Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

"Ketan Talaulikar (ketant)" <ketant@cisco.com> Thu, 30 April 2020 08:46 UTC

Return-Path: <ketant@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D87C93A0BCE; Thu, 30 Apr 2020 01:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.419
X-Spam-Level:
X-Spam-Status: No, score=-10.419 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=m4Jc+5fM; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=kOACpC8S
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qArioKYiusij; Thu, 30 Apr 2020 01:46:14 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9D893A0BC7; Thu, 30 Apr 2020 01:46:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12230; q=dns/txt; s=iport; t=1588236373; x=1589445973; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=HTdi7FvnkEkaBI9XmAg7ZEstVRBTniRLXqf5wf+Ws9Q=; b=m4Jc+5fMDoJ+qm/GcoVmzKWb6lX65Pb3AZ8PVXD64xM+k6Muz9Efa5HS 8B4mOlLlRqYJ+a7DZ/YxWsQbIje/+tXcDVEpV0jONdQGZxTjh/UNkPnOC HmxhqG9dzn9qOc7ogMfSFeKwxmqL8sDztp9aluL8bWhpkB8EwRexyXoGV Y=;
IronPort-PHdr: =?us-ascii?q?9a23=3AT5x/dBao7qM9UCzZ5Aqgc1j/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el21QaXD4XG4u1JiqzdtKWzEWAD4JPUtncEfdQMUh?= =?us-ascii?q?IekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutZ0DbvXCzqzUVH0?= =?us-ascii?q?a3OQ98PO+gHInUgoy+3Pyz/JuGZQJOiXK9bLp+IQ/wox/Ws5wdgJBpLeA6zR?= =?us-ascii?q?6arw=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C2AAB3j6pe/4cNJK1mHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgTUFAQELAYEkLyQtBW5YLyoKh10DjUOTT4RigS6BJANUCwE?= =?us-ascii?q?BAQwBASMKAgQBAYREAoIvJDYHDgIDAQELAQEFAQEBAgEFBG2FKgclDIVxAQE?= =?us-ascii?q?BAQMSGxMBATcBDwIBCBEEAQEvMh0IAQEEAQ0FCAwOgwWBfk0DLgEOp3kCgTm?= =?us-ascii?q?IYXSBNIMAAQEFhUcYgg4DBoE4AYJiiV4agUE/gVSCTT6CZwEBAgGBZCuDGII?= =?us-ascii?q?tl1SaZQqCRYgThXaKG4JbmiyQBYFXh3STQgIEAgQFAg4BAQWBWQYsgVZwFYM?= =?us-ascii?q?kUBgNgTyQfziDOoUUhUEBdDYCBggBAQMJfJBeAYEPAQE?=
X-IronPort-AV: E=Sophos;i="5.73,334,1583193600"; d="scan'208,217";a="759804393"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Apr 2020 08:46:12 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 03U8kCTN019465 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 30 Apr 2020 08:46:12 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 30 Apr 2020 03:46:12 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 30 Apr 2020 03:46:12 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 30 Apr 2020 03:46:11 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=amQThTGsIpOkWpgPa79SCFvhZV58K5KhNO+gCiOsDdSN6PGagAGdp6/Kd3pajzy+Fdkr29OUl44TMxYFczvRqCPajjXNU0sIgRJBqxhiOXCMyUUWBOZ5Pc9U54hGQBntWqptOSNv5MG9mLDQzYHoaSdG3Msb4OOzvzbb4CChHtDJKUlGUgncGrSx1DF9FhOAUFG+w2RoPZEdyeZW2CrtftDeTtfXYbQicDMR3zuHz16LmBeFgXdkXkIZoRjQoXD8po6yfdp5yI3i/z1NSpS1CsSfHizQzzDMG31HkAX/bOLpv5/GwijtRxBPnDZE/KIUmJjYVYTeY5iBgn2ZJQsuiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=08o4BhQjxMtsF+XsJck5NTLLMDC2K22olFb0eKDSKQ8=; b=d7DRtdTWm3mhQWTTboGfN51xWvAj0p8XmANKvKwLFDu3nXbCo8szErpAiq5WZLvMhrYCPqd8wlZDUMOH7ylTPHiiLu3EVoZcVX/D5Nrw6oXH9VHcSTX71CynmABnr2chdEyhkwb0yFLRAqXDfwAleMyVB2242qkMrM0cwd7WlbJjlCt8RFG9CMu4+1Wk0oX2SwWu9KYnSDk5HAIiftZsrfRS7nxGX0qrIDDN+1fgfhSVfX3ZNYyPLNXoINsE5zRMkZlJwqxcF7qxfYrrsOmnAOuBcn/cRE/yLK+a7Nb5nunWJShcdKXrQmpfv6Aq97DxjEKb/8TFv/JRa1IgD9Pi2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=08o4BhQjxMtsF+XsJck5NTLLMDC2K22olFb0eKDSKQ8=; b=kOACpC8SoJOO7Oq3L/h8tQXLrNbGjqWv2ne9rY0Utfoc+CV1uT/o2Uurf/nvvtS/vQ3iHNaZ0Ou85qRBFenz25bi3dxWg/cNuq/joLM+qCLTI1Ji1ikBYZZqjmcpl12gJTr/kto2v0UJbPQZFXSZSxs6pOyqq9POq41olyUJlGI=
Received: from MW3PR11MB4570.namprd11.prod.outlook.com (2603:10b6:303:5f::22) by MW3PR11MB4764.namprd11.prod.outlook.com (2603:10b6:303:5a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.20; Thu, 30 Apr 2020 08:46:11 +0000
Received: from MW3PR11MB4570.namprd11.prod.outlook.com ([fe80::9552:d301:4b19:601c]) by MW3PR11MB4570.namprd11.prod.outlook.com ([fe80::9552:d301:4b19:601c%6]) with mapi id 15.20.2958.020; Thu, 30 Apr 2020 08:46:10 +0000
From: "Ketan Talaulikar (ketant)" <ketant@cisco.com>
To: "Chengli (Cheng Li)" <chengli13@huawei.com>, "draft-ietf-spring-segment-routing-policy@ietf.org" <draft-ietf-spring-segment-routing-policy@ietf.org>
CC: SPRING WG <spring@ietf.org>, huruizhao <huruizhao@huawei.com>, Fangsheng <fangsheng@huawei.com>, idr wg <idr@ietf.org>
Thread-Topic: Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)
Thread-Index: AdYek4MmKSUhOySlR86q9L0AexcDnQANyexg
Date: Thu, 30 Apr 2020 08:46:10 +0000
Message-ID: <MW3PR11MB45702B49025A293583346F36C1AA0@MW3PR11MB4570.namprd11.prod.outlook.com>
References: <C7C2E1C43D652C4E9E49FE7517C236CB029FAC88@dggeml529-mbx.china.huawei.com>
In-Reply-To: <C7C2E1C43D652C4E9E49FE7517C236CB029FAC88@dggeml529-mbx.china.huawei.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: huawei.com; dkim=none (message not signed) header.d=none;huawei.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [72.163.220.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 62a533b1-b91d-444d-a8b7-08d7ece2ee95
x-ms-traffictypediagnostic: MW3PR11MB4764:
x-microsoft-antispam-prvs: <MW3PR11MB4764FC9E4ED8C82CB38724B2C1AA0@MW3PR11MB4764.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0389EDA07F
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xFAT3C0djiCkx/7/HTnoGJ2KovtbuwLmJ+n4iYKcLsB0oYQUkmUdXm7h6g9lbwVijE4K5JwCFSfp2Durvd/eF/hRhityB8v0rzR5hadsZggs1j0McQp0Vidgd2y2Q7xaOWR4GqrWlwKbeIZdE3vFGLj5/o7u1phFl2+K5C99KgBn0+NRDnz9Ac4M+PJrmBI0ZuNB20HAZ7SPQp736jHg5uMcQub7cpliUWpV2XaHh0Iv0gj1Y8+zDC+J+9LsRuqXjHD4CRj87JAd1x+IpmT0y1z1cF7qjsONxhg56mXlpudQg69jM4PqTElIUl3w3qo93m95eG0/CIWzh1TSISVb/TuKwF5wIP0pFh4chmMKwBiYCNPNAoOvbHylLrjVVnJQ0lwhgRjTOoOK678Z5JXKV6CzQmzsT3DhNmI2XVTx2PFIhOlWtQONvZKBNIFx4li/J/8qPg/ZWTIh6KajdLGj8DQDLYVZ9XquwUUAksT9WdJ3qRfNLUrmHqEGyj69rfaWnSR53zBqpUrvL3C6AlMqCg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW3PR11MB4570.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(366004)(136003)(346002)(39860400002)(396003)(478600001)(86362001)(6506007)(53546011)(7696005)(186003)(54906003)(5660300002)(26005)(110136005)(316002)(71200400001)(66574012)(9686003)(8676002)(2906002)(8936002)(4326008)(66946007)(66476007)(55016002)(64756008)(66446008)(52536014)(66556008)(33656002)(76116006)(9326002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 9fczFt5T+ICIwh4k5u4FKdpil1gVn1/mJ9RZK1FkReAIxUKTnl9Ok9qXpj9xNTKk+BLN/9Rj5Bc2NePO1OznmiAmDL3tCFi5N0lgGy/f3nzIG5QxqLgCi+1bK64/ZY/czCemiFufspAun6WykHN085hw4RfwoOGZbbdt06dWGnHKYKu5SORQSjJJEo4GvUFx8gpK7UCm1eWKkYfE2VlpQH0Lfl6NjsnDJ8Dq+pOD1WPgtXwlcMlm2ew6I+Xf117wDglOtfhGpz5lEO3Tjyw51AhrsUDhErayn7QPZD5PWQOT9u3VeqidQrX3zcE51vgMZB4uzAVNNUPXzJafuKgXzC4KNOzf0mGMAwXjCgjw4FmQNNp3VJ1jmPDqh7kSPJBstEJTumm1SxP/dibZq0RWTlBXJD7JN04ZDLaJhNodMIlaIeTq6hbvd6s1iCNvzxhH52hPDjylls0IrGaLRG9jDkkcFDAieLXfW8yTfNKm6o0lg8o2AxHRD8R6lsxwx04gL8EjX6p3VliC1twl3Ub66qrCu4c+PfpC6TS0M/fYL+9G8s79KYZxzMTaykdNOj62VlSiePD4f0/cMsx68pk9OZ3inf2ndhzJYTsOLRFZaDs7NynfhOYvguJW+yZeAx2wd19nUp2/ujT8uUz0i+1g7AJNY/kAvoyebDLz7c8zOd0jZrqT7b96Oj0DGlAguweM7Xx8ioJ+BPswtHgwRCzB7USalGsPuhPjDzCMscctAj8NWnmpzGGS/AltgaH6nrU45eezSU0VyM/WxffyZEFUs5me9ohiINmaYDSdpltsHNc=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW3PR11MB45702B49025A293583346F36C1AA0MW3PR11MB4570namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 62a533b1-b91d-444d-a8b7-08d7ece2ee95
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2020 08:46:10.4758 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iHfKU/KhfvNoHIhCKzvNZbFnRYDcXl7wCeBXUBcm4Qk9SnNv9UfYSXq2KDEoGRVUrPCS8q+3r7sOecUCpnsFYg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4764
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/_pnroQgutYm2m580OMAFsv4HagI>
Subject: Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2020 08:46:16 -0000

