[Idr] Open issues with Comments on draft-vandevelde-idr-remote-next-hop-08
"Susan Hares" <shares@ndzh.com> Thu, 16 October 2014 00:32 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A25241ACEA2 for <idr@ietfa.amsl.com>; Wed, 15 Oct 2014 17:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.946
X-Spam-Level:
X-Spam-Status: No, score=0.946 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yTEiXN3MvQqf for <idr@ietfa.amsl.com>; Wed, 15 Oct 2014 17:32:31 -0700 (PDT)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) by ietfa.amsl.com (Postfix) with ESMTP id F0E341ACEA0 for <idr@ietf.org>; Wed, 15 Oct 2014 17:32:30 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=87.143.107.186;
From: Susan Hares <shares@ndzh.com>
To: idr wg <idr@ietf.org>
Date: Wed, 15 Oct 2014 20:32:20 -0400
Message-ID: <013001cfe8d8$a8535fd0$f8fa1f70$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0131_01CFE8B7.21456950"
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-us
Thread-Index: Ac/o1lMByC7zb8RLT6SRzAAn7YF8qA==
X-Authenticated-User: skh@ndzh.com
Archived-At: http://mailarchive.ietf.org/arch/msg/idr/Rg8acOhHoxac9lZJukm62JGryNE
Cc: "'John G. Scudder'" <jgs@bgp.nu>
Subject: [Idr] Open issues with Comments on draft-vandevelde-idr-remote-next-hop-08
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 00:32:36 -0000
Many of you have read of my concern regarding the proliferation of nexthop setting in the L2VPN and L3VPN. I personally am interested to find out if there is a clean way to distribute tunnel-endpoints/remote next-hops. This arises from my reading of several next-hop related drafts, and specifically draft-sajassi-l2vpn-evpn-inter-subnet-forwarding which stuff next-hops information into a series of communities. While I credit the Ali and his co-authors with a delightful hack, it brings up that IDR has not really provided a good general mechanism for tunnels/remote next hops. As we have discussed the next-hop issue over the last 10 years, we have found the more general solution for next-hops is hard. We have ended up adopting more and more point solutions. Our current potential solutions such as RFC 5512 and draft-vandevelde-idr-remote-next-hop-08. Are there other solutions? These solutions must at least consider how this will interact with SIDR origin validation and bgp-sec. Please let me know if you have interesting work we should discuss. If we run out of time at IETF 91, we will hold these discussions in interim meetings after IETF 91. In this light, I offer 11 summary discussion points on the draft-vandevelde-idr-remote-08 draft. I appreciate the hard work that the authors of this draft have done in originating and refining the draft. If you wish to discuss one of these points, I recommend you repost the point and begin the discussion. Sue Hares ------------ Open issues from my reading: 1) RFC 5512 related issues Comment: Section 3.1 indicates that SAFI includes tunnel, but the remote-next-hop attribute allows this to be separated from the SAFI. Question to WG: Are there any RFC5512 implementations deployed? Question to Rosen: Does this section 3.1 in version -08 address your comments on: SAFI with different NLRI, multiple tunnel endpoints , RFC5512 avoidance of per NLRI encapsulation. 2. IPv6 multi-homing use case and other use cases Concern: Bruno and Yakov have suggested IPv6 multi-homing use case is not proved. I agree with their assessment. Proposal: Pull Use Case 11.1, 11.2, 11.3, and 11.4 out of the draft to another draft. We will use this draft to determine the use cases that remote can handle. Put one use case (11.2 or 11.3) that is fully fleshed out with: a) why this attribute is needed, b) how this mechanism is better than existing mechanisms (RFC5512 at least), c) why it is better than other alternatives, and d) how extensible the alternative is. One use cases is the 5+ nexthops in various places. The following are examples: draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-05 puts it in a series of communities, RFC5512 put it in SAFI RFC6514 provides it as part of MPLS for L3VPN The use case draft should survey existing uses and then propose a set of requirements. 3. Discuss why it is necessary to have both a next-hop and remote next hop? The following things need to be improved in this draft: Clarify that many nlris to 1 remote nexthop attribute in a update packet (Example: 30 NLRIs to one Remote Nexthop attribute). Expanding section 3 might help. Why both a next hop (mandatory) and a remote nexthop (optional transitive)? This could expand section 10. What underlay routes are, and how they are used to do recursive lookup validation. This is mentioned in the security section, but it clearly needs to also be in the operational section. How next-hop and the remote nexthop operate in bestpath selection. Keyur indicated it followed this logic: o policy validates the use of remote next hop o If the remote next-hop valid to policy, the remote next hop is used in preference to nexthop. o If the remote next-hop is valid but does not have a valid recursive nexthop, then the next hop is selected. Tie breaking needs to be defined within the above