IETF Logo Mail Archive

Re: [Idr] draft-chen-bgp-redist-01.txt

Enke Chen <enchen@paloaltonetworks.com> Sat, 03 July 2021 22:59 UTC

Return-Path: <enchen@paloaltonetworks.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31C343A286F for <idr@ietfa.amsl.com>; Sat, 3 Jul 2021 15:59:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.994
X-Spam-Level:
X-Spam-Status: No, score=-1.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b=YdhROWtK; dkim=pass (2048-bit key) header.d=paloaltonetworks-com.20150623.gappssmtp.com header.b=Lwb2jUHv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhZVjEa-wQtX for <idr@ietfa.amsl.com>; Sat, 3 Jul 2021 15:59:27 -0700 (PDT)
Received: from mx0b-00169c01.pphosted.com (mx0b-00169c01.pphosted.com [67.231.156.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 280023A286D for <idr@ietf.org>; Sat, 3 Jul 2021 15:59:26 -0700 (PDT)
Received: from pps.filterd (m0048189.ppops.net [127.0.0.1]) by mx0b-00169c01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 163MsZ88018816 for <idr@ietf.org>; Sat, 3 Jul 2021 15:59:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=PPS12012017; bh=eWojY4YJEEzDAw5YORDNXpltHM7GOQDKdZKhQJ8o7dE=; b=YdhROWtKislaP0KjblUgkBYw5x2StFw8TWhgeyimDXyLiu1uyUftY2xh4x9L3QbV0OBO X6tYP64LZ6/PJ3h7kxYKSF7pUOGgexhN3nOY02RLdhnSPpKxdOTr7E0uIehGJQN4iUaU gC1wyh7PnCSJPZy7LaWWL0+atvltufVe7gN8UYiuAPDSicm++pdPLnrttgSpbtmGnvnI bdp7b08BnHQB08DVgPkFCGfq/mlM0sU04AEa3FF/iWrhkk3XjoQfL/hYzPHsYKC0lxQz EYFQ8p3NOjpn2wZtcfHiaPVx5K0joiqvnRn8N2w6XPyJRzYFjKjaY4KKVXyjMEZEiAYV BA==
Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by mx0b-00169c01.pphosted.com with ESMTP id 39jqd717vk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <idr@ietf.org>; Sat, 03 Jul 2021 15:59:24 -0700
Received: by mail-lj1-f199.google.com with SMTP id v10-20020a2ea60a0000b029017fd05dc0aaso2923021ljp.1 for <idr@ietf.org>; Sat, 03 Jul 2021 15:59:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eWojY4YJEEzDAw5YORDNXpltHM7GOQDKdZKhQJ8o7dE=; b=Lwb2jUHvzUTWegZN9v5SvyG1Sug3ICnCogwpq53eSuA+tOilurj0U+1HbHNhP5XKoy j9J0JfxOPTn+g+JzKH1JIUfs/0fyUcv6HxcNZxWzGl4W0jmkSiARS3X3F+HcAu87mulG iVlr5lMo3nIySuMON5GOmwCoFQkvo/yaZD/cuo2Vwr387EXM9wXT646zLbHHTS2RNbUO QnFqGbCTMNw4+SNbQJfcsRf8l2ZYSsQcu/eNDbXfAav2ehRM3RIMlPRzZK3+WjEOBGYj pGz9bUXc00hoXRUiD85cbINIgydj4W2lWbqnuBW6RG/qpselHD74Ng/9VUuVeWgb7Z4c gjfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eWojY4YJEEzDAw5YORDNXpltHM7GOQDKdZKhQJ8o7dE=; b=YOXNxFPXl7kp+bGeI2F+pqUf0nOE+l0mNlEQM7O/Is8dJy8mE6E48CGc58irgMzQh0 DJRnPtqJ51pg7VM66JN2CV7CI1UwU4HnOtISNuw5s6tRPH6FcCmXN/mEa9va+FQlcyiQ bNqJyzrxRFkRECdPGPrF24wD563KLMk9H5NMg+DpiGRzHYvr3uuuywt/+wmz0HljaNpW C1tTautYI2nveBPam4tFn+JgaW5WX40ZvU/FwejCFt47sxY1N0sN+NehVEdMj15vtSNN FdTNgtZyFY/m4kcVM6VNjRtx2UDmgxQholI1/jN1mYuBnPXdpaXT+Ijl7TJTX1/iYjpv 4Jug==
