[Idr] Re: FW: draft-ietf-idr-sr-policy-safi - RTG-DIR Review - Shepherd's review of Directorate reviews
Ketan Talaulikar <ketant.ietf@gmail.com> Fri, 26 July 2024 21:12 UTC
Return-Path: <ketant.ietf@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A843C151078 for <idr@ietfa.amsl.com>; Fri, 26 Jul 2024 14:12:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVGgnqqm8ZIZ for <idr@ietfa.amsl.com>; Fri, 26 Jul 2024 14:12:56 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7801C151066 for <idr@ietf.org>; Fri, 26 Jul 2024 14:12:55 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a728f74c23dso269472566b.1 for <idr@ietf.org>; Fri, 26 Jul 2024 14:12:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722028373; x=1722633173; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VHx650z9XaXanNCiGQ0ngZI9FE/M4FENAF9t/ny3tuk=; b=b9sz/iu9kWwD9xrMYF7jxaUyaF/dGYPQJYcXhdWdiyLh7sShyjA2VoG9fgzRNkbyuM BvYvB9iT5n9ltUCiRmFJtXgEXEs54rQWJTn+SE3WtLDgsiODue2IP2En5gvk7P1EIQfp R3UI0jqireOt/GyV8N9lYtJtT/Jc3CTXxoIhhFrqMQAUhXoUogHHLQ5H8OMMqBpM+lUe ofI4ug8xKp889EC9ipDP3sl1fVJUcW66pGTN4q3K+cL3xnrYuhRsm26UoYmpUNw9HGYF /6MuTC09Ln3bl/P69UY6Ru1UEAnBW6Gri3mjv2mGo2iJkQmKKRfT5kj6gFJUSZOgL/9A 42kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722028373; x=1722633173; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VHx650z9XaXanNCiGQ0ngZI9FE/M4FENAF9t/ny3tuk=; b=kXZ7At6y8HEUZy6WheJlMNlf3OKSoDm5cyFFcSX/7Hvx+CEODZ202/I9zmjk3rZXkP 4cdYm9T1h3CpDNX+GwyLxrjGEgfU13QwlShfbpPRGX5agRVqHyov7otleFa9GZhB0Adv VPtljvaC0guj1R3bHWSeZUxBOD3xSelXc/jzmTzECglngoeWkhxwiKE40izbMh2Qgl+x uYvru2xdwFrWxF0NAHg8EaYoxGU/l1NQ88gzPVKeAc1YzosflqGEP2kx9nAG5kXgyr0f bF1h+L9yuVLW15NFmSJcaxSTDitsHmAv2JULQD83li2RSIB5k193qfOzdq5IIvBRpSo2 mVjA==
X-Gm-Message-State: AOJu0YwdaJF+CLDUKPJOT+EzmDcxKLqhylMDe6wgXoh3G3x0MW1GAYU0 zlWSFqGfvXyknu4Vxsm64qC0PCGC768dplAaMoFAnU0N2Jyv9wAv3y/WeVK4CrcyiqYi8SQzzSO chZKu0HHdRTtI7gjCq49xhWtAEb0dvWNZgE4=
X-Google-Smtp-Source: AGHT+IGOquNyIQcOZx6zaaGfNnQghhoBWG2os7vaLKEd35TuvKJGj0BzqSCljoWlf52pReQCGWaSFh6KC39zFPSY+xU=
X-Received: by 2002:a17:907:e86:b0:a7a:c106:3651 with SMTP id a640c23a62f3a-a7d401c4bc8mr41688166b.64.1722028373018; Fri, 26 Jul 2024 14:12:53 -0700 (PDT)
MIME-Version: 1.0
References: <CO1PR08MB66115AA26BEEFB5850308DBAB3F22@CO1PR08MB6611.namprd08.prod.outlook.com> <CO1PR08MB6611D5F5B09829D2AF5FF1E1B3FF2@CO1PR08MB6611.namprd08.prod.outlook.com> <CAH6gdPyA=cpjR0KUheDakwag=HYW+a-ekqJHBPOvaPcuZQjLKQ@mail.gmail.com> <CO1PR08MB661185EB10E981F569698A18B3AB2@CO1PR08MB6611.namprd08.prod.outlook.com> <CAH6gdPyD=dSv+592m-mvjfqKEKOH7tB6Wx8EUqxm+qNuS38BPA@mail.gmail.com> <CAH6gdPyX3kuhJHVqfCGRH7Ot8=JU7dKs_jf9o6J=Hzj+6um7vA@mail.gmail.com> <CO1PR08MB66113BF5C0120A2B99A93505B3B42@CO1PR08MB6611.namprd08.prod.outlook.com> <CAH6gdPxik+tC65onOVq7AN+hg759Z9gX+vKuJuhFULb7Rt1XSw@mail.gmail.com> <CO1PR08MB6611911F3844275EB8EB66A7B3B42@CO1PR08MB6611.namprd08.prod.outlook.com>
In-Reply-To: <CO1PR08MB6611911F3844275EB8EB66A7B3B42@CO1PR08MB6611.namprd08.prod.outlook.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Fri, 26 Jul 2024 14:12:40 -0700
Message-ID: <CAH6gdPw9i=Ugh37sr1OO84LroJRKTk0B-RQhBeubP8wgjS-FoA@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>
Content-Type: multipart/alternative; boundary="00000000000077904c061e2cf9a7"
Message-ID-Hash: FKFDKF2H5XYM6SGK3NKT2OBN4HTQSLQI
X-Message-ID-Hash: FKFDKF2H5XYM6SGK3NKT2OBN4HTQSLQI
X-MailFrom: ketant.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-idr.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "idr@ietf.org" <idr@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Idr] Re: FW: draft-ietf-idr-sr-policy-safi - RTG-DIR Review - Shepherd's review of Directorate reviews
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/7LXW1oTPnpbcHyaDzrCZVPhKr9M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>
