IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt

"Gaurav Dawra (gdawra)" <gdawra@cisco.com> Wed, 11 October 2017 13:36 UTC

Return-Path: <gdawra@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15490132697 for <idr@ietfa.amsl.com>; Wed, 11 Oct 2017 06:36:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CjvyiUNgecO7 for <idr@ietfa.amsl.com>; Wed, 11 Oct 2017 06:36:02 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E10C132320 for <idr@ietf.org>; Wed, 11 Oct 2017 06:36:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22088; q=dns/txt; s=iport; t=1507728962; x=1508938562; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=jg9APACFWzGND6AoK/x6BHIPSPSOlOsc/cTBNYK2YFQ=; b=LXYMyeYWNaedXfh07Ju/IlIlPZ0kaSgi+6NKCyD+I4nhwplaC9sf6nEB NAELRU9Fc1tbxJfX+e6c1hjt71cBhXZoHDg1ItPFmY5zFnFRQFwdEpXGA CYbCrBftDqEjF0AerfyD36dPt4miW/L6dRSm8RBsWbxYl7R38F7nhdhUo o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DoAQBSHd5Z/5hdJa1eGQEBAQEBAQEBAQEBBwEBAQEBgm9sZG4nB4NzmUuBdpBwhT8OggQKJ4UUAhqEQ0AXAQIBAQEBAQEBayiFHQEBAQEDI1YQAgEIEQMBAigDAgICMBQJCAIEAQ0FiUBkEKlagicniw0BAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYMtggeBUYFqK4J/hG0BLgkWAoJbL4IyBYooiQSOEQKHXI0LghSQe4odixkCERkBgTgBIAE2gQ54FVsBhwp2AYk5gREBAQE
X-IronPort-AV: E=Sophos;i="5.43,361,1503360000"; d="scan'208,217";a="306487958"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2017 13:36:00 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v9BDa0vu003357 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 11 Oct 2017 13:36:00 GMT
Received: from xch-rtp-012.cisco.com (64.101.220.152) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 11 Oct 2017 09:35:59 -0400
Received: from xch-rtp-012.cisco.com ([64.101.220.152]) by XCH-RTP-012.cisco.com ([64.101.220.152]) with mapi id 15.00.1320.000; Wed, 11 Oct 2017 09:35:59 -0400
From: "Gaurav Dawra (gdawra)" <gdawra@cisco.com>
To: Nandan Saha <nandan@arista.com>, Eric C Rosen <erosen@juniper.net>
CC: "idr@ietf.org" <idr@ietf.org>, stefano previdi <stefano@previdi.net>
Thread-Topic: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt
Thread-Index: AQHTQpXfxOaLkPoUnE+FtntNdjpukA==
Date: Wed, 11 Oct 2017 13:35:59 +0000
Message-ID: <A6BFC862-15A2-4D41-8C3F-05B8F6D25B47@cisco.com>
References: <149824800169.17379.9099679082498238196@ietfa.amsl.com> <CAE+itjf-1OPtKbADxAVft5+XufAWo3ebbXsamS+Mpt_2cTwzzg@mail.gmail.com> <CAB3683F-D029-4387-86A6-382E61A51ACD@previdi.net> <CAE+itjd1mE7_a+SA=dBhGrJNtcGWt1WTiRddTsEC4vp=COdOLQ@mail.gmail.com> <CAE+itjcuxbNHrwVq4wcgBC11rX=PwYUsvm3su5Axwko3X1beZw@mail.gmail.com> <CAE+itjcJK8TcszPyTto4ZfXz4LHr3Z9i9PbkuePHOWsuufPfzg@mail.gmail.com> <65dbb5ba-9589-09a6-8093-f5f7e72fc5f7@juniper.net> <CAE+itjfPqspXw7mP0R3ZXWKgwAf91oUn2N9L6ZhQQ8S9jTRHdw@mail.gmail.com>
In-Reply-To: <CAE+itjfPqspXw7mP0R3ZXWKgwAf91oUn2N9L6ZhQQ8S9jTRHdw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.25.0.170815
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.102.102]
Content-Type: multipart/alternative; boundary="_000_A6BFC86215A24D418C3F05B8F6D25B47ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ZOVZrXBYsgja58xzGjM0jdgfC5o>
Subject: Re: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2017 13:36:06 -0000

Nandan,

Inline <Gaurav>

Regards,

Gaurav

From: Idr <idr-bounces@ietf.org> on behalf of Nandan Saha <nandan@arista.com>
Date: Monday, October 9, 2017 at 8:39 PM
To: Eric C Rosen <erosen@juniper.net>
Cc: "idr@ietf.org" <idr@ietf.org>, stefano previdi <stefano@previdi.net>
Subject: Re: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt

Hi Eric,

On Tue, Oct 10, 2017 at 1:46 AM, Eric C Rosen <erosen@juniper.net<mailto:erosen@juniper.net>> wrote:
On 10/6/2017 10:38 AM, Nandan Saha wrote:
5. Conflicting mandate for malformed NLRI handling.
In section 4.2.1 of this draft, the first bullet point's 2nd sentence is
<<<
If the NLRI is not one of the legal lengths, a router
      supporting this document and that imports the route MUST consider
      it to be malformed and MUST apply the "treat-as-withdraw" strategy
      of [RFC7606]
>>>
Where as the last sentence in section 4.2.1 is
<<<
A unacceptable SR Policy update that has an invalid NLRI portion MUST
   trigger a reset of the BGP session
>>>
Can the draft be updated to simply remove the reference to treat-as-withdraw in the first statement since one cannot withdraw a NLRI if one cannot parse it; and also because it conflicts with the 2nd mandate.

You do not want to trigger a reset of the BGP session unless the UPDATE is so mangled that you can't  continue to parse the TCP octet stream.
If the UPDATE is well-formed, but the NLRI is not one of the two legal lengths (12 or 24), treat-as-withdraw is appropriate.
To do a treat-as-withdraw, the receiver needs to be able to parse the NLRI to extract the 3-tuple of {distinguisher, color, endpoint}. It cannot remove the policy from it's adj-Rib-in otherwise, as it's keyed on the 3-tuple.
If the NLRI length < the valid length, then it's impossible to extract a valid 3-tuple.
If the NLRI length > the valid length, then should the receiver extract upto the valid length?
In the general case rfc7606 section 3, point j, mentions that one needs to be able to parse the NLRI to be able to do treat-as-withdraw.
<Gaurav>
This is correct. Will work to reword this and perhaps reference to session reset should be removed.


Probably the sentence about triggering a reset of the BGP session can be omitted, since that is only necessary when the UPDATE is totally mangled, and in that case it is normal BGP behavior and nothing particular to do with the SAFI being discussed.
1. Behavior when only one of Color / Remote end point sub-tlv is present in the Tunnel encap tlv.
  Should the match on either color or remote end point be done for acceptance? For example the color sub-tlv is present, but the remote end point isn't. So the color of the color sub-tlv must match the color in the NLRI. Or should the condition for matching of color / remote end point be done only if both color and remote end point are present.

2. What is the rationale for including remote end point / color sub tlvs in the tunnel encap tlv.
  The NLRI already has the color and endpoint. Why is there an option to also include a end point and color in the tunnel encap tlv and then have to make sure it matches the NLRI?

I believe the Remote Endpoint is mandatory, according to the tunnel-encaps draft.  (There has been some controversy on this point though.)
The color sub-tlv is not mandatory, but you can't really stop someone from including it.

The purpose of these rules is to cause a policy to be rejected if it contains contradictory information.
For a receiver of an update with the sr te safi and sr policy tunnel encap tlv, the source of truth for the end point and color is in the NLRI. So the endpoint and color in the tunnel tlv doesn't add any new information. In fact, in the draft today the _only_ thing a receiver has to do with the color and endpoint in the tunnel encap tlv is to compare against the NLRI.
To me, it seems that things would be much simpler to simply ignore the contents of the color and remote endpoint sub tlvs as that information is already in the NLRI.
<Gaurav> Will work with Authors to perhaps clarify this further. These sub-TLVs MAY be present and if present MUST be compared.
>>>>
   The Remote Endpoint and Color sub-TLVs, as defined in
   [I-D.ietf-idr-tunnel-encaps<https://tools.ietf.org/html/draft-previdi-idr-segment-routing-te-policy-07#ref-I-D.ietf-idr-tunnel-encaps>], MAY also be present in the SR Policy
   NLRI encodings.  If present, the Remote Endpoint sub-TLV MUST match
   the Endpoint of the SR Policy SAFI NLRI
<<<<<

Cheers,

Gaurav

Thanks,
Nandan

v2.23.0 | Report a Bug | By Email