X-Gm-Message-State: AOAM532vnikOtZfo7Fvr44iuz7hJGzoUNHNoUt82NfP7+T+WfaPxVLPa AMELMNlLw8cXg361HAvd//vLhPnsGl+DZJPWGgRSTBa6jggmJcfZseHscmoMt9HYW7bo7Mc4bwz zgZFLa/VFVvyp+SLseWg=
X-Received: by 2002:a2e:b004:: with SMTP id y4mr4945594ljk.475.1625353162724; Sat, 03 Jul 2021 15:59:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzq9FZn8/6md06dSWNAcm0uUqCC1EhQlpk+5npZ5echG9a+esx31OpIzF/CdPsgqjl3ZGFtwKind3o4I9JprVI=
X-Received: by 2002:a2e:b004:: with SMTP id y4mr4945550ljk.475.1625353161774; Sat, 03 Jul 2021 15:59:21 -0700 (PDT)
MIME-Version: 1.0
References: <CANJ8pZ_2yk666tSca818-e0YdziKjK3dMqhopOtYAP3vKXTEmQ@mail.gmail.com> <CAOj+MME5zZeZDnhpfivbdKj00JwBzi9rjMmzBXxE_fFqkxEVpA@mail.gmail.com> <CANJ8pZ9Und3fF324tzTAkhrMFV0MZfhHYfZussiYSCNUx-n_Hw@mail.gmail.com> <CABNhwV3BXk=+fuxVSg_9j+u+5Ffr+NQGE9P75NCPpTaUr5LqYQ@mail.gmail.com> <CAOj+MMFxM_yvrPDEyQ+dpO7ZxoiQKa0DE4ZQf763Cuidj76QXg@mail.gmail.com> <CABNhwV1q-H1pSypWCvA9VKXBZZTfM3nQNPktjbmbN0D=VSXpBw@mail.gmail.com> <CABNhwV29-t-N6EMmJQzOairgTB5jsPX1h6Q0e+akEgiA2cUpQg@mail.gmail.com> <CABNhwV1QAR8qHdP+rSTOk3eRU5A5tMAfWFFyqXYPQteHtoNyBg@mail.gmail.com> <BYAPR11MB3207B8AE524F71ED25590B94C01F9@BYAPR11MB3207.namprd11.prod.outlook.com> <e6a5ac64-c948-a08e-079f-47f63dd1b787@gmail.com> <CABNhwV09UwpWheV1LKGLR0vS0J9AMkncFiPaaL_-BSggpfa6Dg@mail.gmail.com> <CAOj+MMH2N-0Sv+W=dE9VVUpoJH5Xx=amE9NSNoL2CN1btUD_rQ@mail.gmail.com>
In-Reply-To: <CAOj+MMH2N-0Sv+W=dE9VVUpoJH5Xx=amE9NSNoL2CN1btUD_rQ@mail.gmail.com>
From: Enke Chen <enchen@paloaltonetworks.com>
Date: Sat, 03 Jul 2021 15:59:09 -0700
Message-ID: <CANJ8pZ9GR3RRXcLOHHrogu4mJjL4VM0b_YX=d67DPCN2NTdiwA@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, Alejandro Acosta <alejandroacostaalamo@gmail.com>, "Jakob Heitz (jheitz)" <jheitz@cisco.com>, "idr@ietf. org" <idr@ietf.org>, Enke Chen <enchen@paloaltonetworks.com>
Content-Type: multipart/related; boundary="000000000000d7d1c905c640054d"
X-Proofpoint-ORIG-GUID: WxOzKAkU20vwIV52Cgm9j4n7zKd-jts5
X-Proofpoint-GUID: WxOzKAkU20vwIV52Cgm9j4n7zKd-jts5
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-03_07:2021-07-02, 2021-07-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 adultscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107030143
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/NlGAfAWX27ssK9RlfOr8E2Ia4sc>
Subject: Re: [Idr] draft-chen-bgp-redist-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2021 22:59:33 -0000

Yes, it is a generic issue, although the cases involving BGP are more
visible in deployment.

In version -00.txt, we had:

   It is noted that the proposed algorithm is generally applicable when
   a route is redistributed from one protocol into another protocol.

It's dropped in order to focus.

Thanks.   -- Enke

On Sat, Jul 3, 2021 at 3:58 AM Robert Raszuk <robert@raszuk.net> wrote:

>
> > The issue mentioned in this draft is an inherent issue with BGP RFC 4271
>
> No.
>
> The issue occurs regardless of what routing protocol you use to propagate
> your routes around. BGP here is just one example of it (quite commonly
> used) and local preference is currently suggested as a metric. Sure there
> are other options too.
>
> The issue described here is a system issue of interactions between
> various route producers. As it happens IETF does not really standardize
> system wide behaviours - it focuses on components of it in silos. Hence
> from time to time we run into such traps.
>
> As an example I believe the same very issue would occur provided DC
> operator would like to use deterministic active-backup if you run Static or
> Babel or RIPv2 between TORs and computes and redistribute those into RIFT
> to provide flat reachability in the DC fabric.
>
> Best,
> Robert.
>
>
>
> On Sat, Jul 3, 2021 at 6:20 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:
>
>>
>> Here are my thoughts on the draft problem statement and a solution I
>> believe that  exists today by some or maybe all vendors to resolve the
>> problem.
>>
>> The issue mentioned in this draft is an inherent issue with BGP RFC 4271
>> and need for operators for deterministic behavior when all attributes are
>> equal that the oldest or first advertisement received is the what is
>> installed in the BGP RIB over the most recent or newest last received
>> advertisement #10 in the BGP best path selection link below.
>>
>>
>> https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cisco.com_c_en_us_support_docs_ip_border-2Dgateway-2Dprotocol-2Dbgp_13753-2D25.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=FSUkTwE1UDrjBg7zRicOnco2ySnEj5RGfUjxz4OFM4s&e=>
>>
>> 10.  When both paths are external, prefer the path that was received
>> first (the oldest one). == RFC 5004
>>
>> This step minimizes route-flap because a newer path does not displace an
>> older one, even if the newer path would be the preferred route based on the
>> next decision criteria (Steps 11, 12, and 13).
>>
>>
>> RFC 4271 published in 2006 section 9.1.2,2  F> states the eBGP best path
>> tie breaker to be  lowest router-id and G> lowest peer IP address.  G> only
>> comes into play if 2 parallel peers between two routers.
>>
>>
>> RFC 5004 published in 2007 to avoid best path transitions oscillations
>> institutes the oldest first advertisement over the newest last
>> advertisement which is what we are discussing now with this draft about the
>> same deterministic routing we are trying to achieve.  RFC 5004 critiqued
>> RFC 4271 that section 9.1,2.2 F> would being random in nature was less
>> deterministic then oldest versus newest introduced in RFC 5004.
>>
>>
>> The problem with RFC 5004 was that in an effort to avoid oscillation it
>> actually created oscillation with non deterministic nature of the oldest
>> path being preferred over newest as when a link bounces the newest becomes
>> preferred over the oldest and the nature of base on receipt of the
>> advertisement in essence is less deterministic.  Also the fact oldest
>> versus newest is much more random then lowest BGP identifier.
