IETF Logo Mail Archive

Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)

Igor Malyushkin <gmalyushkin@gmail.com> Wed, 24 August 2022 19:41 UTC

Return-Path: <gmalyushkin@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F78BC152705 for <idr@ietfa.amsl.com>; Wed, 24 Aug 2022 12:41:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sMlqfemqMvGt for <idr@ietfa.amsl.com>; Wed, 24 Aug 2022 12:41:38 -0700 (PDT)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B165C152713 for <idr@ietf.org>; Wed, 24 Aug 2022 12:41:34 -0700 (PDT)
Received: by mail-il1-x132.google.com with SMTP id q3so6515019ilc.6 for <idr@ietf.org>; Wed, 24 Aug 2022 12:41:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=Xv4cDQAixRZEZfwMt/7SHEswOhdsHfpg9bhz0L5XHRM=; b=nKl47dmv1mm3/o8KmCT9XpzBribh4QVsZ5dy86WosRBc4NH4dNcyaiyG+u1XseJsEb w0TQq0npLqaUz2QJBSfmtwwnq4mMKkJs1DnG10pc+5ShYMUFfCbOylrkkd8XGE3xoQga G0DDRU+VL3EWDntKXkaUprPYg5wvFvcbY4ePVOmoHpPmPow3lQgIuwzBMFnwb7Ug74z6 hcNRo0PmVcIUCCLWvPgOmXyEqfutXhkZ9flBMEfDOf+yUSy3SfEykIO+bzuqfB5e5ALE B6DZXWeCkk3QNZclYgTaEjMSOdHbR1luCBZ1ktFT4lNKJU9iyD5yHxVFxcqjQJpoHvVu rkIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=Xv4cDQAixRZEZfwMt/7SHEswOhdsHfpg9bhz0L5XHRM=; b=fm9EuL4a01WfPhRDXb5Ce3O8Hvyxe3lDBiLIq8tjrDpuLx+zhvhp1uto6NcCdC4/x2 OqVRomfLv+skhwqLZRaXvnrwxCCugPCDp/9tyARPZI0rlOW9ijnwKfhbhEuTHOviFPfj wY+/Gw8yZCS1moSf5wV2WEgiaymPRylHhCsgnoQkS53ukVupMDeulef5w3DArmmJRrnr QXa5UgO2Rsa/DtFWfnrUN8ZpIKg0tioMZcPO6tqDT7E8LO24ITWlMdCNQ3xXa6bJMfvC 8Q9KfEfZAX7wGOyE4J7L+OrQuk0M8WBk4CCPfPcKIKqQewjp69p7rHdZmyrirC40AwKJ QUqA==
X-Gm-Message-State: ACgBeo3mojBt+kUPUuG901Ay5hWQWJrOYVmqamuyP8wcqWnGbj4/0bnW 31ZDjr2nJV7LdTUzIsW7LuM04hXvJTq8P3PP88w=
X-Google-Smtp-Source: AA6agR62oubWnTrNzbJSQ5lLxwrHwoLiCr5G+m6EpqNBU7c0rnQVUzFu0otPTd7Vh8TAni5l62rPQZGNGWSSfGG1HfQ=
X-Received: by 2002:a05:6e02:12c9:b0:2ea:4d58:7530 with SMTP id i9-20020a056e0212c900b002ea4d587530mr261301ilm.165.1661370092969; Wed, 24 Aug 2022 12:41:32 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR08MB487262F752C8777A1B9698EFB36B9@BYAPR08MB4872.namprd08.prod.outlook.com> <d9e07ea96dd64ea081ba763941a22b17@huawei.com> <6f9c478a2ef745818e3ef3d713218dae@huawei.com> <CAEfhRry4zigpqp3qLzfRmvGvTv-+CygixENWLFaNV7_fKSw49Q@mail.gmail.com> <CAOj+MMFQQGHVBDFT=tw1C+uUuCgEQMqf0o2_ESR8YeaB2faPKQ@mail.gmail.com> <CAEfhRrzaQkmkpPCsmN=8A80yq341_YJ8FDYzWf5_Qhttj3wXHA@mail.gmail.com> <CAOj+MMG87wBUFy4v6fFCLk77Qd69Uyt0YW1dZLAYM+GcoGzwxw@mail.gmail.com>
In-Reply-To: <CAOj+MMG87wBUFy4v6fFCLk77Qd69Uyt0YW1dZLAYM+GcoGzwxw@mail.gmail.com>
From: Igor Malyushkin <gmalyushkin@gmail.com>
Date: Wed, 24 Aug 2022 21:41:21 +0200
Message-ID: <CAEfhRrwLSbo6g1wTQDr=B0bDD33dfhSrr2-MBYdt+wLmwUjMBA@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: "Wanghaibo (Rainsword)" <rainsword.wang=40huawei.com@dmarc.ietf.org>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003b65e205e701de3f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/_NVgilKoR9A6olmY2jDbFqMN89I>
Subject: Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2022 19:41:42 -0000

