[Idr] 答复: [spring] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Aijun Wang <wangaijun@tsinghua.org.cn> Thu, 21 May 2020 14:21 UTC

Return-Path: <wangaijun@tsinghua.org.cn>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F6763A0CFE; Thu, 21 May 2020 07:21:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0N5MYVTI5hdD; Thu, 21 May 2020 07:21:36 -0700 (PDT)
Received: from m176115.mail.qiye.163.com (m176115.mail.qiye.163.com [59.111.176.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95F513A0D08; Thu, 21 May 2020 07:21:32 -0700 (PDT)
Received: from WangajPC (unknown [101.242.202.101]) by m176115.mail.qiye.163.com (Hmail) with ESMTPA id E10C1665330; Thu, 21 May 2020 22:21:17 +0800 (CST)
From: "Aijun Wang" <wangaijun@tsinghua.org.cn>
To: "'Ketan Talaulikar \(ketant\)'" <ketant=40cisco.com@dmarc.ietf.org>, "'Fangsheng'" <fangsheng@huawei.com>, "'Robert Raszuk'" <robert@raszuk.net>
Cc: "'idr wg'" <idr@ietf.org>, "'SPRING WG'" <spring@ietf.org>, "'stefano previdi'" <stefano@previdi.net>, "'Yangang'" <yangang@huawei.com>, <draft-ietf-spring-segment-routing-policy@ietf.org>, "'Chengli \(Cheng Li\)'" <c.l@huawei.com>
References: <C7C2E1C43D652C4E9E49FE7517C236CB029FAC88@dggeml529-mbx.china.huawei.com> <MW3PR11MB45702B49025A293583346F36C1AA0@MW3PR11MB4570.namprd11.prod.outlook.com> <CAOj+MMGbjvgn6VL3dKviuxzNNRk0pwFkBOTJUz15D8iSM9=-Rw@mail.gmail.com> <MW3PR11MB457083E56B77688CA68A2500C1B80@MW3PR11MB4570.namprd11.prod.outlook.com> <83bae48cc52d4a5da9a7ee76529a8d20@huawei.com> <CAOj+MMFs2fGy0ciyBJvoWng++oepamF8YxyO=QtR9yYWbazbqg@mail.gmail.com> <05da1ce8c7f949cf9ba5bec27fd1d64c@huawei.com> <MW3PR11MB457080117E6483332BE0F2B1C1B60@MW3PR11MB4570.namprd11.prod.outlook.com> <243a75cc7ba6415e944cda97d37b53d8@huawei.com> <001f01d62f5e$4fbfa7c0$ef3ef740$@org.cn> <MW3PR11MB45704EFE0723288AC0998B98C1B70@MW3PR11MB4570.namprd11.prod.outlook.com>
In-Reply-To: <MW3PR11MB45704EFE0723288AC0998B98C1B70@MW3PR11MB4570.namprd11.prod.outlook.com>
Date: Thu, 21 May 2020 22:21:18 +0800
Message-ID: <006c01d62f7b$18dd7da0$4a9878e0$@org.cn>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_006D_01D62FBE.2700BDA0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdYek4MmKSUhOySlR86q9L0AexcDnQANyexgAAFPYwADjsRb8ABl7jKAAADuRQAAAkA7gAAIGZVwACG6GIAAAeS8AAAB848gAAUAx7A=
Content-Language: zh-cn
X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVkpVSktPS0tLT09CSkNLTVlXWShZQU pMS0tKN1dZLVlBSVdZCQ4XHghZQVk1NCk2OjckKS43PlkG
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6MT46CCo6KzgrASgtFQ4DOg9N LBhPFBNVSlVKTkJLS0xLQ0NMS05PVTMWGhIXVQwaFRwaEhEOFTsPCBIVHBMOGlUUCRxVGBVFWVdZ EgtZQVlKS0pVSU9JVUlLSVVKS0pZV1kIAVlBT0lKTUtKNwY+
X-HM-Tid: 0a72379c20729373kuwse10c1665330
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/XWLaChjGAHZgZie8hL7gMIgOmZ0>
Subject: [Idr] =?utf-8?b?562U5aSNOiBbc3ByaW5nXSAgQ29tbWVudHM6IFJvdXRlIE9y?= =?utf-8?q?igin_Community_in_SR_Policy=28draft-ietf-spring-segment-routing?= =?utf-8?q?-policy=29?=
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2020 14:21:43 -0000

Hi, Ketan:

If the RR does not change anything, then the originator info of SR Policy should be set by path headend (CSG1 in current scenario). 

