Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)

"Wanghaibo (Rainsword)" <rainsword.wang@huawei.com> Thu, 23 July 2020 07:02 UTC

Return-Path: <rainsword.wang@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 930983A097E for <idr@ietfa.amsl.com>; Thu, 23 Jul 2020 00:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mKadJRAnQtj9 for <idr@ietfa.amsl.com>; Thu, 23 Jul 2020 00:02:11 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4775B3A097F for <idr@ietf.org>; Thu, 23 Jul 2020 00:02:11 -0700 (PDT)
Received: from lhreml720-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id E1813F7CA6A06F3FCEAF for <idr@ietf.org>; Thu, 23 Jul 2020 08:02:09 +0100 (IST)
Received: from nkgeml708-chm.china.huawei.com (10.98.57.160) by lhreml720-chm.china.huawei.com (10.201.108.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 23 Jul 2020 08:02:09 +0100
Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml708-chm.china.huawei.com (10.98.57.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 23 Jul 2020 15:02:06 +0800
Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Thu, 23 Jul 2020 15:02:06 +0800
From: "Wanghaibo (Rainsword)" <rainsword.wang@huawei.com>
To: "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>, Huaimo Chen <huaimo.chen@futurewei.com>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)
Thread-Index: AdZaqFM+IHByNV2FRBK1MLVtR2zN/ABKkEHwAM/yKLgAAVYagABpvZDg
Date: Thu, 23 Jul 2020 07:02:06 +0000
Message-ID: <9df696a9aeae4bb3a2fd3869e72480b7@huawei.com>
References: <003701d65aa9$689a64d0$39cf2e70$@ndzh.com>, <BYAPR11MB32072C364496472F6BB8FBD4C07C0@BYAPR11MB3207.namprd11.prod.outlook.com> <MN2PR13MB3117DB85FAE31F34D6575B41F2780@MN2PR13MB3117.namprd13.prod.outlook.com> <BYAPR11MB3207711DF449A039CC57AA61C0780@BYAPR11MB3207.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3207711DF449A039CC57AA61C0780@BYAPR11MB3207.namprd11.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.202.142]
Content-Type: multipart/alternative; boundary="_000_9df696a9aeae4bb3a2fd3869e72480b7huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/d4xBsEzw7LMXramKXtxG-rhapS4>
Subject: Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 07:02:14 -0000

Hi Jakob,

1.  Flowspec's validation is used to check whether a device can learn the Flowspec routes from an EBGP peer, but the validation can be performed only for the component of the destination type.
    In practice, the centralized server or controller is often used to send FlowSpec routes to devices.
2.  RPD and SR-Policy also have their own validation. That is, route targets are used to check whether information is sent to the expected node.

Regards,
Haibo

From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Jakob Heitz (jheitz)
Sent: Tuesday, July 21, 2020 12:52 PM
To: Huaimo Chen <huaimo.chen@futurewei.com>om>; Susan Hares <shares@ndzh.com>om>; idr@ietf.org
Subject: Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)

There is an important difference between RPD and Flowspec.
https://tools.ietf.org/html/rfc5575#section-6
states:
   A flow specification NLRI must be validated such that it is
   considered feasible if and only if:

   a) The originator of the flow specification matches the originator of
      the best-match unicast route for the destination prefix embedded
      in the flow specification.

   b) There are no more specific unicast routes, when compared with the
      flow destination prefix, that have been received from a different
      neighboring AS than the best-match unicast route, which has been
      determined in step a).

Effectively, the advertisement of the route takes the same vector as the
advertisement of the matching flowspec. Therefore, if the flowspec did not
reach a node, then the route likely didn't either, so it doesn't matter.

The fact that BGP is spray and pray doesn't matter, because the route and the
flowspec spray to the same places.

RPD policy distribution has no such validation rule.

SR policy distribution suffers from the same problem.


Regards,
Jakob.

From: Huaimo Chen <huaimo.chen@futurewei.com<mailto:huaimo.chen@futurewei.com>>
Sent: Monday, July 20, 2020 9:01 PM
To: Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>>; Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>; idr@ietf.org<mailto:idr@ietf.org>
Subject: Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)

Hi Jakob,

    Thank you very much for your valuable comments.
    Our answers/explanations are inline below with prefix [HC].

Best Regards,
Huaimo on behalf of co-authors
________________________________
From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> on behalf of Jakob Heitz (jheitz) <jheitz=40cisco.com@dmarc.ietf..org<mailto:jheitz=40cisco.com@dmarc.ietf.org>>
Sent: Thursday, July 16, 2020 9:01 PM
To: Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>; idr@ietf.org<mailto:idr@ietf.org> <idr@ietf.org<mailto:idr@ietf.org>>
Subject: Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)


BGP seems the wrong way to distribute routing policy.



[HC]: It seems that BGP flow spec has been used widely to distribute policies for redirecting the traffic. It seems work well without some mechanisms in Netconf. BGP RPD should be similar to BGP flow spec.  BGP SR Policy is on the same train.



IETF has already defined a way to distribute configuration: Netconf.

Netconf provides needed features that BGP does not have:

- Atomic Transactions:

  If one configuration item fails, they all fail.

  They all either succeed or all fail. There is no partial success.

  Multiple configurations in one transaction are applied at the same time.

   . This avoids non-deterministic transient behavior between application of the first policy and the last.

- Feedback:

  BGP is "spray and pray".

  Netconf provides an acknowledgement that the config either failed or was applied,

  which then allows the controller to take the next steps with

  reliable information about what configuration exists in the network.

- Persistence:

  If the BGP session were to go down, all the configuration it sent will be implicitly withdrawn.



If another AS would not allow a foreign AS to configure it with netconf,

it would not allow it with RPD either.



There are already ways in BGP for an AS to signal preference across AS boundaries:

Med, AS-path length, communities.



[HC]: Netconf can be used to distribute configurations from a controller to the devices in a network. BGP RPD as an alternative option, may have some advantages in some cases. For example, in the case where BGP as a controller, BGP RPD seems more suitable. Using BGP RPD to control/redirect the traffic dynamically in real time may be more effective.



Regards,

Jakob.



From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> On Behalf Of Susan Hares
Sent: Wednesday, July 15, 2020 6:11 AM
To: idr@ietf.org<mailto:idr@ietf.org>
Subject: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020)



This begins a 2 week WG LC on draft-ietf-idr-rpd

from 7/15 to 7/29/2020.  You can obtain this draft at:

https://datatracker.ietf.org/doc/draft-ietf-idr-rpd/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-idr-rpd%2F&data=02%7C01%7Chuaimo.chen%40futurewei.com%7C12cf72daefe0446d5a7908d829ed0a36%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637305445341383523&sdata=3LvgG6xwElOv27jGetqpyk8ftRub%2B%2B4Ui31Yt8wN87A%3D&reserved=0>



This draft defines a new AFI/SAFI and new atoms

for the Wide Communities.  This WG LC has been delayed

as I waited for a resubmission of the Wide Communities draft.

I had hoped to do these 2 WG LC in parallel.



I've not received the Wide Communities draft, but we will

start this WGLC to provide feedback to the authors.

We may have to run a short follow-up to this WG LC

If there are changes to the Wide Communities draft during

Its WG LC.



There is an IPR statement on this draft.



In your responses please answer the following questions:



1) Do you feel this draft has an solution that is acceptable

   With the IPR as a WG RFC?



2) Do you feel this draft is ready to publish?



3) Do you know of implementations of this draft?



4) Do you know of deployments of this draft?

If so, is this feature useful in the deploy ments.



5) Do you feel that Wide Communities is ready for

Publication?



Cheerily, Susan Hares