>  Not sure what you mean.
I just meant that the authors probably are afraid to link to RTs because
several VRFs on the same PE can share some RTs. But...

>  Allocating one more to determine the src VRF is trivial. If at all
needed :)
... indeed, it is much better than a new special community!

ср, 24 авг. 2022 г. в 21:23, Robert Raszuk <robert@raszuk.net>:

> Hey Igor,
>
> > But I think if we have a mechanism that allows us to attach several RTs
> to a route we are in a trouble.
>
> Not sure what you mean.
>
> In almost all large scale VPN deployments I have seen VPN routes carry
> lots of RTs for various reasons. Allocating one more to determine the src
> VRF is trivial. If at all needed :)
>
> > I also don't understand the benefits behind quotas per VRF-PE pair,
>
> It is a very bad idea from multiple perspectives. We already have a VRF
> limit and PE-CE prefix limit. If both are set wisely VPNs are sufficiently
> protected today. And large carriers do confirm this.
>
> IMO resource starvation of any PE is a local matter and should not be
> propagated anywhere. In fact various factors determine the run
> time capacity of any PE. So any limits (if at all) should be just global
> and expressed in percentage of overall PE capacity. That way even software
> bugs like memory leaks could be factored in.
>
> But the real problem those folks are trying to patch are wrong
> provisioning practices and no merci for some VPNs due to that.
>
> Rgs,
> R.
>
>
> On Wed, Aug 24, 2022 at 9:14 PM Igor Malyushkin <gmalyushkin@gmail.com>
> wrote:
>
>> For sure it is design-depended. If every VRF has its own RT it will work.
>> But I think if we have a mechanism that allows us to attach several RTs to
>> a route we are in a trouble. Guys are just typing to cover this case.
>>
>> If we talk in general about a whole solution I also think that the way
>> with the new AFI/SAFI is much better. I also don't understand the benefits
>> behind quotas per VRF-PE pair, but if it is really worth the time I expect
>> to see the propagation of these quotas from source PEs instead of a manual
>> configuration. I think it can be easily introduced into a solution with the
>> new AFI/SAFI.
>>
>> ср, 24 авг. 2022 г. в 21:05, Robert Raszuk <robert@raszuk.net>:
>>
>>> Igor,
>>>
>>> RT can uniquely distinguish src vrf. It is simply a matter of
>>> proper configuration. No ned protocol extension is required.
>>>
>>> Thx,
>>> R.
>>>
>>> On Wed, Aug 24, 2022 at 9:03 PM Igor Malyushkin <gmalyushkin@gmail.com>
>>> wrote:
>>>
>>>> Hi Haibo,
>>>>
>>>> 2) It is unpractical to set the quota value for <RT>, or <RT, PE> under
>>>> VRF, because RT can't uniquely distinguish one VRF on one PE.
>>>> What if a VRF has several RDs for its routes? RFC4364 and RFC4659 don't
>>>> restrict this behavior and even more, it explicitly describes it. So, RD
>>>> also can't uniquely distinguish one VRF. Looks like we need a different
>>>> marker for all routes belonging to the same source VRF. Say, VPN ID
>>>> community or something like that.
>>>>
>>>>
>>>> ср, 24 авг. 2022 г. в 18:26, Wanghaibo (Rainsword) <rainsword.wang=
>>>> 40huawei.com@dmarc.ietf.org>:
>>>>
>>>>> Hi Sue and WG,
>>>>>
>>>>>
>>>>>
>>>>> I support this adoption.
>>>>>
>>>>> This draft proposes the mechanism to control the overflow of VPN
>>>>> routes within one VRF from influencing other VPNs on the same device
>>>>> automatically.
>>>>>
>>>>>
>>>>>
>>>>> The updated contents have accommodated the suggestions and addressed
>>>>> the comments raised within the WG discussions. Some additional concerns can
>>>>> be addressed after the adoption.
>>>>>
>>>>>
>>>>>
>>>>> I am not aware of any undisclosed IPR to this draft.
>>>>>
>>>>>
>>>>>
>>>>> To make the actual progress of this draft, we should avoid to discuss
>>>>> the solved points back and forth. For example, RTC mechanism is not
>>>>> suitable for the scenarios that described in this adoption draft, because:
>>>>>
>>>>> 1) RTC has no any automatic detection mechanism to determine which RT
>>>>> should be withdrawn now.
>>>>>
>>>>> 2) It is unpractical to set the quota value for <RT>, or <RT, PE>
>>>>> under VRF, because RT can't uniquely distinguish one VRF on one PE.
>>>>>
>>>>> 3) It is dangerous to propagate the RT based filter rule
>>>>> unconditionally in the intra-domain or inter-domain wide, as that done in
>>>>> current RTC mechanism.
>>>>>
>>>>>
>>>>>
>>>>> The conclusion, RTC is not the right direction to accomplish the goal.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Haibo
>>>>>
>>>>>
>>>>>
>>>>> *From:* Idr [mailto:idr-bounces@ietf.org <idr-bounces@ietf.org>] *On
>>>>> Behalf Of *Susan Hares
>>>>> *Sent:* Tuesday, August 16, 2022 11:56 PM
>>>>> *To:* idr@ietf.org
>>>>> *Subject:* [Idr] Adoption and IPR call for
>>>>> draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)
>>>>>
>>>>>
>>>>>
>>>>> This begins a 2 week WG Adoption call for
>>>>> draft-wang-idr-vpn-prefix-orf-03.txt
>>>>>
>>>>> https://datatracker.ietf.org/doc/draft-wang-idr-vpn-prefix-orf/
>>>>>
>>>>>
>>>>>
>>>>> The authors believe that they have addressed the concerns raised in
>>>>>
>>>>> the previous 2 WG adoption calls.
>>>>>
>>>>>
>>>>>
>>>>> The WG should consider if:
>>>>>
>>>>>
>>>>>
>>>>> 1) The revised text answers the previous concerns regarding
>>>>>
>>>>> the scope of this draft?
>>>>>
>>>>>
>>>>>
>>>>> 2) Does the revised text provide a useful function for
>>>>>
>>>>> networks?
>>>>>
>>>>>
>>>>>
>>>>> 3) Are there any additional concerns regarding the new text?
>>>>>
>>>>>
>>>>>
>>>>> Each of the authors should send an IPR statement for
>>>>>
>>>>> this version of the draft.
>>>>>
>>>>>
>>>>>
>>>>> The adoption call was moved to 8/29 to 8/30 to allow questions
>>>>>
>>>>> to be asked at the IDR interim meeting on 8/29/2022 (10am – 12pm EDT).
>>>>>
>>>>>
>>>>>
>>>>> Cheers, Sue Hares
>>>>> _______________________________________________
>>>>> Idr mailing list
>>>>> Idr@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/idr
>>>>>
>>>> _______________________________________________
>>>> Idr mailing list
>>>> Idr@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/idr
>>>>
>>>

v2.23.0 | Report a Bug | By Email