logic for: o tie-breaking between two valid remote-nexthops for the cases: § two routes have the same nexthop hop and different valid remote-nexthops, § two routes have different nexthops and the same valid remote nexthop. o Check that the validation of this work solves the following situations mentioned by Eric Rosen: § Situation 1: Can we get into a situation where two routes have the same next hop but different remote next hops? If we reach the decision process tie-breaker step that chooses the route with the closest next hop, we might end up choosing the route that does not have the closest remote next hop. Since the remote next hop is where we want to send the data, does this make sense? § Situation 2: Suppose a given route does not have a remote next hop, but when we do recursive resolution of the next hop we encounter a route that does have a remote next hop. Are we supposed to use that remote next hop? § Situation 3: When a remote next hop attribute is attached to a labeled address, do we assume that the label has been assigned by the remote next hop, or by the next hop? If a BGP speaker changes the next hop but not the remote next hop, does it have to assign a new label? o Changing of next hops and remote next-hops: § Is it even valid to change the next hop without changing or removing the remote next hop attribute? 4. Discuss impact of leakage of this attribute: Concern: Since the remote next hop attribute is a transitive attribute, it can easily be leaked outside of the administrative domain to which it applies. This could result in all kinds of strange effects on the routing upstream. Discuss: One might point out that in the RFC 5512 model it is less likely that information leaks out, since the encapsulation-SAFI would have to be explicitly enabled. Is this true or false? 5. Discuss impact of the remote next hop attribute to different address families Proposal: A summary of this impact to address families should be included in the use case drafts, and a specific consideration should be given for the 1 or 2 use cases in the document. What to discuss: Walk through all NLRI families passed through BGP and discuss how next hop impacts this work. 7. AS linkage Concern: The attribute as defined contains an AS number, but there are no procedures specified that make use of the AS number. Question for WG: does section 7.1 and 7.2 provide enough procedures? 8. Tunnel endpoint Concern: Address length implies AFI Is it better to specific tis directly in section 4.0 Discussion: It is better and extensible to specify the TLV (afi, length, value). Currently, the address family of the tunnel endpoint needs to be inferred from its length; it might be better to explicitly encode the address family. 9. Bestpath considerations: Concern: Basically, this says "use the worst tunnel endpoint cost". However, in a network that may contain a mix of speakers that understand this attribute and ones that do not and may use the BGP (MP)Nexthop, route selection may be inconsistent. Discussion: Please indicate how you will prevent fluctuation in the path selection. 10. Multiple remote nexthops: Concern: This was Jeffs original concern when it wasn't apparent that this feature wasn't being used for chaining and instead is simply an odd form of "add-path for nexthops" by loose analogy. Section 8 seems to imply that the desire is that the RNH is effectively bound to the same device, but there's no guarantee of that. (Hence the man-in-the-middle concerns.) While there's a comment about bestpath calculation, there's no related commentary about which tunnel should be used or whether there are ECMP considerations if you can use more than one tunnel endpoint. 11. Origination/modification: Concern: The sane behavior of this feature appears to be that the originator of the attribute is the only party that is adding to it. Intermediaries may remove remote nexthops for various reasons, including error handling. Counter-point: Keyur indicated that intermediaries may add this feature if they become the new originator of this attribute. What needs to be discussed: A add/remove scenario should be examined with four AS scenario (AS-1AS2AS3AS4)
- [Idr] Open issues with Comments on draft-vandevel… Susan Hares
- Re: [Idr] Open issues with Comments on draft-vand… Randy Bush
- Re: [Idr] Open issues with Comments on draft-vand… Susan Hares
- Re: [Idr] Open issues with Comments on draft-vand… Robert Raszuk
- Re: [Idr] Open issues with Comments on draft-vand… Randy Bush
- Re: [Idr] Open issues with Comments on draft-vand… Susan Hares
- Re: [Idr] Open issues with Comments on draft-vand… Susan Hares
- Re: [Idr] Open issues with Comments on draft-vand… Robert Raszuk
- Re: [Idr] Open issues with Comments on draft-vand… Russ White
- Re: [Idr] Open issues with Comments on draft-vand… Susan Hares
- Re: [Idr] Open issues with Comments on draft-vand… Randy Bush
- Re: [Idr] Open issues with Comments on draft-vand… Randy Bush
- Re: [Idr] Open issues with Comments on draft-vand… Russ White
- Re: [Idr] Open issues with Comments on draft-vand… Eric Rosen
- Re: [Idr] Open issues with Comments on draft-vand… Robert Raszuk