Re: [Idr] draft-chen-bgp-redist-01.txt

Gyan Mishra <hayabusagsm@gmail.com> Fri, 02 July 2021 01:27 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBEAD3A1363 for <idr@ietfa.amsl.com>; Thu, 1 Jul 2021 18:27:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNz0i0bALDRq for <idr@ietfa.amsl.com>; Thu, 1 Jul 2021 18:27:03 -0700 (PDT)
Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43C8A3A135D for <idr@ietf.org>; Thu, 1 Jul 2021 18:27:03 -0700 (PDT)
Received: by mail-pg1-x531.google.com with SMTP id w15so7980281pgk.13 for <idr@ietf.org>; Thu, 01 Jul 2021 18:27:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JWToymOZVELf+3oP1IQfJYnM8qEYos65pPUa0uQwcfU=; b=b3m2SlwSkIMlPn+JESXxXomhT/4VhlG8gTpyQnVuQNWSqreN9GcZlszcR7v22Ne1H5 6VZJLO/7yPVtmIkqes7WtkYH3jM+fAC3U2Gc+LRHd6zF/Q0h7VYfZE9yC5c9X6klJ4Ap OWaTRTsMm8e9/7Xr3N9TUDep0RIbX2/19I4UjwedKx4BHJ4Rix6xPyj5H4rlXF94tdV6 hkGXMvAz5LEyKxR+ZbfWUgf1/TwWmgF8iYdK/6dc96A2WNh0PhsrvUzK81yekqCTc632 muGfEbiwFJEOZTMWEidDiThu3B6snGMR8BL5sKJVkAZZ+Dc5i1P9SU1vS2/+4p3iR5xx jxrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JWToymOZVELf+3oP1IQfJYnM8qEYos65pPUa0uQwcfU=; b=FLb1RmA9g16etJRfCS2RJWJuR7/B1aMbOdKUzNc3ENmDkRSljxuQiyQRAM0eWSsxCO lLUVewErLPyHOhZKzCuEOO3rlJW32ImCdzMKw4huQrziuO4BTUT0M2bB6lZoT2y846pd eRmBYbjothX6KqmTbYCvwxipErnXcdwk3/tkQdgm4i/+lhDWS5BvS9mIk/lnlwXKzl6P DcPNGB2vvYHwE3SrD/KGivMaUVZlbKULNpd7sPJ6yg6mJ370VjXBAj6CpxBBtqPC1zSO rOQ45IlfQcGzKdT+e2iAB7jMJWlxuOdhKPXfPtm3A6O6HUlq0hlacP5Dcrd+kMuZiP9G tAOA==
X-Gm-Message-State: AOAM530PIxexHqDhwJJsnlGKSuiIj85+rDb+AwZ5xvDR7LuIRiyqFA1A Ij0FAB75zKZJWkwan2PaD2qwe+FZR+iObUUd8dI=
X-Google-Smtp-Source: ABdhPJx1VxaTUEaFlDwEa0d7P5bslIWsJ076UsKSPv8lfNioyxlgWYuoit2PIR9ogvrs1aWOqIv1rESHUyQJF2eXgg0=
X-Received: by 2002:a05:6a00:1993:b029:30a:b043:b27a with SMTP id d19-20020a056a001993b029030ab043b27amr2590311pfl.4.1625189221825; Thu, 01 Jul 2021 18:27:01 -0700 (PDT)
MIME-Version: 1.0
References: <CANJ8pZ_2yk666tSca818-e0YdziKjK3dMqhopOtYAP3vKXTEmQ@mail.gmail.com> <CAOj+MME5zZeZDnhpfivbdKj00JwBzi9rjMmzBXxE_fFqkxEVpA@mail.gmail.com> <CANJ8pZ9Und3fF324tzTAkhrMFV0MZfhHYfZussiYSCNUx-n_Hw@mail.gmail.com> <CABNhwV3BXk=+fuxVSg_9j+u+5Ffr+NQGE9P75NCPpTaUr5LqYQ@mail.gmail.com> <CAOj+MMFxM_yvrPDEyQ+dpO7ZxoiQKa0DE4ZQf763Cuidj76QXg@mail.gmail.com> <CABNhwV1q-H1pSypWCvA9VKXBZZTfM3nQNPktjbmbN0D=VSXpBw@mail.gmail.com> <CABNhwV29-t-N6EMmJQzOairgTB5jsPX1h6Q0e+akEgiA2cUpQg@mail.gmail.com>
In-Reply-To: <CABNhwV29-t-N6EMmJQzOairgTB5jsPX1h6Q0e+akEgiA2cUpQg@mail.gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Thu, 1 Jul 2021 21:17:37 -0400
Message-ID: <CABNhwV1QAR8qHdP+rSTOk3eRU5A5tMAfWFFyqXYPQteHtoNyBg@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Enke Chen <enchen@paloaltonetworks.com>, Jenny Yuan <jyuan@paloaltonetworks.com>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/related; boundary="00000000000042a1ee05c619da6e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Z5XBCMLV4RPRhy38z5FsRgBzd_o>
Subject: Re: [Idr] draft-chen-bgp-redist-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2021 01:27:09 -0000

