Re: [Idr] [bess] FW: Closing on Stephane's open issue with draft-ietf-bess-datacenter-gateway => Requesting feedback from IDR
Gyan Mishra <hayabusagsm@gmail.com> Mon, 08 June 2020 22:35 UTC
Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B03E3A0874; Mon, 8 Jun 2020 15:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSkUvvN_JKBT; Mon, 8 Jun 2020 15:35:45 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95D423A086E; Mon, 8 Jun 2020 15:35:45 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id r2so20647677ioo.4; Mon, 08 Jun 2020 15:35:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NPtbezrB5SZCgfm5490lOB1qFkYZAawFRm6PIf79Af4=; b=kS24YgSglaqOK0zKwfF6u9LzRHaRIaUXstdPNfNdcjpZEFtbacW26v1Sl3V8Uh+Rvq EvGrFYRVrn1AzebO7O2zkKFQgCcYhqowEVLnThs1QtpeWTqHflq+Ns/55M7F5F45KNOy dAmuhQSFSk8nrIIkjcfN1QDKVS7ak042tEUWXV7Y2DF+LTBlfS0fX+56ND7q6uhMyO3C bNkEBVdRqnk/QXP6Ouhv27thAKuhXXaRHCLklfFYpEne9FoMjXkoTTTVgVVP44oRZJkE 2Zp7+k9B2xgcQNzyYYU3xoXvcwiBuGbEdog5eoB7Lxjc/hVYZI2J8naUiqmfgcywRuIE 7GVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NPtbezrB5SZCgfm5490lOB1qFkYZAawFRm6PIf79Af4=; b=FuewvyIiW8vqzqWUChuUubLPhSzF5/VYIdh3qA03Wu4tBy/cpS3wfhZ3TKn+tJKAhT yKZk6Gm3hsnOZGnabjj+f+5TkVQj9pxQShy0Xg6MKon0KPwjfMKaz65hnvwGl/Tqd5/v EdTFiXcupUGq79TLkwB27G+Yxt2kuFmgsQSEZT/Mk3TqB1tKTAvD9n9fzrIxdj3Ebuhi 1ZTbd38MpX1N146GGi8g2UQOuoC02w/6i08ZkIIurCXEbQlG9BkNXI98uK6aTYeZ+qGY AIs3GBH+9adq0peloD62wjnCLhBx9C2sehh+3QIPiJLiOxCszwEoX+qM/qxLEgCdffaS 77cQ==
X-Gm-Message-State: AOAM530n1q+BwDVWfko8F+LRhPFpQyr93MMl/X+sF3Cb2XHD/LtZ85zS u0TdzdX1G+ZJMK0tn1z10mHj/Hix1YI2mYowPaw=
X-Google-Smtp-Source: ABdhPJz/QPyidjXoPgihio8UwqXl1ACFh2p77e9g5MIA9YXGPucurRklXH6AnmYqJd/SyUmCM5+96J/Z4oV4yxrVQuk=
X-Received: by 2002:a02:5a85:: with SMTP id v127mr8829541jaa.83.1591655744666; Mon, 08 Jun 2020 15:35:44 -0700 (PDT)
MIME-Version: 1.0
References: <00cc01d63d6f$9b7af880$d270e980$@gmail.com> <CAOj+MMGpLCVNiMOFPV3PoTE=LkcwbYJVmHgfnMcOCuuOk_wm3Q@mail.gmail.com> <011601d63da3$dc4aedf0$94e0c9d0$@gmail.com> <CAOj+MMFg2rxpez73eF_QT_O4B73WbYiciaKr7R3kT9iZY4FK7g@mail.gmail.com> <015f01d63dad$a068d630$e13a8290$@gmail.com>
In-Reply-To: <015f01d63dad$a068d630$e13a8290$@gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 08 Jun 2020 18:35:34 -0400
Message-ID: <CABNhwV0MTPNLW3Ay3gLyA--ch+HQ7YDioY01zwbGS9TRgZncMA@mail.gmail.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, slitkows.ietf@gmail.com
Cc: BESS <bess@ietf.org>, Robert Raszuk <robert@raszuk.net>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004400e605a79a3bb9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/MxebkIB8YG87Ipdm5nC_bh62GDw>
Subject: Re: [Idr] [bess] FW: Closing on Stephane's open issue with draft-ietf-bess-datacenter-gateway => Requesting feedback from IDR
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 22:35:49 -0000
On Mon, Jun 8, 2020 at 11:58 AM <slitkows.ietf@gmail.com> wrote: > I’m ok with that, but in such a case, you have to ensure that everything > will work fine when RTC is used: at least specify the behavior when no RT > are attached. As mentioned, rt-no-rt draft currently says that routes are > not advertised. > > Gyan> Understood and agreed that behavior for both RT and no RT attached > behavior should be added. Agreed that RTC explicitly states if RT > membership does not exist then the routes are not advertised. The behavior > with SAFI 1 is the same as SAFI 128 with regards to RTC support. > > *From:* Robert Raszuk <robert@raszuk.net> > *Sent:* lundi 8 juin 2020 17:07 > *To:* slitkows.ietf@gmail.com > *Cc:* idr@ietf. org <idr@ietf.org>; BESS <bess@ietf.org> > *Subject:* Re: [bess] FW: Closing on Stephane's open issue with > draft-ietf-bess-datacenter-gateway => Requesting feedback from IDR > > > > Hi, > > > > > [SLI] It could work if: we prevent usage of RTC for these families > > > > Actually I am not sure we need to prevent anything. Honestly I would leave > it for the proper operator's configuration. > > > > RTC is not something on by default in any AFI/SAFI. > > > > Thx a lot, > R. > > > > > > > > On Mon, Jun 8, 2020 at 4:48 PM <slitkows.ietf@gmail.com> wrote: > > Hi Robert, > > > > Thanks for your feedback. > > Please find some comments inline. > > > > Stephane > > > > > > *From:* Robert Raszuk <robert@raszuk.net> > *Sent:* lundi 8 juin 2020 11:55 > *To:* slitkows.ietf@gmail.com > *Cc:* idr@ietf. org <idr@ietf.org>; BESS <bess@ietf.org> > *Subject:* Re: [bess] FW: Closing on Stephane's open issue with > draft-ietf-bess-datacenter-gateway => Requesting feedback from IDR > > > > Stephane, > > > > Two points ... > > > > 1. It is not clear to me that draft-ietf-bess-datacenter-gateway > recommends to use RTC for anything - do they ? If not there is no > issue. > > [SLI] Right, but nothing prevents someone to activate it or it can be > activated “by inheritance” if sessions already runs VPNv4 for instance with > RTC. > > > > 1. Also note that RTC can be enabled on a