Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)

Gyan Mishra <hayabusagsm@gmail.com> Fri, 24 July 2020 22:35 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DE783A09DA for <idr@ietfa.amsl.com>; Fri, 24 Jul 2020 15:35:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RFoERrb6ejgV for <idr@ietfa.amsl.com>; Fri, 24 Jul 2020 15:35:14 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6662A3A09D5 for <idr@ietf.org>; Fri, 24 Jul 2020 15:35:14 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id z6so11390445iow.6 for <idr@ietf.org>; Fri, 24 Jul 2020 15:35:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UWIke9kQKvvssGiXNLUq73aJj5QvI8o3P9mF8eG/mtQ=; b=UBueTE15t78ImUJ4mDLexFv3m+FL701d7Q/O0quheAT/HAWFkCulygr2IvbGnnpivM jlFoi/i9ZHy8F4/CZu/CqSovI5XWGtWz/Es+DeGyEanq121fp1y3djJVxPQwdk3T3HXO 1A3kOoo36UdU9LMCDdyZQ5IJoZmaQKD+wV5N6fMaS3j+KWBXDofnbS73biFxQsnei5O2 OJJqT2Rl9etsUhQuM4XTf8bcjOJHYkanq0R92kUdkMN9qY8epXZPczgyhAlC0bjjeSl5 1uQy2wAevlSTKXYoa9EeJmnJuQuaLrQXrAxL4YBwUh/f74+D4vaAVxCHwVpzNoXMNRbZ A+CA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UWIke9kQKvvssGiXNLUq73aJj5QvI8o3P9mF8eG/mtQ=; b=n6HqzwKcwJMxZZLfZEEHZnZ+4xTa1la/QtT6vKPCu0CYRrRzArNJ4mQ1PvfyBIkU19 HHuBOo4+8lWBq7GNjDHWMGG+/ddZ/HHld7XJJGyRYYBNQ/+5sH8m4mi0np0hAb33xR3Z lSnbqiZKmHikiGDPjfmNTeRtB9h51tInGBEFHlZkfMFUSy8Cj9y+Io+YLW9oRKixYXgL aC/N6/nJZ9pGrKFdJTGDrYBebTpGF2zQvAuzFez0GSplYwEWXnPofK6Xsr9Wn+hHEhlB iWy+XSoRSRleHU3Hg54+bTDidYlszVlGJUthk5kn4JfhwYZIU8tZsovKSJGI2YW14s4c gshw==
X-Gm-Message-State: AOAM531xdZ9scIezkM8WoKn5VXrHCUVs4FcoEVdbLFrs40iWmLNc0II0 zeARwemgscCxbbCMCxXKygbAer1L0ZIA8RD8UMkeJQnszug=
X-Google-Smtp-Source: ABdhPJyhH/EDM979a9+u+vSIiYsH/JhFl2UFRtY25fj/gU5EBE2KC4aoEk68TC9c0m+wD6z6k4qLBOQgAIV/8Em73no=
X-Received: by 2002:a02:cd91:: with SMTP id l17mr12695203jap.88.1595630113528; Fri, 24 Jul 2020 15:35:13 -0700 (PDT)
MIME-Version: 1.0
References: <003701d65aa9$689a64d0$39cf2e70$@ndzh.com> <BYAPR11MB32072C364496472F6BB8FBD4C07C0@BYAPR11MB3207.namprd11.prod.outlook.com> <MN2PR13MB3117DB85FAE31F34D6575B41F2780@MN2PR13MB3117.namprd13.prod.outlook.com> <BYAPR11MB3207711DF449A039CC57AA61C0780@BYAPR11MB3207.namprd11.prod.outlook.com> <9df696a9aeae4bb3a2fd3869e72480b7@huawei.com> <BYAPR11MB3207238C676086BC76C5BE17C0760@BYAPR11MB3207.namprd11.prod.outlook.com> <f652b595a463405fac626ffc1262ebbc@huawei.com> <BYAPR11MB3207AE073C769136E209224AC0770@BYAPR11MB3207.namprd11.prod.outlook.com> <CAOj+MMENq1dN2Mwwy0UMO_LTpBeqD8zNP65ZHmrHUCfHw8LbEA@mail.gmail.com>
In-Reply-To: <CAOj+MMENq1dN2Mwwy0UMO_LTpBeqD8zNP65ZHmrHUCfHw8LbEA@mail.gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Fri, 24 Jul 2020 18:34:51 -0400
Message-ID: <CABNhwV1cMGR8ykvyVH-7j_dgB-P+NPt7m4wZ+u2_vOSkTx-0zw@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Huaimo Chen <huaimo.chen@futurewei.com>, "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001c1ef805ab37967d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/4zHAAIIsITTlUfx8g5FpMkAzpo4>
Subject: Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 22:35:18 -0000

Authors

I read through the draft again and based on the comments thus far trying to
see what gap this draft is addressing that does not exist exist today.

