IETF Logo Mail Archive

Re: [Idr] https://tools.ietf.org/html/draft-wang-idr-rd-orf-00

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 16 July 2020 22:58 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605DA3A0DEA for <idr@ietfa.amsl.com>; Thu, 16 Jul 2020 15:58:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.619
X-Spam-Level:
X-Spam-Status: No, score=-9.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MIo0Fstq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0w87djOf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FCGigZn9tXI1 for <idr@ietfa.amsl.com>; Thu, 16 Jul 2020 15:58:23 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A55BB3A0DE8 for <idr@ietf.org>; Thu, 16 Jul 2020 15:58:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=51382; q=dns/txt; s=iport; t=1594940303; x=1596149903; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=ZBiO96qmZyylw+Iskn5E+L8GjdZ44pvGKTEWNK9KRik=; b=MIo0FstqhaBR+fSiBAcSCAqUpfGdAKx44i1JT3JwwwaCBgbLkemoKlDf g4OlyJFx6mP1YAk6r0HPT3L0wE5SubTI/RsXxhwSCHLcm38m+a9TnH0q6 mPVGkuf36uhhkQAcbnunpnwKjfGZEo51oUx2IXwC1CUGaVv2boqQt5qvI k=;
IronPort-PHdr: 9a23:+vHrlBfkr6OyndJ9HD7l1XxGlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaQA9fB4ulWlumQta38CiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNEfbuW+v7ngUFwmsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DbAQDw2hBf/4QNJK1WChsBAQEBAQEBAQUBAQESAQEBAwMBAQGCCoEjLyMuB29YLyyEM4NGA41HmF6BQoERA1ULAQEBDAEBIwoCBAEBhEwCF4F8AiQ4EwIDAQELAQEFAQEBAgEGBG2FWwyFbwEBAQECARIRChMBATcBBAsCAQgRBAEBIQEGAwICAjAUCQgCBA4FCBqDBYF+TQMOIAEOoC4CgTmIYXaBMoMBAQEFgTYChAcYgg4DBoE4AYJpg1WFFYEeGoFBP4EQAUOBTy5QPoJcAQEDgSINBSoVDwcJgmAzgi2PGhsKgw+GUItCkFkKgl2IVYY0P4c4gwGCeI5jjWaFWJZLkDCEJgIEAgQFAg4BAQWBaiOBV3AVgyRQFwINjh4MBRIsgyKFFIVBAXQ3AgYBBwEBAwl8jGSCRQEB
X-IronPort-AV: E=Sophos;i="5.75,360,1589241600"; d="scan'208,217";a="528805139"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Jul 2020 22:58:22 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 06GMwMOX016162 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 16 Jul 2020 22:58:22 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 17:58:22 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 18:58:19 -0400
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 18:58:19 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j6JjO0JZlExIHU8yo2rkcsNeCW6N1OT9pn1R+BWeH1+WlH4CFUb2CQIzwOfQ4PGBy2KOYNvoljhiNfSbF3afn2eAOaHL9w52kfk4pM40AohTDjr2wBADxTKmF9rC3WT8jQE4sTTwYPHHtSQgxYNujTjc45EVNcPknldj3z2N69EvTCPRlOa7AVsxxDNZbefE9LepyObqbJst6wcABR81un1PTV1D7Gzk519LL/dgCPyXrsRbvdL7BWeDLTEzRopPc+x1tU/Go0MpNqABYMOYEKDW39jP5g/u7w9kFXDllnl0zmHNWqWvC/dw1JWTdwAIf2lV0cd/3VjbRmp73Q0aaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZBiO96qmZyylw+Iskn5E+L8GjdZ44pvGKTEWNK9KRik=; b=EgDy2StfWIEbspgLKX52KaPFGLHLuSXlwAVrJtI3dLG6k6UkTiYtDMrsQeUuAw3fqrgxb/VTTH2lmdXjOf1tnXFGbkPGpIhLyaAeuwH5zGHh3jPC6meWs7dlwsCqNebxGFEV6+yVKQuPBSMHWLPZEAb/M8cRB6SBSfR7SxmE37FHl1jZS3Ybj64IxjqQdDiAWitR/r9vO51Que6Es1pgyaKnXTPEFGAjnNqERbpd0mzHqB1E8sOmo/6I0UI2rAf/TXxaGTyhZ5D5W/Z/4dfxsidFz1uydQIidqRhByxgBQXWFPd4IKA9r2+MEn0NWvJW0n1kyj2If9wF8Pt2IQ0/UA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZBiO96qmZyylw+Iskn5E+L8GjdZ44pvGKTEWNK9KRik=; b=0w87djOfYrFOj+0ckBZgjnvPcgZdtoPPk1IjW3D3Rlv2gsEMgfxTwAoMfiw/3JnUhmRaQYLC/Zl9Rtpqi9gwqNknPFw36pmpaWcQtAfu0rCzcvGrmh0rJzq7HPrAwqRs4Iml6ZZTBA0UKX0URfHiMYs+7r9+WbfJq5TeBOy5eyw=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB2965.namprd11.prod.outlook.com (2603:10b6:a03:82::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.24; Thu, 16 Jul 2020 22:58:18 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::88ed:a443:44d:adb5]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::88ed:a443:44d:adb5%7]) with mapi id 15.20.3174.026; Thu, 16 Jul 2020 22:58:18 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Robert Raszuk <robert@raszuk.net>
