Re: [Idr] WG Adoption call for draft-wang-idr-rd-orf-05.txt (2/4/2021 to 2/18/2021)

Aijun Wang <wangaijun@tsinghua.org.cn> Mon, 15 February 2021 10:27 UTC

Return-Path: <wangaijun@tsinghua.org.cn>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1A113A10E5 for <idr@ietfa.amsl.com>; Mon, 15 Feb 2021 02:27:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.005
X-Spam-Level:
X-Spam-Status: No, score=0.005 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l3md4RdUCPe8 for <idr@ietfa.amsl.com>; Mon, 15 Feb 2021 02:27:35 -0800 (PST)
Received: from mail-m17638.qiye.163.com (mail-m17638.qiye.163.com [59.111.176.38]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C92D3A10E3 for <idr@ietf.org>; Mon, 15 Feb 2021 02:27:34 -0800 (PST)
Received: from [240.0.0.1] (unknown [106.121.159.29]) by mail-m17638.qiye.163.com (Hmail) with ESMTPA id CB90D1C0093; Mon, 15 Feb 2021 18:27:31 +0800 (CST)
Content-Type: multipart/alternative; boundary=Apple-Mail-41C6EA9A-51F8-402F-A689-F6D3343933CB
Content-Transfer-Encoding: 7bit
From: Aijun Wang <wangaijun@tsinghua.org.cn>
Mime-Version: 1.0 (1.0)
Date: Mon, 15 Feb 2021 18:27:30 +0800
Message-Id: <8264D802-0391-4647-9A98-09B4B331FCF3@tsinghua.org.cn>
References: <CAOj+MMGNj+WJfR4xdDm2XxL03DOk6L3f6fuJ9k7NWUD=PzzaHA@mail.gmail.com>
Cc: Susan Hares <shares@ndzh.com>, idr@ietf.org
In-Reply-To: <CAOj+MMGNj+WJfR4xdDm2XxL03DOk6L3f6fuJ9k7NWUD=PzzaHA@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
X-Mailer: iPhone Mail (18D52)
X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZS1VLWVdZKFlBSkxLS0o3V1ktWUFJV1 kPCRoVCBIfWUFZSRoZS0tNGEpPHx8fVkpNSkhIQ09DTklLS01VEwETFhoSFyQUDg9ZV1kWGg8SFR 0UWUFZT0tIVUpKS0JITVVLWQY+
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6OhQ6PTo5Nz8OPSwSCjAhSyNK OiIKCyhVSlVKTUpISENPQ05JSEJKVTMWGhIXVQwaFRwaEhEOFTsPCBIVHBMOGlUUCRxVGBVFWVdZ EgtZQVlKS01VSklKVUpOQlVJQllXWQgBWUFKTU9DQzcG
X-HM-Tid: 0a77a53b217ad993kuwscb90d1c0093
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/F_hX6xIKSKya7MS1cga8izdRLDg>
Subject: Re: [Idr] WG Adoption call for draft-wang-idr-rd-orf-05.txt (2/4/2021 to 2/18/2021)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 10:27:40 -0000

Hi, Robert:

Aijun Wang
China Telecom

> On Feb 15, 2021, at 16:59, Robert Raszuk <robert@raszuk.net> wrote:
> 
> 
> 
> > But it seems adding RT information can’t still solve the situation described in https://datatracker.ietf.org/doc/html/draft-wang-idr-rd-orf-05#section-5.1.1(Figure 3). 
> 
> I am not sure what is yr definition of "solve" - but sending RD3_RT3 tuple will be no worse then sending RD3 alone. And in many situations as I illustrated before (hub and spoke case) will actually prevent unreachability across VRFs. 

[WAJ] Yes, adding RT information within the current RD-ORF encoding can certainly increase the accuracy of the offending VPN routes. 
But in situations described in Figure 3, RD3/RT3 is same for VRF1/2/3. If only one of VRF reach the VPN prefixes limit, it should not influence otherVRF. In such situation, the RD-ORF message should still not be triggered by the PE device, even we use the RD/RT tuple.
> 
> > don’t know why it selected new SAFI NLRI approach.
> 
> Because ORF is NOT transitive. ORF has no concept of loop prevention.

[WAJ] ORF is route policy to BGP neighbors. It should not be transitive. It does not announce the reachable information, nor the nexthop change, why to consider loop prevention?

