IETF Logo Mail Archive

Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)

Robert Raszuk <robert@raszuk.net> Thu, 17 March 2022 12:38 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 088843A1153 for <idr@ietfa.amsl.com>; Thu, 17 Mar 2022 05:38:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fehbUgcwStZr for <idr@ietfa.amsl.com>; Thu, 17 Mar 2022 05:37:56 -0700 (PDT)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8A4D3A113D for <idr@ietf.org>; Thu, 17 Mar 2022 05:37:55 -0700 (PDT)
Received: by mail-ua1-x92a.google.com with SMTP id j7so2006917uap.5 for <idr@ietf.org>; Thu, 17 Mar 2022 05:37:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uShj9LMwjwMnW5OoldzaWQ2p83rPQsMtz76SOZb6grM=; b=FVRIuil1SmI9dX2XYblvKGSohnDHxsfPm45cYBP+FLM0y5mspjy00aYeuw5bH4myq1 h0e5iD6c2TgmfsgnVvwXUNm+VBu0eqg087iQylBQ1jceAmKD56of13BjWBBgzGElvaeP Eu7AJ6M7cwDlRw3ubTMjoJemGMcbh0e6gVEkNubu96wmQJfR0p1cZ48H2EwlFoNQd1TY A/2MTCWPagD7ftCibSJ6x1QFmzuAm55hNVKwMXUTU18dA708xxXkiYUUFUw9MRSAWZod XGBZf+mfRS1BtyzzPXH45qaZvjwG9apiJ2ohSOanFqxN8kV03DoUhMBCHiSeNHNEw0gY Bw8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uShj9LMwjwMnW5OoldzaWQ2p83rPQsMtz76SOZb6grM=; b=NzOaqSv7nabZJji0PzHq3981ji73bnpAZyN9ZKhKLc4MZAy/RxpZSwdLuivDus5lz6 a9c4WBsrdxNpeO3SLV6gB8Rwj/r1uAIU3Mi3G/d4MQoss6I3m6DPK7RCeXo5nGiCFfH8 1M0RGGUDYjpvRPuBK0KrDpuPGzus3l8seRnc4dMEFenk+USf2U1gfPyYpyQp2pwVD5LL iCUMMR5e5N5wRJIzDQ1NpM6K294vzlt/9iqypI/2LE+O1vQ0OUW+cak4eOS1WGqC7rfx epGX+fPd9xa3JnCMmP11vyf0/doftC7Eidx+Vx02ry3muD7hvjpvqwbR9XanVwmrLpgv d7qA==
X-Gm-Message-State: AOAM532MPMC/UWPHBBiEqD7kU89+nCyKrp3VL85U8B4a2qJZzei17XcX XEjfqzowGTzNnEn8zFqcj1mYbSya1GJ2uMiLaHKw2E1z3yUzgg==
X-Google-Smtp-Source: ABdhPJw+1liD02W9lurQAFmgCVcYlukjT5cP5PnnlahTJXRcnFNuSKZvV0cu7IzuJfDcL9f3qJWCDzfS1LdPyHJBryU=
X-Received: by 2002:ab0:64d5:0:b0:353:d616:6694 with SMTP id j21-20020ab064d5000000b00353d6166694mr206640uaq.90.1647520674307; Thu, 17 Mar 2022 05:37:54 -0700 (PDT)
MIME-Version: 1.0
References: <00ca01d8348c$8b05d270$a1117750$@ndzh.com> <20220311181711.GA29551@pfrc.org> <CAOj+MMGYnkN8Yx7riO-nd+Th3abXOW7+r9CZ4AXFDsYmXdMySQ@mail.gmail.com> <4831712448ae4fcf9101f3d6b7e05a7e@huawei.com>
In-Reply-To: <4831712448ae4fcf9101f3d6b7e05a7e@huawei.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 17 Mar 2022 13:37:43 +0100
Message-ID: <CAOj+MMGja92D+GFCxTCEXPTO=Obnn4Ny0i4VeBRKbEzhrdnGdQ@mail.gmail.com>
To: "Wanghaibo (Rainsword)" <rainsword.wang@huawei.com>
Cc: Jeffrey Haas <jhaas@pfrc.org>, "idr@ietf. org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Content-Type: multipart/alternative; boundary="0000000000008d702805da694cd8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/LHfL6zr3je93KzH_8mwmztLrv2c>
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 12:38:01 -0000

Haibo,

Sure I get your objective here.

The point is that sending anything in dynamic routing protocol is sound
only when receivers perform well defined actions on the received data.

Here you however still need a process (likely management driven) to trigger
telemetry sessions as any to any for all negotiated capabilities hardly
makes sense. Leave alone clock sync point I mentioned before what BGP (I
hope) will not be asked to signal.

So this proposal creates a local database with remote telemetry peers and
their capabilities on each BGP speaker. What if I want to use In-situ Flow
Information Telemetry between my 10 sites over Internet ? That means that
millions of other Internet routers will now have to carry this extended
community (or extension to NH Capability Attribute) ?

