Re: [Idr] draft-chen-bgp-redist-01.txt

Gyan Mishra <hayabusagsm@gmail.com> Fri, 02 July 2021 00:56 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38FE03A114A for <idr@ietfa.amsl.com>; Thu, 1 Jul 2021 17:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7PlvMiJzVOM for <idr@ietfa.amsl.com>; Thu, 1 Jul 2021 17:56:26 -0700 (PDT)
Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB6813A1147 for <idr@ietf.org>; Thu, 1 Jul 2021 17:56:26 -0700 (PDT)
Received: by mail-pf1-x435.google.com with SMTP id 17so7322960pfz.4 for <idr@ietf.org>; Thu, 01 Jul 2021 17:56:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8kHy3unOhQpqQD4qzxAkz6JY8GEwH4DB/BMckYBF7jM=; b=RLqZNv/BsGnQ72p/TjPCPW/yK96DmN+Prgah/JpfIfp8Ybm3ZP3CSoeMBnWZcOOrNt F5pOgIvaOFQhG8/XLa8uUUXFDJpF2vUY5AzTTO6SJeuntjlD2H1iT1F1GZ2vM5LJml1A v8IkHoldcxLy9Zf7vN381iwWjejhWZQrX1TgSqrJEVIS5BvS52xunfPhXT6dDMnJ5BxB IfMOrIrW6SJUJdPz1N/3X5VaPBT3CoueNXk9aZGs1IcBaoCj1p+NlvsSU3CS9J/0x71g RoNF4KazCMZWGYsY5OmV7TTqd3hNkLVaRoIlO2rLWprk8BAzUMZCcDifHeLYGpEJF7JD /02Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8kHy3unOhQpqQD4qzxAkz6JY8GEwH4DB/BMckYBF7jM=; b=b1cbScIwjXbG9qNybXnQjxN7nrAf+ltVWmu4WbgBc2PH6nUU4jZmRhfD4b5Vp+eRCk lfm9KoOC+PQEYl88nQT+Sqah6VjuZMCuvrVH8/FjggfiVxpaju3kXNNdcngJIAaB8rcC J25v7Teb7Ocd3vwl7FjYkMh8GgpjUJWd+gXlgq1XUU+Ny+PKG5euv4t0RGkSAyUwcbCN gTJiSQVOo3dInroaff3NiLUKl/wNrxPY9o8+AJp949aE2ciaxvChLqNcHyN+P7sYNES1 Se9Y1JOEcUWfjWUydqn+THVxqA+lV5/6Gb5e3hPzg8RhYjHCPlmsb2pGODbKjkkLxJnO FS8g==
X-Gm-Message-State: AOAM531SPxtUso8kPlZsx9Aa4C8yCj0stfIO1MlO1ldwGqiejOie794r 11yl2GFqI7ytGTOoWsIhxpvlkpqNuDMjGBdX3dg=
X-Google-Smtp-Source: ABdhPJw3Z75CyXvVTD9fyMhHL7+30YOseuizzCcjAZ8DqMWD8/vtZEcAeylXq4w6bMAIXPNNL/o0HrQuSxWAgutHC1s=
X-Received: by 2002:aa7:9d91:0:b029:315:9d6f:72c3 with SMTP id f17-20020aa79d910000b02903159d6f72c3mr223306pfq.30.1625187385127; Thu, 01 Jul 2021 17:56:25 -0700 (PDT)
MIME-Version: 1.0
References: <CANJ8pZ_2yk666tSca818-e0YdziKjK3dMqhopOtYAP3vKXTEmQ@mail.gmail.com> <CAOj+MME5zZeZDnhpfivbdKj00JwBzi9rjMmzBXxE_fFqkxEVpA@mail.gmail.com> <CANJ8pZ9Und3fF324tzTAkhrMFV0MZfhHYfZussiYSCNUx-n_Hw@mail.gmail.com> <CABNhwV3BXk=+fuxVSg_9j+u+5Ffr+NQGE9P75NCPpTaUr5LqYQ@mail.gmail.com> <CAOj+MMFxM_yvrPDEyQ+dpO7ZxoiQKa0DE4ZQf763Cuidj76QXg@mail.gmail.com> <CABNhwV1q-H1pSypWCvA9VKXBZZTfM3nQNPktjbmbN0D=VSXpBw@mail.gmail.com>
In-Reply-To: <CABNhwV1q-H1pSypWCvA9VKXBZZTfM3nQNPktjbmbN0D=VSXpBw@mail.gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Thu, 01 Jul 2021 20:56:12 -0400
Message-ID: <CABNhwV29-t-N6EMmJQzOairgTB5jsPX1h6Q0e+akEgiA2cUpQg@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Enke Chen <enchen@paloaltonetworks.com>, Jenny Yuan <jyuan@paloaltonetworks.com>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/related; boundary="000000000000c925b905c6196c90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/KtgtmyKa6IavC9uxVai9clrex3Q>
Subject: Re: [Idr] draft-chen-bgp-redist-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2021 00:56:31 -0000

Hi Enke

I am still trying to understand the need for this draft.


