Re: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt

Eric C Rosen <erosen@juniper.net> Mon, 09 October 2017 20:16 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA38F133245 for <idr@ietfa.amsl.com>; Mon, 9 Oct 2017 13:16:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3OlNomgj6nwu for <idr@ietfa.amsl.com>; Mon, 9 Oct 2017 13:16:57 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0096.outbound.protection.outlook.com [104.47.38.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E9451321DF for <idr@ietf.org>; Mon, 9 Oct 2017 13:16:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=btHDrRs7cq7tPnwu8LUAM2StmhinHqwHSBvRFwLR5Ro=; b=fOwpJKhFhSrSLXqyMKkan4yh1zZGu63gcE6EBkyKABNKgn4PDXnPDkg4JiX7rThgKHDnVkBZYiuw+/+ey6aDIhtubwOaoJgoBYpE5CnaXcNYJEbIvN2y+Q6sMO3FFojnaaS9UOfP3WSHFhXWzCtgkiao0518yxpPOLIh1rCC2kM=
Received: from [172.29.36.187] (66.129.241.14) by CY1PR05MB2297.namprd05.prod.outlook.com (10.166.192.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.5; Mon, 9 Oct 2017 20:16:54 +0000
To: Nandan Saha <nandan@arista.com>, stefano previdi <stefano@previdi.net>
Cc: idr@ietf.org
References: <149824800169.17379.9099679082498238196@ietfa.amsl.com> <CAE+itjf-1OPtKbADxAVft5+XufAWo3ebbXsamS+Mpt_2cTwzzg@mail.gmail.com> <CAB3683F-D029-4387-86A6-382E61A51ACD@previdi.net> <CAE+itjd1mE7_a+SA=dBhGrJNtcGWt1WTiRddTsEC4vp=COdOLQ@mail.gmail.com> <CAE+itjcuxbNHrwVq4wcgBC11rX=PwYUsvm3su5Axwko3X1beZw@mail.gmail.com> <CAE+itjcJK8TcszPyTto4ZfXz4LHr3Z9i9PbkuePHOWsuufPfzg@mail.gmail.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <65dbb5ba-9589-09a6-8093-f5f7e72fc5f7@juniper.net>
Date: Mon, 09 Oct 2017 16:16:59 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <CAE+itjcJK8TcszPyTto4ZfXz4LHr3Z9i9PbkuePHOWsuufPfzg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Originating-IP: [66.129.241.14]
X-ClientProxiedBy: MWHPR04CA0061.namprd04.prod.outlook.com (10.173.46.23) To CY1PR05MB2297.namprd05.prod.outlook.com (10.166.192.143)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f53125d4-6943-49c4-19f8-08d50f52b013
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:CY1PR05MB2297;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2297; 3:28P2VHTSatrJHR7jScMCO3FDnOMmWBWSuQ4mPzWSkxRmW8Ev7tskVjlSKqwwU+Oqi+JYEH1WKPEeTJjYMc6qE7BuwMB0bMSPYeZHOtHac9QpQVFkWAhSO9JZavU8HUIEAhVHACCWxHqQRctn+jOgYtlZVYuMXhd2hNVSLxHciqhM6LqdNQaQlU0IBlUnrPNeHeOCvKy41z4CbDxgLOHI0kxGDaVNxIpAFgmG3sti5RY8AbN/N3ogLXwqv8gsdORE; 