I have commented on this draft earlier on before WGLC and from what I
remember the result of the comments was that this draft is for Non SR or
MPLS and solely for pure IP based networks that require routing policy push
and no traffic steering in the context of PCE based path steering
instantiation that already exists today.

This is purely a policy push concept using BGP large communities new path
attribute container to accomplish the task.

So with that the idea is that this would accomplished by a centralized
controller.

Looking at controller based instantiation you start thinking PCE and BGP LS
for IGP path attributes propagation to the PCE, however in this particular
case we are not doing any traffic steering.

So from thinking PCE and IP based steering got me thinking about this draft
which I see a few authors are on this draft as well.

https://tools.ietf.org/html/draft-ietf-teas-pce-native-ip-09

So bottom line is this new MP Reach AFI SAFI code point assigned for IP
based routing control point only which can be managed with a centralized
controller doing the policy push via the new AFI SAFI code point.

One complex design I had worked on years ago which I mentioned in the prior
thread was based on standard community architecture where both sides are a
control point  multi active routing based on communities set.  Imagine you
have two MPLS core transports and have a edge CE that is connected as many
different locations all around the world and you want you tag all CEs off
each core with discrete communities and now you have a special perpending
pattern let’s say it’s 3 ties to make it easy and it’s 0x 2x 3x and so now
you match communities and set a prepend.  So now you duplicate that on both
sides so you don’t backhaul across the other core so you geographically
optimally route between each core over all the many tie points.  This does
get extremely complex but back then it worked and was all accomplished via
standard communities and to this day is still working, however of course
management of the policy changes is still a very very complex task.

So now this use case given could use Roberts Large communities draft and
apply this RPD  new routing policy AFI SAFI to make changes to a complex IP
policy deployment now becomes very simple deploy and manage for day to day
operations.

Based on what I have stated I support advancement of the draft with a
caveat.  I would like to add my use case to the draft and I think that
would help tremendously in explaining the gap and use case being addressed
by this draft.


Kind Regards

Gyan

On Fri, Jul 24, 2020 at 5:24 PM Robert Raszuk <robert@raszuk.net> wrote:

>
> In addition to points already mentioned let's examine what the draft
> actually defines ... not sure if this is just the tip of the iceberg or
> full set of match and set tools authors envision to have.
>
> Match:
>
> IPv4 prefix,
> IPv6 prefix,
> AS-PATH regex
> Community
>
> Set:
>
> MED,
> Arbitrary AS-PATH
>
>
> - So first don't we see a need to match on Peer's ASN ?
> - Don't we need to match on the peer ? (NLRI itself just matches on
> the ASBR making it p2p)
> - How about to match on link bandwidth to the specific peer ?
> - The draft talks about outbound traffic engineering from local AS  ...
> well that is done typically by setting local preference which is not even
> mentioned in the document
> - The defined community sub-TLV merely covers RFC1997. How about Extended
> or Large Communities ? No use ? No need to match ?
>
> Kind regards,
> R.
>
>
> On Fri, Jul 24, 2020 at 10:28 PM Jakob Heitz (jheitz) <jheitz=
> 40cisco.com@dmarc.ietf.org> wrote:
>
>> Let me try a different way.
>>
>> Flowspec is designed to install a filter everywhere to mitigate DDoS.
>>
>> Even if the filter does not install in a few routers, the DDoS is still
>> mitigated.
>>
>> It does not matter which nodes install it before other nodes.
>>
>> Therefore, the spray and pray of BGP is ok for Flowspec.
>>
>>
>>
>> Routing policy distribution could cause unpleasant routing transients if
>>
>> it is not installed or installed late on random nodes.
>>
>>
>>
>> Regards,
>>
>> Jakob.
>>
>>
>>
>> *From:* Wanghaibo (Rainsword) <rainsword.wang@huawei.com>
>> *Sent:* Thursday, July 23, 2020 11:23 PM
>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; Huaimo Chen <
>> huaimo.chen@futurewei.com>gt;; Susan Hares <shares@ndzh.com>om>; idr@ietf..org
>> *Subject:* RE: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to
>> 7/29/2020)
>>
>>
>>
>> Hi Jakob,
>>
>>
>>
>> Can you give some more details about "the route and the flowspec spray
>> to the same places“
>>
>>
>>
>> Regards,
>>
>> Haibo
>>
>>
>>
>> *From:* Jakob Heitz (jheitz) [mailto:jheitz@cisco.com <jheitz@cisco.com>]
>>
>> *Sent:* Friday, July 24, 2020 1:31 AM
>> *To:* Wanghaibo (Rainsword) <rainsword.wang@huawei.com>om>; Huaimo Chen <
>> huaimo.chen@futurewei.com>gt;; Susan Hares <shares@ndzh.com>om>; idr@ietf.org
>> *Subject:* RE: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to
>> 7/29/2020)
>>
>>
>>
>> You're missing the point.
>>
>>
>>
>> The fact that BGP is spray and pray doesn't matter, because the route and
>> the
>>
>> flowspec spray to the same places.
>>
>>
>>
>> Regards,
>>
>> Jakob.
>>
>>
>>
>> *From:* Wanghaibo (Rainsword) <rainsword.wang@huawei.com>
>> *Sent:* Thursday, July 23, 2020 12:02 AM
>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; Huaimo Chen <
>> huaimo.chen@futurewei.com>gt;; Susan Hares <shares@ndzh.com>om>; idr@ietf.org
>> *Subject:* RE: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to
>> 7/29/2020)
>>
>>
>>
>> Hi Jakob,
>>
>>
>>
>> 1.  Flowspec’s validation is used to check whether a device can learn the
>> Flowspec routes from an EBGP peer, but the validation can be performed only
>> for the component of the destination type.
>>
>>     In practice, the centralized server or controller is often used to
>> send FlowSpec routes to devices.
>>
>> 2.  RPD and SR-Policy also have their own validation. That is, route
>> targets are used to check whether information is sent to the expected node.
>>
>>
>>
>> Regards,
>>
>> Haibo
>>
>>
>>
>> *From:* Idr [mailto:idr-bounces@ietf.org <idr-bounces@ietf...org>] *On
>> Behalf Of *Jakob Heitz (jheitz)
>> *Sent:* Tuesday, July 21, 2020 12:52 PM
>> *To:* Huaimo Chen <huaimo.chen@futurewei.com>om>; Susan Hares <
>> shares@ndzh.com>gt;; idr@ietf.org
>> *Subject:* Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to
>> 7/29/2020)
>>
>>
>>
>> There is an important difference between RPD and Flowspec.
>>
>> https://tools.ietf.org/html/rfc5575#section-6
>>
>> states:
>>
>>    A flow specification NLRI must be validated such that it is
>>
>>    considered feasible if and only if:
>>
>>
>>
>>    a) The originator of the flow specification matches the originator of
>>
>>       the best-match unicast route for the destination prefix embedded
>>
>>       in the flow specification.
>>
>>
>>
>>    b) There are no more specific unicast routes, when compared with the
>>
>>       flow destination prefix, that have been received from a different
>>
>>       neighboring AS than the best-match unicast route, which has been
>>
>>       determined in step a).
>>
>>
>>
>> Effectively, the advertisement of the route takes the same vector as the
>>
>> advertisement of the matching flowspec. Therefore, if the flowspec did not
>>
>> reach a node, then the route likely didn't either, so it doesn't matter.
>>
>>
>>
>> The fact that BGP is spray and pray doesn't matter, because the route and
>> the
>>