And to accomplish this, the controller should carry it via the “Route Origin Community” when distribute such info to RR, as proposed by Fangsheng. 

 

 

Best Regards.

 

Aijun Wang

China Telecom

 

发件人: spring-bounces@ietf.org [mailto:spring-bounces@ietf.org] 代表 Ketan Talaulikar (ketant)
发送时间: 2020年5月21日 19:50
收件人: Aijun Wang; 'Fangsheng'; 'Robert Raszuk'
抄送: 'idr wg'; 'SPRING WG'; 'stefano previdi'; 'Yangang'; draft-ietf-spring-segment-routing-policy@ietf.org; 'Chengli (Cheng Li)'
主题: Re: [spring] [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi Aijun,

 

Please check inline

 

From: Aijun Wang <wangaijun@tsinghua.org.cn> 
Sent: 21 May 2020 16:25
To: 'Fangsheng' <fangsheng@huawei.com>om>; Ketan Talaulikar (ketant) <ketant@cisco.com>om>; 'Robert Raszuk' <robert@raszuk.net>
Cc: 'idr wg' <idr@ietf.org>rg>; 'SPRING WG' <spring@ietf.org>rg>; 'stefano previdi' <stefano@previdi.net>et>; 'Yangang' <yangang@huawei.com>om>; draft-ietf-spring-segment-routing-policy@ietf.org; 'Chengli (Cheng Li)' <c.l@huawei.com>
Subject: 答复: [spring] [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi, Fangsheng and Ketan:

 

My understanding is that the CSG1 in your scenario will not report the SR policy information directly to the controller. Such information will be reported via two steps:

1) CSG1(headend) reports such information to RR1/RR2 via BGP-LS, with the originator information set as node address of RR1 or RR2

2) RR1/RR2 regenerates the BGP-LS information, with the originator information set as controller’s address.

[KT] Not sure what you mean by “regenerates” here. RRs normally just propagate information and do not modify it without policy. Even with policy knobs, the originator info is part of the TE Policy NLRI in BGP-LS and so cannot be changed.

 

Thanks,

Ketan

 

Then the controller can correlate the SR policy CP from RR1 or RR2 into one?

 

Am I right?

 

 

Best Regards.

 

Aijun Wang

China Telecom

 

发件人: spring-bounces@ietf.org [mailto:spring-bounces@ietf.org] 代表 Fangsheng
发送时间: 2020年5月21日 18:01
收件人: Ketan Talaulikar (ketant); Robert Raszuk
抄送: idr wg; SPRING WG; stefano previdi; Yangang; draft-ietf-spring-segment-routing-policy@ietf.org; Chengli (Cheng Li)
主题: Re: [spring] [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi Ketan Talaulikar,

 

The BGP best-path run at CSG1 will pick one of the two paths from the two RRs since it is the same NLRI from two neighbors. So the best path is what would be given by BGP to the SR Policy component. The other path is to provide/offer redundancy at the BGP level as Robert mentioned.

è  Oh Yes, you are right, I made a mistake, it is redundancy at the BGP level

 

But the core problem is how to define a key for a candidate path, this key can be consistent between CSG1’s SR Policy component and the controller.

I think the key is <Protocol-Origin, ASN, node-address , discriminator>, but I guess you mean the key should be  <Protocol-Origin, discriminator>? 

 

you wished the “originator” that was reported to SR Policy component to be the controller instead of either RR1 or RR2 in the current case

è Yes, because I think for both the SR Policy component and controller  the candidate path key should be <Protocol-Origin, ASN, node-address , discriminator> , so I wish the “originator” that was reported to SR Policy component in any case.

