IETF Logo Mail Archive

Re: [Idr] Possible to set up priority for Tunnels established by draft-ietf-idr-tunnel-encaps-09 ?

Robert Raszuk <robert@raszuk.net> Mon, 09 July 2018 21:43 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB48C130E6D; Mon, 9 Jul 2018 14:43:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdFd_11EksLj; Mon, 9 Jul 2018 14:43:45 -0700 (PDT)
Received: from mail-pf0-x242.google.com (mail-pf0-x242.google.com [IPv6:2607:f8b0:400e:c00::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAC85130E67; Mon, 9 Jul 2018 14:43:45 -0700 (PDT)
Received: by mail-pf0-x242.google.com with SMTP id i26-v6so3141454pfo.12; Mon, 09 Jul 2018 14:43:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=/0M8Uq0AAj3YLTX31SBfY8NvyBcj6VZbk2HxB7sxoFs=; b=ZS6Zf6yXLXpfjfOxRVC5+h1uHXztHZokr/Nid4shrBTEMK/8r/+/eaWwUys9+7+6Ta KLLHrY5SMYlzvKActdtM77fsgyvxjMjNYC/tEGjwVdyHC2ZGqhQY1Nn1YXR44nbIV/G3 ynCVwEzxrDfkdJ5Y+A+DMwGTBBql2iEEn5+0PIYAx0lXUT6ctv+8ft4HjbVQ0xj6/LF8 dMWuKvjykwborFGF9L03PBr+tTmxzZvjUX134HYTa3ryC3JRQR8SgJFNeyr/vxgrVtBS K60w70RtG+LTll/ZVP/ejYT46ee10kp4GU/VA8k3akIZ42Cw6Q+KJf9V+8G8maxB75sN EJJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=/0M8Uq0AAj3YLTX31SBfY8NvyBcj6VZbk2HxB7sxoFs=; b=L9ZRxBsVfmA1UJjdTzkyUbjRZLMRv1OFEnXcH1c6pwZ13iL3kcbcxdWhMiD5/SnzXS vNjkbzHhCpA7K66FO4pfpOQCZRUclEgR6NUZqZGMVT5SD5a0KrBkXYOtwzjJLc+ZKazh bvWQf91r2lpRKMttjw5BPV7d7qqVVn0m+P0QfbcCVen0U8wTrcvsjpWwU5SK4WoorCgl TQi9iIRJ5YDtEm7mex0f1Fn6YPr/dBSmwN65tnuk8LlfcvsTuX9Ehg6NBy0g3vxRyw+g rdur8vgugvFEptf9toadS/UBKbN8aOInDiDcxbqTIOqWLbOBIKxAxgGjf7W4r2mbjh8w 8P4A==
X-Gm-Message-State: APt69E1P5Qjg8PnSFMRCmHmiHoAIAlmwHmfW2r99RfgU27Uz1r83TTC3 b9uupIQrDoCMxOljK/fLI29QeGwJqZO3FQTA3xmquA==
X-Google-Smtp-Source: AAOMgpeatiQle1HbVB8O4w2h40uMaXjIpJYCgtqI29KJr5Y/024KuAgx/SZCWmxHNU1Ku2OHhogbOEL7CnRbJJnhj70=
X-Received: by 2002:a62:4704:: with SMTP id u4-v6mr22938666pfa.76.1531172625167; Mon, 09 Jul 2018 14:43:45 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 2002:a17:90a:37e7:0:0:0:0 with HTTP; Mon, 9 Jul 2018 14:43:44 -0700 (PDT)
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F66B0A8CB1@sjceml521-mbs.china.huawei.com>
References: <78D707C9-6DC2-459F-81E4-A53B46F1F019@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F66B0A8C39@sjceml521-mbs.china.huawei.com> <CA+b+ERnkB6ka_gwXe=T4LPxBDM11W7+N76g4OTJm4b12CdtQsQ@mail.gmail.com> <4A95BA014132FF49AE685FAB4B9F17F66B0A8C93@sjceml521-mbs.china.huawei.com> <CA+b+ERmoObevrPDOReHSWnhmueaoGR466ysnNqyjo03PwqoCvQ@mail.gmail.com> <4A95BA014132FF49AE685FAB4B9F17F66B0A8CB1@sjceml521-mbs.china.huawei.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 09 Jul 2018 23:43:44 +0200
X-Google-Sender-Auth: Y3QC4w_3TyRA8sQOn_a0Y_-l3tM
Message-ID: <CA+b+ERnmXzLbQPQyiecrD03OQPBDTBuv49aDRCm=e-e_Mo6q=A@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@huawei.com>
Cc: "idr@ietf.org" <idr@ietf.org>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000069ba08057097e8bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/FTE6wqVGJ7yxhVmT-Q_AlUFZbuo>
Subject: Re: [Idr] Possible to set up priority for Tunnels established by draft-ietf-idr-tunnel-encaps-09 ?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 21:43:49 -0000

Hi Linda,

In addition to your comment what needs to also be highlighted in bold is
that new SAFI will help the co-existence with number of existing SD-WAN
deployments. Loading currently deployed controllers with any of the
existing unicast SAFIs no matter how well filtered will not be a great idea
operationally.

The point about missing DTLS has been communicated to Eric the same day his
and Ron's draft got posted. It was accepted well :).

Best,
R.

On Mon, Jul 9, 2018 at 11:34 PM, Linda Dunbar <linda.dunbar@huawei.com>
wrote:

> Thanks Robert’s suggesting of having a new ARI/SAFI for SD-WAN.
>
>
>
> An independent SAFI for SD-WAN would make our implementation easier. In
> addition in SD-WAN deployment the RR and CPE might be connected by
> TLS/DTLS.
>
>
>
> Linda
>
>
>
> *From:* rraszuk@gmail.com [mailto:rraszuk@gmail.com] *On Behalf Of *Robert
> Raszuk
> *Sent:* Monday, July 09, 2018 4:29 PM
> *To:* Linda Dunbar <linda.dunbar@huawei.com>
> *Cc:* idr@ietf.org; draft-ietf-idr-tunnel-encaps@ietf.org
>
> *Subject:* Re: [Idr] Possible to set up priority for Tunnels established
> by draft-ietf-idr-tunnel-encaps-09 ?
>
>
>
> IMO both are needed.
>
>
>
> The original drivers for tunnel encapsulation attribute clearly proved
> that new SAFI is an excessive thing. Please note that in any SAFI you can
> easily craft independent BGP MSG without need for separate AFI/SAFI type.
>
>
>
> Said this however for the SD-WAN application we are discussing here I
> would be actually in favor of separating it from any other BGP use by
> dedicating a new AFI/SAFI for it.
>
>
>
> Thx,
> R.
>
>
>
> On Mon, Jul 9, 2018 at 11:20 PM, Linda Dunbar <linda.dunbar@huawei.com>
> wrote:
>
> That is one of the main reason we think it is better to have a dedicated
> message to pass “Tunnel Encap attributes” instead of appended to the BGP
> update message.
>
> It is so much easier for CPEs to process an Independent “tunnel attribute”
> information instead of filtering out which field can/can’t be distribute to
> others.
>
>
>
> Linda
>
>
>
> *From:* rraszuk@gmail.com [mailto:rraszuk@gmail.com] *On Behalf Of *Robert
> Raszuk
> *Sent:* Monday, July 09, 2018 4:13 PM
> *To:* Linda Dunbar <linda.dunbar@huawei.com>
> *Cc:* Jeff Tantsura <jefftant.ietf@gmail.com>; Eric C Rosen <
> erosen@juniper.net>; idr@ietf.org; draft-ietf-idr-tunnel-encaps@ietf.org
>
>
> *Subject:* Re: [Idr] Possible to set up priority for Tunnels established
> by draft-ietf-idr-tunnel-encaps-09 ?
>
>
>
>
>
> Because the NO_ADVERTISE is about the property of the NLRI - entire BGP
> UPDATE MSG get's blocked while in section 10 it is about just dropping a
> single attribute which happened to be attached to a perhaps still valid
> UPDATE MSG.
>
>
>
>
>
>
>
> On Mon, Jul 9, 2018 at 11:05 PM, Linda Dunbar <linda.dunbar@huawei.com>
> wrote:
>
> Eric,
>
>
>
> Why not using “NO_ADVERTISE” in the Section 10 of
> draft-ietf-idr-tunnel-encaps-09?
>
>
>
>
>
> Linda
>
>
>
> *From:* Jeff Tantsura [mailto:jefftant.ietf@gmail.com]
> *Sent:* Monday, July 09, 2018 3:25 PM
> *To:* Linda Dunbar <linda.dunbar@huawei.com>; Eric C Rosen <
> erosen@juniper.net>; idr@ietf.org; draft-ietf-idr-tunnel-encaps@ietf.org
> *Subject:* Re: [Idr] Possible to set up priority for Tunnels established
> by draft-ietf-idr-tunnel-encaps-09 ?
>
>
>
> Hi Linda,
>
>
>
> Why would you want to build what you are trying to do into protocol?
>
> #1 local policy
>
> #2  NO_ADVERTISE does that exactly
>
>
>
> Cheers,
>
> Jeff
>
>
>