>From a network design POV, in general within a an IP transit AS their is no
need to redistribute BGP into IGP unless their are non BGP speaking routers
within the network.

As for sourcing routes into BGP advertisement from a customer edge best
practice is to originate the advertisement as close to the source routers
as possible, and if it’s a summary then use a network statement and if LPM
routes are required then redistribution of IGP into BGP via policy is the
best way but also as close to the source of the prefixes.

>From a core perspective IP or MPLS it is common to redistribute connected
or IGP into BGP global table still separate from customer traffic in SP
operator core where MPLS any-any VPN VRF is used to carry Internet traffic
and in that case the NOC may sit in the Internet VRF and NMS systems need
telemetry access back to the global table.


Kind Regards

Gyan

On Thu, Jul 1, 2021 at 8:56 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:

>
> Hi Enke
>
> I am still trying to understand the need for this draft.
>
>
> Their are two main methods to locally originate routes into BGP done at
> the customer edge which is via redistribution or network statement.  When
> you redistribute routes into BGP the origin flag is set to incomplete.
> When you use a network statement with exact match of prefix installed in
> the RIB, the route origin changes to IGP origin.   The pecking order for
> Orgin is EGP, IGP, Incomplete so if the routes is also advertised via
> network statement and redistribution by two different ASBR the best path
> selection will converge on the best path IGP origin via network statement
> over redistribution.  Maybe that is the intention of the draft to prefer
> incomplete over IGP origin and that can be set via policy as well so that
> both are equal so load balancing can occur.
>
> At the bottom of page 2 below is stated as the premise for this draft.
>
> Currently the admin-distance does not play any role in BGP route
> selection.
>
>
> I disagree.  Indeed AD plays an important role in redistribution or locally sourcing of prefixes into BGP advertisement.  All vendor implementations do this the same way and that is that only the lowest AD source
>
> Of a particular prefix is what is installed onto the RIB and FIB.  So when doing either a redistribution or using network statement exact match to source local routes into a BGP advertisement only the prefixes installed in the RIB that match exactly via network statement or if you have a redistribution policy matches the prefix and source protocol for the route being redistributed.
>
>
> Let’s say you have a redistributing OSPF into BGP however their is a static route exact match for the prefix you want to redistribute that matches your redistribution prefix list
>
> however as OSPF has AD 110 and static had AD 1 default and if you are trying to redistribute ospf into BGP the redistribution will not work since the RIB has the static route as the source for the prefix installed in the RIB.
>
>
> Example of how AD plays an important role in how redistribution can or may not occur properly due to AD of the protocol sourcing the prefix
>
> And the protocol being redistributed must match or the redistribution will fail.
>
>
> I have noticed one issue with both redistribution and network statement which is problematic is that the IGP metric is passed into BGP as MED which is higher in the BGP best path selection which can result in sub optimal routing.  The workaround is to reset MED to 0 with a policy.
>
>
>
> Kind Regards
>
>
> Gyan
>
>
> On Thu, Jul 1, 2021 at 8:23 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:
>
>>