CC: Aijun Wang <wangaj3@chinatelecom.cn>, "idr@ietf. org" <idr@ietf.org>
Thread-Topic: [Idr] https://tools.ietf.org/html/draft-wang-idr-rd-orf-00
Thread-Index: AQHWWtV/8PQikI10+UyFYIJH97W7yKkJf0MAgABKUICAAB9RAIAArcsAgAAV2nCAABX/AIAADHiw
Date: Thu, 16 Jul 2020 22:58:18 +0000
Message-ID: <BYAPR11MB3207B46C0198DD2836778EF0C07F0@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <CAOj+MMH_CefbH639OVs==ts4C_7rf4W1d+pUN+Wb+im5+gNfFg@mail.gmail.com> <003c01d65b1a$777b60a0$667221e0$@tsinghua.org.cn> <CAOj+MMEBTbD9nKH8s2a4VJOCGT2itSUTZOc1tRQnOdTBHtsFeA@mail.gmail.com> <007501d65b4f$4990d1e0$dcb275a0$@chinatelecom.cn> <CAOj+MMGQFcKvmYT3SXsXnXT-SQpzsjZRQtoxZhpNe2WA-TgT_A@mail.gmail.com> <BYAPR11MB3207E4C80AE4563F3A8AD0C1C07F0@BYAPR11MB3207.namprd11.prod.outlook.com> <CAOj+MMG4Bw5sKE4WRRG5cssqGAgqP_jX+NaJ6_OnDhdPM5rTuA@mail.gmail.com>
In-Reply-To: <CAOj+MMG4Bw5sKE4WRRG5cssqGAgqP_jX+NaJ6_OnDhdPM5rTuA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: raszuk.net; dkim=none (message not signed) header.d=none;raszuk.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:d9b7:6ab1:de71:cac2]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cdc13c02-415d-43b2-8a4f-08d829dbbaf9
x-ms-traffictypediagnostic: BYAPR11MB2965:
x-microsoft-antispam-prvs: <BYAPR11MB2965F289DE005600A56FC0F8C07F0@BYAPR11MB2965.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9MafZyPTTE73n7BTAJfsgQl9N/YLaO1WASHlD8d2PoBnqMeH+7llgyB5ArHZgosMEY3ZVKT0THQOwuDiRWN9EvS6hDTpz6g4lAf9sMbVopwW73bhAksBdjzQR6SL3TeTq6XYBk1K/eIZ3cVLIjZJxLBPDLjCehN5tc+qi7nqJTjVAZvZa9TOFggoe+bCtkGdI4RGpMQgw2+qcODPUQ642GUrZMflT5hUYx45aQuu1HJwBN92SACdn240GYXCtYH9rytYkRZyf6+hfWJgFQ2/PIOfuVwzJQ525kT2cluu7lNN5JHECRZEzAlFMvyzbOK6cgBnwZ6u4UTT0ssarWIB72YGJRSTJNCfvMxWNh/oR+WuCAc3HPmGr7hyb836HjulP3h+Dr2JF9sDDbXRDwtQUA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(66946007)(5660300002)(83380400001)(66574015)(54906003)(76116006)(66446008)(6506007)(53546011)(66476007)(66556008)(52536014)(33656002)(7696005)(316002)(4326008)(166002)(86362001)(6916009)(64756008)(8676002)(9686003)(966005)(8936002)(71200400001)(186003)(2906002)(478600001)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: WFBvXh/cCK2vsse8difkT/0Fm7Re6PPxGJbDrEQHqG2ASuhwKk0N0iCBXYaNh24ATyKrAwd3oO2eOqaodweKy90QWwLZo3P4j7N29K3HzG9VVtSETi1umctcZQzRIpvTXaVLjhAq9vnQL2riMmj/q0LycXm3GpmWNHWEXTUfRH+WpEpEF1UnsqLgQesl7ur5N2K5YAKBVq48VUncipIKAgcw4aPfZUxy/+0vIoDNc64zAfv7BBz+NARokr0c0t8s74w8jJH6ItGkbYebH+rcB37XpOHG/mbQDVYjigDswfZD2Gr3zP+85RAS8GhV25gDgRb6uUB0hLzCnX6xbLMRuhjyVG/PZ4DHdzbq2fg3dCr1Wc9QkummuWdywBx/f941IqYSMWwFb/g5ptWbmzoGe/OMe1xkdfcyormL3wGnhqSZHyn3H54VMjU5H4tG2r94tFwA8D4+eBblroWiBrLyWh1l/yvOCsl7zSpyKv647VE6mKZ2zyPMKH5WVFYUi1FE7UxLWpI/0sixMRUGtAOAfvWq0RXTlEstMGligsrKP4+6Fx6HRYaVSv536U50vlfZ
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB3207B46C0198DD2836778EF0C07F0BYAPR11MB3207namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cdc13c02-415d-43b2-8a4f-08d829dbbaf9
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2020 22:58:18.3098 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6UKd5B345fGE4DFPzwkxz7Xj6qPeUpCCmLhlVgzh2HbdE8p6g1ZI9rye4Ji499q15PibaauznaLxxkT0+EP+Dg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2965
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/B05G0Aw1e2gKYdy5kW89HCaEuSw>
Subject: Re: [Idr] https://tools.ietf.org/html/draft-wang-idr-rd-orf-00
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2020 22:58:26 -0000

