IETF Logo Mail Archive

Re: [Idr] New Version Notification for draft-wang-idr-rd-orf-03.txt

Gyan Mishra <hayabusagsm@gmail.com> Tue, 01 September 2020 03:39 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5B163A097A for <idr@ietfa.amsl.com>; Mon, 31 Aug 2020 20:39:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6K07cJ78XWW for <idr@ietfa.amsl.com>; Mon, 31 Aug 2020 20:39:25 -0700 (PDT)
Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E30473A0978 for <idr@ietf.org>; Mon, 31 Aug 2020 20:39:24 -0700 (PDT)
Received: by mail-vk1-xa30.google.com with SMTP id h23so7410vkn.4 for <idr@ietf.org>; Mon, 31 Aug 2020 20:39:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=f9UFJQ8bcMGyaL4OcEiz/nJZnVFH5WYdILa/GsZQgYI=; b=Kq5g5iD781beOCk10aFiYc84qZDZTiP2R2Kx38k2+jJRQd6Q/y/Q+oE8jgi3+ENXzZ tZtKcc2yJPA+5cdayUU+miSBW7AOK1pUjcPByR8LmuoWX+BVjtq769H6DS6gzDRtpHNC i8i5KJnj0nktsLfF5egMZ2OPytkDKvHv6lWPuAoOpdbRtM7AOYTsDS91H0xtpx+TcUJw 20MDJmAuCYpUeKhgKIZJUevCmPsTczR474ZnO0vyjlynhwVUDi03eQ4BGnoWoYlw28xd gdxGYREVSLQkKJf3JYx6qEhRu/jV7jrcuDq8nSGVRLjTZvU58QKn4Vp/Xe0D+jseoO6j VURw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=f9UFJQ8bcMGyaL4OcEiz/nJZnVFH5WYdILa/GsZQgYI=; b=RzDjjhgx33S1nJDG6TukY1k7DXDSl/8smP1Ty5o+TVTLvauJfRsIjzPOxD1SUyNZh4 67JwKgZ+VPvHAm8Jyoo0MbUrG1t3jbaKoh1wCuOrkISUqAgu0C2g8SLp180DCwrI3Son CzaWjqBFEUc8AXPRktX0+lvwzLhwIa03U8mIKvSm+VzGgAM+/MXwXtCFYkxZoWpgCvCp /dYRO6yQsKrY87vs7xesOx8To2WoEz9tBOHvYGicSOzf57zD7ocdsjXP/X513DEvt+PQ zrGF4KY+0IfnPWocW9VC+do/SQZaFXwkJPPwpchICFKz/deeUklUbDL+r+p/SE61vQ49 NbYQ==
X-Gm-Message-State: AOAM530/tWVTkRpPRn1vsabjbMyI2FlZogFVxERyfhwzJSTovWASxpIL XwkwzzVChGojORkWoX0uMyiZRmXom4Kt1lAFGJWHWTDBJUdLWg==
X-Google-Smtp-Source: ABdhPJyN6Ky5vTgYD16it8xqxyYlJSRB5X1WqbKeyMfSgrgzJY+6p5wdGZ5eyQ95Q4NQln+02xt+KigTDC+a9+K3n58=
X-Received: by 2002:a1f:a596:: with SMTP id o144mr3357881vke.39.1598931563830; Mon, 31 Aug 2020 20:39:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAOj+MMGEYytQwVY2veXx8tfvw5OWfHP7x7WSL0186d90oO-+Jw@mail.gmail.com> <F8A05AF7-DA78-4F32-8539-EA80722F9272@tsinghua.org.cn> <CAOj+MMF2kBcdN8PLzLYjNduKw4CZqrPsL6XdtygxJVczOM0Dkw@mail.gmail.com>
In-Reply-To: <CAOj+MMF2kBcdN8PLzLYjNduKw4CZqrPsL6XdtygxJVczOM0Dkw@mail.gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 31 Aug 2020 23:38:57 -0400
Message-ID: <CABNhwV1WFa1qcgdT6HKdwxfg=wyeFPJ8vEs-AjLjJhnrO4V=-A@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Aijun Wang <wangaijun@tsinghua.org.cn>, idr <idr@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e1e19505ae3843bf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ZBE4gEthZ5qDFZfc-yc-5EMICpI>
Subject: Re: [Idr] New Version Notification for draft-wang-idr-rd-orf-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2020 03:39:27 -0000

On Fri, Aug 28, 2020 at 8:47 AM Robert Raszuk <robert@raszuk.net> wrote:

> Hi Aijun,
>
>
>> [WAJ] Inter-AS B/C or AB. Not Option A
>>
>> RTC can be deployed in all inter-as options.
>
> All you need is to add one RT per VRF and you are done.
>>
>> [WAJ] Which RT will you add? Can you forecast which RT will cause the
>> overwhelming VPN routes?
>>
>
> You would add RT numerically identical to your local VRF RD. You will not
> use it for import. You will *only* use it to signal which src VRF is
> "overwhelming" your network and such routes will be filtered at src.
> Exactly as you are asking.
>

    Gyan> Understood so similar additive RT used traditionally for bleeding
routes or hub/spoke style have the VRFs on each PE have a 2nd RT defined on
each VRF defined on each VRF on each PE.  So that 2nd RT would represent
all routes in the VRF, same as the first RT, so it would filter at RT level
all routes within a VRF and not source PE originating the routes as would
happen with RD-ORF at RD source PE originating the flood.  Another idea
would be difficult but you could match on a special standard flood
communities created or match on prefixes for the 2nd RT so the 2nd RT now
represents all routes being sourced from the PE that is causing the flood.
This would be a very manual process but once you have the 2nd RT defined to
represent the locally originated routes from each PE you can now apply and
RT import policy on any PE to block the trashing routes.  Imagine if you
have 1000s of VPNs defined on each PE.  Quite complicated.

>
> [WAJ] Welcome your other comments. Please do not loop around RTC(we have
>> explained several times, also in updated draft. Please see
>> https://tools.ietf.org/html/draft-wang-idr-rd-orf-03#section-1
>>
>
>    1) Route Target Constraint
>
>
>
>    RTC can only filter the VPN routes from the uninterested VRFs, if the
>
>    "trashing routes" come from the interested VRF, filter on RTs will
>
>    erase all prefixes from this VRF.
>
>
> Your explanation is incorrect or at best incomplete. You can use RT as any
> other community to color the routes.  Export RT and import RT are
> completely independent functionality.
>
> To reiterate: you export your routes with one additional RT (equal to
> local RD). You import routes as today - no change. So when some imported
> routes are detected to be "overwhelming" you just take the new RT and
> signal it with RTC to stop src (or RR) sending those to you in EXACTLY same
> way you would use RD for such filtering.
>


   Gyan> I think what Aijun was trying to say which needed rewriting of the
verbiage is that by default all all PEs have “RT Filtering” enabled by
default so if you don’t have an explicit import on an RT the PE drops the
vpn prefixes coming from the RR.  So RTC is quite powerful in that it can
be more efficient and optimized as far as RT distribution graph with the RT
membership ORF rib-out on PE-RR intra-as instead of advertising all what
Aijun called “uninteresting” RTs in the reverse direction the RR only
advertises the RTs being imported on the PEs.  Intra-AS RTC cuts down on
default all RT advertisements and it most advantageous in sparse RT
distribution graph.  RTC can also be very handy inter-as as well as we have
agreed which allows the inter as options B and AB and even some cases C to
be more plausible between administrative domains using the RTC membership
to cut down on advertisement of RTs not being imported between domains.  So
with this draft RD-ORF provides a layer of granularity at the RD origin PE
advertising the flood of prefixes layer and can be deployed both inter and
intra domain.  This makes the inter-as option B and C more viable between
administrative domains.  Option AB does have resolves the Option A BGP
control plane scalability issue but with the added separation of data plane
isolation in this AB hybrid model it requires having an interface or sub
interface per VRF so that does become challenging if you have 1000s of
VPNs.  So this draft along with use of RTC and all other controls in place
makes Option B and C viable as now you have that origin PE RD offender
granularity to mitigate floods.

>
> It is so basic ...
>
> Cheers,
> R.
>
>
> _______________________________________________
>
> Idr mailing list
>
> Idr@ietf.org
>
> https://www.ietf.org/mailman/listinfo/idr
>
> --

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *



*M 301 502-134713101 Columbia Pike *Silver Spring, MD

v2.23.0 | Report a Bug | By Email