 

We know that a candidate path key only needs to ensure that it is unique within an SR Policy, so when discussing the candidate path key from a network perspective, we no longer emphasize the SR Policy key. Let's take a look at the standards related to SR Policy:

 

One BGP SR Policy route for candidate path, the key contains just <Distinguisher> which means <discriminator>. 

https://datatracker.ietf.org/doc/draft-ietf-idr-segment-routing-te-policy/?include_text=1



 

 

One BGP LS route for candidate path, the key contains <Protocol-Origin, ASN, node-address , discriminator>.

https://datatracker.ietf.org/doc/draft-ietf-idr-te-lsp-distribution/?include_text=1



 

PCEP TLV for candidate path, the key contains <Protocol-Origin, ASN, node-address , discriminator>

https://datatracker.ietf.org/doc/draft-barth-pce-segment-routing-policy-cp/?include_text=1



 

YANG for candidate path, the key contains <Protocol-Origin, ASN, node-address , discriminator>

https://datatracker.ietf.org/doc/html/draft-raza-spring-sr-policy-yang-02



 

 

According to this information, in order to uniquely identify a candidate path in the network, we need its key to be stable and unique, so the <Originator> is best determined by the producer and can be transmitted with the protocol message.

We recommend carrying the Route Origin Community (defined in RFC 4360) directly when the controller advertises BGP routes.  In this way, the key  of the CP is determined by the controller and will not change during the advertisement of BGP routes.

 

 

In addition,  in my case, CSG1 cannot receive BGP SR Policy routes from RR1 and RR2 at the same time, therefore, it is possible to receive the route from RR1 first, the SR Policy component creates a candidate path, and then receives the route from RR2. BGP decides to prefer this new route. For the SR Policy component, the Originator follows A change has occurred, so a switch between paths will be performed.

 

 

 

From: Ketan Talaulikar (ketant) [mailto:ketant@cisco.com] 
Sent: Thursday, May 21, 2020 1:59 AM
To: Fangsheng <fangsheng@huawei.com>om>; Robert Raszuk <robert@raszuk.net>
Cc: Chengli (Cheng Li) <c.l@huawei.com>om>; draft-ietf-spring-segment-routing-policy@ietf.org; idr wg <idr@ietf.org>rg>; SPRING WG <spring@ietf.org>rg>; stefano previdi <stefano@previdi.net>et>; Yangang <yangang@huawei.com>
Subject: RE: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi Fangsheng,

 

The BGP best-path run at CSG1 will pick one of the two paths from the two RRs since it is the same NLRI from two neighbors. So the best path is what would be given by BGP to the SR Policy component. The other path is to provide/offer redundancy at the BGP level as Robert mentioned.

 

See example 1 in https://tools.ietf.org/html/draft-filsfils-spring-sr-policy-considerations-05#section-4

 

The only aspect that I understood or misunderstood was that you wished the “originator” that was reported to SR Policy component to be the controller instead of either RR1 or RR2 in the current case. Or at least I got the impression that was what Chengli was trying to say but I may be wrong.

 

As such, it is not a functional issue per se. The “originator” is used only for the tiebreaker between CPs in the SR Policy component and nothing else.

 

Thanks,

Ketan

 

From: Fangsheng <fangsheng@huawei.com> 
Sent: 20 May 2020 19:33
To: Robert Raszuk <robert@raszuk.net>
Cc: Ketan Talaulikar (ketant) <ketant@cisco.com>om>; Chengli (Cheng Li) <c.l@huawei.com>om>; draft-ietf-spring-segment-routing-policy@ietf.org; idr wg <idr@ietf.org>rg>; SPRING WG <spring@ietf.org>rg>; stefano previdi <stefano@previdi.net>et>; Yangang <yangang@huawei.com>
Subject: RE: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi,

 

I don't think CSG1 needs to "generate" anything. Peers which send you particular policy are well known at CSG1. 

è Yes, The word “generate” is indeed inaccurate, I mean that CSG1 finalizes the key of the candidate path, not the controller. For example, when CSG1 needs to notify the controller of the traffic statistics of each segment list, the controller cannot recognize the key of the candidate path to which these segment lists belong.

 

 

Well what you call "waste" I call redundancy. Sure keeping extra paths requires some cost, but building redundancy in control plane pays off. 