Can't we already do an RD ORF anyway?
Using an address-prefix ORF in the VPN address family with prefix length 64.

Regards,
Jakob.

From: Robert Raszuk <robert@raszuk.net>
Sent: Thursday, July 16, 2020 2:58 PM
To: Jakob Heitz (jheitz) <jheitz@cisco.com>
Cc: Aijun Wang <wangaj3@chinatelecom.cn>; idr@ietf. org <idr@ietf.org>
Subject: Re: [Idr] https://tools.ietf.org/html/draft-wang-idr-rd-orf-00


> but only one of them is sending too many routes.

Well PEs do not produce routes all by themselves :)

They receive it from CEs. /* Likewise ASBRs option B receive it from other ASBRs. */

So one's network should be able to handle an agreed number of routes as defined in VPN service. For anything above that in order to protect PE control and data planes prefix limit is the tool to apply towards your local peers which could result with src session down till NOC diagnoses the issue.

Thx,
R.




On Thu, Jul 16, 2020 at 11:22 PM Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>> wrote:
I can see how you might want to do max-prefix filtering by RD.
Suppose there are many PEs in an AS that all have VRFs for the same VPN,
but only one of them is sending too many routes.
In that case, you can't filter just that one VRF by RT.
You need RD.
Sure, you will end up with partial routes and a bit of a mess, as Robert points out, but that's the nature of max-prefix anyway. It is a safety valve that prevents a big disaster by causing a smaller disaster.

One thing I do see a problem with is that the RR or ASBR propagates
a received ORF back to the source of the routes.
That RR or ASBR may have other clients that still want the routes.
ORFs are not designed to be propagated.

Regards,
Jakob.

From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> On Behalf Of Robert Raszuk
Sent: Thursday, July 16, 2020 12:21 PM
To: Aijun Wang <wangaj3@chinatelecom.cn<mailto:wangaj3@chinatelecom.cn>>
Cc: idr@ietf. org <idr@ietf.org<mailto:idr@ietf.org>>
Subject: Re: [Idr] https://tools.ietf.org/html/draft-wang-idr-rd-orf-00

Aijun,

I do understand that you want to push in RD-ORD pre import RDs. Perhaps selecting first those which advertise the most VPN routes.

But this is so severely broken idea that I am not sure how to even describe it. Just imagine the mess of now partially broken VPN users which asked for full mesh and got now partially working and partially broken mesh.

This would be also terrible to troubleshoot (even assuming that you would refrain from RD-ORF propagation).

Bottom line - to control number of VPN routes - for years operators have deployed prefix limit on ingress to the SP network (PE-CE edge). Once prefix is accepted into a network it better be installed when VPN topology requires it.

Filtering per RD is a really BAD IDEA.

Thx,
R.

