Re: [Idr] BGP Classful Transport Planes

Kaliraj Vairavakkalai <kaliraj@juniper.net> Mon, 19 October 2020 22:06 UTC

Return-Path: <kaliraj@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3425A3A0C36 for <idr@ietfa.amsl.com>; Mon, 19 Oct 2020 15:06:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=D5j8aD8R; dkim=pass (1024-bit key) header.d=juniper.net header.b=L3E3+d+k
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kFZkHC4Rb0Pm for <idr@ietfa.amsl.com>; Mon, 19 Oct 2020 15:06:52 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E54F3A0C32 for <idr@ietf.org>; Mon, 19 Oct 2020 15:06:52 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09JM3TYW014230; Mon, 19 Oct 2020 15:06:51 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=Qy9SARBoY0QPzVMjaE/SGTHw9We4cqB157NHljbisPc=; b=D5j8aD8RZoxzkMbIBvcQWtR1ope75U3PeIEsryH0OG8wHckXYx7vrA6Rf+WALxS4QqBJ R/2DaZvNNdkC0Ve9o12dUY4PMGaK/V8KQd0gajqBFBj0DgYzbJpEHgl70q53d++AxdtE cu6eLc1NvYeJ+oM33ltjM3DwjFFVvxQ0GA3ztyLolaWlfMrGW1Qv76sl6eMZ1dFb+zLH UYZUmqZb8Q5HURoPKYEbN23pHMZockfzh7PdhJz3dM9Uch7A5KM/nPHGJziojT8y+1v4 jr5goop9sTb4FKKV6mpYOs4toQb19cEZ1Ed12CrZLo2174H3Y5vfhwjE31OkIqvF8d/B TA==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2172.outbound.protection.outlook.com [104.47.58.172]) by mx0a-00273201.pphosted.com with ESMTP id 347xjy3bcg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Oct 2020 15:06:51 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WpLj6AL4W8BHoOowuOZ/L9vQX+E0J2f/C6wDpMI7gMIcJICPvi7FlOYb/dGJxWagHFdSh3SmYuehSMr38jxbETSzN4lH2jnKz1Jd4r1Yw/FjLw8PoEEvwzPXFVenGR0suVYZ2xDLWEAx/K9XmCmFTCB2ffobxiFUipx8pdvS4H1/w2JLW+zMw4a4VocU5fWaKUghKotUUp8aGOSqkgR7+JobyWBMGjlJVwfAfv5Xf8s3qGDsxe2dh05MC1jAY5hc9dozBVIWcSBkbFeMar1L6/YYhEQzBxSS4+CmGs/WiDvsxLNBJxQMkFUECKvH6cSkah7bhPkA8hcCXtXMY/hI8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Qy9SARBoY0QPzVMjaE/SGTHw9We4cqB157NHljbisPc=; b=GUyCXNLuF7Yng5/s53oL2IPRgH3MD5vMiU6rEpPsFn7xOo0qZnBlrm/lbpmqwBBkdVa+2qCtrzhT0qZQTeIgfh2QeuGrUy9Mdi6hWqLqbgxgcqQSSzYMoj14po+p9OLhimydgN8pD2ECHpvgHHnNsHcLKbXtSwrvJR2BvmRjXrZxYf8hoCyoNbrk4134MSGWXnXGBvxwa6AdKpkwUDRSPH5T7UifrQqpnS6GpHM1APKsV5NXHbvkXeBxcMx8Tb9nZbMBsUxqmD8/ApHAuoQbeBGMOKNOCV3nmu5W/TjbG4pPE+dTOhKuw29cY2430s9YzNkIL+2cRV5LBFmCZ4Kbzg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Qy9SARBoY0QPzVMjaE/SGTHw9We4cqB157NHljbisPc=; b=L3E3+d+kn7BmvXPQBlIwBeSA9xldGjYvD4ksoiWrzgOeCtM0qCuylTQaVGngxHfkUCbki3Mpb5d1Dm+b+3bnHjjc2BSGnUGuO0unqkAnVqS0c4s7TP/4LJPuJ6Cx0ddHdrYlYffn1n9DrT6SN5A20gpevoIoJo7s8U3OhckbDTs=
Received: from BY5PR05MB7075.namprd05.prod.outlook.com (2603:10b6:a03:1bd::32) by BYAPR05MB5719.namprd05.prod.outlook.com (2603:10b6:a03:1e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.13; Mon, 19 Oct 2020 22:06:47 +0000
Received: from BY5PR05MB7075.namprd05.prod.outlook.com ([fe80::f944:d24a:1401:410f]) by BY5PR05MB7075.namprd05.prod.outlook.com ([fe80::f944:d24a:1401:410f%7]) with mapi id 15.20.3499.015; Mon, 19 Oct 2020 22:06:47 +0000
From: Kaliraj Vairavakkalai <kaliraj@juniper.net>
To: Robert Raszuk <robert@raszuk.net>
CC: Natrajan Venkataraman <natv@juniper.net>, Balaji Rajagopalan <balajir@juniper.net>, "idr@ietf. org" <idr@ietf.org>, Shraddha Hegde <shraddha@juniper.net>
Thread-Topic: BGP Classful Transport Planes
Thread-Index: AQHWpJpxW14vpdCoWEu7NQcRLbFx66mcARyAgAE8MYCAAIKogIAAyVQAgACAbgA=
Date: Mon, 19 Oct 2020 22:06:47 +0000
Message-ID: <212BBEC4-DE63-4478-8A6B-D0D399FFF724@juniper.net>
References: <CAOj+MMEdijdGVMKS3Qf-nabj0gZk+rrf7ygZ1H+6AyvxdP7xuA@mail.gmail.com> <59A888A2-682A-4A36-B80A-CC46DB02D1EA@juniper.net> <CAOj+MME2fY0HT0jKd-mVPgJPyModgwLwexb=XXsKxPxW91yfsw@mail.gmail.com> <27047AC9-E52C-49D5-BCB2-362D6B559386@juniper.net> <CAOj+MMFabyZ3Zzjpone0ytLRWUmP+et7dNNbP9dKDzayp9npLA@mail.gmail.com>
In-Reply-To: <CAOj+MMFabyZ3Zzjpone0ytLRWUmP+et7dNNbP9dKDzayp9npLA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=fed908bb-bd45-4d06-8284-9f6f5be5c19f; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-10-19T21:15:05Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only;MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true;
authentication-results: raszuk.net; dkim=none (message not signed) header.d=none;raszuk.net; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.242.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 887bde7f-d9c2-4375-c6eb-08d8747b460a
x-ms-traffictypediagnostic: BYAPR05MB5719:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR05MB5719170B5B626467E5EF8E56A21E0@BYAPR05MB5719.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2OQscN3OONYdEbvyLyrrvnbx2L4dsZy2e15jMjI8ghZbVM4fkX8LNwyaD8Ej9gS0JJX39mtCPfyZnpHqm0rn7gLVSYiN7d3K5dtj50f9T1FuXhKKXJTPaVeODoidw6IS5/LhefbKEUcPMQ/Uz/3LDUarYO9vVxrUVfwweTKNRV3/m0ZHZG0u9CTHmVrUsHdbQstKnzbRS875RAxsXh5haU0nJVg/Y4OpOKtGJ6lhUkyOXC4O20gxS6NXM3TxHmvs/yjRbCyPxDadTPkdvYmSzhStKsEE2nR9i4bFRq2my7Zr/jz7JHFO3nbtUBsSyB5NubHlNPJ97KdU7DFVefK3tA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR05MB7075.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(136003)(39860400002)(396003)(346002)(186003)(33656002)(26005)(86362001)(6486002)(478600001)(3480700007)(6512007)(8936002)(83380400001)(316002)(4326008)(54906003)(71200400001)(36756003)(2616005)(107886003)(66446008)(8676002)(53546011)(6506007)(6916009)(66476007)(66946007)(66556008)(64756008)(76116006)(5660300002)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 4PucCIpQqT+ekG9BNjJ6dz5Vs7MRsD8/NRnfLximBIdjKYdcNXFo61BpL+Psb/mFl6TGRGfcc5dCSZwqO/Lij8EUecJf+rKnmHVX2YX+ozWHmoVaskc8eRZc9KmC/H+Ry+XkjZr/16W6DVKVo4WIpQEcvzHu8ThU+Q1Jp5tulXHh82kvdx7DTOX9+SuuWH2dtu1K2cR5w5CSXJpwFS0J1Iomq4jN6MhffyV2K/h8e9YW1bSbDZIusActLHHmrKK18/Qd0t/64SJv5/xanQoebKH0U5Njd29N+mU6v4Vrc65LDzPnzvt0Hxywfwa7rJ+o+CcvYvgE/Muf9XppCikrAbdHKVcldlYQYqr6g3QFsEWH6/uJu7V6PIgzUw6O6y5EYiqQ+bBELjbsyfDbMZXftXIiXnVug3Kb6iOPOE2XdexLnzZreZz6tzcPsivTwVuDP9YIXvlm1o2MzXb6BIHuNTPY2ceSsQ0VaWtJzo62Qati9cbXZKdvhqShU5N6Q6yOnixitgU9HVKZWa+Iq+jn4Udcy7PyFKLEyU9CX0P4Uq14F7nxRNVWEJZCSI5MBwd+S9KfgWI12EdcOHyOTjLRMIj+opSGmATvE5cASOPrT8/590EtpWhucciG1i8FhwnwxufEr+FglTjxT245rEZTcg==
Content-Type: multipart/alternative; boundary="_000_212BBEC4DE6344788A6BD0D399FFF724junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR05MB7075.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 887bde7f-d9c2-4375-c6eb-08d8747b460a
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Oct 2020 22:06:47.6057 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dXWCkIHV3m1wcEEI2OQh9WBXvvDYKvvD+sM609rymPtYJpBhi13O95Dwn8DHGE9zrMdoRvN8/yu+fVA5xh3s5A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB5719
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-19_11:2020-10-16, 2020-10-19 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 bulkscore=0 clxscore=1015 phishscore=0 priorityscore=1501 malwarescore=0 adultscore=0 mlxscore=0 mlxlogscore=999 impostorscore=0 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010190149
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/XxR603WaJF11LjW40QoSR0qzrVE>
Subject: Re: [Idr] BGP Classful Transport Planes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 22:06:54 -0000

