IETF Logo Mail Archive

Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)

Robert Raszuk <robert@raszuk.net> Thu, 01 September 2022 08:33 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A19CC1522B5 for <idr@ietfa.amsl.com>; Thu, 1 Sep 2022 01:33:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRytZZoSGC7R for <idr@ietfa.amsl.com>; Thu, 1 Sep 2022 01:33:46 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52BFBC14CE2B for <idr@ietf.org>; Thu, 1 Sep 2022 01:33:46 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id w2so6077888edc.0 for <idr@ietf.org>; Thu, 01 Sep 2022 01:33:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=xQOKIXqW/UL04L9wqJeLLXo3cDdOTgN6qhRYJJVVD/8=; b=cDd0hjJ3tVSWM3r4gPZtt4IDkgQPwZNXHXeeRgJrc8+SHaP6Si0JSGWsG2CUIPAp5/ sKjne4bGl3NrO1/0OPPlsHS0sDEmH91VykPW+BYe14x5dukKY6kfIswbJLdCzdSYvyWm BE5zk+xd/mENzdNvQifCmwxmuFjvgIZ4p9QvgXVn445GU5jRpIdwmPqiJMjgrbcpfgg+ vAZx0GUDhCQ7T2/z8Y1PfiYBGvLUqNFhsgWwBovx4BPaVSoGpHEH+tOyenTaWMjj5jI3 HUnzN+ZC709mvhDNvhRtgewUyQuOH0M8p5i0w/+107DIB5pkKio63MBJuQ70aPQQm8dR Znuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=xQOKIXqW/UL04L9wqJeLLXo3cDdOTgN6qhRYJJVVD/8=; b=N8KDYSImzQCrmocY1XQdF+2hfvuVDu+mLRsZLQ9bWQ9hFedzRmIR6KP45Q8OkBBSKZ zvMntYvUflSzmSMKuVa6/jY3rOpfJ/SW2EUzB5PU14pX904ygmGexWo9KS7RR/hnWQIJ hYCFo3CZE0JCJTwBbLIanoy3sZlg9t7LogcnM6P9Djxfl+H8wUm5GAkCgK5EXsbF/bfk 378mtS/NmddNOCAHdMZNx/dy+l+yvDkjwqS2LhXkv4Tw50veKPa98dtZzxoSLOzVH8YA 4uaP2PSwfqSvEVJ3K07O5NgBhdTrzQSKJCd6T1PobzqhwGw81zWJoWDK7YhRACwRYDoT UzKA==
X-Gm-Message-State: ACgBeo339Z7DOKvDebrbq5NXHEmU5YnldF0PLBU1eiX8qwScXaubhy4A Xo7iOc9KLzi2gsMjwhnp9DkhEyg8hUUCo4pfwFFdRhwAdEw=
X-Google-Smtp-Source: AA6agR4cpOqO+XtXCl/UdWntUfE+C7X4aJb3mnpzrbxJWvHa6Lbvot//ChJguU3vNvxxYdY1UgeR/cWq5FuPfNTLIVw=
X-Received: by 2002:a05:6402:348f:b0:448:6005:68af with SMTP id v15-20020a056402348f00b00448600568afmr16763940edc.184.1662021224669; Thu, 01 Sep 2022 01:33:44 -0700 (PDT)
MIME-Version: 1.0
References: <tencent_3C3279A3B4DAF8DA03F446E7AAE799D8AA09@qq.com> <CAEfhRrz5aAJmy2Ye1gqss2d72nm78n4SfeowO-FU7i4Z6Zpb+A@mail.gmail.com> <0CD78D4C-672F-41AA-8E1B-98CD8A875D21@pfrc.org> <CAEfhRrxkuYMmfcdX=M9PG2mN+D5fCBF5bVxd1bSA2O9PU5G-gA@mail.gmail.com> <000001d8bbba$ceb9e4b0$6c2dae10$@tsinghua.org.cn> <CAEfhRrwrKJ4A=QQBWRXtLKi-U0udv+zPuWoW0wqbeMQ2U-=JXA@mail.gmail.com> <CAOj+MMGLQ6enLxy36ZcFHh6qaCh7Ba1QFDa5XokccT7wvvU_fg@mail.gmail.com> <010101d8bc1c$da2391e0$8e6ab5a0$@tsinghua.org.cn> <CAOj+MMGuuzLWwMbfuMd-Lu4hZiY_9QUroE9k8fiFZ_uT65aHnw@mail.gmail.com> <CABNhwV1KYddV7htnp_ijPLTV11+4iot1+LET-3ey9FXf7zBNrg@mail.gmail.com> <BY3PR05MB80812C92380A7C25A46FA97AC7799@BY3PR05MB8081.namprd05.prod.outlook.com> <5364E604-6320-40BF-8E37-7D2497980EAC@pfrc.org>
In-Reply-To: <5364E604-6320-40BF-8E37-7D2497980EAC@pfrc.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 01 Sep 2022 10:33:36 +0200
Message-ID: <CAOj+MMEqy=phzLzONcWvWUx_JUd=B9cnXS2mhGxFszdoYDVyrA@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>, Sue Hares <shares@ndzh.com>
Cc: idr <idr@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b4bd1405e79978d1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/AV6uhp5zhbSH6LabSygATCwQ3D4>
Subject: Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2022 08:33:50 -0000

Dear Sue & Jeff,

I completely agree with you on the point below.

Furthermore I would like to suggest the following text to be added to the
shepherd's review:

"The proposed functionality creates a set of filters
after receiving and parsing BGP UPDATE messages. The document suggests that
pushing such list of filters to upstream IBGP peer is a helpful and sound
operation.

However in practice BGP UPDATES to construct the filter have already been
received, parsed, best path run and even import action (or its simulation)
executed. Therefore such excessive routes can be dropped on the impacted PE
locally without any need for upstream signalling. BGP does not resend full
table periodically so only upon session reset or route refresh triggered
dump the same NLRIs (with the same or possibly different paths) may arrive
at the affected PEs. If paths are different then it is likely that
previously sent filters in the form of <RD, RT list, NH> will not be
effective.

The VPN route local drops due to non-intersecting RTs is a very low cost
operation and has been an integral part of BGP VPN deployments in all
Provider Edge nodes since day one. Orders of magnitude more routes are
being dropped on the receiving PEs then those which will be subject to
action described as the hypothetical problem.  Such drop does not require
running local best path nor import and can be highly optimised by local
implementation.

While dropping such excessive routes an alarm MUST be triggered to the
operator to take action.

Another advantage for local drops is that such a solution does not impact
existing VPN connectivity. While the subject document does. Imagine the
situation presented by one of the WG members where an existing VPN with
1000 routes works correctly on the receiving PE. For simplicity assume that
those 1000 routes come from single hub src PE's VRF with one RT.

So what the draft proposed when receiving even 10 excessive routes is to
construct the filter <RD, RT, NH of src PE> and send it to Route Reflector.
The effect of such action would be the withdrawal of all 1010 routes !
That's a harmful and not helpful model. Instead, locally receiving PE
can drop those 10 routes and notify NOC."

Kind regards,
Robert Raszuk




On Thu, Sep 1, 2022 at 2:44 AM Jeffrey Haas <jhaas@pfrc.org> wrote:

>
>
> On Aug 30, 2022, at 10:12 AM, John E Drake <
> jdrake=40juniper.net@dmarc.ietf.org> wrote:
> I think Robert’s approach is a much better solution to the problem and it
> obviates the need for the subject draft.
>
>
> The approach of running the procedures on the route reflector are
> problematic for the original scenario in multiple respects:
> - The point of measurement for the quota is the receiving VRF.
> - The reflector would have to proxy all VRF receive policies to see if the
> route should be applied vs. the quota.
>
> Never mind that many providers prefer to avoid any specific provisioning
> of VPN behaviors on route reflectors.
>
> -- Jeff
>
>
>

v2.23.0 | Report a Bug | By Email