 

è I think it is enough to keep the route redundant in the BGP SR Policy address family, but for the SR Policy component, because the keys of the two candidata paths are different, it does not even know that these two paths are redundant

 

 

Thx

 

From: Robert Raszuk [mailto:robert@raszuk.net] 
Sent: Wednesday, May 20, 2020 8:59 PM
To: Fangsheng <fangsheng@huawei.com>
Cc: Ketan Talaulikar (ketant) <ketant@cisco.com>om>; Chengli (Cheng Li) <c.l@huawei.com>om>; draft-ietf-spring-segment-routing-policy@ietf.org; idr wg <idr@ietf.org>rg>; SPRING WG <spring@ietf.org>rg>; stefano previdi <stefano@previdi.net>et>; Yangang <yangang@huawei.com>
Subject: Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi,

 

> the node-address is generated by CSG1  

 

I don't think CSG1 needs to "generate" anything. Peers which send you particular policy are well known at CSG1. 

 

> The process described above will result in a waste of redundant candidate paths on CSG1,  

 

Well what you call "waste" I call redundancy. Sure keeping extra paths requires some cost, but building redundancy in control plane pays off. 

 

Thx,
R.

 

 

 

 

On Wed, May 20, 2020 at 2:32 PM Fangsheng <fangsheng@huawei.com> wrote:

Hi Robert,

Take the following picture as an example, I think you can understand our problem more easily.

The controller needs to notify the headend CSG1 through BGP SR Policy to create a candidate path of SR Policy. This BGP SR Policy route will be advertised to CSG1 through RR1 and RR2.

According to the definition in draft, the key of a candidate path is <Protocol-Origin, originator, discriminator>, where originator = <ASN, node-address>, so a complete candidate path key is <Protocol-Origin, ASN, node-address , discriminator>.

However, in this specific example, the node-address is generated by CSG1, and because CSG1 receives BGP SR Policy routes from RR1 and RR2, respectively, CSG1 will get two different node-addresses. CSG1 thinks that it is necessary to create two  candidate paths, and the controller does not know what the node-address CSG1 will eventually generate. Maybe:

Candidate path 1’ key:  <BGP,RR1’s ASN, RR1’ BGP Router ID, discriminator1>

Candidate path 2’ key:  <BGP,RR2’s ASN, RR2’ BGP Router ID, discriminator2>

The process described above will result in a waste of redundant candidate paths on CSG1,

At the same time, when CSG1 needs to announce the SR Policy information to the controller through BGP LS, it needs to carry the keys of the candidate path in it, and the controller cannot recognize these keys.

 

 



 

To solve these problems,  We recommend carrying the Route Origin Community (defined in RFC 4360) directly when the controller advertises BGP routes. 

In this way, the key  of the CP is determined by the controller and will not change during the advertisement of BGP routes.

 

 

 

 

发件人: Ketan Talaulikar (ketant) [mailto:ketant@cisco.com] 
发送时间: 2020年5月18日 20:00
收件人: Robert Raszuk <robert@raszuk.net>
抄送: Chengli (Cheng Li) <c.l@huawei.com>om>; draft-ietf-spring-segment-routing-policy@ietf.org; idr wg <idr@ietf.org>rg>; SPRING WG <spring@ietf.org>rg>; Fangsheng <fangsheng@huawei.com>om>; stefano previdi <stefano@previdi.net>
主题: RE: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi Robert,

 

You are right that the “Originator” is not used in BGP best path and is just for a tie-breaking logic in SRTE between paths from different protocols and controllers. I doubt if there is a functional issue here.

 

I thought that Chengli was bringing in some new/different requirement for the “Originator” field for some deployment design. I haven’t seen a response/clarification from him as yet, and so perhaps I misunderstood him in which case we are ok here.

 

Thanks,

Ketan

 

From: Robert Raszuk <robert@raszuk.net> 
Sent: 30 April 2020 14:46
To: Ketan Talaulikar (ketant) <ketant@cisco.com>
Cc: Chengli (Cheng Li) <chengli13@huawei.com>om>; draft-ietf-spring-segment-routing-policy@ietf.org; idr wg <idr@ietf.org>rg>; SPRING WG <spring@ietf.org>rg>; Fangsheng <fangsheng@huawei.com>om>; stefano previdi <stefano@previdi.net>
Subject: Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi Chengli and Ketan,

 

Well I think (perhaps to your surprise) the current text is actually correct. 