Robert,

Please see inline for some responses.

From: Robert Raszuk <robert@raszuk.net>
Date: Monday, October 19, 2020 at 12:27 AM
To: Kaliraj Vairavakkalai <kaliraj@juniper.net>
Cc: Natrajan Venkataraman <natv@juniper.net>et>, Balaji Rajagopalan <balajir@juniper.net>et>, "idr@ietf. org" <idr@ietf.org>rg>, Shraddha Hegde <shraddha@juniper.net>
Subject: Re: BGP Classful Transport Planes

[External Email. Be cautious of content]

Hi Kaliraj,

Thank you for more comments. Just to finish this little thread:

The new attribute attached to SAFI 76 (BGP-CT) route is a Route-Target extended-community.

Actually I am not sure if overloading RT is the best idea here. Have you considered defining a new extended community instead ?

Yes it is a new extended-community Format/Type. Section 4 describes it:

"Transport Class" Route Target extended community is a transitive
extended community EXT-COMM [RFC4360] of extended-type, with a new
Format (Type high = 0xa) and SubType as 0x2 (Route Target).

We did this, so that there is no collision of these Transport-plane RTs with currently deployed service-plane RTs. If I understand you right, this is what you are suggesting as-well.

Sure you would have to update RTC in such a case, but this seems the only issue.

RTC seems to work with any Route-Target (extended-community with SubType 0x2). We can update RTC to specify that if required.

Note on RTC ... today RTC dynamics are pretty static. You advertise RTs which are locally configured for import. Here we are completely changing this to also advertise RTs which are learned via VPNv4/v6 AF to receive transport overlays. While I am not immediately saying this will trigger more instability I think the dynamics between VPN routes itself and signalling the need for requested colors for tunnels should be differentiated. Since the draft does mention RTC it should at least give a hint to implementers about this.

About RTC dynamics, agree – it could be either via local-configuration or a feedback from VPN service-families, to request SAFI-76 routes for the required PNH, Transport-class. This provides a ‘On Demand Nexthop’ mechanism for the ingress SNs.

Page 11, section “Constrained distribution of PNHs to SNs.” tries to explain this. I will add a note about the change in dynamics.
The ‘mapping community’ is just a new role for a bgp-community. Any community/extended-community can be used as a mapping-community. We re-use existing ext-community “Color extended community” as the mapping-community on service-routes.

