IETF Logo Mail Archive

Re: [Idr] [bess] FW: Closing on Stephane's open issue with draft-ietf-bess-datacenter-gateway => Requesting feedback from IDR

Robert Raszuk <robert@raszuk.net> Mon, 08 June 2020 15:07 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 981763A0C59 for <idr@ietfa.amsl.com>; Mon, 8 Jun 2020 08:07:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XouG2r69SjD0 for <idr@ietfa.amsl.com>; Mon, 8 Jun 2020 08:07:26 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3035A3A0C0C for <idr@ietf.org>; Mon, 8 Jun 2020 08:06:55 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id mb16so18715758ejb.4 for <idr@ietf.org>; Mon, 08 Jun 2020 08:06:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vt3v2x7+rr9/tFFBBiImCvjmsyPQmAdRz2wCIF0CFEI=; b=NAyRL84htLjBXmy6MDqjIuAqhZ6hKI2TvU4i/iWRAQdci2QXe596vETt7BVEA3oTHy DytPl9dsTMGz5BY4CA6WquGFp9MaJJHcjUi7z1NSqRj/u75Z1bw0Ask/g8s1CAnN9Owi 15qsAIkHBVdVBaZ3PSwdtwqG5nuSXQ0O5URGQXYShP1E/5xwDMcDEN2EQfjCMmJZO25U RyWaazcfnviicos0IlgG6Pw9eYAmAsq/lbbUQlXJZt/5AFhk9//EDIWpwbE02wrxGfzM VaP6DyZb4FMzQypG13eB0TS02jSKSWvtfXrhcjUU+Zzjft9RL+Pav2bKDPi8l9kV7qk/ JCBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vt3v2x7+rr9/tFFBBiImCvjmsyPQmAdRz2wCIF0CFEI=; b=Ufl0Hh8WmO/a2cWmp77BQKuMUUpRa9OmKA9Fzpk/1zMYVIuW1dhw8hhgbMxRNywHel SU3CaYuOqpOhfSr2YZQsjyz67cA8LetCXoW8o9KZejHjvTl7ZfgLgT42W9YOEhCt7UWj RXONkof0jR/woMeGdeb+jgFWsNZ4wJppq6du4Dk+xJSrDHM4tmRI6mR2xKZgZWJIxSqB 4kijWCi6CIh+cI5AOnjk2k/pjeffR7G/OQ6m3pQAKh3LVtZxMWT4tNmHedHzyqIwqBiJ ZdRIeABYKC6n/O7lqquqWIbpXfwbH8xhbqVLZpnXlPUMrjHDL58j0qEAbZlmQuUgfHp0 39Bw==
X-Gm-Message-State: AOAM5307o5VdfzjNzCBtYN/SV5O2/gIh9CSAYgxMu/dBROXNAqyp6Zrh o7rN9jWFrmuJ8XorYuakD0EKIHrgqruLwNobY+RshQ==
X-Google-Smtp-Source: ABdhPJxUt4H2AYHdAVtgNq6rNXvd+bAohjLcILjMmPPKUKD5dm8Iq9QxB+VlrgUe5negcbOq2tV3QBNuzz+EWH1NCaY=
X-Received: by 2002:a17:906:6403:: with SMTP id d3mr20756056ejm.386.1591628813302; Mon, 08 Jun 2020 08:06:53 -0700 (PDT)
MIME-Version: 1.0
References: <00cc01d63d6f$9b7af880$d270e980$@gmail.com> <CAOj+MMGpLCVNiMOFPV3PoTE=LkcwbYJVmHgfnMcOCuuOk_wm3Q@mail.gmail.com> <011601d63da3$dc4aedf0$94e0c9d0$@gmail.com>
In-Reply-To: <011601d63da3$dc4aedf0$94e0c9d0$@gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 08 Jun 2020 17:06:42 +0200
Message-ID: <CAOj+MMFg2rxpez73eF_QT_O4B73WbYiciaKr7R3kT9iZY4FK7g@mail.gmail.com>
To: slitkows.ietf@gmail.com
Cc: "idr@ietf. org" <idr@ietf.org>, BESS <bess@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000812f305a793f69b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/TS3YKWUKad2Gn3odzvwn_y2pNKY>
Subject: Re: [Idr] [bess] FW: Closing on Stephane's open issue with draft-ietf-bess-datacenter-gateway => Requesting feedback from IDR
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 15:07:30 -0000

Hi,

> [SLI] It could work if: we prevent usage of RTC for these families

Actually I am not sure we need to prevent anything. Honestly I would leave
it for the proper operator's configuration.

RTC is not something on by default in any AFI/SAFI.

Thx a lot,
R.



