Re: [Idr] Solicit feedback to BGP UPDATE encoding options for SDWAN WAN port properties propagation among SDWAN edges (pros & cons to draft-dunbar-idr-sdwan-port-safi and alternatives)

Linda Dunbar <linda.dunbar@futurewei.com> Tue, 13 August 2019 18:07 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0782A120838 for <idr@ietfa.amsl.com>; Tue, 13 Aug 2019 11:07:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZEIpyRu5-Js for <idr@ietfa.amsl.com>; Tue, 13 Aug 2019 11:07:27 -0700 (PDT)
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730128.outbound.protection.outlook.com [40.107.73.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEEB5120801 for <idr@ietf.org>; Tue, 13 Aug 2019 11:07:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nSJYJuw4gGh2xFwQMLSIATNOFv6FV58C3DvgRQNxlrlKM4v6Cqe3l58TqTSInDvNSwn1Hq9txvNYDek82fEt4l9OcwsveSimeFeBUVQUSB60IV+sgj5bvwnSLs3zphaA9U9DBMug+bVXYq5abVA7OvTJPm1nmuMhiA0CKgj+pUuKJ0oE+trltdqe/dZxwp7Ujcr3K/oYEJ8hPbK0fGJS1jwYSMXoIp/T8uRIpEkC/IR2QKCaXADs0MNJ3CR4NnRqSU3GsSBN+oQqQ4+4eWvZp6fW5DUx7Ew18zrCXHddsbIHWXBxuv7eew/cOHbuvhJ3YP+2t2532xZwpnqyf0AoYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W/p8QfnrqeOO065A2dCjUm7W6YX0+0NEfOwMM3eBUzk=; b=D1URPLEBM2qCLhGPn8+eGIj6UT5hxpQcioUiFLZZ647bbDWY9fkbNz3nv735EH+QvBeh+bDPkfbQhHsxAP57LBqIdxBuAE5P3W4pMUQaKl/3mB8UjJLXWgNZxhT17xqnQovo1y3tCBAiX/HekofVi+gtLv6lxa1jJqFzH3bbtrUmyxdqw4+DcaizmIAM3JbBRf909AGCX6Sa1iON5X9XSdqZ6h+0zNie9LiFY1yBpny6jV5elCOFPbWf6DUD0tnhsT8XrvKMMerIueShqe526/83i0gzdBxx3TsUtxm5gFJLaA3vL2GPRnT4IfRuXH4GluUvA4pqwGX/B3OqU9xlrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W/p8QfnrqeOO065A2dCjUm7W6YX0+0NEfOwMM3eBUzk=; b=shcUiFmONfih8CqvEDTI9MZS2D5BpbHpo9b6GU+nCGZ8Vi48bnjdp2Cw+tPO9u8iNLtPZMXqAqQrdnGb5zTSabUn+slhTwA8PkgMS1OlKxMB+i+KxmOJDKfNSenhTejtbS9Q2DqaDffwvF92b74U3NBOnl3M/BYzEvKjAZgVnrw=
Received: from MN2PR13MB3582.namprd13.prod.outlook.com (10.255.238.139) by MN2PR13MB3277.namprd13.prod.outlook.com (20.179.151.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.12; Tue, 13 Aug 2019 18:07:24 +0000
Received: from MN2PR13MB3582.namprd13.prod.outlook.com ([fe80::51ed:57ae:d3a7:e4bd]) by MN2PR13MB3582.namprd13.prod.outlook.com ([fe80::51ed:57ae:d3a7:e4bd%7]) with mapi id 15.20.2178.013; Tue, 13 Aug 2019 18:07:24 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Robert Raszuk <robert@raszuk.net>
CC: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] Solicit feedback to BGP UPDATE encoding options for SDWAN WAN port properties propagation among SDWAN edges (pros & cons to draft-dunbar-idr-sdwan-port-safi and alternatives)
Thread-Index: AdVRV+YQ5VdTuG26RVmF8buwngYjtQAV3jOAABNHW0A=
Date: Tue, 13 Aug 2019 18:07:23 +0000
Message-ID: <MN2PR13MB3582010691E60DACD0C133D485D20@MN2PR13MB3582.namprd13.prod.outlook.com>
References: <MN2PR13MB35824E1E96BE08CDCBE8488585D30@MN2PR13MB3582.namprd13.prod.outlook.com> <CAOj+MMEgkHL12kE87SVaUEJ+9Xeob=gU5Z=sKX+isQ=x0PtA-A@mail.gmail.com>
In-Reply-To: <CAOj+MMEgkHL12kE87SVaUEJ+9Xeob=gU5Z=sKX+isQ=x0PtA-A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=linda.dunbar@futurewei.com;
x-originating-ip: [12.111.81.80]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2e87abb5-2e0b-4129-2d0b-08d7201917dd
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:MN2PR13MB3277;
x-ms-traffictypediagnostic: MN2PR13MB3277:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <MN2PR13MB327785C1D24E7C5B441DEA0E85D20@MN2PR13MB3277.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01283822F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(376002)(39850400004)(396003)(346002)(189003)(51914003)(199004)(236005)(4326008)(55016002)(86362001)(71190400001)(71200400001)(53936002)(66066001)(316002)(476003)(446003)(6436002)(966005)(52536014)(14444005)(5024004)(256004)(76116006)(229853002)(6916009)(53946003)(11346002)(25786009)(5660300002)(186003)(478600001)(733005)(2420400007)(7736002)(54896002)(102836004)(26005)(7696005)(6116002)(3846002)(76176011)(15650500001)(53546011)(8936002)(9686003)(99286004)(99936001)(6306002)(54556002)(14454004)(6506007)(7110500001)(33656002)(74316002)(561944003)(6246003)(44832011)(66946007)(8676002)(486006)(64756008)(66556008)(66476007)(66576008)(66446008)(81166006)(81156014)(2906002)(606006)(5070765005)(790700001); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR13MB3277; H:MN2PR13MB3582.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BlqqZJqWiI8JgExXVmiHEL+7w0cs1x5VHNQsnFrz/mu8cR2gnZYyJnK2sli6LS1HGp2YsFSlS/cBSrH+/dMhWoUJFFKRHDPpCTegu9NrgBnyIa45DarMhN7HxziCfVYA5GIsDAAT7+xWQujO4MVfnHyVNNPkt0dnxvxxtzswxL/79N+t87OP6y0RS8XqWUtB/ELlcbhzpqR/xcEOoz4fexKIfbhYPHezer5mEgWrKkE9hRXe8f2Qf4eZUUSPfDoNFxxSScE3FqgFokSe/w8yyBi4zVo99gt7S4SCpcW/76vqm900blqgW1LgqCCa2xcEotILkTDWiVvfHI97787AWXMk0V8XdlxDf+/s8LjAdjKjUEEXD4kqMLEc3D+RG+2PKd2yDb4itBk+u2HPU18u6iaSXqEMVZOSbAoXAGL7hcM=
x-ms-exchange-transport-forked: True
Content-Type: multipart/related; boundary="_007_MN2PR13MB3582010691E60DACD0C133D485D20MN2PR13MB3582namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2e87abb5-2e0b-4129-2d0b-08d7201917dd
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2019 18:07:23.5780 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zDZjk473IwuVxoO/AoweIDVMT/6nSF10KSYkOgsCTpu2G46+M18c7ZrMVaItn+IKhoUb5kyJCGaL4PbSr10uig==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB3277
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/0ttPRgzVhaOIVt0f2ihLzfit52I>
Subject: Re: [Idr] Solicit feedback to BGP UPDATE encoding options for SDWAN WAN port properties propagation among SDWAN edges (pros & cons to draft-dunbar-idr-sdwan-port-safi and alternatives)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 18:07:32 -0000

