IETF Logo Mail Archive

Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)

Aijun Wang <wangaijun@tsinghua.org.cn> Tue, 23 August 2022 01:56 UTC

Return-Path: <wangaijun@tsinghua.org.cn>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5457C1522AF for <idr@ietfa.amsl.com>; Mon, 22 Aug 2022 18:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jqu2dxgV7HMl for <idr@ietfa.amsl.com>; Mon, 22 Aug 2022 18:56:35 -0700 (PDT)
Received: from mail-m121145.qiye.163.com (mail-m121145.qiye.163.com [115.236.121.145]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B726C1522A3 for <idr@ietf.org>; Mon, 22 Aug 2022 18:56:35 -0700 (PDT)
Received: from DESKTOP2IOH5QC (unknown [219.142.69.75]) by mail-m121145.qiye.163.com (Hmail) with ESMTPA id DFD5B80008A; Tue, 23 Aug 2022 09:56:32 +0800 (CST)
From: Aijun Wang <wangaijun@tsinghua.org.cn>
To: 'Robert Raszuk' <robert@raszuk.net>
Cc: 'Susan Hares' <shares@ndzh.com>, "'idr@ietf. org'" <idr@ietf.org>, 'Zhuangshunwan' <zhuangshunwan=40huawei.com@dmarc.ietf.org>
References: <517EF247-76AF-4981-B33B-8A1707E0103B@tsinghua.org.cn> <CAOj+MMGvBKBL__Pk2AuAYWoiBkMeLW3eZkyp_GD-aXjEtZkJkw@mail.gmail.com>
In-Reply-To: <CAOj+MMGvBKBL__Pk2AuAYWoiBkMeLW3eZkyp_GD-aXjEtZkJkw@mail.gmail.com>
Date: Tue, 23 Aug 2022 09:56:33 +0800
Message-ID: <007b01d8b693$92387190$b6a954b0$@tsinghua.org.cn>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_007C_01D8B6D6.A05E70B0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFXYcNSKT5zAX0ZZ8WYXX7EoHXfAQIz2uWhrqy8C4A=
Content-Language: zh-cn
X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly tZV1koWUFKTEtLSjdXWS1ZQUlXWQ8JGhUIEh9ZQVlCH0waVhhPQk4aSRlOS0xMS1UTARMWGhIXJB QOD1lXWRgSC1lBWUlKQlVKT0lVTUJVTE5ZV1kWGg8SFR0UWUFZT0tIVUpKS0hOT1VLWQY+
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6NyI6Dzo4Gj01IwkiAUMYSQsX CwswC1ZVSlVKTU1KSUpCTEJITkxJVTMWGhIXVQwaFRwaEhEOFTsPCBIVHBMOGlUUCRxVGBVFWVdZ EgtZQVlJSkJVSk9JVU1CVUxOWVdZCAFZQUlKQ01DNwY+
X-HM-Tid: 0a82c86a68a7b03akuuudfd5b80008a
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/E9vYFvl5ENwhLPc9Xh_i_SmF5mk>
Subject: Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2022 01:56:40 -0000

Hi, Robert:

 

For your concerned points regarding to the ordering of path, I recommend that you review again our discussion with Jeffrey Haas on various scenarios at https://mailarchive.ietf.org/arch/msg/idr/uoQO8vqSA82UCrfXppFjwNbMg1A/. Wish it can help for you to flip the page.

 

And, the deny-focusing mechanism (VPN Prefixes ORF) acts differently from the allow-focus mechanism (RTC). The former should be decided based on each hop itself, and should not be propagated further unconditionally, as that done in RTC mechanism. We don’t want to repeat the discussed points again.

 

Best Regards

 

Aijun Wang

China Telecom

 

From: Robert Raszuk <robert@raszuk.net> 
Sent: Sunday, August 21, 2022 8:00 PM
To: Aijun Wang <wangaijun@tsinghua.org.cn>
Cc: Susan Hares <shares@ndzh.com>; idr@ietf. org <idr@ietf.org>; Zhuangshunwan <zhuangshunwan=40huawei.com@dmarc.ietf.org>
Subject: Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)

 

Aijun,

 

Actually I did read the -03 version of the draft and changes made actually make it even less attractive. 

 

Let's first establish what is the format of the ORF message you are proposing to advertise and when those optional TLVs are added ? 

 

Quote 1 - PE2 triggers the VPN  Prefix ORF message (RD1, RT1, comes from PE3).

 

Quote 2 - VPN Prefix ORF entry (RD31, RT1, RT2, comes from PE3)

 

Your email suggest that "and global allocation(in this case, the source PE will be attached)"

 

There is no clear and exhaustive definition when each defined TLV (Source PE or RT) needs to be added by the node generating this new ORF message. 

 

It is fascinating that you have now added a list of RTs to the spec. We argued from the beginning that a list of RTs offers a good solution for such filtering and RTC RFC4684 can be used instead. 

 

More inline ... 

 

#1 - RD allocation can be per VRF or Global in a given VPN. This scheme works only in the case of per VRF allocation. 

[WAJ]The proposed mechanism works both in per VRF allocation and global allocation(in this case, the source PE will be attached)

 

 

How do you handle multipaths ? How do you handle anycast ? How do you determine the src PE ? 

 

Please observe that during import there is no ordering of paths. So when you are just about to reach the vrf prefix limit and 95% of imported routes come from PE1 suddenly the vrf prefix limit is exceeded when just a few paths arrive from PE2. Are you now going to suppress those few routes as they were unlucky and happened to exceed the prefix limit ? 

 

 

#3 - Use of prefix ORF can be applied where prefix is just /64 RD without any new draft. The draft says: 

 

   Using Address Prefix ORF to filter VPN routes need to pre-
   configuration, but it is impossible to know which prefix may cause
   overflow in advance.

 

    .. which clearly is not correct as irrespective on the encoding you need to know what RD to push. 

    Here in this context of RFC5292 PREFIX == RD == /64 PREFIX


[WAJ] This point has been discussed throughly in the first round discussions. The key answer is that you cannot know in advance which RD will cause the overflow VPN routes. And one more point again, current VPN ORF prefixes doesn’t depend only the automatic extracted RD information. 

 

No one is saying you need to know this in advance. Sure questionable source PE and RTC like list of RTs will not fit RFC5292. 

 

While we are at this, asking anyone to configure a list of <src RDs+src PEs> limits on each PE is beyond even commenting on. 

 

#4 - Change of ORF list results in advertisement of ALL routes of a a given AFI/SAFI to the peer. 

        That is the same irrespective if IMMEDIATE or DEFER flags are set. That puts burden on the peer especially in 

        VPN cases when the number of routes may be high. 


[WAJ] What you described is the current ORF mechanism. There are some spaces to optimize it.

 

 

Yes this is how ORF works. 

 

And I don't think there is any consensus to break it. 

 

Actually looking at your -03 version I have a suggestion. 

 

Forget about hacking ORF. Just use new SAFI and push those policies in the new address family. Just like we did with RTC. And please do not try to fix RTC :) Leave it alone and transfer your policy to new AFI/SAFI advertisements. 

 

It will also be automatically transitive so you should have much better coverage with that. 

 

Alternatively you may find some traction to add this into Flowspec v2 work. 

 

Kind regards,

Robert

v2.23.0 | Report a Bug | By Email