Hi Cheng,

I assume you are recommending the use of Route Origin Extended Community (https://tools.ietf.org/html/rfc4360#section-5) for conveying the "Originator" when the SR Policy update is propagated over eBGP sessions via other eBGP/iBGP sessions instead of direct peering with the headend.

I believe it does address the scenario you describe given that it is expected that SR Policy propagation via BGP is happening within a single administrative domain even if it comprises of multiple ASes.

Also copying the IDR WG for inputs since this would likely need to be updated in draft-ietf-idr-segment-routing-te-policy.

Thanks,
Ketan

From: spring <spring-bounces@ietf.org> On Behalf Of Chengli (Cheng Li)
Sent: 30 April 2020 07:34
To: draft-ietf-spring-segment-routing-policy@ietf.org
Cc: SPRING WG <spring@ietf.org>rg>; huruizhao <huruizhao@huawei.com>om>; Fangsheng <fangsheng@huawei.com>
Subject: [spring] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Hi authors,

In section 2.4 of [draft-ietf-spring-segment-routing-policy-06], introduced how the node-address of "Originator of CP(Candidate Path)" is generated when the Protocol-Origin is BGP. It says:
    "Protocol-Origin is BGP SR Policy, it is provided by the BGP component on the headend and is:
     o  the BGP Router ID and ASN of the node/controller signalling the candidate path when it has a BGP session to the headend, OR
     o  the BGP Router ID of the eBGP peer signalling the candidate path  along with ASN of origin when the signalling is done via one or  more intermediate eBGP routers, OR
     o  the BGP Originator ID [RFC4456] and the ASN of the node/controller  when the signalling is done via one or more route-reflectors over  iBGP session."

In the operator's network, in order to reduce the number of  BGP sessions in controller and achieve scalability, the controller only establishes eBGP peer with the RR. And the RR establishes iBGP peers with the headends. As mentioned in the draft, the headend will use the RR's Router ID as the CP's node-address (the signaling is done via route transmission from RR to the headend instead of route reflection).  The headend needs to carry the CP's key when reporting the SR Policy status to the controller through BGP-LS. And there is a problem that the controller may not recognize the key because the node-address is generated by the RR node.

For network robustness, two or more RRs are usually deployed. This will introduce another problem.. When the same CP advertised by the controller is delivered to the headend through different RRs, the headend cannot distinguish whether it is the same CP because the node-address in the CPs' key  comes from different RRs.

To solve these problems,  We recommend carrying the Route Origin Community (defined in RFC 4360) directly when the controller advertises BGP routes.  In this way, the key  of the CP is determined by the controller and will not change during the advertisement of BGP routes.

Thanks,
Cheng