25:6FY0apvcy12mz//UqpY+KiI72IIvw871X8dgtDm01rBKFIgM8uNuKcbWA8LcEoPrFfUnpims6OhWfZjlvLPg47jSxseDOlRDnPbS66Zt2ekGcG0gUepcMgdvgTkOGcIKWg51Mkarvs6wnjwVXAO5oi0WEZSOfRMpePkUR5ZwxXz3NmfBIM+CWf2/+8p6ncNXv9NhA/fpcYpy2MKLvkvO7cyIVQd1lvrv0pBC50ONHI1Vx9UD5hf6uqTjgnnlfGV8ajP7lVJJ+LkerrolGDNIknpCJWcZZEG3JAEf/wjTAKifyhwn7CmiAQX29b/8bNQZ08WNr4tg37b2lVx2g0mSDA==; 31:78nhdJmcg/ag6QMGFTBJCP3GGqsEnjoCjfNrV+R7EHcXyROKBVDN6PwBOhD1NgQ1tbDi9CAUvD6KmFRaFZRTzMCYTXugzvwcMoxKqLmyLR3rjQaDt0oIcLvJ1GjfH8QW77PI/ubuvPUeExZTi6/zohAzIyR5ZU1E3xxGkP7DRZdz/3zxEFzGuUV1AHrZlFDDmX7A6v1YfB+dkBtTtqrIQR/d3I7fVyWROHkCrL0tFXM=
X-MS-TrafficTypeDiagnostic: CY1PR05MB2297:
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2297; 20:KJdWFykhKu3+JcOeljiWT+lKPuwhDSQBlhVqX03qEO+toukfMaDvBxjIEu5WpbzsWd2ly3vYq3HBWipycz/JrFRv/3pPwWswcE3FwydJY8xWOkKy20OXJkyUKQIlxDK3r+JvOqIowB5vg4RXf2ol30TOyFWQLitbDVSKrpxDFeyC2P9fpxVnE9zQADkQBD85l4nw16eyx+Snr8mVVWYtEgTBdrA0AyDo6pAUGE5Q0Djg/n4RBQsdH/hfHUeXS67W9Kaxgq36fNAN+8px72zvyKcvDjk95PrzALTBG34y+BaxjWsMDkvpuLd2zum6hBr/qf/FYPYJ/C2npqGHw20KTpPD5McyLFsRYWGH/BZq+ZzOXGP7yhSU18bObKi6+Z/EknaF/dwWokc5JlhocpMRvTAPzJZlqx472FTIJvH9vH2PhTwUUo98XPm9Zzby7sYTk/dglPNXAjPYGNITb+slGy2PHevqWrvjvsaMdgduUMUyhJrflRVnRdLeiPHGXF5hK79C8ge28vMUI9PnB9tE3EVUMsdPuFMmjGvPOPXmLWduEeowW3CV4tSIcYQTUEMtzmmf9+834VckfrZqxpIirn9QlQjALm5ZVznvZ7ohkKE=; 4:kLtIhrSKJyRkx3MePcZEzhYEDOkZfbzC7sTIiaMTk4fz8ULbKLLOPN81jGqPJhtWE7hP+aQzzYLmmsGhf1/9J6wwvNAKEKRXQh09rhU+Kou6DBi2sCBTnNSiAX6TGgJ0sGOwXLJBM5fx/uo38p90CrDEfEvZ8jhgjnknfeQWrl1FyTGCx+QxBd0PK2TKZBwR4ci35hIFAdUy7qYLmk6wKZET1wwv2P56D0EQ1D8+ROlitRqP1MT6rmb+DFyA5Em/
X-Exchange-Antispam-Report-Test: UriScan:;
X-Microsoft-Antispam-PRVS: <CY1PR05MB2297E659B81BFC0A892E8BD1D4740@CY1PR05MB2297.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR05MB2297; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR05MB2297;
X-Forefront-PRVS: 045584D28C
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(6009001)(376002)(346002)(39860400002)(189002)(24454002)(199003)(377454003)(65806001)(66066001)(5660300001)(65826007)(65956001)(478600001)(68736007)(3846002)(6116002)(50986999)(76176999)(54356999)(47776003)(229853002)(64126003)(23676002)(81156014)(81166006)(101416001)(33646002)(50466002)(93886005)(8676002)(31686004)(7736002)(305945005)(8936002)(77096006)(6486002)(105586002)(106356001)(31696002)(58126008)(86362001)(16576012)(230783001)(4326008)(97736004)(189998001)(2870700001)(316002)(53936002)(2950100002)(53546010)(90366009)(6246003)(25786009)(3260700006)(110136005)(36756003)(83506001)(16526018)(2906002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR05MB2297; H:[172.29.36.187]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;CY1PR05MB2297;23:LBlfMi5v+R80JsgNSvXOHbdE/EOy0pnSA5MoCC1GMjwhFaYec/70xpOyi5jV1Ys3xZI+T4+xnWW2bUnnTv3AucKobQf87vgjcV4eEvaIrUmcLp2/cKI900VhNdnVYKpqveSbxBRcwRZgZdBlzwoNQQgJhs2DJzQygMZY/Tl4BIo3qvZLD75FBMROR7fIARX5QtCNqJUwGg8So2PkqpxHKGLu3ZUFH+SsLDs5mqm86hdPm6W5+PQs6cSKLIZztBAcx6x4Y5iCuJ2rMy10iJklnq1KUIyBQp8UdEISsaSoaRaGHuB8UNcTjJZh1hzsRvvb9dTViVuXpSf7EsctgxKMZbOCxSRIwPKbCJmbQjLSzJ4cePhKYa0/saCT8KJnnpdeW9f/WvqjZi5+y+dSjrXqLTFDcjHkroNaOQFekqp5lQG7bvUmJNwM+1psYzwu1b/vQJfN9z5mz0aU8EUajCsA22sDBy3irTCT5ZcL1eMw89xzRlxzTjwXnCamqmgdD/jqXvB7RXx/u38toa5lb8uQED9FfeKAQrZrkzDhvMplrLa25JZ197p2ekfMCxrsq9YnyT+VpXP0lO9y8w9RM898bv2zc+UMFI1XxgCkPFquYVon5R8O1EMg09VtZTYgYItFE/rHYpsD/op1s2uM9Tcu0Gb+WcdDnbn7dSASjtq1dYq74NFBX71Ir3E0u1q5nGxeo54RY7zOXxn7nEs6r3OtyNKbU/MTvmLDYymmIL10/gOWBptnaVptfXYOR5AKwrtbO3QfETM+5yRGx4ggm3rPcwPNamF3ld95l+/pMsnIdiBLVDm6B2a27U3dTq1DiXDrs2MuyCw7YlDDuqWXk4/79G5aOdNfUGi1d6yugPM4d21aIf0WnxlL9ZvpfzRes6/LeW/hHJNNQ9mMfUUHhEPrCBtUyKUECPE19V05fyQQ0ajUginTQnwAFIboJOGdy4K9WSb/Zpu/OKrjbJlPw1dNg8BMcblg0igDNPqIBJdd8CjHVLSg1PvAMQ9GSQ/adPyEiQ2ci6zRY9/FJVE5+MY29HZL+4rGa9NgfQE+3EHx51eiaHleiHLptYCFWaA7zdMWBVZXIArA/DmkL9benW9180YbDL2Vxuuky5N9ffbu6+qOLnpvt846OIS/lNv4upRnfsOs/B0McVA5Xgzud9Oif0StoaqT02W2GjIra2S8Z4DL6+a+a6NuVem/QOFccW7qPtgWGA19xHbw4e8oHh1Zfr4I00tEHqnj1seF2Kao0dZL+Bv5ze9yNSBS1y8fceNsFu9x1GN0w1e1MehAYSOX+WTBG+/T3wzS/QyRR4gT/9DtT9sp7exFwxJP8iLaHR0sAPjcp8wDgGynpikKr0qOChy0jmNQEYghsrZWmzVieuejTs0negSOUKQvQX3rCF70OYyetn0cfk1G7dJyNsf8YRKB+VCTih9slJLSYn2isFo=
X-Microsoft-Exchange-Diagnostics: 1; CY1PR05MB2297; 6:PM0AMjSv9F3xHGUUgvDtU+dVPYAqTKcY3FIxI0lOQcmfIE8CaBin2xwuIf6WlviHmyqk7gh2mumSVcejfCwLAAh/ONyP/ofqscylIu7rP7xSWLk3QomMdshihsoxrklbPYkGLul++ao28nzzosx2mt4hOrLP0CH8QoUqJh2km9akLzBhaGCUcSh8i7jvDElDMN2Ev63Mato6IYcJTUquptWrXrDAFGQF0zI6NaGoTkFe9H6O4sM49+bxiw/cI/hp9/22TPe84iS7bVDicrVEYgH4w/WGy3odHDB15/58qKt/r8IhKYNrv/4OakTDVqTmmk5H9yd8G72qad2vVAxz2A==; 5:9vPefaOdU0L7BxwqnO/jLrQsY3RhuA+AfrvA4LCzfuHJTF9wyG+uuLTZ65LDWUCphpjKqSGpRxDa/zWKYA2LrC2YUWBYX22YggAc2cbuycgvhkUouUqI6X5AAkfymlh6bb2vUnHf1+WqJyuJM9Am/w==; 24:6skK8AEL5k/bhgpmfoWYZd9A9oPadrC3Pr8qgkpwweW9DIq6jiOuFp8+aeDE65s/jcJH7M30rq+Yi/MxVjLzyu1VjSC+0d3whT6gn2jP8bM=; 7:rad+ErIV7sFnkuQVdUuFkcQZsj/ZkfZs42kq5JmA/kZV/Eghrd9DpMZhMKgMJfqVShJZPosClD/QBTYbQWpt3cXNTZ8RWKoHitEM+mXf6AQ9lr2mrkro4/fN1n/d73bpCllADc8dEYHvZ7KLOfp4Ojg07iWVlh8QtvY8v0cyOkzaH5fY52JGiF4SGRIk3FYpNF/FzKhquwT4O3vKDXm4uW4NSHRGNfu7l0CSsNGeXqM=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Oct 2017 20:16:54.9194 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR05MB2297
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/737smQTXDrGCoSnbKjYOQVMSG5w>
Subject: Re: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 20:17:00 -0000