per AF basis hence even if > you use it say for SAFI 128 you do not need to use it for SAFI 1. > > [SLI] RFC4684 is AFI/SAFI agnostic. I’m not aware of per-AFI/SAFI scoping > of RT membership from an implementation point of view. You can do it by > splitting sessions usually. > > > > [SLI] It could work if: we prevent usage of RTC for these families, or we > specify the default behavior of RTC for AFI/SAFI 1/1, 2/1 when there is no > RT (distribute routes that don’t have an RT). > > > > > > As a general comment I do not see any issues using RTs on non VPN SAFIs. > > > > Thx,, > > R. > > > > On Mon, Jun 8, 2020 at 10:34 AM <slitkows.ietf@gmail.com> wrote: > > Hi IDR WG, > > We have a draft that was on WGLC which introduces the usage of Route > Targets > on Internet address families to allow automated filtering of gateway > routes. > I raised a concern on a potential issue happening when Route Target > constraint is deployed on these sessions. > > Internet address families don't use RTs today, and are propagated following > the BGP propagation rules. When applying an RT and when having RTC deployed > on the session (RTC not being family aware), propagation of Internet routes > that don't have an RT may be stopped because of the behavior defined in > draft-ietf-idr-rtc-no-rt. This will so break the existing default behavior > of Internet SAFIs. > > We would like to get IDR's feedback on this topic. > > Thanks, > > Stephane > BESS co-chair > > > -----Original Message----- > From: Adrian Farrel <adrian@olddog.co.uk> > Sent: jeudi 4 juin 2020 19:31 > To: slitkows.ietf@gmail.com > Cc: bess-chairs@ietf.org; bess@ietf.org; > draft-ietf-bess-datacenter-gateway@ietf.org > Subject: Closing on Stephane's open issue with > draft-ietf-bess-datacenter-gateway > > Hi, > > John and I had a chat today about what we perceive is Stephane's open > issue. > > What we think the concern is is that we are using RTs in conjunction with > normal (i.e., non-VPN) routes. We do this to allow gateways to filter their > imports based on the RT that applies to the SR domain that it serves. > > An option was to use the Route Origin extended community instead. > > RFC 4360, which introduces both the Route Target and the Route Origin > extended communities and gives some guidance. Loosely expressed, the RT > says > which routers should import, the RO says which routers have advertised. In > both cases, the text suggests that "One possible use of the community is > specified in RFC4364" which implies that there are other acceptable uses. > > 4364 implies that the RO is used "to uniquely identify the set of routes > learned from a particular site." That is (my words), to apply a filter on > top of the RT to prevent re-import by a site of routes that match the RT > and > that were advertised by other entry points to the site. Indeed, the RO > would > seem to be used (in the 4364 case) only when the RT is also in use. > > We appreciate that the distinction is pretty delicate, but we think we are > right to use RT in this case because we are filtering to import, not to > avoid importing. Furthermore, if we used the RO then, to be consistent with > 4364, we would still be using the RT anyway. > > That, we think, disposes of the "RT or RO?" question. > > Now, we can go back to the original formulation of the question: is it OK > to > use RT with "non-VPN IP addresses"? Well, we consulted around a bit > privately amongst some BGP experts, and we couldn't find anyone to say it > was actually a problem. And (of course) no one raised the issue in WG last > call - but Matthew might claim that is because the document was only > lightly > reviewed, and Stephane might claim that this is because he had already > raised the point. Obviously, some of the authors know a bit about BGP, and > Eric was a lead author on 4364 and drove a lot of the details of what we > wrote. > > Two points in closing: > - If someone can show that we break something, we will have to fix it. > - If the chairs want to run this point past IDR and BESS explicitly, that > would be fine. > > Hope this helps. > > Best, > Adrian > > > _______________________________________________ > BESS mailing list > BESS@ietf.org > https://www.ietf.org/mailman/listinfo/bess > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr > -- <http://www.verizon.com/> *Gyan Mishra* *Network Solutions A**rchitect * *M 301 502-134713101 Columbia Pike *Silver Spring, MD
- [Idr] FW: Closing on Stephane's open issue with d… slitkows.ietf
- Re: [Idr] [bess] FW: Closing on Stephane's open i… Robert Raszuk
- Re: [Idr] [bess] FW: Closing on Stephane's open i… slitkows.ietf
- Re: [Idr] [bess] FW: Closing on Stephane's open i… Robert Raszuk
- Re: [Idr] [bess] FW: Closing on Stephane's open i… Gyan Mishra
- Re: [Idr] [bess] FW: Closing on Stephane's open i… slitkows.ietf
- Re: [Idr] [bess] FW: Closing on Stephane's open i… Gyan Mishra