the impact of the proposed change.

> For your valid case I would suggest perhaps to solve it via
> draft-ietf-idr-bgp-nh-cost-02.
>
> If you find vendors buying into your case we will be more then happy
> to update the NH cost draft and progress it.

I disagree, draft-ietf-idr-bgp-optimal-route-reflection is the right
place for this.

The specific vendor I was referring to told us that they'll change their
behaviour: they'll fully recurse the BGP routes at route reflector,
before chosing which route to reflect. The fact that they released
software without this capacity, implies draft has ambiguity which causes
operational inconsistency in best path algortihm (with possibility for
blackholing).

Kind regards,

Job


_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr



--

-- Adam.

v2.23.0 | Report a Bug | By Email