 

See the overall idea of section 2.4 is not to define the real source of the candidate path. That is done in section 2.5 The idea here is to keep multiple *paths or versions* of the candidate paths in the local system uniquely. 

 

See if you continue reading section 2.6 demystifies the real objective: 

 

   The tuple <Protocol-Origin, originator, discriminator> uniquely
   identifies a candidate path.
 
So the real originator is encoded in discriminator and here it just means the peer candidate path was 
received from. And if you read on this entire exercise only servers best path selection as described in section 2.9. 
 
.... the following order until only one valid best path is selected:
 
   1.  Higher value of Protocol-Origin is selected.
 
   2.  If specified by configuration, prefer the existing installed
       path.
 
   3.  Lower value of originator is selected.
 
   4.  Finally, the higher value of discriminator is selected.

 

+

      The originator allows an operator to have multiple redundant
      controllers and still maintain a deterministic behaviour over
      which of them are preferred even if they are providing the same
      candidate paths for the same SR policies to the headend.

 

Thx,
R.

 

On Thu, Apr 30, 2020 at 10:46 AM Ketan Talaulikar (ketant) <ketant=40cisco.com@dmarc.ietf.org> wrote:

Hi Cheng,

 

I assume you are recommending the use of Route Origin Extended Community (https://tools.ietf.org/html/rfc4360#section-5) for conveying the “Originator” when the SR Policy update is propagated over eBGP sessions via other eBGP/iBGP sessions instead of direct peering with the headend.

 

I believe it does address the scenario you describe given that it is expected that SR Policy propagation via BGP is happening within a single administrative domain even if it comprises of multiple ASes.

 

Also copying the IDR WG for inputs since this would likely need to be updated in draft-ietf-idr-segment-routing-te-policy.

 

Thanks,

Ketan

 

From: spring <spring-bounces@ietf.org> On Behalf Of Chengli (Cheng Li)
Sent: 30 April 2020 07:34
To: draft-ietf-spring-segment-routing-policy@ietf.org
Cc: SPRING WG <spring@ietf.org>rg>; huruizhao <huruizhao@huawei.com>om>; Fangsheng <fangsheng@huawei.com>
Subject: [spring] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

 

Hi authors,

 

In section 2.4 of [draft-ietf-spring-segment-routing-policy-06], introduced how the node-address of "Originator of CP(Candidate Path)" is generated when the Protocol-Origin is BGP. It says:

    “Protocol-Origin is BGP SR Policy, it is provided by the BGP component on the headend and is:

     o  the BGP Router ID and ASN of the node/controller signalling the candidate path when it has a BGP session to the headend, OR

     o  the BGP Router ID of the eBGP peer signalling the candidate path  along with ASN of origin when the signalling is done via one or  more intermediate eBGP routers, OR

     o  the BGP Originator ID [RFC4456] and the ASN of the node/controller  when the signalling is done via one or more route-reflectors over  iBGP session.”

   

In the operator's network, in order to reduce the number of  BGP sessions in controller and achieve scalability, the controller only establishes eBGP peer with the RR. And the RR establishes iBGP peers with the headends. As mentioned in the draft, the headend will use the RR's Router ID as the CP's node-address (the signaling is done via route transmission from RR to the headend instead of route reflection).  The headend needs to carry the CP's key when reporting the SR Policy status to the controller through BGP-LS. And there is a problem that the controller may not recognize the key because the node-address is generated by the RR node.

 

For network robustness, two or more RRs are usually deployed. This will introduce another problem.. When the same CP advertised by the controller is delivered to the headend through different RRs, the headend cannot distinguish whether it is the same CP because the node-address in the CPs' key  comes from different RRs. 

 

To solve these problems,  We recommend carrying the Route Origin Community (defined in RFC 4360) directly when the controller advertises BGP routes.  In this way, the key  of the CP is determined by the controller and will not change during the advertisement of BGP routes.

 

Thanks,

Cheng

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr