[Idr] FW: [bess] Review of draft-ietf-bess-evpn-ipvpn-interworking-05.txt

Susan Hares <shares@ndzh.com> Tue, 27 July 2021 16:23 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id DF6A03A079F for <idr@ietfa.amsl.com>; Tue, 27 Jul 2021 09:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.348
X-Spam-Level: *
X-Spam-Status: No, score=1.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pZuyfWgtLldT for <idr@ietfa.amsl.com>; Tue, 27 Jul 2021 09:23:12 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A81873A079D for <idr@ietf.org>; Tue, 27 Jul 2021 09:23:12 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=;
From: Susan Hares <shares@ndzh.com>
To: idr@ietf.org
References: <015501d78303$1f88d280$5e9a7780$@ndzh.com>
In-Reply-To: <015501d78303$1f88d280$5e9a7780$@ndzh.com>
Date: Tue, 27 Jul 2021 12:23:10 -0400
Message-ID: <016801d78303$b0f38990$12da9cb0$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0169_01D782E2.29E78EE0"
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-us
Thread-Index: AQKY3ZYUlV3y1ZnHnaDMYcKerKccx6nUS14A
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/AcgrZS-jn0jAWEszE72qUsojPyE>
Subject: [Idr] FW: [bess] Review of draft-ietf-bess-evpn-ipvpn-interworking-05.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 16:23:16 -0000

The following review sent to BESS WG on


If you wish your review this document to be added to the IDR wiki, you can
link your review off the following page: 



Or you can send the review to me and I'll link it off the pages. 


Cheers, Sue 


From: BESS [mailto:bess-bounces@ietf.org] On Behalf Of Susan Hares
Sent: Tuesday, July 27, 2021 12:19 PM
To: bess@ietf.org
Cc: 'idr-chairs'; bess-chairs@ietf.org
Subject: [bess] Review of draft-ietf-bess-evpn-ipvpn-interworking-05.txt


Bess chairs reminded me that IDR WG was requested at IETF 110 to review
draft-ietf-bess-evpn-ipvpn-interworking-05.txt. Since we did not receive
reviews from the IDR WG, the IDR chairs have taken on the task of reviewing
this document. 


Full review is at: 


High level points at: 



Summary Review: 


The desire of users to have gateways between EVPNs and IPVPNs is evident due
to the deployment of these technologies in the market place.  The BESS
chairs request is due to the changes made to BGP in addition of a BGP
Attribute and changes to RFC4271's route selection.  In addition, the IDR
and BESS chairs have begun to discuss additional BGP error handling for
embedded NRLIs beyond RFC7606.  


This email is about 6 high-level issues in this draft and major editing
issues.  It does not consider editorial issues in the text.  


Deployment information on this draft draft-ietf-bess-evpn-ipvpn-interworking
would help in the consideration of solutions to these high-level issues.  If
this specification has 2 implementations, then these implementation teams
may be able to quickly fill in the missing pieces of the document.



High level technical issues: 


1) Lack of error handling for NLRIs which carry semantics beyond prefixes. 


RFC7606 focused on the error handling for prefixes accompanied by attributes

Communities (basic and extended) specified by RFCs 4271, 4360, 4456, 4760,

5543, 5701, 6368. 


The embedded prefixes which combine prefixes with external information 

(RD, EVI, ET, MPLS label, Domain, SID, and other tags) create a new  class
of errors where the packet can be well-formed and invalid.   The handling of
this information requires

careful consideration of the error handling.  The technology specified in
this draft does

not consider the error cases of well-formed and invalid. 


The IDR chairs suggest that this type of error handling should be defined as
a general BGP functionality to expand RFC7606 to the embedded prefixes by
the IDR WG.  This general functionality will then need to be applied to the
handling of embedded prefixes. 


This draft and existing RFCs (e.g. RFC7432) would be updated with the new
error handling. 


2) Domain BGP Path Attribute (section 4) debugging and scaling 


Domain Path IDs provide parallel numbering scheme that does not have a
universal definition.  Debugging these Domain IDs in the Internet wild
without this definition seems difficult at best.  It is unclear why the
Domain IDs did settle on ASN (4 byte) plus some identifier.  There are
numerous private AS numbers that can be used for DC tenants. 


The automatic generation of AS numbers based on the starting point of
private as numbers should take care of most Data Center automation tools.
Why does this specification stick with AS numbers? 


Error handling: (section 4 - pages 11-14) 

The error handling of the DPATH seeks to define: 

(4.a) add/delete/change conditions for transit routes and locally generated

(4.b) malformed DPATH attributes. 


It does not define error conditions if the syntax conditions 

cause (4.a) to fail.  


3) Route selection process modifies the RFC4271 and may not scale


This draft modifies the RFC4271 to include D-PATH (page 17) without
providing a solid

reasoning why it is necessary and why it scales.  Proof of the scalability
may be included in another document or by public reports. As the topics of
the ANRW indicates, BGP research for scalability of an application is always
a "hot" research topic. 


The definition of the BGP route selection changes (page 17)  #3 and 4 is not
tightly defined using an example rather that specification. Any proposed
changes to the BGP route selection should be done in formal language for
changes to the text. 


Language such as "could possible leave" or "by default" is not specific
(page 17) is not specific enough.  


4) Error handling in Gateway PE (section 8)  between different AFI/SAFI
prefixes is unclear 


This draft defines translation between certain embedded prefixes see table
below.  The interworking of the embedded prefix depends the basic error
handling working correctly for embedded prefixes (#1) and the Domain Path
(#2). Since these two items are unclear AND

I do not see definitions "well-formed but invalid" case is not covered for
this draft. 


AFI with SAFIs

1 - 1, 128

2 -  1, 128

25 - 70       


Section 8 attempts to provide this rules as an example.  However section 8
requires the following syntax validity checks beyond well-formed:  

1) It must be a ISF route from AFI/SAFI pairs + allowed by policy (?)

2) for gateway PE advertising ISF routes, must 

    a) include a D-PATH attribute

    b) EVPN to other VPNS must append Domain with 

2) The domain inside D-PATH must have a specific Domain-ID 

3) determination on what Route Distinguisher or Route Targets are valid, 

4) determination on what support for import/export of routes with different
RD and RTs. 


5) Section 7 - normative or informative


It is unclear if section 7 provides normative details on the Route Reflector
or informative.  It is also unclear if the EVPN forwarding constraints are
normative or informative. 


Phrases like "as a consequence of this, the indirection provided by RT's
recursive resolution and its benefits in a scaled network, will not be
available in all PEs in the network" (page 20) is worrisome.  If it is
normative, then is this solution only partial? 


6) Section 11 security considerations needs to align with document 


The proof of phrase "a correct use of the D-PATH will prevent control plane
and data plane loops in the network"  exhibits facts not in evidence in the


The proof of the phrase "incorrect configuration of the DOMAIN-IDs on the
gateway PEs may lead to the detection of false route loops and the
blackholing of the traffic"  also exhibits facts not in evidence in the


The security considerations need to be based on a revised error handling. 


It is appropriate to mention that stripping path attributes at a gateway
will cause problems.