IETF Logo Mail Archive

Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24) - 1 week extension to answer questions [4/25/22 to 5/2/22]

Zhuangshunwan <zhuangshunwan@huawei.com> Mon, 09 May 2022 10:21 UTC

Return-Path: <zhuangshunwan@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E732C159525 for <idr@ietfa.amsl.com>; Mon, 9 May 2022 03:21:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.886
X-Spam-Level:
X-Spam-Status: No, score=-1.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mmjDoFCY7rFP for <idr@ietfa.amsl.com>; Mon, 9 May 2022 03:21:31 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61B2BC14F745 for <idr@ietf.org>; Mon, 9 May 2022 03:21:30 -0700 (PDT)
Received: from fraeml734-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4KxcZ66GVHz67D4J; Mon, 9 May 2022 18:18:06 +0800 (CST)
Received: from kwepemi500001.china.huawei.com (7.221.188.114) by fraeml734-chm.china.huawei.com (10.206.15.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 9 May 2022 12:21:26 +0200
Received: from kwepemi500002.china.huawei.com (7.221.188.171) by kwepemi500001.china.huawei.com (7.221.188.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 9 May 2022 18:21:24 +0800
Received: from kwepemi500002.china.huawei.com ([7.221.188.171]) by kwepemi500002.china.huawei.com ([7.221.188.171]) with mapi id 15.01.2375.024; Mon, 9 May 2022 18:21:24 +0800
From: Zhuangshunwan <zhuangshunwan@huawei.com>
To: Ketan Talaulikar <ketant.ietf@gmail.com>, "idr@ietf.org" <idr@ietf.org>
CC: Susan Hares <shares@ndzh.com>
Thread-Topic: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24) - 1 week extension to answer questions [4/25/22 to 5/2/22]
Thread-Index: AQHYXpdj7CFYQt+6M0OmpECyVSE7FK0WXGjQ
Date: Mon, 09 May 2022 10:21:24 +0000
Message-ID: <684a0afbd7ed4adaa336a871f2494a27@huawei.com>
References: <BYAPR08MB48721393120F1BF32AF4A4D7B3F89@BYAPR08MB4872.namprd08.prod.outlook.com> <956aaaae4c374415861432046e83086d@huawei.com> <7429cd0931bf4aab85c636fa41218b88@huawei.com> <CAH6gdPzRTR5NQ9S+6RfTXmr+Qkk3CT7O1aZotF9LiuPhZfN9UA@mail.gmail.com>
In-Reply-To: <CAH6gdPzRTR5NQ9S+6RfTXmr+Qkk3CT7O1aZotF9LiuPhZfN9UA@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.166.203]
Content-Type: multipart/alternative; boundary="_000_684a0afbd7ed4adaa336a871f2494a27huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/_3kT5CvXZQbh_QjFxuXVnCZwQIs>
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24) - 1 week extension to answer questions [4/25/22 to 5/2/22]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2022 10:21:35 -0000

Hi Ketan & WG,

We (co-authors) have post a new version to address the comments received. Thanks for everyone's comments and suggestions!
Please help to confirm whether the comments have been resolved, and more comments and suggestions are welcome!


Best Regards,

Shunwan



-----Original Message-----
From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org
Sent: Monday, May 9, 2022 5:54 PM
To: i-d-announce@ietf.org
Cc: idr@ietf.org
Subject: I-D Action: draft-wang-idr-bgp-ifit-capabilities-05.txt





A New Internet-Draft is available from the on-line Internet-Drafts directories.

This draft is a work item of the Inter-Domain Routing WG of the IETF.



        Title           : BGP Extension for Advertising In-situ Flow Information Telemetry (IFIT) Capabilities

        Authors         : Giuseppe Fioccola

                          Ran Pang

                          Shunwan Zhuang

                          Hiabo Wang

        Filename        : draft-wang-idr-bgp-ifit-capabilities-05.txt

        Pages           : 10

        Date            : 2022-05-09



Abstract:

   This document defines extensions to BGP [RFC4271] to advertise the

   In-situ Flow Information Telemetry (IFIT) capabilities.  Within an

   IFIT domain, IFIT-capability advertisement from the tail node to the

   head node assists the head node to determine whether a particular

   IFIT Option type can be encapsulated in data packets.  Such

   advertisement would be useful for mitigating the leakage threat and

   facilitating the deployment of IFIT measurements on a per-service and

   on-demand basis.







The IETF datatracker status page for this draft is:

https://datatracker.ietf.org/doc/draft-wang-idr-bgp-ifit-capabilities/



There is also an htmlized version available at:

https://datatracker.ietf.org/doc/html/draft-wang-idr-bgp-ifit-capabilities-05



A diff from the previous version is available at:

https://www.ietf.org/rfcdiff?url2=draft-wang-idr-bgp-ifit-capabilities-05





Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts





_______________________________________________

I-D-Announce mailing list

I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>

https://www.ietf.org/mailman/listinfo/i-d-announce

Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


From: Ketan Talaulikar [mailto:ketant.ietf@gmail.com]
Sent: Tuesday, May 3, 2022 10:41 AM
To: Zhuangshunwan <zhuangshunwan@huawei.com>
Cc: Susan Hares <shares@ndzh.com>; idr@ietf.org; wangyali@hauwei.com; zhuangshunwan@hauwei.com; guyuan@huawei.com; pangran@huawei.com
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24) - 1 week extension to answer questions [4/25/22 to 5/2/22]

Hi Shunwan,

Thanks for your responses to Sue's questions as well as the discussions during the WG adoption. It would be great if the authors would post a version that incorporates all the changes and clarifications that came out of the discussion (as also mentioned by you below). This would enable some of us that had concerns to re-review the document and respond if our (blocking IMHO) concerns have been addressed.

Thanks,
Ketan

PS: If the authors prefer the NH capability solution, then please just remove the other one from the document. It will keep the draft focused. Just a suggestion ...


On Sun, May 1, 2022 at 8:09 PM Zhuangshunwan <zhuangshunwan=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote:
Hi Sue and WG,

Thank you all for giving us a lot of useful input on this work!
Regarding the following 3 questions, our answers are as follows:

1)  IFIT deployment modes include node-level, tunnel-level, and service-level. While the current requirement is to provide IFIT deployment at service-level, since different services have different IFIT requirements. The node-level and tunnel-level have also been considered, but they cannot meet the current requirements. With the service-level solution, different IFIT modes can be deployed for different VPN services.

2) When all devices are upgraded to support IFIT, the hop-by-hop mechanism is suitable.
In the current stage where new and old devices are deployed together, we must first ensure that the tail-end node can properly decapsulate the IFIT shim header, so we need head-end/tail-end way.
Further, different services on the egress node have different IFIT requirements, so the head-end/tail-end way is always required.
Hop-by-hop mechanisms and head-end/tail-end can be used together without conflict.

3) In actual deployment, whether it is Transitive or non-Transitive, the extended community attributes are controlled hop-by-hop via CLI (knob), and there is almost no possibility of the extended community attributes leaking into the Internet routing table.  In this draft, the Extended Communities will be explicitly defined as non-transitive.

In the next version, we will prefer the NextHop Capability solution and move the extended community attributes to the appendix.

Regards,
Authors of draft-wang-idr-bgp-ifit-capabilities

From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> On Behalf Of Susan Hares
Sent: Monday, April 25, 2022 9:06 PM
To: idr@ietf.org<mailto:idr@ietf.org>
Cc: wangyali@hauwei.com<mailto:wangyali@hauwei.com>; zhuangshunwan@hauwei.com<mailto:zhuangshunwan@hauwei.com>; guyuan@huawei.com<mailto:guyuan@huawei.com>; pangran@huawei.com<mailto:pangran@huawei.com>
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24) - 1 week extension to answer questions [4/25/22 to 5/2/22]

Greetings:

The adoption call for draft-wang-idr-bgp-ifit-capabilities indicated
Interest in refining this draft.   We had 10+ people interesting
in this draft including 3 operators who felt it was necessary for
operation in their network.  While some of the use cases
were for specific customers, this has not stop adoption of
many SR or BGP-LS features.

However, prior to finalizing adoption, it would be good for
the authors to answer the following questions asked during the
adoption call.

Cheerily, Sue

Questions


1)       [Ketan] My understanding is the follows: IFIT encapsulating

nodes are the PE routers. These extensions are about

signaling IFIT capabilities - i.e. the capabilities of the PE routers.

Then why do they need to be carried in the service routes

that are potentially several orders of magnitude larger

in scale than those corresponding to the PEs.



What am I missing?


Email thread:
https://mailarchive.ietf.org/arch/msg/idr/qDxpzXvL7wm2KxmUNdyCqvFMXSU/



2)       What is the plan for hop-by-hop mechanisms versus head-end/tail-end



Email thread:

https://mailarchive.ietf.org/arch/msg/idr/qDxpzXvL7wm2KxmUNdyCqvFMXSU/



[Ketan]  It would be good if some of this context is described in the draft.

a follow-on, if we have a mechanism for signaling IFIT capabilities

hop-by-hop then does that not also cover end to end?

[Shunwan] answer:

Yes, the hop-by-hop mechanism will be a long-term solution we pursue,

In the current stage where new and old devices are deployed together,

 we must first ensure that the tail-end node can properly

decapsulate the IFIT shim  header. Therefore, a solution for

 signaling the IFIT capability between the head-end

 and tail-end nodes is also necessary.



3)       Next Hop Capability as a Optional Non-Transitive Path Attribute
[Jeff Haas questions]
https://mailarchive.ietf.org/arch/msg/idr/BBE3N6m4HX21euJyVvK6VVa2IZI/


The NextHop Capability leveraged in this draft as part of prior learnings

has specified itself as an Optional, Non-Transitive Path Attribute.  This

means that behaviors can be enforced on a hop-by-hop basis.



BGP Extended Communities are only scoped for as-transitive or not.



It'd be useful for the authors to comment on what the expected behaviors for

BGP speakers downstream of not the IFIT egress. Also, potentially outside

of the IFIT domain.  What are the Security Considerations for such

additional propagation of these Extended Communities?



I'm unclear whether the intent of the Extended Communities is whether they

should ONLY be propagated with the NextHop Capability or not.



_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email