+

SAFI-76 itself is at the Transport-layer, so I feel it should not have any CBF related details, which are service-layer level information.


My feedback is that per route coloring is not enough. At least per dst port is needed.

Therefore if you are going via the effort to define a new classful forwarding signalling my suggestion is to make it a bit more useful in practical deployments.

This is a new classful Transport signaling. I think there is a difference. Service-routes, used for Forwarding resolve over Transport-routes. So I still think service-plane information should not be carried in SAFI-76. But if such per-dest-port service/forwarding-routes is carried via some other mechanism, it can resolve over transport-classes built using SAFI-76. I will discuss your suggestion internally to check if I am missing something.
Yes, the RD:PNH/32 or RD:PNH/128 routes will be leaked across all domains. There is no aggregation. And they will be collected in respective transport-ribs, e.g. gold.inet.3, bronze.inet.3 at the SN/BN nodes. Thus, e.g. When a route with mapping-community ‘gold’(Color:0:100) is received, to resolve it’s nexthop, we do the LPM in transport-RIB (gold.inet.3) associated with that transport-class.

Let's see if I understand your proposal here.

Today VPN next hops are advertised across all domains by OSPF. You are you saying that not only those will be distributed by OSPF ... now 1000s of them will also be duplicated and distributed by SAFI-76 as well ?

No. intra-AS distribution will not change. Intra-AS IGP or tunneling-protocol(e.g. RSVP) routes will remain in one domain. They don’t need to be advertised everywhere. That provides better resiliency, by decoupling the domains and confining blast-radius. We do BGP nexthop-self between these loosely coupled domains. That’s the environment we are addressing/presuming in this draft. I will perhaps mention that.

Only the intra-AS tunnel end-points which want to be advertised on inter-domain boundaries, they will be advertised in SAFI-76 with appropriate transport route-target to indicate their class. It is just like redistributing intra-AS tunnels into SAFI-4, here we redistribute them in SAFI-76. And they are received, re-advertised by BNs on adjacent domains, until they reach the ingress-node.

Today all of those advertised by OSPF along with labels carried by LDP or 3107 will be installed into inet.3 (mpls RIB + LFIB) to resolve VPN next hops.

Now for transport class you construct (logically or physically - does not matter) a new class.inet.3 RIBs and LFIBs and "leaking" VPN next hops from SAFI-76 based on their RT membership ?

That is right. However not only SAFI-76 routes, but the intra-AS tunneling-protocol routes (e.g. RSVP/SRTE) will also install ingress routes in class.inet.3. Those intra-AS tunneling protocols are transport-class aware at the ingress-node.

Is that right ? If so I am still not seeing much room for aggregation and LPM there.

OK, there will typically not be anything less specific than /32s in these Transport-RIBs – if that’s what you meant. Because they are tunnel ingress routes, they will be /32s. I just mean to say the nexthop lookup will happen in class.inet.3 instead of inet.3, such that the LPM will pick only a route that belongs to the desired class.
And, these transport-ribs can contain routes from various transport-protocols (RSVP, SRTE, BGP-CT, others). I hope I got your question right.

Feeding transport-ribs is based on the mapping-community. So now do you expect all of those listed transport-protocols to also carry such route target communities ?  If so IMO we clearly should not overload RT semantics with this completely new role.

Feeding transport-ribs is based on Transport Class Route-target. And no, non-BGP transport-protocols don’t carry this RT. They install routes in class.inet.3 by either local configuration (e.g. in RSVP case), or by virtue of mapping the color in their NLRI to a transport-class (SRTE case). E.g. SRTE color 100 maps to Transport-class ID 100. These RSVP/SRTE routes will be installed in class100.inet.3. When they are advertised out in SAFI-76, they will be advertised with Transport-Target:0:100, and on the receiving node, imported into Transport-RIBs class100.inet.3 which is provisioned to import this RT value.

Further, the SAFI-76 routes received in color100.inet.3 will be resolved using intra-AS RSVP/SRTE routes in color100.inet.3 in that receiving domain. Such that end to end, the transport-class 100 SLA is preserved.

Thanks
Kaliraj


Juniper Business Use Only