On Mon, Jun 8, 2020 at 4:48 PM <slitkows.ietf@gmail.com> wrote:

> Hi Robert,
>
>
>
> Thanks for your feedback.
>
> Please find some comments inline.
>
>
>
> Stephane
>
>
>
>
>
> *From:* Robert Raszuk <robert@raszuk.net>
> *Sent:* lundi 8 juin 2020 11:55
> *To:* slitkows.ietf@gmail.com
> *Cc:* idr@ietf. org <idr@ietf.org>; BESS <bess@ietf.org>
> *Subject:* Re: [bess] FW: Closing on Stephane's open issue with
> draft-ietf-bess-datacenter-gateway => Requesting feedback from IDR
>
>
>
> Stephane,
>
>
>
> Two points ..
>
>
>
>    1. It is not clear to me that draft-ietf-bess-datacenter-gateway
>    recommends to use RTC for anything - do they ? If not there is no
>    issue.
>
> [SLI] Right, but nothing prevents someone to activate it or it can be
> activated “by inheritance” if sessions already runs VPNv4 for instance with
> RTC.
>
>
>
>    1. Also note that RTC can be enabled on a per AF basis hence even if
>    you use it say for SAFI 128 you do not need to use it for SAFI 1.
>
> [SLI] RFC4684 is AFI/SAFI agnostic. I’m not aware of per-AFI/SAFI scoping
> of RT membership from an implementation point of view. You can do it by
> splitting sessions usually.
>
>
>
> [SLI] It could work if: we prevent usage of RTC for these families, or we
> specify the default behavior of RTC for AFI/SAFI 1/1, 2/1 when there is no
> RT (distribute routes that don’t have an RT).
>
>
>
>
>
> As a general comment I do not see any issues using RTs on non VPN SAFIs.
>
>
>
> Thx,,
>
> R.
>
>
>
> On Mon, Jun 8, 2020 at 10:34 AM <slitkows.ietf@gmail.com> wrote:
>
> Hi IDR WG,
>
> We have a draft that was on WGLC which introduces the usage of Route
> Targets
> on Internet address families to allow automated filtering of gateway
> routes.
> I raised a concern on a potential issue happening when Route Target
> constraint is deployed on these sessions.
>
> Internet address families don't use RTs today, and are propagated following
> the BGP propagation rules. When applying an RT and when having RTC deployed
> on the session (RTC not being family aware), propagation of Internet routes
> that don't have an RT may be stopped because of the behavior defined in
> draft-ietf-idr-rtc-no-rt. This will so break the existing default behavior
> of Internet SAFIs.
>
> We would like to get IDR's feedback on this topic.
>
> Thanks,
>
> Stephane
> BESS co-chair
>
>
> -----Original Message-----
> From: Adrian Farrel <adrian@olddog.co.uk>
> Sent: jeudi 4 juin 2020 19:31
> To: slitkows.ietf@gmail.com
> Cc: bess-chairs@ietf.org; bess@ietf.org;
> draft-ietf-bess-datacenter-gateway@ietf.org
> Subject: Closing on Stephane's open issue with
> draft-ietf-bess-datacenter-gateway
>
> Hi,
>
> John and I had a chat today about what we perceive is Stephane's open
> issue.
>
> What we think the concern is is that we are using RTs in conjunction with
> normal (i.e., non-VPN) routes. We do this to allow gateways to filter their
> imports based on the RT that applies to the SR domain that it serves.
>
> An option was to use the Route Origin extended community instead.
>
> RFC 4360, which introduces both the Route Target and the Route Origin
> extended communities and gives some guidance. Loosely expressed, the RT
> says
> which routers should import, the RO says which routers have advertised. In
> both cases, the text suggests that "One possible use of the community is
> specified in RFC4364" which implies that there are other acceptable uses.
>
> 4364 implies that the RO is used "to uniquely identify the set of routes
> learned from a particular site." That is (my words), to apply a filter on
> top of the RT to prevent re-import by a site of routes that match the RT
> and
> that were advertised by other entry points to the site. Indeed, the RO
> would
> seem to be used (in the 4364 case) only when the RT is also in use.
>
> We appreciate that the distinction is pretty delicate, but we think we are
> right to use RT in this case because we are filtering to import, not to
> avoid importing. Furthermore, if we used the RO then, to be consistent with
> 4364, we would still be using the RT anyway.
>
> That, we think, disposes of the "RT or RO?" question.
>
> Now, we can go back to the original formulation of the question: is it OK
> to
> use RT with "non-VPN IP addresses"? Well, we consulted around a bit
> privately amongst some BGP experts, and we couldn't find anyone to say it
> was actually a problem. And (of course) no one raised the issue in WG last
> call - but Matthew might claim that is because the document was only
> lightly
> reviewed, and Stephane might claim that this is because he had already
> raised the point. Obviously, some of the authors know a bit about BGP, and
> Eric was a lead author on 4364 and drove a lot of the details of what we
> wrote.
>
> Two points in closing:
> - If someone can show that we break something, we will have to fix it.
> - If the chairs want to run this point past IDR and BESS explicitly, that
> would be fine.
>
> Hope this helps.
>
> Best,
> Adrian
>
>
> _______________________________________________
> BESS mailing list
> BESS@ietf.org
> https://www.ietf.org/mailman/listinfo/bess
>
>

v2.23.0 | Report a Bug | By Email