>> The main protocols are BGP, OSPF, ISIS, Static
>>
>> Juniper
>>
>>
>> https://www.juniper.net/documentation/en_US/junose15.1/topics/task/configuration/ip-route-administrative-distance-configuration.html
>>
>> Route Source
>>
>> Default Distance
>>
>> Connected interface
>>
>> 0
>>
>> Static route
>>
>> 1
>>
>> Internal access route
>>
>> 2
>>
>> Access route
>>
>> 3
>>
>> External BGP
>>
>> 20
>>
>> OSPF
>>
>> 110
>>
>> IS-IS
>>
>> 115
>>
>> RIP
>>
>> 120
>>
>> Internal BGP
>>
>> 200
>>
>> Unknown
>>
>> 255
>>
>>
>> Cisco
>>
>>
>> https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html
>>
>>
>> Route SourceDefault Distance Values
>> Connected interface 0
>> Static route 1
>> Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5
>> External Border Gateway Protocol (BGP) 20
>> Internal EIGRP 90
>> IGRP 100
>> OSPF 110
>> Intermediate System-to-Intermediate System (IS-IS) 115
>> Routing Information Protocol (RIP) 120
>> Exterior Gateway Protocol (EGP) 140
>> On Demand Routing (ODR) 160
>> External EIGRP 170
>> Internal BGP 200
>> Unknown* 255
>>
>>
>>
>> On Thu, Jul 1, 2021 at 2:54 PM Robert Raszuk <robert@raszuk.net> wrote:
>>
>>> Gyan,
>>>
>>> > My understanding is by default most all implementations that I know of
>>> for example Cisco & Juniper which have use identical default AD
>>>
>>> Can you provide source(s) of your above information ?
>>>
>>> To the best of my knowledge they are quite different ...
>>>
>>> Cisco:
>>>
>>> [image: image.png]
>>>
>>> Juniper:
>>>
>>> [image: image.png]
>>>
>>> Except connected I do not see much of "identical default AD"
>>>
>>> And that is as the draft says especially important when your intention
>>> is to control active - backup paths for a given net.
>>>
>>> Thx,
>>> R.
>>>
>>>
>>> On Thu, Jul 1, 2021 at 8:02 PM Gyan Mishra <hayabusagsm@gmail.com>
>>> wrote:
>>>
>>>>
>>>> Hi Enke
>>>>
>>>> My understanding is by default most all implementations that I know of
>>>> for example Cisco & Juniper which have use identical default AD,
>>>> redistribution of the route only occurs from the source protocol that is
>>>> being redistributed for example static versus OSPF or ISIS based on AD.
>>>>
>>>> So if you have multiple protocols redistribution into BGP, the source
>>>> protocol with the lowest AD is what is inserted into the default RIB/FIB
>>>> and its that specific route from the source protocol that is redistributed
>>>> into BGP.   All implementations that I know of work that way.
>>>>
>>>> I don’t see any issue with deterministic redistribution as exists today
>>>> with implementations.
>>>>
>>>> Normally you are only running one IGP but let’s say you are running
>>>> OSPF and ISIS and you have a Juniper and Cisco ASBR redistribution into
>>>> BGP, as OSPF has default AD 110, the OSPF prefix would be inserted into the
>>>> Default RIB and redistributed into BGP.  Let’s say you set AD for ISIS down
>>>> to 90 and now the ISIS route is inserted into the RIB and now both Juniper
>>>> and Cisco ASBR Will redistribute the ISIS route into BGP.
>>>>
>>>> I am not seeing the issue that you are trying to solve.
>>>>
>>>> Kind Regards
>>>>
>>>> Gyan
>>>>
>>>> On Wed, Jun 30, 2021 at 3:19 AM Enke Chen <enchen@paloaltonetworks.com>
>>>> wrote:
>>>>
>>>>> Hi, Robert:
>>>>>
>>>>> 1) Usually the default admin-distance is configurable. Having the same
>>>>> admin-distance across implementations would certainly make things simpler,
>>>>> but that is not required. What matters is the local_pref value for the
>>>>> redistribute backup route:
>>>>>
>>>>>             local_pref = default_local_pref - delta;
>>>>>
>>>>> It needs to be in the right order (relatively) for the "role" the