> It *only* works p2p. Propagation of received ORF entries is something we should explicitly forbid in ORF spec.
[WAJ] Yes. The p2p mode is fine for ORF message. No need to propagation. Every node should determine based on its own condition.

> Maybe time for a -bis. 
> And the objective of RTC is to build a controlled distribution graph of information across ASNs. That is why this draft https://tools.ietf.org/html/draft-chen-bgp-ext-community-orf-02 did not progress. 

[WAJ] RTC is used to announce “what I want”, it has no mechanism to express “What I don’t want”, which the ORF mechanism jump in.

Then, considering your suggestions, I think adding RT information to current RD-ORF encoding is the appropriate approach, instead of changing the concept/procedures of RTC.

> 
> Thx,
> R
> 
>> On Mon, Feb 15, 2021 at 3:09 AM Aijun Wang <wangaijun@tsinghua.org.cn> wrote:
>> Hi, Robert:
>> 
>> Thanks for your suggestions!
>> But it seems adding RT information can’t still solve the situation described in https://datatracker.ietf.org/doc/html/draft-wang-idr-rd-orf-05#section-5.1.1(Figure 3). The overwhelmed PE need still the local determined behavior(which we will add more clear description for this part later) to trigger the RD-ORF.
>> And, defining one new SAFI to enhance the RTC mechanism, won’t it confuse the deployment of both? Actually, I think the RTC solution(RFC4684) should be implemented also on ORF mechanism, don’t know why it selected new SAFI NLRI approach.
>> Regarding to your worry for the regeneration of RD-ORF on RR/ASBR, I think we can consider it in another viewpoint: Treating RR/ASBR as the leader/proxy of its clients/neighbors, it should know the responsibilities/risks when it trigger the RD-ORF message to upstream neighbors (we need also describe more later on the determined behaviors of these devices later).
>> 
>> And, using ORF mechanism can achieve the granular control effects( it is hop-by-hop action), contrary to the new SAFI solution, which will be advertised immediately to network wide?
>> Anyway, we will try to incorporate your finer control suggestions in later design, for example, adding RT information to solve the situation that you mentioned before?
>> Looking forward to more suggestions/consideration on the solution.
>> 
>> Aijun Wang
>> China Telecom
>> 
>>>> On Feb 15, 2021, at 07:38, Robert Raszuk <robert@raszuk.net> wrote:
>>>> 
>>> 
>>> Hello Aijun,
>>> 
>>> I have been re-thinking over a weekend this entire discussion. 
>>> 
>>> I think I have a suggestion for you which addresses my concerns and I believe also addresses yours (and your co-authors) requirements. 
>>> 
>>> As I said number of times I still suggest we do not send RD to filter. Instead we send tuple RD+RTs and only filter VPN routes on logical AND of all (all as there can be more then one RT importing given route therefore we need to include intersection of local import RTs and RTs carried with "offending" routes). 
>>> 
>>> And to make this easily transitive I recommend we just define a new SAFI for it. We can call it RTC+ or Enhanced RTC as examples. Syntax would be identical to RTC, semantics opposite. Today RTC defines RTs which PEs need. Here we would signal description of subset of those which are "excessive" to be dropped on the peer. 
>>> 
>>> Sending it with ORF say RDRT-ORD (while works p2p)  I do not buy this implicit regeneration hack say at RRs, RRs doing option C or ASBRs performing option B. So sending it in new SAFI IMHO would be much cleaner. 
>>> 
>>> Just a thought how we could perhaps move forward here. 
>>> 
>>> Kind regards,
>>> Robert
>>> 
>>> 
>>>> On Sat, Feb 13, 2021 at 3:32 AM Aijun Wang <wangaijun@tsinghua.org.cn> wrote:
>>>> Hi, Susan:
>>>> 
>>>> Thanks for your suggestions. More responses from the operators are welcome!
>>>> We think this mechanism can let the network cope with dynamically the extraordinary scenarios for VPN routes advertisement, especially the inter-AS Option B/C scenarios. 
>>>> This can certainly encourage the widespread deployment of inter-AS option B/C solution(especially for EVPN/VXLAN, EVPN/SRv6) increase the VPN services coverage and revenue of the operators.
>>>> 
>>>> There may be some details procedures and device behaviors need to be clarified further, but this is not unsolvable, considering there are so many experts within IDR WG.
>>>> 
>>>> Thanks Robert, Jakob, Jim and Acee for the technical challenges to let us/IDRer understand the solution more clearly.
>>>> 
>>>> Aijun Wang
>>>> China Telecom