Hi Sue, Thanks for your guidance through the shepherd review. Thanks, Ketan On Fri, Jul 26, 2024 at 2:06 PM Susan Hares <shares@ndzh.com> wrote: > Version -06 resolves all the RTG-DIR, OPS-DIR, and SEC-DIR comments. > > > > Thank you for your hard work, > > Sue > > > > *From:* Ketan Talaulikar <ketant.ietf@gmail.com> > *Sent:* Friday, July 26, 2024 3:59 PM > *To:* Susan Hares <shares@ndzh.com> > *Subject:* Re: [Idr] FW: draft-ietf-idr-sr-policy-safi - RTG-DIR Review - > Shepherd's review of Directorate reviews > > > > > > Hi Sue, > > I didn't add because each segment type definition specifies if it is > SR-MPLS or SRv6. With current text the base spec will cover all future > segment types just like RFC9256 does. > > Please let me know if you think otherwise. > > Thanks, > Ketan > > > > On Fri, 26 Jul, 2024, 12:42 pm Susan Hares, <shares@ndzh.com> wrote: > > Ketan: > > > > *Change to existing text:/* > > As specified in section 5.1 of [RFC9256], a mix of SR-MPLS and SRv6 > segments make the segment-list invalid./ > > > > Good rephrasing of the text, but you did not include the identification of > the segment types in the list. > > > > Add after this text:/ > > The following segments described in Section 4 of [RFC9252] and listed > above are SR-MPLS segments: Types A, D, E, F, G, and H. > > The following segments described in Section 4 of [RFC9252] and listed > above are SRv6 segments: Types B, C, I, J, and K. / > > > > The answers to the questions are fine. I will add the information from the > questions to shepherd’s report. > > > > Sue > > > > > > *From:* Ketan Talaulikar <ketant.ietf@gmail.com> > *Sent:* Friday, July 26, 2024 2:06 PM > *To:* Susan Hares <shares@ndzh.com> > *Subject:* Re: [Idr] FW: draft-ietf-idr-sr-policy-safi - RTG-DIR Review - > Shepherd's review of Directorate reviews > > > > > > Hi Sue, > > > > We can meet to discuss f2 and I can clarify further. > > > > Thanks, > > Ketan > > > > > > On Fri, Jul 26, 2024 at 11:03 AM Ketan Talaulikar <ketant.ietf@gmail.com> > wrote: > > Hi Sue, > > > > Please check inline below for responses. An update with the changes as > discussed below has been posted: > https://datatracker.ietf.org/doc/html/draft-ietf-idr-sr-policy-safi-06 > > > > On Thu, Jul 25, 2024 at 3:55 PM Susan Hares <shares@ndzh.com> wrote: > > Ketan: > > > > I’ve pulled to the front the few issues remaining from the routing > review. Two issues had partial resolution of the text. > > (S2-02 and S2-03). We can talk about the text changes. > > > > There are 3 questions, I need clarity on so I can write-up the rest of the > shepherd’s report. You can just answer those in your reply email. > > > > Getting so… close. > > > > Thank you, Sue > > > > > > *Section 2 – partial fixes * > S2-02: Section 2.4.2, I-Flag – is partially implemented, how about we > compromised on Old text-05: / The flag indicates that the CP > is to perform the "drop upon invalid" behavior when no valid CP > is available for this SR Policy. . New-text:/ The flag indicates that > the SR Candidate Policy (CP) is to perform > the "drop upon invalid" behavior when no valid SCP is available for this SR > Policy. / > > KT> Fixed - with slightly different text. > > > > S2-03, Section 2.4.4, Validation of Segment list Context of request in > text: The components of the explicit SR Candidate Policy path can be > validated during the TEA processing for the following: · an empty > Segment list for an explicit SR Candidate Policy, · a Weight > SubTLV of zero, and · mixtures of SRv6 and SR-MPLS. As stated, > Section 5 of [RFC9256] does not provide a clear reason why the normal > checks within BGP are being ignored for an explicit candidate path. If the > "explicit path encoded by the Segment List SubTLV" is either an explicit SR > candidate Policy path (tunnel), or a dynamic SR candidate Policy path > (tunnel), or a composite SR Candidate Policy path, the text needs to state: > 1. what type of segment lists are being passed by BGP, 2. why > an empty segment list is not being checked, an 3. why a weight > SubTLV with a value of zero is accepted for a valid SR Candidate Policy. My > comment: You have only addressed the weight comment and the empty segment > list (A+B) a) There are three types of segment lists: explicit, > dynamic, and composite. Just to be sure, there are no “BGP update > packet” indicators that the paths are only explicit paths. > > > > KT> The context is that the controller has done the path computation and > is sending the computed path (i.e. computed segment list) down to the > router. In that sense, they are only explicit paths - however in the > broader SR Policy architecture context (controller + routers) they could be > explicit paths (provided by operator) or dynamic paths (computed by > controller). We have the following text in section 2.4.4 and also clarified > the same in the introduction. > > > > The Segment List sub-TLV encodes a single explicit path towards the > endpoint as described in section 5.1 of [RFC9256 > <https://www.ietf.org/archive/id/draft-ietf-idr-sr-policy-safi-05.html#RFC9256> > ]. > > > > > > This fact means that composite paths must use a different subTLV than the > segment list. (see draft-jiang-idr-sr-policy-composite-path-00 section – > segment list is explicit path, and constitute SR-policy is composite path) > All this one needs is confirmation in response email. (e.g. “Yes – > segment list is only for explicit SR Candidate Paths) > > > > KT> Yes, composite paths are outside the scope of this document. Added > text to clarify that in the introduction. > > > > b) Why are you not checking that the Segment list does not mixed > SRv6 and SR-MPLS segment types in the same segment list Section 5 of > RF9256 indicates you will not mix SR-MPLS and SR-v6 segment tyeps: · > For draft-ietf-idr-sr-policy-safi: It would be easy to check that Segment > type A and Segment type B are not included in the same segment list. · > For the combination of draft-ietf-idr-sr-policy-safi-05 and d draft-ietf-idr-bgp-sr-segtypes-ext-03, > you simply could check indicate which category each segment belongs to. Old-Text > change: /The following sub-sections specify the sub-TLVs used for > Segment Types A and B. The other segment types are specified in > [I-D.ietf-idr-bgp-sr-segtypes-ext]./ New text: /The following > sub-sections specify the sub-TLVs used for Segment Types A and B. The > other segment types are specified in > [I-D.ietf-idr-bgp-sr-segtypes-ext]. Section 6 of [RFC9256] indicates > that SRv6 and SR-MPLS segment types cannot be mixed in the same > segment list. The following segment types are SRv6 segment types (A, > C, E, F, I, J, and K). The following segment types are SR-MPLS segment > types (B, D, G, and H). An implementation should check whether these > types are mixed in the same segment list./ > > > > KT> I've clarified this, with different text. > > > > Answers needed for section 4. Please answer the questions in issues. > I’ll add these to the shepherd’s review SR04-01 - Section 4.2.1 - Lack > of RT for IPv6 Why is the RT target not needed fro IPv6 NLRI (2/73)? > > > > KT> The RT identifies the BGP Router via its BGP Identifier (i.e. BGP > Router-ID) which is always modeled as an IPv4 address even for IPv6 > deployments. > > > > SR04-02- Section 4.2.2 - Eligibility for Local Use of an SR Policy NLRI How > is -04 text different than Jeffrey’s assertion (a local RT matches one of > the advertised RT) > > > > KT> To clarify the local router's BGP Identifier matches one of the RTs on > the route. Please let me know if I've misunderstood your point. > > > > SR04-03- Section 4.2.2 - - WG discussion Questioned Restated: Are you > using configured IBGP sessions rather than RT to reduce the flooding of > information? > > > > KT> Yes, most deployment designs that I am aware of use direct iBGP > sessions from the controller to the BGP routers. > > > > Thanks, > > Ketan > > > > > > > > *From:* Ketan Talaulikar <ketant.ietf@gmail.com> > *Sent:* Monday, July 22, 2024 3:03 AM > *To:* Susan Hares <shares@ndzh.com> > *Cc:* idr@ietf.org; Keyur Patel <keyur@arrcus.com> > *Subject:* Re: [Idr] FW: draft-ietf-idr-sr-policy-safi - RTG-DIR Review - > Shepherd's review of Directorate reviews > > > > > > Hi Sue, > > > > The version 05 posted a short while ago includes the changes as discussed > below: > https://www.ietf.org/archive/id/draft-ietf-idr-sr-policy-safi-05.html > > > > I've incorporated all the suggestions provided by you except for a few > ones as discussed inline below. > > > > Thanks, > > Ketan > > > > > > On Mon, Jun 3, 2024 at 11:43 AM Susan Hares <shares@ndzh.com> wrote: > > Ketan: > > > > Below is my shepherd’s review of the RTG-DIR responses. Responding on > the mail list is fine. One other option is that we can schedule a 7am PT/ > 10am EDT call to work through the issues. Keyur volunteered to sit on the > call to give his perspective. > > > > I’m open at 10am on Tuesday morning (6/4) at 10:00 am – 11:00am EDT > (7:00am PT), Wednesday (6/5) from 10-11 am EDT (7-8 am PT), or Thursday > 9:00 – 10:30am EDT (6-7:30am PT). > > > > Cheers, Sue > > > > ================= > > > > RTG-DIR email thread > > > https://datatracker.ietf.org/doc/review-ietf-idr-sr-policy-safi-01-opsdir-early-nainar-2024-03-04/ > > > > Github > > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues > > > > Open issues from RTG-DIR: Issues 12, 17, 19, 20, 24-27, > > Issue 12: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/14 > > Issue 17: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/19 > > Issue 19: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/21 > > Issue 20: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/22 > > Issue 24: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/26 > > Issue 25: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/27 > > Issue 26: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/28 > > Issue 27: > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/29 > > Summary of issues: > > https://github.com/ietf-wg-idr/draft-ietf-idr-sr-policy-safi/issues/32 > > > > *Shepherd's Comments on -04 Section 1 - Based on RTG-DIR* > > status: Editorial, open > > Comments: Intro-1, Intro-2, Intro-3 > https://datatracker.ietf.org/doc/review-ietf-idr-sr-policy-safi-01-opsdir-early-nainar-2024-03-04/ > > > > *SR04-Intro-1* > > Where: Introduction, paragraph 13 > > Github: RTG-DIR Issues 4 and 5 > > Shepherd's editorial preference is noted below but the -04 text is > technically correct. > > > > Suggested change: / > > Old text:/ > > An SR Policy intended only for the receiver will, in most cases, not > > traverse any Route Reflector (RR, [RFC4456]). / > > New text:/ > > An SR Policy intended only for the receiver will, in most cases, not > > traverse any Route Reflector (RR, [RFC4456]). (See Section 4.2.3). / > > > > *SR04-Intro-2* > > Section: Introduction, paragraph 14 > > original issue: RTG-DIR Issue 6 > > Status: Editorial, open > > old text:/ > > One or more IPv4 address specific format route target extended > > community ([RFC4360]) attached to the SR Policy advertisement and > > that indicates the intended headend of such an SR Policy > > advertisement./ > > New text: / > > One or more IPv4 address-specific format route target extended > > community ([RFC4360]) attached to the SR Candidate Policy advertisement and > > that indicates the intended headend of the SR Policy > > advertisement./ > > > > *SR04-Intro-3* > > **-04 text ** / > > The SR Policy SAFI route updates use the Tunnel Encapsulation > > Attribute to signal an SR Policy - i.e., a tunnel itself./ > > > > **New-text:/ > > The SR Policy SAFI route updates use the Tunnel Encapsulation > > Attribute to signal an SR Policy - which is a tunnel itself/ > > > Shepherd's comments on -04.txt Section 2 S2-01: Section 2.4.2, paragraph 2 > > *github issue:* RTG-DIR-Issue-14, github 16 > *Status:* Editorial, clarity of text > > *Original Text: /* > It is RECOMMENDED that the SRv6 Binding > SID sub-TLV defined in Section 2.4.3, that enables the specification > of the SRv6 Endpoint Behavior, be used for signaling of an SRv6 > Binding SID for an SR Policy candidate path./ > > *New text:/* > It is RECOMMENDED that the SRv6 Binding > SID sub-TLV (defined in Section 2.4.3) be used to signal an SRv6 Binding > SID > for an SR Policy candidate path./ > > KT> Retaining the original text since it explains why the SRv6 BSID > sub-TLV is recommended. > > S2-02: Section 2.4.2, I-Flag > > *github issue:* RTG-DIR Issue-19 > *Reasons:* Technical, RFC9256, Section 8.2 is confusing, CP undefined > > *Text:/* > - I-Flag: This flag encodes the "Drop Upon Invalid" behavior. It > is used by SRPM as described in section 8.2 in [RFC9256]. The > flag indicates that the CP is to perform the "drop upon > invalid" behavior when no valid CP is available for this SR > Policy. In this situation, the CP with the highest preference > amongst those with the "drop upon invalid" config is made > active to drop traffic steered over the SR Policy. > > *Text in RFC9256 section 8.2 states:* > > Specifically, the operator does not want the PW to be routed according to > the IGP > shortest path to the PW endpoint. > > > > *Technical comment:* BGP passes to the SRPM a valid SR Policy Candidate > Route a specific behavior (I-Flag). Validation of the SR Policy Candidate > Route is based on NLRI and TEA checks. The general concept of the I-Flag is > given in RFC9256 in Section 8.2 is reasonable, but matching the BGP-SRPM > actions is difficult. (See RTG-DIR comments) > > *Alternate text:/* > - I-Flag: This flag encodes the "Drop Upon Invalid" behavior. It > is used by SRPM as described in section 8.2 in [RFC9256] > to define a specific SR Policy (tunnel) forwarding behavior. The > flag indicates that the SR Candidate Policy (SR-CP) is to perform > the "drop upon invalid" behavior when no valid SR-CP is available for this > SR > Policy. In this situation, the SR-CP with the highest preference > amongst those with the "drop upon invalid" config is made > active to drop traffic steered over the SR Policy./ > S2-03: Validated (Empty)Segment lists, Section 2.4.4 - > > *github issue:* RTG-DIR Issue-19 > *status:* Technical issue: Validating Segment lists > *reason:* RFC9256 in section 5.1 indicates that > > - an empty explicit SR Candidate Policy is invalid if it is "empty", > has a weight of zero (0), or mixes SRv6 and SR-MPLS types, and other > constraints known in SRPM. > - a dynamic SR Candidate Policy is only invalid if the "constraints" > AND the optimization object cannot be solved, > - a composite SR Candidate Path is a combination of explicit and > dynamic. > > Text-1:/ The Segment List sub-TLV contains zero or more Segment sub-TLVs > and > MAY contain a Weight sub-TLV./ > > Text-2:/ Validation of an explicit path encoded by the Segment List > sub-TLV is > beyond the scope of BGP and performed by the SRPM as described in > section 5 of [RFC9256]./ > > The components of the explicit SR Candidate Policy path can be validated > during the TEA processing for the following: > > - an empty Segment list for an explicit SR Candidate Policy, > - a Weight SubTLV of zero, and > - mixtures of SRv6 and SR-MPLS. > > As stated, Section 5 of [RFC9256] does not provide a clear reason why the > normal checks within BGP are being ignored for an explicit candidate path. > If the "explicit path encoded by the Segment List SubTLV" is either an > explicit SR candidate Policy path (tunnel), or a dynamic SR candidate > Policy path (tunnel), or a composite SR Candidate Policy path, the text > needs to state: > > 1. what type of segment lists are being passed by BGP, > 2. why an empty segment list is not being checked, and > 3. why a weight SubTLV with a value of zero is accepted for a valid SR > Candidate Policy. > > *Suggested change for weight subTLV check:* > *Change:* Technical, validation of explicit SR Candidate Policy. > > Current text:/Weight: 4 octets value indicating the weight associated with > a > segment list as described in section 2.11 of [RFC9256]. / > > > New text:/ Weight: 4 octets value indicating the weight associated with a > segment list as described in section 2.11 of [RFC9256]. > A weight value of zero (0) is invalid./ > S3-04: Section 2.4.4.2.2, > > github issue: RTG-DIR-20, github-22 > Why: Editorial, Clarity and grammar > > *-04-txt: /* > The TLV 2 defined for the advertisement of Segment Type B in the > earlier versions of this document has been deprecated to avoid > backward compatibility issues./ > > *new text:/* > A Segment Type B subTLV with a SubTLV type value of 2 was defined for the > advertisement of Segment Type B in earlier versions of this document but it > was deprecated to avoid backward compatibility issues./ > > KT> Rephrased. > > S2-05: Section 2.4.4.2.2-2.4.4.2.3, Significance of Flags, V Flag > > *github issue:* RTG-DIR-19 > status: Technical issue 1: Validity of SR Candidate Routes > > *Text:*/ V-Flag: This flag, when set, is used by SRPM for "SID > verification" as described in Section 5.1 of [RFC9256]./ > > The "V-Flag" applies to all segment types. It is important to indicate > what type of SR Candidate Policy this can be: explicit, dynamic, composite, > or all three. > > Again, repeating the comment from S2-03: > Validating an *explicit SR Candidate route* includes validation of the > BGP Tunnel Encaps Attribute (TEA) information for the following things: > > - Non-empty Segment list > - non-zero Weight SubTLV > - no mixture of SubTLVs between SR-MPLS and SRv6 > (SR-MPLS subTLVs are A, D, G, and H. SRv6 subTLVs are: B, I, J, K, > non-specified, C, E, F). > > *Shepherd's comment:* > It seems odd to remove validation of the TEA portion of the BGP passed SR > Candidate Policy if it is considered an "explicit" candidate route. If it > is "dynamic", then how can interoperability be specified without specifying > a base set of policy for creating "dynamic route". The only reference in > RFC 9256 on those dynamic consideration is the > [draft-filsfils-spring-sr-policy-considerations-09], an expired > Internet-Draft. > > > Shepherd's comments on Section 3 - No issues from RTG-DIR Mail thread > > *RTG-DIR Mail thread:* > https://mailarchive.ietf.org/arch/msg/ops-dir/JFInEGfu1GpIgTuCTWsNMJbGwp0/ > > > RTG-DIR Review: Issues with Section 4 SR04-01 - Section 4.2.1 - Lack of > RT for IPv6 > > github issue: RTG-DIR Issue-24, > > Jeffrey Zhang's question: What about IPv6-address specific RT? > https://mailarchive.ietf.org/arch/msg/rtg-dir/E9qyJKHjRpMTNOAXnJo9jVi0nQg/ > > *Shepherd's question:* > NLRI specified are: SR Policy IPv4 (1/73) and SR Policy IPv6 (2/73). > Why is the RT target not needed fro IPv6 NLRI (2/73)? > SR04-02 - Section 4.2.2 - Eligibility for Local Use of an SR Policy NLRI > > *github issue:* RTG-DIR Issue-25: > > text: / If one or more route targets are present and none matches the > local > BGP Identifier, then, while the SR Policy NLRI is valid, it is not > usable on the receiver node./ > > *Discussion:* > *Jeffrey:* As long as the receiver is configured with a local RT that > matches one > of the advertised RTs, it should be fine, right? That is how VPN RT > works and I suppose the same can be used here. > *Ketan (KT)*: The semantics are different here. > *Shepherd's question:* How is the -04 text above different from Jeffrey's > assertion? > SR04-03 - Section 4.2.2 - WG discussion Questioned > > *Status:* Simply Reporting the RTG-DIR hit the WG Discussion on RTs > *text:/* If one or more route targets are present and none matches the > local > BGP Identifier, then, while the SR Policy NLRI is valid, it is not > usable on the receiver node./ > > *Short Summary:* > *Jeffrey:* I think it SHOULD remove the RT that matches its BGP > identifier and stop propagating if there are no more RTs left, w/o relying > on