Robert,

Thanks for the quick feedback. It is interesting that you mentioned LISP, I had “LISP” listed as the 4th option in my first version of the analysis, then decided to remove it because the discussion is in IDR group. Legitimate question on WHY BGP?

In addition to looking into your suggested “out of box thinking” that BGP carrying some short reference the actual information should be kept outside of it in one of the new global databases,  here are some of the Compelling reasons of using BGP to distribute SDWAN edge properties among peers that might be spread across the globe:
(note: the BGP for SDWAN Edges is running at different layers than the BGP for underlay networks, i.e. not “FLAT” BGP. They are among SDWAN edges, not for exposing to underlay provider as you stated EBGP. When the underlay network service providers use SDWAN to temporarily expand bandwidth in some segments, they have more reason to use BGP to minimize amount of learning & configuration of introducing new protocols in their environment)


     *   BGP already widely deployed as sole protocol (see RFC 7938). Even if not for this purpose of propagating SDWAN WAN port properties, the BGP base protocol implementation is supported by virtually all switches/routers (virtual & physical).  Even AWS VPC export the BGP routes.
     *   Wide acceptance – minimal learning (which is very important requirement for operations)
     *   Robust and simple implementation,
     *   Reliable transport
     *   Guaranteed in-order delivery
     *   Incremental updates
     *   No flooding and selective filtering
     *   RR already has the capability to apply policies to communications among peers.
Bottom line:  It is much easier to add one function than adding a brand-new protocol stack.

Alternative: extending LISP, NHRP, DSVPN/DMVPN

     *   In addition to more proposal changes needed, NHRP/DSVPN/DMVPN don’t scale well.
     *   More learning, more barrier to be deployed, just think how many decades of painful journey deploying IPv6.
     *
Prior extension of BGP for non-client routes reachability: Flowspec, BGP LS, Segment routing policies, etc

Linda

From: Robert Raszuk <robert@raszuk.net>;
Sent: Tuesday, August 13, 2019 3:16 AM
To: Linda Dunbar <linda.dunbar@futurewei.com>;
Cc: idr@ietf.org
Subject: Re: [Idr] Solicit feedback to BGP UPDATE encoding options for SDWAN WAN port properties propagation among SDWAN edges (pros & cons to draft-dunbar-idr-sdwan-port-safi and alternatives)

Hi Linda,

I must up front say that your efforts in this area are very useful ! Thank you for this work.

But in the same time I need to ask why are we so much hostage of BGP and attempt to propagate all of this opaque information in BGP ? SDWANs by design are to span globe and out of the information you would inject into global BGP only tiny fraction (if even that much) would benefit - for rest of the users it will be unneeded data.

My suggestion here is to think outside of the box and while BGP could carry some short reference the actual information should be kept outside of it in one of the new global databases. See today I operate a global SDWAN and it works just fine when my controller is distributed in AWS cloud.

I would be actually afraid to advertise anything in my EBGP sessions to my providers and it may just attract attacks and hackers towards my sides without any real value to the sites I am interconnecting.

So perhaps we should spend this energy on building secure NNI to the interface of such public database rather to keep loading more and more service info into flat BGP ?

Many thx,
R.

PS. Natural question POPs up - what's wrong with using LISP mapping plane for it ? Sure some are allergic to LISP just like some were allergic to MPLS, but is this really a right reason not to explore full spectrum of options ?

On Tue, Aug 13, 2019 at 12:48 AM Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
IDR participants:

Many thanks to the feedback from IETF105 discussion on draft-dunbar-idr-sdwan-port-safi, especially the hallway discussions with Ali Sajassi, John Drake, Keyur Patel and Sue Hares on other possible encoding options. I put together an analysis of multiple BGP UPDATE encoding options to achieve SDWAN WAN port properties propagation among SDWAN edges. Please see the slides in the IDR WIKI page: https://trac.ietf.org/trac/idr/attachment/wiki/WikiStart/<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fidr%2Fattachment%2Fwiki%2FWikiStart%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C1dcce2de7b98451f28ac08d71fc68923%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637012809899266710&sdata=pOfkTPzzGqHfcukg6Oz5gtcNmFNPnd5D73H76OTEr5E%3D&reserved=0>

The Goal is for WAN Ports Property Propagation across SDWAN nodes in different domains
[cid:image002.png@01D551D3.114A02B0]


The constraints are those SDWAN edges can be spread across different geographical locations, their connection to RR can be over untrusted networks, and they might not know the reachable addresses for the peers they need to communicate (therefore needing RR to propagate).

There are many ways to skin the cat… different encoding for BGP Update Messages

Option 1: Extending Tunnel-Encap with existing IP’s SAFI to achieve WAN port registration.
[cid:image004.png@01D551D3.114A02B0]


  *   Pros:

     *   no new SAFI introduced, the update messages can traverse existing routers

  *   Cons:

     *   Same IPv4/IPv6 SAFI NLRI carries the WAN port information that is very different from clients’ routes attached to the C-PEs.
     *   The receivers (RR) has to do extra processing to differentiate the UPDATE messages  from the attached routes UPDATE messages.

Option 2: Tunnel-Encap with SDWAN NLRI for SDWAN WAN Ports Prosperities & Policies described by draft-dunbar-idr-sdwan-port-safi-02
[cid:image006.png@01D551D3.114A02B0]


  *   Pros:

     *   Clean design and processing on the receivers (RRs). Simpler processing to differentiate the UPDATE messages  from the attached routes UPDATE messages.

  *   Cons:

     *   New NLRI is introduced, the update messages can’t traverse existing routers

        *   Since the the Tunnel UPDATE message with the new SDWAN NLRI/SAFI is strictly between SDWAN edge nodes and their respective RR(s) via a secure tunnel, the SDWAN UPDATE messages are not going to traverse existing routers. Therefore, it doesn’t cause any issues.

Option 3: Using the new SAFI introduced for BGP labeled Colored Unicast  described by draft-szarecki-idr-bgp-lcu-traffic-steering

[cid:image008.png@01D551D3.114A02B0]


  *   Pros:

     *   leverage the newly proposed NLRI for carrying Traffic Color across domains
     *   Similar goal as SDWAN needing to propagating WAN port properties across domain/geolocations

  *   Cons:

     *   Need to attach the attributes which haven’t been specified by the draft yet.


Need to ask merging the content from draft-dunbar-idr-sdwan-port-safi-02..


We are looking for feedback to those analysis and options.

Thank you very much
Linda Dunbar
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C1dcce2de7b98451f28ac08d71fc68923%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637012809899266710&sdata=t%2B11tSNemH%2FSteHUL%2FefOgSi1WB8QPfvKxocxbcnkBE%3D&reserved=0>