Re: [Idr] draft on virtual aggregation

Paul Francis <francis@cs.cornell.edu> Thu, 10 July 2008 12:44 UTC

Return-Path: <idr-bounces@ietf.org>
X-Original-To: idr-archive@megatron.ietf.org
Delivered-To: ietfarch-idr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A0EE3A6990; Thu, 10 Jul 2008 05:44:42 -0700 (PDT)
X-Original-To: idr@core3.amsl.com
Delivered-To: idr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0F123A6990 for <idr@core3.amsl.com>; Thu, 10 Jul 2008 05:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.895
X-Spam-Level:
X-Spam-Status: No, score=-5.895 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VruRPRL+N3Y for <idr@core3.amsl.com>; Thu, 10 Jul 2008 05:44:39 -0700 (PDT)
Received: from exch-hub2.cs.cornell.edu (mail-hub-2.cs.cornell.edu [128.84.103.139]) by core3.amsl.com (Postfix) with ESMTP id B020A3A687D for <idr@ietf.org>; Thu, 10 Jul 2008 05:44:39 -0700 (PDT)
Received: from EXCHANGE1.cs.cornell.edu (128.84.96.42) by mail-hub.cs.cornell.edu (128.84.96.245) with Microsoft SMTP Server id 8.0.813.0; Thu, 10 Jul 2008 08:44:53 -0400
Received: from EXCHANGE2.cs.cornell.edu ([128.84.96.44]) by EXCHANGE1.cs.cornell.edu with Microsoft SMTPSVC(6.0.3790.3959); Thu, 10 Jul 2008 08:44:53 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 10 Jul 2008 08:44:50 -0400
Message-ID: <37BC8961A005144C8F5B8E4AD226DE1109D854@EXCHANGE2.cs.cornell.edu>
In-Reply-To: <4874D48D.1090702@ot-e.biz>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Idr] draft on virtual aggregation
Thread-Index: Acjh1cEIdmj1LZ+sT8CYVDDT/jbt+gAqZmeQ
References: <37BC8961A005144C8F5B8E4AD226DE1109D829@EXCHANGE2.cs.cornell.edu> <4874D48D.1090702@ot-e.biz>
From: Paul Francis <francis@cs.cornell.edu>
To: "Daniel Ginsburg" <dg@ot-e.biz>
X-OriginalArrivalTime: 10 Jul 2008 12:44:53.0145 (UTC) FILETIME=[BFCF3090:01C8E28A]
Cc: idr@ietf.org
Subject: Re: [Idr] draft on virtual aggregation
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: idr-bounces@ietf.org
Errors-To: idr-bounces@ietf.org

Dan, these are good comments.   My replies inline.

PF

> -----Original Message-----
> From: Daniel Ginsburg [mailto:dg@ot-e.biz]
> Sent: Wednesday, July 09, 2008 11:09 AM
> To: Paul Francis
> Cc: idr@ietf.org
> Subject: Re: [Idr] draft on virtual aggregation
> 
> 
> Paul,
> 
> I made another pass through the draft and I have few more comments, if
> you don't mind.
> 
> Section 3.2.2.2:
>  > The LOCAL_PREF attribute is optional.
> 
> A small nit. As per RFC4271, section 5.1.5, LOCAL_PREF is included in
> all iBGP updates, so it can't be optional.

Ok.

> 
>  >    4.  If a packet is received at the APR whose best match is the VP
>  >        (i.e. it matches the VP but not any sub-prefixes within the
> VP),
>  >        then the packet MUST be discarded (see Section 3.2.2.1).
> 
> Some ASes relay on default route to route some traffic while carrying
> [almost] full BGP table. One of notable examples is so called
> "disconnected backbone" setup. If virtual aggregation is implemented as
> described, it would break default route forwarding.

Good catch, we forgot about this case.  One observation here is that if the
router with the default is legacy, then it can probably run outside the scope
of this spec...that is, it doesn't make tunnels or anything...it just
defaults to the "backbone", which can be running VA.  Another observation is
that, if it is running VA, then it doesn't really need the default
approach...it can use VA to shrink its FIB (which has the advantage that it
can still advertise the full DFRT with its external peers).

I think nevertheless you can run VA and still have the default, though not
sure why you'd do this.  My understanding of disconnected backbone is that
you need to be pretty careful about which routers use the default....i.e.
only routers that connect to customers that themselves don't require the
complete DFRT, and don't transit traffic that isn't to or from said customer.
So as long as this is still the case, I'd think you could use a default route
in combination with VA, in which case the "MUST be discarded" clause is too
strict.  (Actually, if I think about it, it is probably unnecessarily strict
in the first place.)

> 
> Section 3.2.2.3:
>  >    The router MUST advertise the VP to its iBGP peers.  The router
> MUST
>  >    NOT advertise the VP to eBGP peers.  (This should go without
> saying,
>  >    since the Extended Communities T bit is set to be non-
> transitive.)
> 
> T-bit will only prevent extcommunity from propagating to eBGP
> neighbors.
> The prefix itself still will be advertised. I think NO_EXPORT should be
> always attached to VP as a safety measure.

You mean, the T-bit will cause the border router to strip the ext-community
attribute from the route, and then send the route over eBGP?  I guess that
makes sense.  So we definitely need the NO_EXPORT attribute as well.  Will
fix. 

> 
> Section 4.2:
> There're some possible externally visible traffic engineering issues.
> AS
> with VA deployed might choose different exit points as compared to AS
> without VA.
> These issues are similar to that of route reflectors deployments.

I don't see why VA would choose a different exit point.  VA doesn't change
the BGP decision process at all.  If a router selected a particular next-hop
without VA, it would select the same next-hop with VA.  Perhaps what you mean
is the following?

Say you had the following topology:

A--B--C--|--X
   |
   D-----|--Y

where X and Y are external peers.  In the case without VA, A gets a packet,
picks X as the exit, forwards the packet to B, which decides to pick Y as the
next hop (can this happen?).  If this is VA, however, once A picks X, it
tunnels the packet to X, so B can't divert it to a different exit.  If this
case occurs, then you are right that VA can cause a change in exit...

> 
> Section 4.3:
>  >    Likewise, routers can bootstrap VA by first bringing up the IGP,
> then
>  >    establish LSPs, then establish routes to all required sub-
> prefixes,
>  >    and then finally advertise VPs.
> 
> Hmm, wouldn't delayed VP advertisement require non-APR routers to
> temporary install all the specific prefixes? If so, FIB overflow might
> occur. Some platforms react badly to such cases (i.e. overloading CPU,
> starving routing protocols and possibly crash), so it may destabilize
> the network.

Very nice catch!  I think the only good way to fix this is to require that
all VA routers be statically configured with the complete set of VPs.  It is
easy to conjure up scenarios where a router simply won't know all the VPs at
the point in time at which it needs to start loading up its FIB.  If the
router statically knows all the VPs, then it has a basis for deciding which
FIB entries to suppress, and avoiding FIB overflow.

PF

> 
> --
> dg

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr