Re: [Idr] WG Adoption call for draft-wang-idr-rd-orf-05.txt (2/4/2021 to 2/18/2021)

Aijun Wang <> Tue, 16 February 2021 02:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2CA4D3A0A06 for <>; Mon, 15 Feb 2021 18:28:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id E2sOLeFhxcYE for <>; Mon, 15 Feb 2021 18:28:54 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8A5243A0A02 for <>; Mon, 15 Feb 2021 18:28:51 -0800 (PST)
Received: from [] (unknown []) by (Hmail) with ESMTPA id 328661C0061; Tue, 16 Feb 2021 10:28:48 +0800 (CST)
Content-Type: multipart/alternative; boundary="Apple-Mail-8B2E5335-0888-4C32-B8C5-8A24CDCB5526"
Content-Transfer-Encoding: 7bit
From: Aijun Wang <>
Mime-Version: 1.0 (1.0)
Message-Id: <>
Date: Tue, 16 Feb 2021 10:28:47 +0800
Cc: Robert Raszuk <>,, Susan Hares <>
To: "Jakob Heitz (jheitz)" <>
X-Mailer: iPhone Mail (18D52)
X-HM-Tid: 0a77a8ab33d1d993kuws328661c0061
Archived-At: <>
Subject: Re: [Idr] WG Adoption call for draft-wang-idr-rd-orf-05.txt (2/4/2021 to 2/18/2021)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Feb 2021 02:28:58 -0000

Hi, Jakob:
In this situation, the RR will not removal the RD-ORF filter automatically. The consequences is that the new added PE3 will not receive the 1 million VPN routes until the operator find the real reason, for example, build the filter policy at the source, then removal the RD-ORF message manual.
After the above process, all PEs will receive the normal VPN routes.
Such mechanism just want to get more time for operator to responses before the churn disruption occurs.

Aijun Wang
China Telecom

> On Feb 16, 2021, at 09:43, Jakob Heitz (jheitz) <> wrote:
> My comment was not about removal of RD-ORF after the source is fixed.
> First, one PE sends RD_ORF:
> <image035.png>
> Then all PE's send RD-ORF:
> <image044.png>
> Now RR can send RD-ORF towards the source:
> <image055.png>
> The source sends 1 Million Withdraws
> <image056.png>
> Now a new PE comes up. It has not yet sent RD-ORF:
> <image070.png>
> RR must remove the RD-orf from the source, because not all PEs have sent it the RD-ORF.
> <image126.png>
> The source sends 1 Million VPN routes:
> <image127.png>
> PE3 sends an RD-orf:
> <image128.png>
> RR can send RD-orf to the source, because all PEs have sent RD-orf
> <image129.png>
> This represents churn between RR and the route source.
> With Inter-AS, there will be multiple layers of this.
> Regards,
> Jakob.
> From: Aijun Wang <> 
> Sent: Monday, February 15, 2021 3:42 PM
> To: Jakob Heitz (jheitz) <>
> Cc: Robert Raszuk <>;; Susan Hares <>
> Subject: Re: [Idr] WG Adoption call for draft-wang-idr-rd-orf-05.txt (2/4/2021 to 2/18/2021)
> Hi, Jakob:
> I think you have get the key difference between RD-ORF and RTC, but as described in, the removal of RD-ORF need the intervention of the operators.  It will not roll back automatically.
> As said before, you can consider RD-ORF as the mechanism of “Spray System” to extinguish the fire. After their action, the house holder find the reason of fire and return normal by manual.
> Using RT-Constraint, all of the “Spray Systems” will reaction but there maybe only the temperature of one house is high.
> Aijun Wang
> China Telecom
> On Feb 16, 2021, at 03:32, Jakob Heitz (jheitz) <> wrote:
> There's an important difference between rd-orf and RT constraint.
> RT-constraint is a POSITIVE filter.
> Rd-orf is a NEGATIVE filter.
> RT-constraint says :give me X.
> Rd-orf says: withhold X.
> What's the difference?
> Suppose you are an RR and getting the same rd-orf from all your clients.
> Then you can propagate the rd-orf back to the source of the routes.
> Consider what happens when a new client comes up,
> The new client has not (yet) sent the rd-orf.
> Therefore you have to retract the rd-orf from the route source to which you propagated it.
> The next router on the way to the source may be an ASBR.
> It also has to retract the rd-orf it propagated.
> And so on.
> Then the new client sends the rd-orf.
> Now you have to propagate it again.
> and so on.
> That's a lot of churn.
> This churn does not happen with RT-constraint.
> Regards,
> Jakob.
> From: Idr <> On Behalf Of Robert Raszuk
> Sent: Sunday, February 14, 2021 3:38 PM
> To: Aijun Wang <>
> Cc: idr@ietf. org <>; Susan Hares <>
> Subject: Re: [Idr] WG Adoption call for draft-wang-idr-rd-orf-05.txt (2/4/2021 to 2/18/2021)
> Hello Aijun,
> I have been re-thinking over a weekend this entire discussion. 
> I think I have a suggestion for you which addresses my concerns and I believe also addresses yours (and your co-authors) requirements. 
> As I said number of times I still suggest we do not send RD to filter. Instead we send tuple RD+RTs and only filter VPN routes on logical AND of all (all as there can be more then one RT importing given route therefore we need to include intersection of local import RTs and RTs carried with "offending" routes). 
> And to make this easily transitive I recommend we just define a new SAFI for it. We can call it RTC+ or Enhanced RTC as examples. Syntax would be identical to RTC, semantics opposite. Today RTC defines RTs which PEs need. Here we would signal description of subset of those which are "excessive" to be dropped on the peer. 
> Sending it with ORF say RDRT-ORD (while works p2p)  I do not buy this implicit regeneration hack say at RRs, RRs doing option C or ASBRs performing option B. So sending it in new SAFI IMHO would be much cleaner. 
> Just a thought how we could perhaps move forward here. 
> Kind regards,
> Robert
> On Sat, Feb 13, 2021 at 3:32 AM Aijun Wang <> wrote:
> Hi, Susan:
> Thanks for your suggestions. More responses from the operators are welcome!
> We think this mechanism can let the network cope with dynamically the extraordinary scenarios for VPN routes advertisement, especially the inter-AS Option B/C scenarios. 
> This can certainly encourage the widespread deployment of inter-AS option B/C solution(especially for EVPN/VXLAN, EVPN/SRv6) increase the VPN services coverage and revenue of the operators.
> There may be some details procedures and device behaviors need to be clarified further, but this is not unsolvable, considering there are so many experts within IDR WG.
> Thanks Robert, Jakob, Jim and Acee for the technical challenges to let us/IDRer understand the solution more clearly.
> Aijun Wang
> China Telecom