>>>>> route is supposed to play.
>>>>>
>>>>> It's a good question. We will try to clarify it in the next revision.
>>>>>
>>>>> 2) Certainly it would work if we define the "delta" (or "local_pref")
>>>>> for the redistributed route based on its role (e.g., primary, secondary,
>>>>> tertiary). But extra config would be needed for specifying the "role".  The
>>>>> algorithm described in the draft does not require additional config other
>>>>> than the existing "admin-distance".  When more than two paths are involved
>>>>> in a multi-vendor environment, the admin-distance needs to be carefully
>>>>> assigned in order to get the desired local_pref value.
>>>>>
>>>>> Thanks.   -- Enke
>>>>>
>>>>> On Tue, Jun 29, 2021 at 1:05 PM Robert Raszuk <robert@raszuk.net>
>>>>> wrote:
>>>>>
>>>>>> Hi Enke,
>>>>>>
>>>>>> How do you assure that admin distance is the same or delta would be
>>>>>> the same across implementations ?
>>>>>>
>>>>>> Looking at say junos I see quite different values then when comparing
>>>>>> with other implementations ...
>>>>>>
>>>>>>
>>>>>> https://www.juniper.net/documentation/en_US/junos/topics/reference/general/routing-protocols-default-route-preference-values.html
>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.juniper.net_documentation_en-5FUS_junos_topics_reference_general_routing-2Dprotocols-2Ddefault-2Droute-2Dpreference-2Dvalues.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=GOhXjwEf1z0GAfIQVgVAc4sHvcAog6czTO30VhKwzQk&e=>
>>>>>>
>>>>>> Would it be simpler to define here verbatim what the local pref
>>>>>> should be for redistributed routes ? Then at least those could be used as
>>>>>> default local pref values unless overwritten by operator's policy during
>>>>>> redistribution.
>>>>>>
>>>>>> Thx,
>>>>>> Robert
>>>>>>
>>>>>>
>>>>>> On Tue, Jun 29, 2021 at 7:14 PM Enke Chen <
>>>>>> enchen@paloaltonetworks.com> wrote:
>>>>>>
>>>>>>> Hi, Folks:
>>>>>>>
>>>>>>> Apologies for the very long delay in updating the draft:
>>>>>>>
>>>>>>>        https://datatracker.ietf.org/doc/draft-chen-bgp-redist/01/
>>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dchen-2Dbgp-2Dredist_01_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=IBn3kTJmGrWISvSq8L3M9GLLamXIqw7t2PvEdtvhmos&e=>
>>>>>>>
>>>>>>> The issue still exists, and shows up from time to time. The revised
>>>>>>> version provides a complete solution that covers the use cases involving a
>>>>>>> single router as well as multiple routers in a network.
>>>>>>>
>>>>>>> Your review and comments are welcome.
>>>>>>>
>>>>>>> Thanks.   -- Enke
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Idr mailing list
>>>>>>> Idr@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/idr
>>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=O1wpTf7XmDmE4-mQGDJ9YNEx2UVZW-k1meY3fd-tQrE&e=>
>>>>>>>
>>>>>> _______________________________________________
>>>>> Idr mailing list
>>>>> Idr@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/idr
>>>>>
>>>> --
>>>>
>>>> <http://www.verizon.com/>
>>>>
>>>> *Gyan Mishra*
>>>>
>>>> *Network Solutions A**rchitect *
>>>>
>>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>>
>>>>
>>>>
>>>> *M 301 502-1347*
>>>>
>>>> --
>>
>> <http://www.verizon.com/>
>>
>> *Gyan Mishra*
>>
>> *Network Solutions A**rchitect *
>>
>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>
>>
>>
>> *M 301 502-1347*
>>
>> --
>
> <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions A**rchitect *
>
> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>
>
>
> *M 301 502-1347*
>
> --

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *

*Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*



*M 301 502-1347*