Re: [Idr] [bess] Suggestion on v4-only/v6-only drafts

[tom petch <ietfc@btconnect.com>]

[at the bottom]

From: Idr <idr-bounces@ietf.org> on behalf of Robert Raszuk <robert@raszuk.net>
Sent: 13 November 2022 13:48

Gyan,

Kindly observe that what you are talking about is just possibly one way to interconnect v4 sites - clearly not the only one and truly not the best one.

First let's note that core networks are usually dual stack - hence no need for 4PE.

Second, if it comes to interconnecting v4 sites in the vast majority of cases they will have among different customers overlapping address space (using private address pools) hence the need for 4VPE separation.

Then there are solutions to use IPv4/IPv6 NAT which can easily be used across IPv6 core to connect IPv4 sites.

And last if IPv4 addressing is assigninged from registered block edge PE can do v4 to v6 mapping on both src and dst address to carry packets across with just simple IPv6 header. No labels, no tunnels, no complexity and no need for almost 50 RFCs. Advertisement of IPv4 reachability could be done on top using any of the existing SAFIs (for example 128).

What you are really trying to do (btw in a very convoluted way) is to teach the cook how to make a dish - in your specific way. And what IETF is all about is to give well prepared ingredients and let him cook himself the way he likes or the way he chooses to. The cook here is the operator.

It would be really bad if any IETF WG would start enforcing specific solutions as standards rather than keep focusing on protocol extensions required to accomplish specific goals.

Bottom line - there is nothing in this draft for IDR WG to standardize. I recommend you take this draft somewhere else. Maybe 6man, maybe BESS ?

<tp>

4-6-4 has received a lot of attention in V6OPS, RFC6877 to name but one of many, and I would see that WG as a better place for a considered response, not that yours is not very well considered, than the 6man WG,

Tom Petch

Thx,
Robert



On Sun, Nov 13, 2022 at 9:29 AM Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>> wrote:

Hi Igor

Please see in-line Gyan2>

On Sat, Nov 12, 2022 at 7:44 PM Igor Malyushkin <gmalyushkin@gmail.com<mailto:gmalyushkin@gmail.com>> wrote:
Hi Gyan, please see the inline.

вс, 13 нояб. 2022 г. в 01:39, Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>>:
Hi Igor

Thank you for your comments

Understood that 4PE has been implemented by most vendors, however a standards specification has not been written till now and standardization of this draft would ensure interoperability as many operators have mix vendor environments.

Responses in-line

Thanks

On Sat, Nov 12, 2022 at 5:31 PM Igor Malyushkin <gmalyushkin@gmail.com<mailto:gmalyushkin@gmail.com>> wrote:
Hi gents,

I found this conversation curious and started reading the document (draft-mishra-idr-v4-islands-v6-core-4pe-02). First, I skipped the section about SRv6 because I'm not good at this technology. Maybe the deal is this section because I couldn't find anything new in the rest of the document to put it into the Standard Track category. It more looks like a list of best practices to fire up 4PE in the network.

   Gyan> The reason for standardization is to ensure that the process and procedures implemented by each vendor is the same to ensure interoperability
 [IM] Could you please describe the process and the procedures? It's not clear to me.

Gyan2> 4PE procedure is described in detail in section 3 and 4.

Spreading the reachability over BGP with a different next-hop family is well written in 8950.

Gyan2>  Here we are not just spreading the reachability over different next hops per RFC 8950.
There is more to 4PE then just the transport tunnel.

Signaling and pointing tunnels toward the next hops aren't new too.

Gyan2> There is nothing special about the  IPv6 transport LSP towards the egress next hops as that’s is typical to carry and service.  What is critical is the 2 level label stack.

Other things look like the best practices that don't alter any protocol or technology. Can you highlight what exactly requires standardization?

Gyan2> What we are standardizing with the 4PE procedure is a two level label stack that you have the  topmost transport IPv6 LSP signaling the egress next hop to carry the service label IPv4 LU prefixes so all the IPv4 prefixes must have a label binding.

E.g., in the Security section, you state "The extensions defined in this document...", which extensions?

   Gyan2> Sorry that was in error, I will fix in the next revision.  This specification uses existing mechanisms with a new procedure for 4PE.

Of course, 4PE is already a well-known design pattern that has been implemented in lots of network OS and moreover implemented in production networks.

Gyan> 4PE is well known however it has not been standardized so this would make it standard across all vendor implementations
[IM] It depends on the goal of this "standard". 4PE just as 6PE is the design-matter thing, we can implement 6PE in several ways with the standard building blocks (8950 and other things).

    Gyan2> The goal of the standard is to have a set procedure for 4PE that would be standardized. I disagree that 6PE RFC 4798 is a “design-matter” thing as it is standards track document and if it were a “design-matter” thing there would have been no need for RFC 4798.  I don’t know of any vendor that implements 6PE in several ways.  There has only been one method to implement 6PE and that is following RFC 4798 which all implementations use SAFI 4 IPv6 labeled unicast 2/4.

Cisco
https://community.cisco.com/t5/service-providers-knowledge-base/6pe-with-ibgp-ios-xr-example/ta-p/3149743

Juniper
https://www.juniper.net/documentation/us/en/software/junos/mpls/topics/topic-map/ipv6-o-ipv4-tunnels.html

Nokia
https://infocenter.nokia.com/public/7750SR225R1A/index.jsp?topic=%2Fcom.nokia.Router_Configuration_Guide%2Fipv6_provider_e-d10e2482.html

Arista
https://www.arista.com/en/um-eos/eos-border-gateway-protocol-bgp?searchword=eos%20section%2035%204%20is%20is%20commands

Please sent me a link of proof of a single vendor that has implemented 6PE using IPv6 unicast?

Personally, I'm not against having a BCP document that combines everything about 4PE together if the authors want to perpetuate the abbreviation.

Gyan> I think the process and procedures can be standardized with the normative language as written to ensure vendor interoperability.  Existing mechanisms are used however the draft defines procedures to be followed and that is what would be standardized.
[IM] Again, I believe we should clarify the point where interop issues can arise and then solve them for the document that describes the mechanism that is the root of the problem.

    Gyan2> You have hit right on the interoperability issue where you have brought up that it’s a design matter to use SAFI 4 IPv4 LU and have the choice to use SAFI 1 IPv4 Unicast.  So that is the crux of 4PE that the IPv4 prefixes must be labeled.  That’s a main reason for standardization that the IPV4 LU must be used.


The second thing is about wording/writing. I don't want to seem rude or something but it was challenging for me to read the document. I believe it should be rewritten in a clearer way.

Gyan> No worries, I can work with the authors to clean up the writing and thank you for the feedback.
[IM] Thanks!


Talking about the 4PE and after reading this document I disagree with the idea to use LU as the only way to spread reachability (actually I prefer almost not to use it for this task it better suits LSP signaling).

Gyan>  The reason for the  BGP LU label binding of all the IPV4 prefixes tunneled over the core is for the PHP node exposing the native IPv4 packet which would not have the EXP marking PHB scheduling.
[IM] This is possible without the distribution of IPv4 routes with labels. I can distribute just a single route toward their next hop which is the best thing BGP-LU does. The label stack would have two labels.

Gyan2> I am not following.  BGP LU allocates and advertises all the prefixes with labels.  When you distribute a single route as SAFI 1 it does not have a label but if you distribute a SAFI 4 route it does have a label and is LU.

This is exactly what is done in 6PE as it as well uses BGP-LU for the same reason labeling all the IPv6 prefixes tunneled.  This is a good example and reason for standardization.
[IM] 6PE can be done without labeled unicast at all if talk about the interconnection of IPv6 islands over IPv4 core. That's why I said -- this is a design matter.

Gyan2> I don’t see how that’s possible without breaking QOS EXP PHB scheduling on the PHP egress PE.  You argument is the reason for standardization.  If we go down the path you are describing that this is a “design thing” and implement however you like we would have all sorts of interoperability issues.

If one vendor labeled the tunneled prefixes and another vendor implementation did not we would run into issues.
[IM] And this is a good thing (I mean having several ways to make things done). You should require your vendor to support both options or don't buy gear from a vendor who can't do it.

Gyan2> As I said your argument for keeping things open and a “design thing” is a reason for standardization as was done with 6PE and you can see all vendors have implemented exactly that using IPv6 LU and not IPv6 Unicast to connect IPv6 islands over an IPv4 core.

We have not had at least in North America and Europe many networks that have migrated to IPv6 core so have not seen interoperability issues however as more operators now start to migrate to an IPV6 data plane ..MPLS, SR-MPLS, SRV6 we could have issues so I think it’s important to get this standardized.
 [IM] Yes we ran over lots of such issues too but all of them were pieces of some concrete technology.

This approach governs me to always bind any reachability to a PE but not to a CE.

Gyan> Yes for an important reason for the PHP node POP and forwarding native IPv4 packet and breaking EXP scheduling on the last hop to the egress PE
 [IM] As I pointed out previously there is no difference if we don't distribute reachability without labels and if we use BGP tunnels to NH over underlay tunnels (RSVP, LDP, whatever).

How can I implement EPE this way?

Gyan> You can still implement EPE with BGP-LU SR EPE or EPE w/o SR
[IM] Could you please describe the case without SR?

   Gyan2> With EPE the ingress PE signals the egress next hop and which hop to be used via centralized controller PCE / BGP-LS and can be done using RSVP-TE or SR for EPE

Juniper example

https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-egress-traffic-engineering.html


What if I want to advertise IPv4 prefixes with vanilla IPv4 (1/1) with IPv4-encoded NH (let's say with the CE address) and propagate this NH as IPv4 LU with the IPv6 NH?

Sure that would work fine.  That is exactly what is stated in the draft as the process for 4PE.
 [IM] Your document requires me to use BGP-LU for IPv4 reachability dissemination, I don't see why I need to resolve an IPv4 LU route over another IPv4 LU.

   Gyan> I think you are getting 6PE and 4PE mixed up.  With 6PE you have a IPv4 transport LSP tunnel IPv4 next hop and IPv6 prefixes distributed as labeled within the tunnel.  With 4PE you have a IPv6 transport LSP tunnel IPv6 next hop and IP4 prefixes distributed as labeled within the tunnel.

I see a lot of "MUST" preventing me from doing so.

   Where ? Please quote the line or paragraph
[IM] Let's dig into the third section.
1. Exchange IPv4 reachability information among 4PE Ingress and Egress PE routers using MP- BGP [RFC2545<https://www.ietf.org/archive/id/draft-mishra-idr-v4-islands-v6-core-4pe-02.html#RFC2545>]:
In doing so, the 4PE routers convey their IPv6 address as the BGP Next Hop for the advertised IPv4 prefixes.
[IM] What if I don't have any IPv6 addresses on PE-CE interfaces and I don't want to use the loopback IPv6 address?

    Gyan2> The PE-CE interface in this 4PE use case is IPv4 islands over an IPv6 core so the Island CEs are IPv4 attached PE-CE.  So here we are conveying the IPv6 address which is the ingress and egress PE loopback to build the transport IPv6 LSP to advertise the IPv4 LU prefixes being tunneled.
The Subsequence Address Family Identifier (SAFI) used in MP-BGP MUST be the "label" SAFI (value 4) as defined in [RFC8277<https://www.ietf.org/archive/id/draft-mishra-idr-v4-islands-v6-core-4pe-02.html#RFC8277>] called BGP Labeled Unicast (BGP-LU).
[IM] Why can't it be SAFI 1? Why MUST I always use SAFI 4? I don't want. (Again, I still can have two labels in the stack).

   Gyan2> How would you have 2 labels in the label stack if you use SAFI 1 1/1 IPv4 Unicast as that would be “native IPv4 packets” non labeled no MPLS shim. So as I said before and the reason for the standardization is that if you don’t label the IPv4 prefixes from the IPv4 island being tunneled over the IPv6 LSP then on the PHP node when the transport label is popped implicit null value 3, the native IPv4 packet is exposed and is forwarded from the egress P PHP node w/ PHB scheduling broken as EXP match cannot occur without the IPv4 prefixes being labeled IPv4 LU.  That is a requirement for 4PE to work w/o breaking QOS EXP scheduling and is the procedure that must be followed for any 4PE implementations.

So It’s not just breaking QOS EXP scheduling as once the PHP POP  happens on the PHP node for 6PE the native IPv6 packet is exposed and that cannot be forwarded as the core is a per standard design following RFC 5545 Softwire mesh framework a single protocol IPv4 only core so the IPv6 packet is dropped and cannot be forwarded.

As well for 4PE It’s not just breaking QOS EXP scheduling as once the PHP POP  happens on the PHP node the show stopper deal breakers is that  the native IPv4 packet is exposed and that cannot be forwarded as the core is a per standard design following RFC 5545 Softwire mesh framework a single protocol IPv6 only core so the then the IPV4 packet is dropped and cannot be forwarded.

As well is discussed in the draft even if IPv6 explicit null is used Pipe mode RFC 3270 MPLS Diffserv, explicit null label cannot carry a native IPv4 packet SAFI 1 and would be dropped and would have to be LU labeled IPv4 packets or the packets would get dropped.  In a global table routing scenario IPv4 packets tunneled over an IPv4 core don’t have to be labeled as it will break QOS EXP on the PHP node but in this case the native IPv4 packet is exposed and can still be forwarded and not dropped as all the core P nodes are IPv4 enabled core, as with the 6PE encapsulation mismatch and resulting IPv6 packets being dropped.  Similarly In a global table routing scenario IPv6 packets tunneled over an IPv6 core don’t have to be labeled as it will break QOS EXP on the PHP node but in this case the native IPv6 packet is exposed and can still be forwarded and not dropped as all the P nodes are IPv6 enabled core, as with the 4PE encapsulation mismatch and resulting IPv4 packets being dropped.  The “design thing” scenario does come into play here with what I described above where the CE packet protocol matches the core protocol then you have the option to label or not label the packets.  Some vendors have the ability to match on both dscp and exp so even when the PHP POP and forward happens on the PHP node the router can schedule based on DSCP and if the label is present switch gears and schedule match on EXP.  So based on what is supported in the protocol matching scenario can decide to label or not label the customer traffic ingressing the core.

***I hope what I said above really helps clarify and cleans up any confusion and I can as well make these points more clear in the draft***

So to reiterate the show stopper and why the packets being tunneled over the core must be labeled must have the MPLS shim for label switching and forwarding is the protocol mismatch scenario that happens when the native packet gets exposed after the PHP POP and the P / PE all core nodes are IPv6 only - IPv6 only core for 4PE scenario and IPv4 only - IPV4 only core for 6PE scenario.


That's why I said that we don't have to have the exact way to do things. I agree that is good to describe the necessity of having two labels and why but I don't think that it's the standard matter how I reach this goal, which family I will use, and so on.

Gyan2> As I said your argument for SAFI 1 is the main reason why we need to have 4PE procedure to use SAFI 4 IPv4 labeled unicast so that all implementations of 4PE must follow the standard specification for interoperability.



Thank you


сб, 12 нояб. 2022 г. в 02:08, Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>>:

Thanks Robert for your feedback on the draft.

Dear IDR

Please review the draft and provide feedback.

Thank you

Gyan

On Fri, Nov 11, 2022 at 6:46 PM Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:
Gyan,

Returning today from London I did read the draft. It's a great example of how IETF documents should *NOT* be written. 47 references says it all. You are mixing pieces from completely different areas all in one place.

Indeed I encourage everyone to read this draft and submit an opinion to the list before WG takes any action on it.

> You mean IPv6 mapped IPv4 address.

No, I meant what I wrote.

Kind regards,
R.


On Sat, Nov 12, 2022 at 12:13 AM Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>> wrote:
Robert

On Fri, Nov 11, 2022 at 4:49 PM Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:
Gyan,

RFC8950 is all that is required to be standardized in IDR for connecting ipv4 sites over ipv6 core from the perspective of BGP extension to propagate reachability in the control plane. /* Btw as stated in my previous note even that is not needed if we would solve the requirement using v4 mapped v6 addresses. */

   Gyan> 4PE as well as 6PE is more then just reachability extension next hop encoding.  Please read the draft and then provide me some feedback as it goes over all different inter-as scenarios as well as details requirements for 2 level label stack related BGP-LU labeled unicast labeling binding of all the IPv4 prefixes.  As well as implicit null PHP and explicit null case for RFC 3270 pipe mode support etc.

You mean IPv6 mapped IPv4 address.  That has always been very confusing for troubleshooting as the next hop should follow the core protocol used for reachability and not the NLRI which would have been done backwards with IPv6 mapped IPv4 address and who knows what that would encode you look like..  for IPv4 core IPv6 NLRI over and IPv4 next hop is IPv4 mapped IPv6 address ::FFFF:10.0.0.1.  That was one of the main reasons for encoding  simplicity to change to IPv6 address follows the core protocol in RFC 8950 and not use IPv6 mapped IPv4 address.  Since the mapped address is not a legitimate address extra coding hooks need to be done to make it routable based on the embedded PE loopback in the next hop address.  All avoided and confusion avoided by using RFC 8950 style next hop encoding and not using a mapped address.

> This draft also defines critical extensibility to segment routing SR-MPLS and SRv6 which did
> not exist when 6PE RFC 4798 was developed.

IDR does not standardize SR-MPLS nor SRv6.

    Gyan> I am not standardizing SR as here just providing extensibility of the specification to support Segment Routing.

> RFC 8950 as stated defines only  the next hop encoding and for example does not define
> BGP MPLS VPN RFC 4659 AFI/SAFI 2/128 specification nor does it define BGP LU
> RFC 8277 specification  AFI /SAFI 2/4….

This is all defined in stated above documents.

    Gyan> My point here is that AFI/SAFI 2/128 and 2/4 use RFC 8950 which only defines the next hop encoding for the AFI/SAFI and not the specification for the AFI/SAFI and thus the RFC.  RFC 4798 6PE uses IPv4 mapped IPv6 next hop encoding which does not have a next hop encoding specification but still does have an RFC for 6PE.  Even if a next hop encoding standard existed, that would just be for the next hop encoding, does not mean that a standard for 6PE is not necessary for interoperability as is the case here.

IDR drafts focus on required protocol extensions to BGP. I do not see any new protocol extensions in this draft anyway.

Gyan> 6PE RFC 4798 as well does not have a IANA code point allocation for a protocol extension, however it does define a procedure and process of how 6PE works which is why it was still standardized so ensure interoperability between vendor implementations.  There are many more examples as such that have

Regards,
R.


On Fri, Nov 11, 2022 at 10:38 PM Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>> wrote:

Robert

RFC 8950 only defines only the IPv4 NLRI over IPv6 next hop encoding IANA BGP capability code point 5 that updates RFC 5549 next hop encoding for SAFI 128 and 129 where the 8 byte RD set to 0 was left of the next hop encoding specification.

RFC 8950 as stated defines only  the next hop encoding and for example does not define BGP MPLS VPN RFC 4659 AFI/SAFI 2/128 specification nor does it define BGP LU RFC 8277 specification  AFI /SAFI 2/4….

The next hop encoding is just component of the overall 4PE specification which did exist till this draft was published.  There are vendors that have implemented 4PE which may or may not even be called 4PE, and this draft defines the name “4PE” and what it means form a specification perspective and thus would ensure the standardization of all implementations to ensure interoperability.

As operators start migrating their core to IPv6 this does become a big deal as most operators have multi vendor environments and so this comes to the surface as a hot topic to ensure interoperability.

This draft also defines critical extensibility to segment routing SR-MPLS and SRv6 which did not exist when 6PE RFC 4798 was developed.

Many Thanks

Gyan

On Fri, Nov 11, 2022 at 3:56 PM Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:
Gyan,

IDR draft:

The 4PE draft connecting IPv4 islands over an IPv6 core  over the global table is similar in semantics to 6PE RFC 4798 which connects IPv6 islands over an IPv4 core over the global table and the draft is extensible to SR-MPLS and SRv6. There currently is not a standard for 4PE so this draft would standardize 4PE for vendor  interoperability.

Not true.

Quote from RFC8950:

[image.png]

I do not see anything your draft would add to it.

Cheers,
R.





https://datatracker.ietf.org/doc/draft-mishra-idr-v4-islands-v6-core-4pe/

BESS drafts - these drafts are completely different from IDR 4PE draft.

I have already combined two of the drafts into one for the IPv4-Only PE All SAFI draft

https://datatracker.ietf.org/doc/draft-mishra-bess-ipv4-only-pe-design-all-safi/

IPv6 Only PE Design BCP draft below was adopted  last year and the new draft extensible to ALL SAFI Standards Track below I plan to progress separately.  As one is BCP and the other Standards track I don’t think they could be combined and even if they were combined into the super set all SAFI that would have to go through adoption process again anyway so I plan to keep separate.

This draft I will queue up for adoption call.

https://datatracker.ietf.org/doc/draft-mishra-bess-ipv6-only-pe-design-all-safi/


Many Thanks

Gyan

On Fri, Nov 11, 2022 at 6:19 AM Ketan Talaulikar <ketant.ietf@gmail.com<mailto:ketant.ietf@gmail.com>> wrote:
Hi Gyan,

Sharing a couple of suggestions here for your 5 drafts (4 in BESS + 1 in IDR) as we lost time due to the audio issues:

(1) put the portions to be standardized (very focussed/small hopefully) in one single draft and post/share with both IDR and BESS since you are changing NH encoding (from what I heard?)
(2) all other informational/BCP material could be combined in a single draft (perhaps the existing BESS WG draft)

IMHO, that would facilitate an appropriate focussed review of the content/proposals.

Thanks,
Ketan

--

[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]<http://www.verizon.com/>

Gyan Mishra

Network Solutions Architect

Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>

M 301 502-1347


_______________________________________________
BESS mailing list
BESS@ietf.org<mailto:BESS@ietf.org>
https://www.ietf.org/mailman/listinfo/bess
--

[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]<http://www.verizon.com/>

Gyan Mishra

Network Solutions Architect

Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>

M 301 502-1347


--

[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]<http://www.verizon.com/>

Gyan Mishra

Network Solutions Architect

Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>

M 301 502-1347


--

[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]<http://www.verizon.com/>

Gyan Mishra

Network Solutions Architect

Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>

M 301 502-1347


_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr
--

[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]<http://www.verizon.com/>

Gyan Mishra

Network Solutions Architect

Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>

M 301 502-1347


--

[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]<http://www.verizon.com/>

Gyan Mishra

Network Solutions Architect

Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>

M 301 502-1347