IETF Logo Mail Archive

Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)

"Wanghaibo (Rainsword)" <rainsword.wang@huawei.com> Thu, 17 March 2022 11:53 UTC

Return-Path: <rainsword.wang@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45FA93A109F for <idr@ietfa.amsl.com>; Thu, 17 Mar 2022 04:53:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Er6tqKyCGpid for <idr@ietfa.amsl.com>; Thu, 17 Mar 2022 04:53:07 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BE103A10C0 for <idr@ietf.org>; Thu, 17 Mar 2022 04:53:07 -0700 (PDT)
Received: from fraeml737-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4KK59B0fJHz67vDG for <idr@ietf.org>; Thu, 17 Mar 2022 19:52:14 +0800 (CST)
Received: from kwepeml100006.china.huawei.com (7.221.188.192) by fraeml737-chm.china.huawei.com (10.206.15.218) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 17 Mar 2022 12:53:03 +0100
Received: from kwepeml500001.china.huawei.com (7.221.188.162) by kwepeml100006.china.huawei.com (7.221.188.192) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Thu, 17 Mar 2022 19:53:01 +0800
Received: from kwepeml500001.china.huawei.com ([7.221.188.162]) by kwepeml500001.china.huawei.com ([7.221.188.162]) with mapi id 15.01.2308.021; Thu, 17 Mar 2022 19:53:01 +0800
From: "Wanghaibo (Rainsword)" <rainsword.wang@huawei.com>
To: Robert Raszuk <robert@raszuk.net>, Jeffrey Haas <jhaas@pfrc.org>
CC: "idr@ietf. org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Thread-Topic: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
Thread-Index: Adg0iU/LdOzWENOQQCinCgHK9waz6gAp9x8AAATCd4ABK/7cEA==
Date: Thu, 17 Mar 2022 11:53:01 +0000
Message-ID: <4831712448ae4fcf9101f3d6b7e05a7e@huawei.com>
References: <00ca01d8348c$8b05d270$a1117750$@ndzh.com> <20220311181711.GA29551@pfrc.org> <CAOj+MMGYnkN8Yx7riO-nd+Th3abXOW7+r9CZ4AXFDsYmXdMySQ@mail.gmail.com>
In-Reply-To: <CAOj+MMGYnkN8Yx7riO-nd+Th3abXOW7+r9CZ4AXFDsYmXdMySQ@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.153.118]
Content-Type: multipart/alternative; boundary="_000_4831712448ae4fcf9101f3d6b7e05a7ehuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/aDw8HcZDk59f8gHx_4sK14FgTAw>
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 11:53:12 -0000

Hi Robert,

       [Bottom line - not everything that can be fitted into a BGP attribute should be carried by BGP protocol.]
    I agree with this point.

    But I still think the iFit extension here is appropriate.
  The Pub-sub model is a centralized service model, it’s complexable for dynamic changed service.
    The iFit extension here is a distributed service driven model. Service routes advertised with iFit capability will bring simplifying deployment.

Regards,
Haibo

From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Robert Raszuk
Sent: Saturday, March 12, 2022 4:33 AM
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: idr@ietf. org <idr@ietf.org>; Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)

Hello Jeff & WG,

I am a big supporter of In-Situ Telemetry. Well modulo the fact - and in fact show stopper - that to make it really useful very precise nano seconds clock synchronization is required and that by itself is not an easy task to accomplish in WAN or MAN networks. The only tools I see to help here are PTP or gPTP but PTP mostly is deployable in DCs not in WANs.

As far as BGP is concerned I must ask why do we really need p2mp signalling to spray such information to all BGP speakers ? In Situ telemetry can be deployed end to end beyond BGP speaking network elements so it will not help.

Moreover we are really stepping again on using BGP protocol as a network management carrier. Such distribution would be much better served by the pub-sub model. Such model can be realized by any message bus or by leveraging a recent proposal from Tony - https://datatracker.ietf.org/doc/draft-li-lsr-liveness/  Yes this currently was done to address IGP node liveness propagation, but nothing stands against reusing such idea for pub-sub distribution of other node capabilities like ifit.

Bottom line - not everything that can be fitted into a BGP attribute should be carried by BGP protocol.

Kind regards,
R.


On Fri, Mar 11, 2022 at 7:17 PM Jeffrey Haas <jhaas@pfrc.org<mailto:jhaas@pfrc.org>> wrote:
Sue and Working Group,

I'm generally supportive of IFIT for BGP.

For this particular document, I think it'd be helpful if the authors
provided some more detail on the scoping of the BGP Extended Community
attributes and their security considerations.

In particular:

On Thu, Mar 10, 2022 at 09:38:43AM -0500, Susan Hares wrote:
> This begins a 2 week WG Adoption call (3/10/2022 to 3/24/2022)
>
> for draft-wang-idr-bgp-ifit-capabilities-04
>
> https://datatracker.ietf.org/doc/draft-wang-idr-bgp-ifit-capabilities/
>
> In your comments please consider if:
>
> 1) Do the additions to BGP (2 Communities and
> TLV for next-hop-capability attribute)
> help the distribute information regarding the  IFIT options
> from tail (egress) nodes to head nodes (ingress)?
>
> Are there any cases where these BGP
> Communities should be removed or ignored?

>From the Security Considerations for draft-ietf-idr-sr-policy-ifit-03:

:   IFIT data MUST be propagated in a limited domain in order to avoid
:   malicious attacks and solutions to ensure this requirement are
:   respectively discussed in [I-D.ietf-ippm-ioam-data] and
:   [I-D.ietf-6man-ipv6-alt-mark].

The NextHop Capability leveraged in this draft as part of prior learnings
has specified itself as an Optional, Non-Transitive Path Attribute.  This
means that behaviors can be enforced on a hop-by-hop basis.

BGP Extended Communities are only scoped for as-transitive or not.

It'd be useful for the authors to comment on what the expected behaviors for
BGP speakers downstream of not the IFIT egress. Also, potentially outside
of the IFIT domain.  What are the Security Considerations for such
additional propagation of these Extended Communities?

I'm unclear whether the intent of the Extended Communities is whether they
should ONLY be propagated with the NextHop Capability or not.

Please note that forms of this question were raised both on the mailing list
in prior threads and also during IDR IETF sessions.

-- Jeff

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email