On Thu, Jul 16, 2020 at 10:58 AM Aijun Wang <wangaj3@chinatelecom.cn<mailto:wangaj3@chinatelecom.cn>> wrote:
Hi, Robert:

When the RD is designed as per VRF per PE, the mechanism of RD based ORF can also apply-------The received router needs only extract and reflect the most influenced RDs back to upstream router(ASBR/RR),  and then to notify the source of these VPN routes to control the prefixes advertisement.
Actually, the above design will make the RD-ORF more accurate than the RT based control.


Best Regards

Aijun Wang
China Telecom



From: robert@raszuk.net<mailto:robert@raszuk.net> [mailto:robert@raszuk..net<mailto:robert@raszuk.net>]
Sent: Thursday, July 16, 2020 3:06 PM
To: Aijun Wang <wangaijun@tsinghua.org.cn<mailto:wangaijun@tsinghua.org.cn>>
Cc: wangw36@chinatelecom.cn<mailto:wangw36@chinatelecom.cn>; Aijun Wang <wangaj3@chinatelecom.cn<mailto:wangaj3@chinatelecom.cn>>; idr@ietf. org <idr@ietf.org<mailto:idr@ietf.org>>
Subject: Re: [Idr] https://tools.ietf.org/html/draft-wang-idr-rd-orf-00

> It can also be used to identify the VPN customer.

Sorry but no.

Best practice for number of reasons is to make RD unique per VRF and not per VPN. We should not standardize something which is a pretty bad idea to start with.

Kind regards,
Robert





On Thu, Jul 16, 2020 at 4:40 AM Aijun Wang <wangaijun@tsinghua.org.cn<mailto:wangaijun@tsinghua.org.cn>> wrote:
Hi, Robert:

Thanks for your reviews and comments.
As you said, RD is to make the VPN prefix unique within the VPN’s domain. It can also be used to identify the VPN customer.
The usage of RT, just as you said, is to control what routes are distributed where, that is to say, to control the customer’s VPN topology. RT can’t be used to identify one VPN customer.

The scenarios/problems described in this draft(https://tools.ietf.org/html/draft-wang-idr-rd-orf-00) are not for the VPN topology control, but for the VPN prefix limit management, which is signed along with the agreement with the VPN customer.
This is the reason that we select the RD-based ORF control mechanism.

More detail reply are inline below. Wish to get more your comments/suggestions on them.

Thanks in advance.

Best Regards

Aijun Wang
China Telecom

From: idr-bounces@ietf.org<mailto:idr-bounces@ietf.org> [mailto:idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>] On Behalf Of Robert Raszuk
Sent: Thursday, July 16, 2020 2:26 AM
To: wangw36@chinatelecom.cn<mailto:wangw36@chinatelecom.cn>; Aijun Wang <wangaj3@chinatelecom.cn<mailto:wangaj3@chinatelecom.cn>>
Cc: idr@ietf. org <idr@ietf.org<mailto:idr@ietf.org>>
Subject: [Idr] https://tools.ietf.org/html/draft-wang-idr-rd-orf-00

Dear Aijun & Wei,

I have read your draft as per subject.

I think there is a serious misunderstanding on what RD's role is in RFC4364.

RDs MUST never be used to signal anything which would in any way influence what routes are distributed where. Their sole role is to make the VPN prefix unique across given VPN's domain.
【WAJ】RD can be used to identify one VPN customer

It is RTs which are used to import routes to VRFs on PEs. What you are trying to do is exactly why we have defined some time back RTC (RFC4684). Applications from section 5.1 and 5.2 can be happily addressed with use of RTC.
【WAJ】RT is used to control VPN topology, same as the mechanism of RTC(4684). But the application described in section 5.1 and 5.2 of this draft is not for VPN topology control, but for VPN route-limit management, which is based on customer/RD.

Informationally let me also point out that RFC7543 has defined extensions to ORF to signal RTs for reducing size VPN RIBs in specific Hub & Spoke topologies.
【WAJ】RFC7543 is to pull the prefix that cover one specific host address, to get the more optimal route information from the Hub, not the same scenarios as described in the current draft.

Last your proposal calls for treating ORF as a transitive message without any loop protection. That is not a good idea.
【WAJ】ORF messages are exchanged within only the directed BGP sessions. Such Messages will be regenerated when it is needed to send to another BGP peer.  Would you like to describe more for the loop scenarios?

I recommend to protect your PEs from being overwhelmed by VPN routes by prefix limit instead.
【WAJ】Prefix Limit mechanism can be used for Option –A, but not for Option B/C, as that described in the draft.

Kind regards,
R.

PS. Did we have any discussion in IDR or BESS on this proposal ?

v2.23.0 | Report a Bug | By Email