How would it even work for my use case if lot's of ISPs filters extended
communities and NH Capability Attribute is non-transitive by design ?

I am still not convinced this is good idea to add this as general extension
to BGP.

Many thx,
R.


On Thu, Mar 17, 2022 at 12:53 PM Wanghaibo (Rainsword) <
rainsword.wang@huawei.com> wrote:

> Hi Robert,
>
>
>
>        [Bottom line - not everything that can be fitted into a BGP
> attribute should be carried by BGP protocol.]
>
>     I agree with this point.
>
>
>
>     But I still think the iFit extension here is appropriate.
>
>   The Pub-sub model is a centralized service model, it’s complexable for
> dynamic changed service.
>
>     The iFit extension here is a distributed service driven model. Service
> routes advertised with iFit capability will bring simplifying deployment.
>
>
>
> Regards,
>
> Haibo
>
>
>
> *From:* Idr [mailto:idr-bounces@ietf.org] *On Behalf Of *Robert Raszuk
> *Sent:* Saturday, March 12, 2022 4:33 AM
> *To:* Jeffrey Haas <jhaas@pfrc.org>
> *Cc:* idr@ietf. org <idr@ietf.org>; Susan Hares <shares@ndzh.com>
> *Subject:* Re: [Idr] Adoption call for
> draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
>
>
>
> Hello Jeff & WG,
>
>
>
> I am a big supporter of In-Situ Telemetry. Well modulo the fact - and in
> fact show stopper - that to make it really useful very precise nano seconds
> clock synchronization is required and that by itself is not an easy task to
> accomplish in WAN or MAN networks. The only tools I see to help here are
> PTP or gPTP but PTP mostly is deployable in DCs not in WANs.
>
>
>
> As far as BGP is concerned I must ask why do we really need p2mp
> signalling to spray such information to all BGP speakers ? In Situ
> telemetry can be deployed end to end beyond BGP speaking network elements
> so it will not help.
>
>
>
> Moreover we are really stepping again on using BGP protocol as a network
> management carrier. Such distribution would be much better served by the
> pub-sub model. Such model can be realized by any message bus or by
> leveraging a recent proposal from Tony -
> https://datatracker.ietf.org/doc/draft-li-lsr-liveness/  Yes this
> currently was done to address IGP node liveness propagation, but nothing
> stands against reusing such idea for pub-sub distribution of other node
> capabilities like ifit.
>
>
>
> Bottom line - not everything that can be fitted into a BGP attribute
> should be carried by BGP protocol.
>
>
>
> Kind regards,
>
> R.
>
>
>
>
>
> On Fri, Mar 11, 2022 at 7:17 PM Jeffrey Haas <jhaas@pfrc.org> wrote:
>
> Sue and Working Group,
>
> I'm generally supportive of IFIT for BGP.
>
> For this particular document, I think it'd be helpful if the authors
> provided some more detail on the scoping of the BGP Extended Community
> attributes and their security considerations.
>
> In particular:
>
> On Thu, Mar 10, 2022 at 09:38:43AM -0500, Susan Hares wrote:
> > This begins a 2 week WG Adoption call (3/10/2022 to 3/24/2022)
> >
> > for draft-wang-idr-bgp-ifit-capabilities-04
> >
> > https://datatracker.ietf.org/doc/draft-wang-idr-bgp-ifit-capabilities/
> >
> > In your comments please consider if:
> >
> > 1) Do the additions to BGP (2 Communities and
> > TLV for next-hop-capability attribute)
> > help the distribute information regarding the  IFIT options
> > from tail (egress) nodes to head nodes (ingress)?
> >
> > Are there any cases where these BGP
> > Communities should be removed or ignored?
>
> >From the Security Considerations for draft-ietf-idr-sr-policy-ifit-03:
>
> :   IFIT data MUST be propagated in a limited domain in order to avoid
> :   malicious attacks and solutions to ensure this requirement are
> :   respectively discussed in [I-D.ietf-ippm-ioam-data] and
> :   [I-D.ietf-6man-ipv6-alt-mark].
>
> The NextHop Capability leveraged in this draft as part of prior learnings
> has specified itself as an Optional, Non-Transitive Path Attribute.  This
> means that behaviors can be enforced on a hop-by-hop basis.
>
> BGP Extended Communities are only scoped for as-transitive or not.
>
> It'd be useful for the authors to comment on what the expected behaviors
> for
> BGP speakers downstream of not the IFIT egress. Also, potentially outside
> of the IFIT domain.  What are the Security Considerations for such
> additional propagation of these Extended Communities?
>
> I'm unclear whether the intent of the Extended Communities is whether they
> should ONLY be propagated with the NextHop Capability or not.
>
> Please note that forms of this question were raised both on the mailing
> list
> in prior threads and also during IDR IETF sessions.
>
> -- Jeff
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>

v2.23.0 | Report a Bug | By Email