configuration. > (reference: > https://mailarchive.ietf.org/arch/msg/rtg-dir/pzT0P9XId3qV3iCd-mgpZUvul7A/ > ) > > *Ketan:* I can understand where you are coming from and IIRC this option > was > discussed at some point of time during the draft's life as a WG document. > The decision at that point was to keep it as an explicit policy option and > to not create an exception in the base BGP propagation mechanism. The way > it works today is that the BGP Identifier matching is done during "import" > into SRPM that is specific to the BGP SR Policy SAFI. > > > > Shepherd: Reporting that we hit this discussion in RTG-DIR review. > > > Shepherd's Review of RTG-DIR Comments on Section 5 S04-Section 5 - Issue-1 > > *Status:* Technical, open > *Issue:* Validation of the Tunnel, see RTG-DIR Issue-12 in github > > Suggested text addition to section 5 in the following paragraph. > There are changes to the original paragraph (editorial) and an additional > set of text. > > *Paragraph revised (changed text in bold):/* > The validation of the TLVs/sub-TLVs introduced in this document and > defined in their respective sub-sections of Section 2.4 MUST be > performed to determine if they are malformed or invalid. The > validation of the Tunnel Encapsulation Attribute itself and the other > TLVs/sub-TLVs specified in Section 13 of [RFC9012] MUST be done as > described in that document. In *case any error is detected,* either at > the attribute or its TLV/sub-TLV level, the "treat-as-withdraw" > strategy MUST be applied. This is because an SR Policy update > without a valid Tunnel Encapsulation Attribute (*comprised of all* > valid TLVs/sub-TLVs) is not usable. > > Section 6 of [RFC9012] referred to by section 13 of [RFC9012] does not > apply to a TLV associated with the SR Policy NRLI so the Tunnel > Egress Endpoint does not have to exist in the Tunnel Encapsulation > Attribute with the tunnel type SR Policy. As noted in section 2.3, > the Tunnel Egress Endpoint SubTLV is ignored for tunnel Type SR Policy. > Only the SRPM validates the viability of the tunnel signaled through BGP./ > SR04 Section 5 - Issue 2 > > *Status:* Technical, Reporting concern, Section 5 > github: RTG-DIR Issue 27, > text:/ The validation of the individual fields of the TLVs/sub-TLVs > defined > in Section 2.4 are beyond the scope of BGP as they are handled by the > SRPM as described in the individual TLV/sub-TLV sub-sections. A BGP > implementation MUST NOT perform semantic verification of such fields > nor consider the SR Policy update to be invalid or not usable based > on such validation./ > > *Comment from RTG-DIR:* > *Jeffrey:* The above says the validation of those in Section 2.4 may lead > to > "treat-as-withdraw" - I assume this is BGP handling. Does that not > conflict with the following paragraph? > *Ketan:* No, it does not. There is a line between what validation is done > by BGP > and what is done by SRPM. > > *Shepherd:* The SRPM doing all the checks – is been questions by RTG-DIR > and > > OPS-DIR. The text below will go in my Shepherd’s report under the > Directorate reviews: > > > > “The RTG-DIR questions the wisdom of not doing minimal checks (like empty > segment list or Weight = 0). > > The Concept of *MUST NOT* goes against the normal sanity checks in SR > Routing toward BGP-LS.” > > > > The Shepherd again asks the WG to confirm that this behavior it wishes to > approve. > > > > _______________________________________________ > Idr mailing list -- idr@ietf.org > To unsubscribe send an email to idr-leave@ietf.org > >
- [Idr] FW: draft-ietf-idr-sr-policy-safi - RTG-DIR… Susan Hares
- [Idr] Re: FW: draft-ietf-idr-sr-policy-safi - RTG… Ketan Talaulikar
- [Idr] Re: FW: draft-ietf-idr-sr-policy-safi - RTG… Susan Hares
- [Idr] Re: FW: draft-ietf-idr-sr-policy-safi - RTG… Ketan Talaulikar
- [Idr] Re: FW: draft-ietf-idr-sr-policy-safi - RTG… Susan Hares
- [Idr] Re: FW: draft-ietf-idr-sr-policy-safi - RTG… Ketan Talaulikar