IETF Logo Mail Archive

Re: [Idr] draft-litkowski-idr-flowspec-interfaceset => NLRI vs EXTCT (part 2)

Robert Raszuk <robert@raszuk.net> Thu, 27 July 2017 19:44 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4210E129562 for <idr@ietfa.amsl.com>; Thu, 27 Jul 2017 12:44:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.398
X-Spam-Level:
X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O-zTI60fZ4gE for <idr@ietfa.amsl.com>; Thu, 27 Jul 2017 12:44:43 -0700 (PDT)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0BB1126CD6 for <idr@ietf.org>; Thu, 27 Jul 2017 12:44:43 -0700 (PDT)
Received: by mail-io0-x236.google.com with SMTP id m88so74279112iod.2 for <idr@ietf.org>; Thu, 27 Jul 2017 12:44:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jqAHbAGnPa2RhQ+FDSXc+TXvpup5BS5DDHwC96Px4dM=; b=tb5unLVqy+XVVPKzebOnKYRBNlA3fzH7os6BcoTF71iVbbPi0OSnF4+EOpbmYWUXoE SyHb/Xmlp5PJg/c9SYlPb35pFoP6KwZWeAgYIGAGhr2/kWo3KcNHvqZM57W+0gVLlvsS k2FCdKmkT+uyA6Z98wQI5QAJ9WycBIGPZe+DEjEdJBsJg5ykJ1x9KxNl9kZbcL2oOSMT chVFxpNuYdzlBmXqDwjx6P/Oy5Q5PjVrwyNDFGsKuU+i4LdLh+JElCR+Yz//rDwqSvHe 0Xibdt4xg2KC87wq8uZTOWEFRl+bA8Dbe7YBO4NtRn/vjxVj7vhuzQ8PnK905iRRXgsc u9Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=jqAHbAGnPa2RhQ+FDSXc+TXvpup5BS5DDHwC96Px4dM=; b=LQqufl/igMLeaUCVGjGN/NPa+QugOBYKqrcKw4bZ8Ia9OTe5UfiuTXkKIRDLIjKKGO Wyx3RmS5ZIV9I2KRNA+pZ5ktqfLbAefAg+QXFhrkuEeakIw0ADNgVdZPygE379O5mGGW GWTNYKtFKNN1rjSPNm3zfSzC77dVF/4wPGzVFBhd5mNVxndArd7L8M16N8g9NwyxDrnv IA2V46MOIqMjUZgbKDe3Z/pPDz1X8PWcH6aMLF0rHVahxu43v/pa2ZtsxCWqVmL7AcuU DcilZr5A9fs/Vqlx/Ihjd0h/YtlPrPQy9+JQpJcAxWeUfzemQuSKOdvS+PBvGPGs1Ig9 DPWg==
X-Gm-Message-State: AIVw111U2gnwPUuEP3EDurvMyK8pqjLCCK6pFslzll2zow47Ip36Yxae rWKunZ9f7azTMZuNZ2R3CaChTpMj7r+D
X-Received: by 10.107.157.9 with SMTP id g9mr6996798ioe.46.1501184682836; Thu, 27 Jul 2017 12:44:42 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.79.153.21 with HTTP; Thu, 27 Jul 2017 12:44:42 -0700 (PDT)
In-Reply-To: <8dd3e766b58944a3b176fc743e478137@XCH-ALN-014.cisco.com>
References: <9fa67eb0-8f99-a46f-aff1-d42a279ab833@cisco.com> <CA+b+ERmaARaPLQv-g58WGNJCDcKN3gdf-F9wnCwusw+jwX7paw@mail.gmail.com> <8dd3e766b58944a3b176fc743e478137@XCH-ALN-014.cisco.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 27 Jul 2017 21:44:42 +0200
X-Google-Sender-Auth: TVYCeOmGP9YbcUliK8jzU6k4lTU
Message-ID: <CA+b+ERnDHgk6gVi3K1+yAbRaXoft2+xqNig=pTbgRsWRC98-zA@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Cc: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>, idr wg <idr@ietf.org>
Content-Type: multipart/alternative; boundary="001a1140c5c6c34f9c055551cb96"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/RIjRJGUkCRHNaSv8gxjOdY-IiQg>
Subject: Re: [Idr] draft-litkowski-idr-flowspec-interfaceset => NLRI vs EXTCT (part 2)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2017 19:44:46 -0000

Hi Jakob,

Two flowspec routes with the same NLRI may be originated by different
> speakers.
>

Group-id (scoped application of specific flow-spec rules) is addressing a
special case where it is generated carefully by either controller or
provisioning tools. I do not see therefor a practical case where the same
such rule would be coming from two or more independent sources and would be
applicable ​to different interface groups.

It sounds more like a protocol conflict or provisioning bug and not
something we should worry about how to carry it across RRs. Standard
protocol behavior would be fine here.

Now also notice what would receiver do ... treat the subsequent update with
the exactly same NLRI as implicit withdraw or run best path if they come
from different peers and still apply single one to local data plane. So
really there is no point to give it both such paths with ADD-PATHs. As it
is on final receivers the same should be done on RRs ...

​Cheers,
//RR.​



> The first route will have one group-id. The second route will have another
> group-id.
>
>
>
> Thanks,
>
> Jakob.
>
>
>
> *From:* Idr [mailto:idr-bounces@ietf.org] *On Behalf Of *Robert Raszuk
> *Sent:* Wednesday, July 26, 2017 4:38 PM
> *To:* Juan Alcaide (jalcaide) <jalcaide@cisco.com>
> *Cc:* idr wg <idr@ietf.org>
> *Subject:* Re: [Idr] draft-litkowski-idr-flowspec-interfaceset => NLRI vs
> EXTCT (part 2)
>
>
>
> Hi Juan,
>
>
>
> >  (we assume controller(s) may not want to send multiple ext-communities
> with same NLRI).
>
>
>
> If I recall group-ids are carried in new RT format:
>
>
>
> "This new BGP Route Target extended community is encoded as follows :
>
>
>
>        0                   1                   2                   3
>
>        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>       |  Type (TBD)   |      0x02     |    Autonomous System Number   :
>
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>       :     AS Number (cont.)         |O|I|      Group Identifier     |
>
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> "
>
>
>
> So just like an UPDATE message of SAFI 128 may contain many RTs why would
> you see any
>
> issue to carry multiple ext communities of the above format here ?
>
>
>
> Best,
>
> R.
>
>
>
> On Thu, Jul 27, 2017 at 1:01 AM, Juan Alcaide (jalcaide) <
> jalcaide@cisco.com> wrote:
>
> Hi,
>
> From a previous thread, I see from the that using EXTCOMM to carry
> group-id information the choice. Reason was that every AS could use their
> own the group-id (perhaps different than another AS). With this choice,
> ADD-PATHS must be mandatory in order to support multiple group-ids for the
> same flowspec rule  (we assume controller(s) may not want to send multiple
> ext-communities with same NLRI).
>
> But the draft really does not describe how to use ADD-PATHS, and it does
> not discuss its problems:
>
> - Usually, ADD-PATHS is used for path diversity, and implementations
> typically don't advertise 2 paths with the same next-hop (otherwise, we
> could have path explosion across multiple levels of RRs)
>
> - If ADD-PATHS has to advertise the same NLRI with different
> ext-communities, one solution would be for ADD-PAHTS not advertise the same
> set of ext-communities. Unless, I guess, next-hops are different.
> Otherwise, we would have path explosion.
>
> - Assuming the above, we should define a particular set of ADD-PATHS rules
> for flowspec AF. And, of course, leave the door open for future specific
> ADD-PATHs rules for other AFs (it would not be about path diversity
> anymore, but about propagating different information for forwarding
> purposes -imagine what we could have done with an IPv4 prefix: send the
> same net part as a NLRI and multiple ext-communities representing different
> prefix-lengths -).
>
> - Since paths in a net are typically implemented as a list, there could be
> scalability problems if we ever want to support many group-ids.
>
> My solution to simplify all these problems would be to add a discriminator
> on the NLRI (by defining a new dummy type for flowspec). We could still use
> ext-communities to actually match the NLRIs to interfaces. Similar to RD
> and RT usage.
>
> Thoughts?
>
> -J
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>
>

v2.23.0 | Report a Bug | By Email