>>
>>
>> Due to operators looking for deterministic routing, vendors introduced a
>> knob for operators to reinstating RFC 4291 section 9.1,2.2 F> using  knob
>>  “BGP bestpath compare-routerid” which led by Cisco and also introduced by
>> other vendors to provide deterministic BGP path selection.
>>
>>
>> So with this knob the eBGP all attributes equal tie breaker is no longer
>> non deterministic but now deterministic always picking the same router
>> every time with the lowest BGP identifier with this knob set on all eBGP
>> peering routers to provide deterministic best path selection in both
>> directions.
>>
>>
>> For this draft section 2.2 if we use this knob “BGP bestpath
>> compare-routerid” then that solves the non deterministic nature and problem
>> statement as now it’s not a timing or race condition or which advertisement
>> is received first as the results is now always the same based on lowest BGP
>> identifier.  This vendor implementation specific knob has to be configured
>> on all eBGP speaking routers for deterministic routing in both directions.
>>
>>
>> We may want to do a bis version or update to RFC 5004 to change from
>> oldest versus newest non deterministic routing to deterministic routing
>> reinstating 9.1.2.2 F>
>>
>>
>> Kind Regards
>>
>>
>> Gyan
>>
>>
>> On Fri, Jul 2, 2021 at 8:51 PM Alejandro Acosta <
>> alejandroacostaalamo@gmail.com> wrote:
>>
>>>
>>> On 2/7/21 2:33 AM, Jakob Heitz (jheitz) wrote:
>>>
>>> Admin-distance is not defined in any RFCs. It is a vendor only concept.
>>>
>>> I can speak about it from the Cisco IOS-XR and Redback perspective.
>>>
>>> In both of these implementations, RIB and BGP are separate processes
>>>
>>> with separate memory spaces and their own routing tables.
>>>
>>> Routes are passed between them using inter-process communication
>>> messages.
>>>
>>> They cannot access each other's routing tables. Other routing protoclos,
>>>
>>> such as OSPF, ISIS and static are also separate processes. Each of the
>>> routing
>>>
>>> protocols downloads their valid routes to RIB. If the same IP prefix is
>>>
>>> sent to RIB by multiple routing protocols, RIB will select one to be used
>>>
>>> for forwarding and resolving nexthops. RIB uses admin-distance to decide.
>>>
>>> Routing protocols get their local routes from RIB.
>>>
>>>
>>>
>>> A static route has admin-distance of 1 by default.
>>>
>>> However, a static route can be configured with a different
>>> admin-distance.
>>>
>>> It is possible to configure a backup static route by configuring a high
>>>
>>> admin-distance for it.
>>>
>>> In that case, if another route is found for the given prefix by another
>>>
>>> routing protocol, say an ISIS route, then the ISIS route will be used
>>>
>>> for forwarding. Only if the ISIS route disappears will the backup static
>>>
>>> route be used.
>>>
>>>
>>>
>>> Now, suppose we want to advertise that prefix in BGP. We can do that
>>>
>>> with a "redistribute" statement or with a "network" statement.
>>>
>>> They work a little bit differently, but either command will import
>>>
>>> the route from the RIB into BGP.
>>>
>>> Once the route is in BGP, it loses its admin-distance.
>>>
>>> BGP has no knowledge of the admin-distance that this route had in RIB.
>>>
>>> There is no admin-distance in section 9.1 of RFC 4271.
>>>
>>> This is the root of the problem that Enke and Jenny are trying to solve.
>>>
>>>
>>>
>>> The problem occurs if the same prefix can be learnt by BGP from
>>>
>>> a BGP peer. BGP may download it into RIB. The draft addresses the
>>>
>>> different outcome if BGP learns the route first from it peer or learns
>>>
>>> it first from the local RIB.
>>>
>>>
>>> To be honest after reading the draft I still had my doubts.
>>>
>>> I just tested it (using old Cisco gear) and the behavior was exactly the
>>> described in draft. Having said that I have to admit that at the beginning
>>> I was skeptical about this, but now I believe this draft deserve further
>>> discussions.
>>>
>>>
>>> Thanks,
>>>
>>>
>>> Alejandro,
>>>
>>>
>>>
>>>
>>>
>>>
>>> Regards,
>>>
>>> Jakob.
>>>
>>>
>>>
>>> *From:* Idr <idr-bounces@ietf.org> <idr-bounces@ietf.org> *On Behalf Of
>>> * Gyan Mishra
>>> *Sent:* Thursday, July 1, 2021 6:18 PM
>>> *To:* Robert Raszuk <robert@raszuk.net> <robert@raszuk.net>
>>> *Cc:* idr@ietf. org <idr@ietf.org> <idr@ietf.org>; Jenny Yuan
>>> <jyuan@paloaltonetworks.com> <jyuan@paloaltonetworks.com>
>>> *Subject:* Re: [Idr] draft-chen-bgp-redist-01.txt
>>>
>>>
>>>
>>>
>>>
>>> From a network design POV, in general within a an IP transit AS their is
>>> no need to redistribute BGP into IGP unless their are non BGP speaking
>>> routers within the network.
>>>
>>>
>>>
>>> As for sourcing routes into BGP advertisement from a customer edge best
>>> practice is to originate the advertisement as close to the source routers
>>> as possible, and if it’s a summary then use a network statement and if LPM
>>> routes are required then redistribution of IGP into BGP via policy is the
>>> best way but also as close to the source of the prefixes.
>>>
>>>
>>>
>>> From a core perspective IP or MPLS it is common to redistribute
>>> connected or IGP into BGP global table still separate from customer traffic
>>> in SP operator core where MPLS any-any VPN VRF is used to carry Internet
>>> traffic and in that case the NOC may sit in the Internet VRF and NMS
>>> systems need telemetry access back to the global table.
>>>
>>>
>>>
>>>
>>>
>>> Kind Regards
>>>
>>>
>>>
>>> Gyan
>>>
>>>
>>>
>>> On Thu, Jul 1, 2021 at 8:56 PM Gyan Mishra <hayabusagsm@gmail.com>
>>> wrote:
>>>
>>>
>>>
>>> Hi Enke
>>>
>>>
>>>
>>> I am still trying to understand the need for this draft.
>>>
>>>
>>>
>>>
>>>
>>> Their are two main methods to locally originate routes into BGP done at
>>> the customer edge which is via redistribution or network statement.  When
>>> you redistribute routes into BGP the origin flag is set to incomplete.
>>> When you use a network statement with exact match of prefix installed in
>>> the RIB, the route origin changes to IGP origin.   The pecking order for
>>> Orgin is EGP, IGP, Incomplete so if the routes is also advertised via
>>> network statement and redistribution by two different ASBR the best path
>>> selection will converge on the best path IGP origin via network statement
>>> over redistribution.  Maybe that is the intention of the draft to prefer
>>> incomplete over IGP origin and that can be set via policy as well so that
>>> both are equal so load balancing can occur.
>>>
>>>
>>>
>>> At the bottom of page 2 below is stated as the premise for this draft.
>>>
>>>
>>>
>>> Currently the admin-distance does not play any role in BGP route
>>>
>>> selection.
>>>
>>>
>>>
>>> I disagree.  Indeed AD plays an important role in redistribution or locally sourcing of prefixes into BGP advertisement.  All vendor implementations do this the same way and that is that only the lowest AD source
>>>
>>> Of a particular prefix is what is installed onto the RIB and FIB.  So when doing either a redistribution or using network statement exact match to source local routes into a BGP advertisement only the prefixes installed in the RIB that match exactly via network statement or if you have a redistribution policy matches the prefix and source protocol for the route being redistributed.
>>>
>>>
>>>
>>> Let’s say you have a redistributing OSPF into BGP however their is a static route exact match for the prefix you want to redistribute that matches your redistribution prefix list
>>>
>>> however as OSPF has AD 110 and static had AD 1 default and if you are trying to redistribute ospf into BGP the redistribution will not work since the RIB has the static route as the source for the prefix installed in the RIB.