Their are two main methods to locally originate routes into BGP done at the
customer edge which is via redistribution or network statement.  When you
redistribute routes into BGP the origin flag is set to incomplete.  When
you use a network statement with exact match of prefix installed in the
RIB, the route origin changes to IGP origin.   The pecking order for Orgin
is EGP, IGP, Incomplete so if the routes is also advertised via network
statement and redistribution by two different ASBR the best path selection
will converge on the best path IGP origin via network statement over
redistribution.  Maybe that is the intention of the draft to prefer
incomplete over IGP origin and that can be set via policy as well so that
both are equal so load balancing can occur.

At the bottom of page 2 below is stated as the premise for this draft.

Currently the admin-distance does not play any role in BGP route
selection.


I disagree.  Indeed AD plays an important role in redistribution or
locally sourcing of prefixes into BGP advertisement.  All vendor
implementations do this the same way and that is that only the lowest
AD source

Of a particular prefix is what is installed onto the RIB and FIB.  So
when doing either a redistribution or using network statement exact
match to source local routes into a BGP advertisement only the
prefixes installed in the RIB that match exactly via network statement
or if you have a redistribution policy matches the prefix and source
protocol for the route being redistributed.


Let’s say you have a redistributing OSPF into BGP however their is a
static route exact match for the prefix you want to redistribute that
matches your redistribution prefix list

however as OSPF has AD 110 and static had AD 1 default and if you are
trying to redistribute ospf into BGP the redistribution will not work
since the RIB has the static route as the source for the prefix
installed in the RIB.


Example of how AD plays an important role in how redistribution can or
may not occur properly due to AD of the protocol sourcing the prefix

And the protocol being redistributed must match or the redistribution will fail.


I have noticed one issue with both redistribution and network
statement which is problematic is that the IGP metric is passed into
BGP as MED which is higher in the BGP best path selection which can
result in sub optimal routing.  The workaround is to reset MED to 0
with a policy.



Kind Regards


Gyan


On Thu, Jul 1, 2021 at 8:23 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:

>
> The main protocols are BGP, OSPF, ISIS, Static
>
> Juniper
>
>
> https://www.juniper.net/documentation/en_US/junose15.1/topics/task/configuration/ip-route-administrative-distance-configuration.html
>
> Route Source
>
> Default Distance
>
> Connected interface
>
> 0
>
> Static route
>
> 1
>
> Internal access route
>
> 2
>
> Access route
>
> 3
>
> External BGP
>
> 20
>
> OSPF
>
> 110
>
> IS-IS
>
> 115
>
> RIP
>
> 120
>
> Internal BGP
>
> 200
>
> Unknown
>
> 255
>
>
> Cisco
>
>
> https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html
>
>
> Route SourceDefault Distance Values
> Connected interface 0
> Static route 1
> Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5
> External Border Gateway Protocol (BGP) 20
> Internal EIGRP 90
> IGRP 100
> OSPF 110
> Intermediate System-to-Intermediate System (IS-IS) 115
> Routing Information Protocol (RIP) 120
> Exterior Gateway Protocol (EGP) 140
> On Demand Routing (ODR) 160
> External EIGRP 170
> Internal BGP 200
> Unknown* 255
>
>
>
> On Thu, Jul 1, 2021 at 2:54 PM Robert Raszuk <robert@raszuk.net> wrote:
>
>> Gyan,
>>
>> > My understanding is by default most all implementations that I know of
>> for example Cisco & Juniper which have use identical default AD
>>
>> Can you provide source(s) of your above information ?
>>
>> To the best of my knowledge they are quite different ...
>>
>> Cisco:
>>
>> [image: image.png]
>>
>> Juniper:
>>
>> [image: image.png]
>>
>> Except connected I do not see much of "identical default AD"
>>
>> And that is as the draft says especially important when your intention is
>> to control active - backup paths for a given net.
>>
>> Thx,
>> R.
>>
>>
>> On Thu, Jul 1, 2021 at 8:02 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:
>>
>>>
>>> Hi Enke
>>>
>>> My understanding is by default most all implementations that I know of
>>> for example Cisco & Juniper which have use identical default AD,
>>> redistribution of the route only occurs from the source protocol that is
>>> being redistributed for example static versus OSPF or ISIS based on AD.
>>>
>>> So if you have multiple protocols redistribution into BGP, the source
>>> protocol with the lowest AD is what is inserted into the default RIB/FIB
>>> and its that specific route from the source protocol that is redistributed
>>> into BGP.   All implementations that I know of work that way.
>>>
>>> I don’t see any issue with deterministic redistribution as exists today
>>> with implementations.
>>>
>>> Normally you are only running one IGP but let’s say you are running OSPF
>>> and ISIS and you have a Juniper and Cisco ASBR redistribution into BGP, as
>>> OSPF has default AD 110, the OSPF prefix would be inserted into the Default
>>> RIB and redistributed into BGP.  Let’s say you set AD for ISIS down to 90
>>> and now the ISIS route is inserted into the RIB and now both Juniper and
>>> Cisco ASBR Will redistribute the ISIS route into BGP.
>>>
>>> I am not seeing the issue that you are trying to solve.
>>>
>>> Kind Regards
>>>
>>> Gyan
>>>
>>> On Wed, Jun 30, 2021 at 3:19 AM Enke Chen <enchen@paloaltonetworks.com>
>>> wrote:
>>>
>>>> Hi, Robert:
>>>>
>>>> 1) Usually the default admin-distance is configurable. Having the same
>>>> admin-distance across implementations would certainly make things simpler,
>>>> but that is not required. What matters is the local_pref value for the
>>>> redistribute backup route:
>>>>
>>>>             local_pref = default_local_pref - delta;
>>>>
>>>> It needs to be in the right order (relatively) for the "role" the route
>>>> is supposed to play.
>>>>
>>>> It's a good question. We will try to clarify it in the next revision.
>>>>
>>>> 2) Certainly it would work if we define the "delta" (or "local_pref")
>>>> for the redistributed route based on its role (e.g., primary, secondary,
>>>> tertiary). But extra config would be needed for specifying the "role".  The
>>>> algorithm described in the draft does not require additional config other
>>>> than the existing "admin-distance".  When more than two paths are involved
>>>> in a multi-vendor environment, the admin-distance needs to be carefully
>>>> assigned in order to get the desired local_pref value.
>>>>
>>>> Thanks.   -- Enke
>>>>
>>>> On Tue, Jun 29, 2021 at 1:05 PM Robert Raszuk <robert@raszuk.net>
>>>> wrote:
>>>>
>>>>> Hi Enke,
>>>>>
>>>>> How do you assure that admin distance is the same or delta would be
>>>>> the same across implementations ?
>>>>>
>>>>> Looking at say junos I see quite different values then when comparing
>>>>> with other implementations ...
>>>>>
>>>>>
>>>>> https://www.juniper.net/documentation/en_US/junos/topics/reference/general/routing-protocols-default-route-preference-values.html
>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.juniper.net_documentation_en-5FUS_junos_topics_reference_general_routing-2Dprotocols-2Ddefault-2Droute-2Dpreference-2Dvalues.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=GOhXjwEf1z0GAfIQVgVAc4sHvcAog6czTO30VhKwzQk&e=>
>>>>>
>>>>> Would it be simpler to define here verbatim what the local pref should
>>>>> be for redistributed routes ? Then at least those could be used as default
>>>>> local pref values unless overwritten by operator's policy during
>>>>> redistribution.
>>>>>
>>>>> Thx,
>>>>> Robert
>>>>>
>>>>>
>>>>> On Tue, Jun 29, 2021 at 7:14 PM Enke Chen <enchen@paloaltonetworks.com>
>>>>> wrote:
>>>>>
>>>>>> Hi, Folks:
>>>>>>
>>>>>> Apologies for the very long delay in updating the draft:
>>>>>>
>>>>>>        https://datatracker.ietf.org/doc/draft-chen-bgp-redist/01/
>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dchen-2Dbgp-2Dredist_01_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=IBn3kTJmGrWISvSq8L3M9GLLamXIqw7t2PvEdtvhmos&e=>
>>>>>>
>>>>>> The issue still exists, and shows up from time to time. The revised
>>>>>> version provides a complete solution that covers the use cases involving a
>>>>>> single router as well as multiple routers in a network.
>>>>>>
>>>>>> Your review and comments are welcome.
>>>>>>
>>>>>> Thanks.   -- Enke
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Idr mailing list
>>>>>> Idr@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/idr
>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=O1wpTf7XmDmE4-mQGDJ9YNEx2UVZW-k1meY3fd-tQrE&e=>
>>>>>>
>>>>> _______________________________________________
>>>> Idr mailing list
>>>> Idr@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/idr
>>>>
>>> --
>>>
>>> <http://www.verizon.com/>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions A**rchitect *
>>>
>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>
>>>
>>>
>>> *M 301 502-1347*
>>>
>>> --
>
> <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions A**rchitect *
>
> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>
>
>
> *M 301 502-1347*
>
> --

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *

*Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*



*M 301 502-1347*