Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12

"Susan Hares" <shares@ndzh.com> Mon, 22 July 2019 14:57 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF19012032F; Mon, 22 Jul 2019 07:57:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.049
X-Spam-Level: *
X-Spam-Status: No, score=1.049 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8ZPB-AeCMQI; Mon, 22 Jul 2019 07:57:11 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C24121201D3; Mon, 22 Jul 2019 07:57:10 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=31.133.154.200;
From: "Susan Hares" <shares@ndzh.com>
To: "'Linda Dunbar'" <linda.dunbar@futurewei.com>, "'Keyur Patel'" <keyur@arrcus.com>, "'Acee Lindem \(acee\)'" <acee@cisco.com>, "'John Scudder'" <jgs@juniper.net>
Cc: <idr@ietf.org>, <draft-ietf-idr-tunnel-encaps@ietf.org>, "'Robert Raszuk'" <robert@raszuk.net>
References: <MN2PR13MB358247036D97F6620E2CB987A9130@MN2PR13MB3582.namprd13.prod.outlook.com> <234E41A5-F754-4630-B73C-8A9D52E44198@juniper.net> <6691B6FF-E9F5-4E9B-8D91-E8371993EDB5@juniper.net> <MN2PR13MB35826173FB5AC8D019497438A9ED0@MN2PR13MB3582.namprd13.prod.outlook.com> <5E89EE56-8852-4A1C-B072-EFE15ADA2618@juniper.net> <9E64708F-5E78-422C-8339-3447529BABB4@arrcus.com> <CAOj+MMFVhNFUnAe-QxyWHX65PY=VQmCK0N5aOcx=5nAApX5z4g@mail.gmail.com> <68538D45-E8CD-4FDA-ABA4-BEC4A7586410@juniper.net> <MN2PR13MB3582C58B3C84105B43191547A9EC0@MN2PR13MB3582.namprd13.prod.outlook.com> <F0F388CC-9B96-4E35-8E20-72A3B0C75347@arrcus.com> <900E9356-CB87-4148-BAE9-238A6C3A3230@juniper.net> <20D8F76F-093A-48E3-873C-90720EAD5C51@arrcus.com> <12DEE829-3FAD-4E05-B5AF-EF61046CD5D6@cisco.com> <5460E5F7-8F8A-4F06-9494-C25D11E0BAFF@arrcus.com> <MN2PR13MB358211D57A510E22ACEC07DF85C40@MN2PR13MB3582.namprd13.prod.outlook.com>
In-Reply-To: <MN2PR13MB358211D57A510E22ACEC07DF85C40@MN2PR13MB3582.namprd13.prod.outlook.com>
Date: Mon, 22 Jul 2019 10:56:56 -0400
Message-ID: <003801d5409d$b59b88d0$20d29a70$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0039_01D5407C.2E9644E0"
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-us
Thread-Index: AQIqxuDAI7j1Uabo3xeB3fKqBmcDfQCrpuwcAWbYPzIBMLlV6ADmOckVAa+YlOsB0LfdMAJmAcd1AIHMJLUCad+MOQITXdC+ApcjYnABPjOXGwFlkgI8Ay6LIESlb+o5MA==
X-Antivirus: AVG (VPS 190722-4, 07/22/2019), Outbound message
X-Antivirus-Status: Not-Tested
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/P7MPVU6KCsXlRePpVSTxJEdFLJ4>
Subject: Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 14:57:21 -0000

Linda and Keyur:

<chair hat on> 

At this point, I will channel John Scudder as well as myself. 

 

At this point, adding these functions to the current draft is out of scope.    The draft has past WG LC and the changes allowed are “errors” or generally accepted “textual changes”.   Keyur and his co-authors last revision was done under those constraints. 

 

Additional features for the tunnel encapsulation drafts will need to go in a follow-on draft.   Many people have proposed follow-on additions.  Drafts related to those follow-on (e.g. draft-hujun-idr-bgp-ipsec-00.txt). 

 

<chair hat off> 

 

Cheerily, Susan Hares

 

From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Linda Dunbar
Sent: Monday, July 22, 2019 10:51 AM
To: Keyur Patel; Acee Lindem (acee); John Scudder
Cc: idr@ietf.org; draft-ietf-idr-tunnel-encaps@ietf.org; Robert Raszuk
Subject: Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12

 

Keyur, 

 

Will the Tunnel-Encap draft also add PE WAN ports properties propagation to controlled group of peers (PEs)? 

Specifically, the functionality that would help the C-PE to register its WAN Port properties. 

In SDWAN scenarios, Some WAN ports are facing public internet with ISP assigned addresses, some WAN ports are assigned with private addresses which need to propagate NAT information to the trusted peers via Controllers, such as the virtual C-PEs instantiated in public Cloud DCs, and some WAN ports are facing the trusted MPLS network.