>>>
>>>
>>>
>>> Example of how AD plays an important role in how redistribution can or may not occur properly due to AD of the protocol sourcing the prefix
>>>
>>> And the protocol being redistributed must match or the redistribution will fail.
>>>
>>>
>>>
>>> I have noticed one issue with both redistribution and network statement which is problematic is that the IGP metric is passed into BGP as MED which is higher in the BGP best path selection which can result in sub optimal routing.  The workaround is to reset MED to 0 with a policy.
>>>
>>>
>>>
>>>
>>>
>>> Kind Regards
>>>
>>>
>>>
>>> Gyan
>>>
>>>
>>>
>>> On Thu, Jul 1, 2021 at 8:23 PM Gyan Mishra <hayabusagsm@gmail.com>
>>> wrote:
>>>
>>>
>>>
>>> The main protocols are BGP, OSPF, ISIS, Static
>>>
>>>
>>>
>>> Juniper
>>>
>>>
>>>
>>>
>>> https://www.juniper.net/documentation/en_US/junose15.1/topics/task/configuration/ip-route-administrative-distance-configuration.html
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.juniper.net_documentation_en-5FUS_junose15.1_topics_task_configuration_ip-2Droute-2Dadministrative-2Ddistance-2Dconfiguration.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=8HX97tuLeHDkgFkFORkNt9LjHy8sh3-Jso2oALUYMxk&e=>
>>>
>>>
>>>
>>> Route Source
>>>
>>> Default Distance
>>>
>>> Connected interface
>>>
>>> 0
>>>
>>> Static route
>>>
>>> 1
>>>
>>> Internal access route
>>>
>>> 2
>>>
>>> Access route
>>>
>>> 3
>>>
>>> External BGP
>>>
>>> 20
>>>
>>> OSPF
>>>
>>> 110
>>>
>>> IS-IS
>>>
>>> 115
>>>
>>> RIP
>>>
>>> 120
>>>
>>> Internal BGP
>>>
>>> 200
>>>
>>> Unknown
>>>
>>> 255
>>>
>>>
>>>
>>>
>>>
>>> Cisco
>>>
>>>
>>>
>>>
>>> https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cisco.com_c_en_us_support_docs_ip_border-2Dgateway-2Dprotocol-2Dbgp_15986-2Dadmin-2Ddistance.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=z_AO_qcHE1HnTkzoPsHLyvT83lPMbJjI7pawAcHu0sk&e=>
>>>
>>>
>>>
>>>
>>>
>>> *Route Source*
>>>
>>> *Default Distance Values*
>>>
>>> Connected interface
>>>
>>> 0
>>>
>>> Static route
>>>
>>> 1
>>>
>>> Enhanced Interior Gateway Routing Protocol (EIGRP) summary route
>>>
>>> 5
>>>
>>> External Border Gateway Protocol (BGP)
>>>
>>> 20
>>>
>>> Internal EIGRP
>>>
>>> 90
>>>
>>> IGRP
>>>
>>> 100
>>>
>>> OSPF
>>>
>>> 110
>>>
>>> Intermediate System-to-Intermediate System (IS-IS)
>>>
>>> 115
>>>
>>> Routing Information Protocol (RIP)
>>>
>>> 120
>>>
>>> Exterior Gateway Protocol (EGP)
>>>
>>> 140
>>>
>>> On Demand Routing (ODR)
>>>
>>> 160
>>>
>>> External EIGRP
>>>
>>> 170
>>>
>>> Internal BGP
>>>
>>> 200
>>>
>>> Unknown*
>>>
>>> 255
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Jul 1, 2021 at 2:54 PM Robert Raszuk <robert@raszuk.net> wrote:
>>>
>>> Gyan,
>>>
>>>
>>>
>>> > My understanding is by default most all implementations that I know of
>>> for example Cisco & Juniper which have use identical default AD
>>>
>>>
>>>
>>> Can you provide source(s) of your above information ?
>>>
>>>
>>>
>>> To the best of my knowledge they are quite different ...
>>>
>>>
>>>
>>> Cisco:
>>>
>>>
>>>
>>>
>>>
>>> Juniper:
>>>
>>>
>>>
>>>
>>>
>>> Except connected I do not see much of "identical default AD"
>>>
>>>
>>>
>>> And that is as the draft says especially important when your intention
>>> is to control active - backup paths for a given net.
>>>
>>>
>>>
>>> Thx,
>>> R.
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Jul 1, 2021 at 8:02 PM Gyan Mishra <hayabusagsm@gmail.com>
>>> wrote:
>>>
>>>
>>>
>>> Hi Enke
>>>
>>>
>>>
>>> My understanding is by default most all implementations that I know of
>>> for example Cisco & Juniper which have use identical default AD,
>>> redistribution of the route only occurs from the source protocol that is
>>> being redistributed for example static versus OSPF or ISIS based on AD.
>>>
>>>
>>>
>>> So if you have multiple protocols redistribution into BGP, the source
>>> protocol with the lowest AD is what is inserted into the default RIB/FIB
>>> and its that specific route from the source protocol that is redistributed
>>> into BGP.   All implementations that I know of work that way.
>>>
>>>
>>>
>>> I don’t see any issue with deterministic redistribution as exists today
>>> with implementations.
>>>
>>>
>>>
>>> Normally you are only running one IGP but let’s say you are running OSPF
>>> and ISIS and you have a Juniper and Cisco ASBR redistribution into BGP, as
>>> OSPF has default AD 110, the OSPF prefix would be inserted into the Default
>>> RIB and redistributed into BGP.  Let’s say you set AD for ISIS down to 90
>>> and now the ISIS route is inserted into the RIB and now both Juniper and
>>> Cisco ASBR Will redistribute the ISIS route into BGP.
>>>
>>>
>>>
>>> I am not seeing the issue that you are trying to solve.
>>>
>>>
>>>
>>> Kind Regards
>>>
>>>
>>>
>>> Gyan
>>>
>>>
>>>
>>> On Wed, Jun 30, 2021 at 3:19 AM Enke Chen <enchen@paloaltonetworks.com>
>>> wrote:
>>>
>>> Hi, Robert:
>>>
>>>
>>>
>>> 1) Usually the default admin-distance is configurable. Having the same
>>> admin-distance across implementations would certainly make things simpler,
>>> but that is not required. What matters is the local_pref value for the
>>> redistribute backup route:
>>>
>>>
>>>
>>>             local_pref = default_local_pref - delta;
>>>
>>>
>>>
>>> It needs to be in the right order (relatively) for the "role" the route
>>> is supposed to play.
>>>
>>>
>>>
>>> It's a good question. We will try to clarify it in the next revision.
>>>
>>>
>>>
>>> 2) Certainly it would work if we define the "delta" (or "local_pref")
>>> for the redistributed route based on its role (e.g., primary, secondary,
>>> tertiary). But extra config would be needed for specifying the "role".  The
>>> algorithm described in the draft does not require additional config other
>>> than the existing "admin-distance".  When more than two paths are involved
>>> in a multi-vendor environment, the admin-distance needs to be carefully
>>> assigned in order to get the desired local_pref value.
>>>
>>>
>>>
>>> Thanks.   -- Enke
>>>
>>>
>>>
>>> On Tue, Jun 29, 2021 at 1:05 PM Robert Raszuk <robert@raszuk.net> wrote:
>>>
>>> Hi Enke,
>>>
>>>
>>>
>>> How do you assure that admin distance is the same or delta would be the
>>> same across implementations ?
>>>
>>>
>>>
>>> Looking at say junos I see quite different values then when comparing
>>> with other implementations ...