> *From: *Idr <idr-bounces@ietf.org> on behalf of Linda Dunbar <
> linda.dunbar@huawei.com>
> *Date: *Monday, July 9, 2018 at 13:14
> *To: *Eric C Rosen <erosen@juniper.net>, "idr@ietf.org" <idr@ietf.org>, "
> draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@
> ietf.org>
> *Subject: *[Idr] Possible to set up priority for Tunnels established by
> draft-ietf-idr-tunnel-encaps-09 ?
>
>
>
> Eric,
>
>
>
> draft-ietf-idr-tunnel-encaps-09 discussed ways to resolve conflicts of
> multiple UPDATE messages with Tunnel Encap attributes.
>
>
>
> Is it possible to have following capability?
>
> -        Have a bit indicating a specific UPDATE is from authoritative
> source, therefore overwrite all other Tunnel Attributes for the Prefix X to
> avoid recursive next hop issues and tunnel selection at the receiving
> Router?
>
> -        Have a bit indicating that a specific UPDATE only contain Tunnel
> attributes for the receiving Router, therefore can’t be forwarded?
>
>
>
> You said that SAFI 7 is deprecated because no one seemed interested in
> using it. We are very interested in using it because
>
> -        it can be easily distinguished from normal  BGP UPDATE
>
> -         The receiving router doesn’t have to “Filter” the tunnel
> attributes before forwarding to others.
>
> -        Can even be used for passing reconfigured IPsec keys to two ends
> of a tunnel.
>
>
>
> Therefore we think SAFI 7 should be reserved.
>
>
>
> Thanks, Linda Dunbar
>
>
>
> *From:* Eric C Rosen [mailto:erosen@juniper.net <erosen@juniper.net>]
> *Sent:* Tuesday, July 03, 2018 12:21 PM
> *To:* Linda Dunbar <linda.dunbar@huawei.com>; idr@ietf.org;
> draft-ietf-idr-tunnel-encaps@ietf.org
> *Subject:* Re: What are side effect for having Encap SAFI? can
> draft-ietf-idr-tunnel-encaps-09 preserve trigger tunnel creation before
> VPN is established?
>
>
>
> On 7/2/2018 6:31 PM, Linda Dunbar wrote:
>
> Eric, IDR group,
>
>
>
> It is indicated that RFC5512 is to be replaced by
> draft-ietf-idr-tunnel-encaps. But draft-ietf-idr-tunnel-encaps-09 stated
> that it deprecates the
>
> Encapsulation SAFI.
>
>
>
> We find the Encapsulation SAFI is quite useful for CPE based EVPN.  For
> example, a Controller (say RR) can send an update with Encapsulation SAFI
> to two end points to trigger a tunnel establishment between them.
>
> What are side effect for having Encap SAFI? Can we preserve it in
> draft-ietf-idr-tunnel-encaps?
>
>
>
> Thanks, Linda Dunbar
>
>
>
>
> SAFI 7 was deprecated because no one seemed interested in using it, it
> creates additional operational issues, there is no real need for it, and it
> was discouraging folks from actually using the Tunnel Encapsulation
> attribute.  This is discussed briefly in section 1.2 of the draft.
>
> You can get a similar effect by using the technique described in section 7
> of the draft.
>
> If PE1 is the egress point of a tunnel, have PE1 originate an UPDATE whose
> NLRI is PE1's loopback address.  Put the Tunnel Encapsulation attribute
> (with PE1 as remote endpoint) on this UPDATE.  (The next hop field of this
> UPDATE doesn't really matter, as long as it is resolvable.)  When PE1
> originates VPN routes, it sets the next hop to be its loopback address.
> Per section 7, this will result in packets being sent to PE1 though the
> specified tunnel.
>
>
>
> _______________________________________________ Idr mailing list
> Idr@ietf.org https://www.ietf.org/mailman/listinfo/idr
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>
>

v2.23.0 | Report a Bug | By Email