 

Linda

 

From: Idr <idr-bounces@ietf.org> On Behalf Of Keyur Patel
Sent: Monday, July 22, 2019 9:43 AM
To: Acee Lindem (acee) <acee@cisco.com>om>; John Scudder <jgs@juniper.net>
Cc: idr@ietf.org; draft-ietf-idr-tunnel-encaps@ietf.org; Robert Raszuk <robert@raszuk.net>
Subject: Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12

 

Folks,

 

Draft version 13 is posted. We have redefined “Remote Endpoint Sub-TLV” to “Tunnel egress endpoint”.  We also added text in section 3.1 to clarify the definition of “Tunnel egress endpoint”. Finally, IANA section is updated to request the change the name to “Tunnel egress endpoint”.

 

Best Regards,

Keyur

 

https://datatracker.ietf.org/doc/html/draft-ietf-idr-tunnel-encaps-13 <https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-idr-tunnel-encaps-13&data=02%7C01%7Clinda.dunbar%40futurewei.com%7Ce81eecd6b79a4bd3ec5708d70eb301ae%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C636994034308649731&sdata=paB0kDdY%2FjWTXRqrONIxn99qxwlXaD3baIiM9xTAzeE%3D&reserved=0> 

 

From: "Acee Lindem (acee)" <acee@cisco.com>
Date: Wednesday, June 12, 2019 at 5:25 PM
To: Keyur Patel <keyur@arrcus.com>om>, John Scudder <jgs@juniper.net>
Cc: "idr@ietf.org" <idr@ietf.org>rg>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>rg>, Robert Raszuk <robert@raszuk.net>
Subject: Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12
Resent-From: <keyur@arrcus.com>

 

All,

It occurred to me that “Remote Endpoint Sub-TLV” is somewhat of a misnomer and perhaps there would be less confusion if this were referred to as the “Tunnel Endpoint Sub-TLV”. 

Thanks,

Acee

 

From: Idr <idr-bounces@ietf.org> on behalf of Keyur Patel <keyur@arrcus.com>
Date: Wednesday, June 12, 2019 at 1:57 PM
To: John Scudder <jgs@juniper.net>
Cc: IDR List <idr@ietf.org>rg>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>rg>, Robert Raszuk <robert@raszuk.net>
Subject: Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12

 

Hi John, all

 

To that point, I am ok with putting in a text that clarifies a  definition of a remote end-point address. What I like to do is provide a flexibility on what that address can be so it can be inserted by controllers (within the same administrative domain). 

 

Please provide a short text describing the endpoint definition and would be happy to incorporate. 😊

 

Otherwise here is the suggested text for section3.1: “The Remote Endpoint Sub-TLV”:

Instead of:

3.  an address sub-field, whose length depends upon the Address

       Family.

Maybe:

3.  an address sub-field, whose length depends upon the Address

       Family. This is a remote endpoint address for the tunnel. Receiving BGP speaker of this sub-TLV MUST use this address to establish the tunnel. 

 

  

Regards,

Keyur

 

From: John Scudder <jgs@juniper.net>
Date: Wednesday, June 12, 2019 at 10:15 AM
To: Keyur Patel <keyur@arrcus.com>
Cc: Linda Dunbar <ldunbar@futurewei.com>om>, Robert Raszuk <robert@raszuk.net>et>, "idr@ietf.org" <idr@ietf.org>rg>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>
Subject: Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12
Resent-From: <keyur@arrcus.com>

 

(As a contributor) 

 

I guess the disconnect arises from how each reader parses “remote”. To me, and I guess other reviewers who also didn’t notice a problem, it is self-evident that “remote” means “the other end of the tunnel from the point of view of the router encapsulating the packet”. This conversation makes it clear that’s not the only possible reading. As mentioned earlier, I would have no objection to clarifying that point.

 

—John





On Jun 12, 2019, at 12:58 PM, Keyur Patel <keyur@arrcus.com> wrote:

 

Hi Linda,

 

My comments inlined #Keyur

 

From: Linda Dunbar < <mailto:ldunbar@futurewei.com> ldunbar@futurewei.com>
Date: Wednesday, June 12, 2019 at 8:54 AM
To: John Scudder < <mailto:jgs@juniper.net> jgs@juniper.net>gt;, Robert Raszuk < <mailto:robert@raszuk.net> robert@raszuk.net>
Cc: Keyur Patel < <mailto:keyur@arrcus.com> keyur@arrcus.com>gt;, " <mailto:idr@ietf.org> idr@ietf.org" < <mailto:idr@ietf.org> idr@ietf.org>gt;, " <mailto:draft-ietf-idr-tunnel-encaps@ietf.org> draft-ietf-idr-tunnel-encaps@ietf.org" < <mailto:draft-ietf-idr-tunnel-encaps@ietf.org> draft-ietf-idr-tunnel-encaps@ietf.org>
Subject: RE: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12
Resent-From: < <mailto:keyur@arrcus.com> keyur@arrcus.com>

 

John and authors:

 

The Section 1.1 says that if R1 sends packets to R2, the remote endpoint of such tunnel is R2. Of course, from R1’s perspective, R2 is the remote endpoint.

But when R2 composes a Tunnel-Encap Update, it is not obvious and not intuitive at all that R2 needs to call itself “remote”. That is where the confusion is. I have raised this question back in -10 version, repeated the question on IDR mailing list, but no one answered. 

 

#Keyur: Hopefully this has been clarified.

 

Many thanks to John responding to my questions. Those emails have helped me to understand the intent of the draft. But I am sure that many implementors who don’t participate in this discussion and future new people coming to IDR will be confused as I was. No wonder it is so hard for any new people to participate/contribute to IDR.

 

Simply put, this draft is to announce a node’s tunnel encapsulation capabilities (either by its own, or by a third party), Correct?

 

#Keyur: And the tunnel endpoint address (minimally. Abstract has it covered).

 

It will be very helpful to implementors, who are not participating in the discussion today, to add this one sentence to the beginning of Section 3.1:

 

Remote Endpoint is from receivers’ perspective. When an endpoint A announces its tunnel encapsulation capabilities, it put its own address in the “Remote Endpoint” sub-TLV.

 

It will be even more helpful to add this sentence to the Abstract and Introduction:

This draft is to announce an endpoint’s (a node or an interface)  tunnel encapsulation capabilities (either by its own, or by a third party), so that receivers can establish appropriate tunnels to this endpoint.

 

#Keyur: Super. Thanks! As a FYI: There is a text that is in Abstract section 1.2 and section 1.3 which says what you have said and I quote them.

 

Abstract

<snip>

This document adds support for additional

   tunnel types, and allows a remote tunnel endpoint address to be

   specified for each tunnel.

 

</snip>

 

Section 1.2

<snip>

There is no way to use the Tunnel Encapsulation attribute to

      specify the remote endpoint address of a given tunnel; [RFC5512]

      assumes that the remote endpoint of each tunnel is specified as

      the NLRI of an UPDATE of the Encapsulation-SAFI.

</snip>

 

Section 1.3

<snip>

Defining a new "Remote Endpoint Address sub-TLV" that can be

      included in any of the TLVs contained in the Tunnel Encapsulation

      attribute.  This sub-TLV can be used to specify the remote

      endpoint address of a particular tunnel.

 

</snip>

Regards,

Keyur

 

 

Thank you very much. 

 

Linda 

 

 

 

 

 

 

 

 

From: John Scudder < <mailto:jgs@juniper.net> jgs@juniper.net> 
Sent: Wednesday, June 12, 2019 8:50 AM
To: Robert Raszuk < <mailto:robert@raszuk.net> robert@raszuk.net>
Cc: Keyur Patel < <mailto:keyur@arrcus.com> keyur@arrcus.com>gt;; Linda Dunbar < <mailto:ldunbar@futurewei.com> ldunbar@futurewei.com>gt;;  <mailto:idr@ietf.org> idr@ietf.org;  <mailto:draft-ietf-idr-tunnel-encaps@ietf.org> draft-ietf-idr-tunnel-encaps@ietf.org
Subject: Re: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-12

 

(As an individual contributor)







On Jun 12, 2019, at 6:07 AM, Robert Raszuk < <mailto:robert@raszuk.net> robert@raszuk.net> wrote:

 

If A sends an update to B with field of "remote endpoint" does this field apply to A or B ? Is it remote from sender perspective or receiver perspective of BGP update. That is the dilemma here. 

 

If you read section 1.1 you’ll see (emphasis added):

 

   In this scenario, when R1 transmits packet P, it should transmit it
   to R2 through one of the tunnels specified in U's Tunnel
   Encapsulation attribute.  The IP address of the remote endpoint of
   each such tunnel is R2.  Packet P is known as the tunnel's "payload".

 

That seems to leave nothing to the imagination. But wait you might say, that describes RFC 5512, how am I supposed to know tunnel-encaps has not reversed the definition? For that, we can take a look at section 5, "Semantics and Usage of the Tunnel Encapsulation attribute”, which is exactly where I as a reader would go look to find the semantics and usage, before I decided to complain they were not clear. The bulleted list in that section leaves no room for doubt as to whether the field applies to A or B: it applies to B. 

 

So, as a reader, who is looking for clarity and not for things to complain about, I think the document is clear.

 

(As a co-chair)

 

Despite what the individual contributor said above, if the authors desire to add a short definition of “Remote Endpoint” to address these complaints, I wouldn’t have a problem with that and don’t think it would require another last call period.

 

Regards,

 

—John