>>>
>>>
>>>
>>>
>>> https://www.juniper.net/documentation/en_US/junos/topics/reference/general/routing-protocols-default-route-preference-values.html
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.juniper.net_documentation_en-5FUS_junos_topics_reference_general_routing-2Dprotocols-2Ddefault-2Droute-2Dpreference-2Dvalues.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=GOhXjwEf1z0GAfIQVgVAc4sHvcAog6czTO30VhKwzQk&e=>
>>>
>>>
>>>
>>> Would it be simpler to define here verbatim what the local pref should
>>> be for redistributed routes ? Then at least those could be used as default
>>> local pref values unless overwritten by operator's policy during
>>> redistribution.
>>>
>>>
>>>
>>> Thx,
>>> Robert
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Jun 29, 2021 at 7:14 PM Enke Chen <enchen@paloaltonetworks.com>
>>> wrote:
>>>
>>> Hi, Folks:
>>>
>>>
>>>
>>> Apologies for the very long delay in updating the draft:
>>>
>>>
>>>
>>>        https://datatracker.ietf.org/doc/draft-chen-bgp-redist/01/
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dchen-2Dbgp-2Dredist_01_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=IBn3kTJmGrWISvSq8L3M9GLLamXIqw7t2PvEdtvhmos&e=>
>>>
>>>
>>>
>>> The issue still exists, and shows up from time to time. The revised
>>> version provides a complete solution that covers the use cases involving a
>>> single router as well as multiple routers in a network.
>>>
>>>
>>>
>>> Your review and comments are welcome.
>>>
>>>
>>>
>>> Thanks.   -- Enke
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Idr mailing list
>>> Idr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/idr
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=O1wpTf7XmDmE4-mQGDJ9YNEx2UVZW-k1meY3fd-tQrE&e=>
>>>
>>> _______________________________________________
>>> Idr mailing list
>>> Idr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/idr
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=Weyjlq5go3AJVxvImrawxciSJUMHNXCaL7x-2WFhAgU&e=>
>>>
>>> --
>>>
>>>
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.verizon.com_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=JlLCqgIHEWMnFhVgEh9uJTIn_5HepK_jtIN6vAvIXNA&e=>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions Architect *
>>>
>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>
>>> *M 301 502-1347*
>>>
>>>
>>>
>>> --
>>>
>>>
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.verizon.com_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=JlLCqgIHEWMnFhVgEh9uJTIn_5HepK_jtIN6vAvIXNA&e=>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions Architect *
>>>
>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>
>>> *M 301 502-1347*
>>>
>>>
>>>
>>> --
>>>
>>>
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.verizon.com_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=JlLCqgIHEWMnFhVgEh9uJTIn_5HepK_jtIN6vAvIXNA&e=>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions Architect *
>>>
>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>
>>> *M 301 502-1347*
>>>
>>>
>>>
>>> --
>>>
>>>
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.verizon.com_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=JlLCqgIHEWMnFhVgEh9uJTIn_5HepK_jtIN6vAvIXNA&e=>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions Architect *
>>>
>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>
>>> *M 301 502-1347*
>>>
>>>
>>>
>>> _______________________________________________
>>> Idr mailing listIdr@ietf.orghttps://www.ietf.org/mailman/listinfo/idr <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=Weyjlq5go3AJVxvImrawxciSJUMHNXCaL7x-2WFhAgU&e=>
>>>
>>> --
>>
>>
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.verizon.com_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=JlLCqgIHEWMnFhVgEh9uJTIn_5HepK_jtIN6vAvIXNA&e=>
>>
>> *Gyan Mishra*
>>
>> *Network Solutions A**rchitect *
>>
>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>
>>
>>
>> *M 301 502-1347*
>>
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=UrndcBjaQEYEjbpe43Dmp1cU8kv7u3c3IZLQaEaw-Tg&s=Weyjlq5go3AJVxvImrawxciSJUMHNXCaL7x-2WFhAgU&e=>
>>
>

v2.23.0 | Report a Bug | By Email