>> flowspec spray to the same places.
>>
>>
>>
>> RPD policy distribution has no such validation rule.
>>
>>
>>
>> SR policy distribution suffers from the same problem.
>>
>>
>>
>>
>>
>> Regards,
>>
>> Jakob.
>>
>>
>>
>> *From:* Huaimo Chen <huaimo.chen@futurewei.com>
>> *Sent:* Monday, July 20, 2020 9:01 PM
>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; Susan Hares <
>> shares@ndzh.com>gt;; idr@ietf.org
>> *Subject:* Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to
>> 7/29/2020)
>>
>>
>>
>> Hi Jakob,
>>
>>
>>
>>     Thank you very much for your valuable comments.
>>
>>     Our answers/explanations are inline below with prefix [HC].
>>
>>
>>
>> Best Regards,
>>
>> Huaimo on behalf of co-authors
>> ------------------------------
>>
>> *From:* Idr <idr-bounces@ietf.org> on behalf of Jakob Heitz (jheitz) <
>> jheitz=40cisco.com@dmarc.ietf..org <jheitz=40cisco.com@dmarc..ietf.org>>
>> *Sent:* Thursday, July 16, 2020 9:01 PM
>> *To:* Susan Hares <shares@ndzh.com>om>; idr@ietf.org <idr@ietf.org>
>> *Subject:* Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to
>> 7/29/2020)
>>
>>
>>
>> BGP seems the wrong way to distribute routing policy.
>>
>>
>>
>> [HC]: It seems that BGP flow spec has been used widely to distribute
>> policies for redirecting the traffic. It seems work well without some
>> mechanisms in Netconf. BGP RPD should be similar to BGP flow spec.  BGP SR
>> Policy is on the same train.
>>
>>
>>
>> IETF has already defined a way to distribute configuration: Netconf.
>>
>> Netconf provides needed features that BGP does not have:
>>
>> - Atomic Transactions:
>>
>>   If one configuration item fails, they all fail.
>>
>>   They all either succeed or all fail. There is no partial success.
>>
>>   Multiple configurations in one transaction are applied at the same time.
>>
>>    . This avoids non-deterministic transient behavior between application
>> of the first policy and the last.
>>
>> - Feedback:
>>
>>   BGP is "spray and pray".
>>
>>   Netconf provides an acknowledgement that the config either failed or
>> was applied,
>>
>>   which then allows the controller to take the next steps with
>>
>>   reliable information about what configuration exists in the network.
>>
>> - Persistence:
>>
>>   If the BGP session were to go down, all the configuration it sent will
>> be implicitly withdrawn.
>>
>>
>>
>> If another AS would not allow a foreign AS to configure it with netconf,
>>
>> it would not allow it with RPD either.
>>
>>
>>
>> There are already ways in BGP for an AS to signal preference across AS
>> boundaries:
>>
>> Med, AS-path length, communities.
>>
>>
>>
>> [HC]: Netconf can be used to distribute configurations from a controller
>> to the devices in a network. BGP RPD as an alternative option, may have
>> some advantages in some cases. For example, in the case where BGP as a
>> controller, BGP RPD seems more suitable. Using BGP RPD to control/redirect
>> the traffic dynamically in real time may be more effective.
>>
>>
>>
>> Regards,
>>
>> Jakob.
>>
>>
>>
>> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of *Susan Hares
>> *Sent:* Wednesday, July 15, 2020 6:11 AM
>> *To:* idr@ietf.org
>> *Subject:* [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)
>>
>>
>>
>> This begins a 2 week WG LC on draft-ietf-idr-rpd
>>
>> from 7/15 to 7/29/2020.  You can obtain this draft at:
>>
>> https://datatracker.ietf.org/doc/draft-ietf-idr-rpd/
>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-idr-rpd%2F&data=02%7C01%7Chuaimo.chen%40futurewei.com%7C12cf72daefe0446d5a7908d829ed0a36%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637305445341383523&sdata=3LvgG6xwElOv27jGetqpyk8ftRub%2B%2B4Ui31Yt8wN87A%3D&reserved=0>
>>
>>
>>
>> This draft defines a new AFI/SAFI and new atoms
>>
>> for the Wide Communities.  This WG LC has been delayed
>>
>> as I waited for a resubmission of the Wide Communities draft.
>>
>> I had hoped to do these 2 WG LC in parallel.
>>
>>
>>
>> I’ve not received the Wide Communities draft, but we will
>>
>> start this WGLC to provide feedback to the authors.
>>
>> We may have to run a short follow-up to this WG LC
>>
>> If there are changes to the Wide Communities draft during
>>
>> Its WG LC.
>>
>>
>>
>> There is an IPR statement on this draft.
>>
>>
>>
>> In your responses please answer the following questions:
>>
>>
>>
>> 1) Do you feel this draft has an solution that is acceptable
>>
>>    With the IPR as a WG RFC?
>>
>>
>>
>> 2) Do you feel this draft is ready to publish?
>>
>>
>>
>> 3) Do you know of implementations of this draft?
>>
>>
>>
>> 4) Do you know of deployments of this draft?
>>
>> If so, is this feature useful in the deploy ments.
>>
>>
>>
>> 5) Do you feel that Wide Communities is ready for
>>
>> Publication?
>>
>>
>>
>> Cheerily, Susan Hares
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *



*M 301 502-134713101 Columbia Pike *Silver Spring, MD