On 10/6/2017 10:38 AM, Nandan Saha wrote:
> 5. Conflicting mandate for malformed NLRI handling.
> In section 4.2.1 of this draft, the first bullet point's 2nd sentence is
> <<<
> If the NLRI is not one of the legal lengths, a router
>       supporting this document and that imports the route MUST consider
>       it to be malformed and MUST apply the "treat-as-withdraw" strategy
>       of [RFC7606]
> >>>
> Where as the last sentence in section 4.2.1 is
> <<<
> A unacceptable SR Policy update that has an invalid NLRI portion MUST
>    trigger a reset of the BGP session
> >>>
> Can the draft be updated to simply remove the reference to 
> treat-as-withdraw in the first statement since one cannot withdraw a 
> NLRI if one cannot parse it; and also because it conflicts with the 
> 2nd mandate.

You do not want to trigger a reset of the BGP session unless the UPDATE 
is so mangled that you can't  continue to parse the TCP octet stream.
If the UPDATE is well-formed, but the NLRI is not one of the two legal 
lengths (12 or 24), treat-as-withdraw is appropriate.

Probably the sentence about triggering a reset of the BGP session can be 
omitted, since that is only necessary when the UPDATE is totally 
mangled, and in that case it is normal BGP behavior and nothing 
particular to do with the SAFI being discussed.

> 1. Behavior when only one of Color / Remote end point sub-tlv is 
> present in the Tunnel encap tlv.
>   Should the match on either color or remote end point be done for 
> acceptance? For example the color sub-tlv is present, but the remote 
> end point isn't. So the color of the color sub-tlv must match the 
> color in the NLRI. Or should the condition for matching of color / 
> remote end point be done only if both color and remote end point are 
> present.
>
> 2. What is the rationale for including remote end point / color sub 
> tlvs in the tunnel encap tlv.
>   The NLRI already has the color and endpoint. Why is there an option 
> to also include a end point and color in the tunnel encap tlv and then 
> have to make sure it matches the NLRI?

I believe the Remote Endpoint is mandatory, according to the 
tunnel-encaps draft.  (There has been some controversy on this point 
though.)
The color sub-tlv is not mandatory, but you can't really stop someone 
from including it.

The purpose of these rules is to cause a policy to be rejected if it 
contains contradictory information.