[Idr] Question on forwarding behavior in draft-ietf-idr-flowspec-redirect
Jeffrey Haas <jhaas@pfrc.org> Tue, 18 June 2013 19:51 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CEA621F9926 for <idr@ietfa.amsl.com>; Tue, 18 Jun 2013 12:51:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Level:
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJQdgK2v0Du7 for <idr@ietfa.amsl.com>; Tue, 18 Jun 2013 12:51:15 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 5383321F9695 for <idr@ietf.org>; Tue, 18 Jun 2013 12:51:15 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id D4E42C5E1; Tue, 18 Jun 2013 15:51:14 -0400 (EDT)
Date: Tue, 18 Jun 2013 15:51:14 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: idr@ietf.org
Message-ID: <20130618195114.GE3241@pfrc>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [Idr] Question on forwarding behavior in draft-ietf-idr-flowspec-redirect
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 19:51:20 -0000
Authors, : When a BGP speaker receives an UPDATE message with the redirect-to- : IP extended community it is expected to create a traffic filtering : rule for every flow-spec NLRI in the message that has this path as : its best path. The filter entry matches the IP packets described in : the NLRI field and redirects them (C=0) or copies them (C=1) towards : the IPv4 or IPv6 address specified in the 'Network Address of Next- : Hop' field of the associated MP_REACH_NLRI. More specifically: if an : IPv4 [or IPv6] packet with destination address D that is normally : forwarded to a next-hop A matches a filter entry of the type : described above it MUST instead be redirected (C=0) or mirrored : (C=1) to next-hop B, where B is found by FIB lookup of the IPv4 [or : IPv6] address contained in the MP_REACH_NLRI next-hop field (i.e. a : longest-prefix-match lookup). Signaling and applying constraints : beyond longest-prefix-match on the types of interfaces or tunnels : that can be used as the redirection next-hop B are not precluded by : this specification but are nevertheless outside its scope. The text above raises some question with regard to mixed-address family behavior. To illustrate, we have four examples of IP-based forwarding: *IPv4 traffic over IPv4 forwarding IPv6 traffic over IPv4 forwarding IPv4 traffic over IPv6 forwarding *IPv6 traffic over IPv6 forwarding The cases noted with an asterisk aren't exciting - you'd expect them to just work regardless of whether the nexthop sent in the flowspec route is either an adjacent IP system or a tunnel covering the same address family. The other two cases are the interesting ones. One normally wouldn't expect IPv6 traffic to be IP forwarded to an IPv4 nexthop, or vice-versa. When the nexthop actually maps to a tunnel (e.g. MPLS), the case is perhaps a bit more ambiguous: Does the egress of the tunnel inspect the traffic to determine the proper ethertype for the traffic? This is admittedly not an immediate problem today. 5575 and the matching extension to do IPv6 currently expect the address family of the flowspec route to have an appropriate same-family MP-NEXTHOP. Put a somewhat different way, if the expected behavior is that you'll always have a nexthop for redirect that is of the same address family as the flowspec route, we're perhaps done. Until we decide we want to do flowspec for something besides plain IP. But that is perhaps a different problem to worry about later. -- Jeff
- [Idr] Question on forwarding behavior in draft-ie… Jeffrey Haas
- Re: [Idr] Question on forwarding behavior in draf… Simpson, Adam (Adam)
- Re: [Idr] Question on forwarding behavior in draf… Robert Raszuk
- Re: [Idr] Question on forwarding behavior in draf… Robert Raszuk
- Re: [Idr] Question on forwarding behavior in draf… Simpson, Adam (Adam)
- Re: [Idr] Question on forwarding behavior in draf… UTTARO, JAMES