IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-flowspec-l2vpn-09.txt

Robert Raszuk <robert@raszuk.net> Sun, 29 September 2019 10:00 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 761D6120088 for <idr@ietfa.amsl.com>; Sun, 29 Sep 2019 03:00:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dz91u5TAX6TA for <idr@ietfa.amsl.com>; Sun, 29 Sep 2019 03:00:11 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34F7C120045 for <idr@ietf.org>; Sun, 29 Sep 2019 03:00:11 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id u184so5329699qkd.4 for <idr@ietf.org>; Sun, 29 Sep 2019 03:00:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yn4LBIuVaj0OfsY+JWkJbL+pxRKcn++eNS3jZTpxNTQ=; b=RkM0IIxd2n/mT4g0WSR0Bs3SyvND1GuPKtJOTQdAnbWk0H1OEVWtwAQXT9PzorwnGX 1NLYWUhvegl8nOAF9+I3BOi7aATFd4JQOblLnXUEMdDoLtnH9UqMGYeCmV8PIdReDFAh 17YAUkK9MHl4Hk6n5dCPt4POvG+RHSbUBnnEX2LJ92nA/LznDpJd5A1DMKIbQDIHk3uH KvEizY7WZPb7Lj9Ay/0feCfd6mgAOJQuTjLH1l+0j7Gj2mfxmAyeI4eGdCvlEsfMTmCh 0MjcqwA0J9isEfHWANpQzRclmPzG/Agql9lTlqop7xKWgUmUrRiJHscGUwWWA09D7FkN iing==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yn4LBIuVaj0OfsY+JWkJbL+pxRKcn++eNS3jZTpxNTQ=; b=WCRNWZZu0m4TRYD8A98AS3ZFB5Y3xDoJObvz2nB8eecJ4VZejNyqylPws/5D5D8+RF xNiU555KCdjCIoXUq8yxBqe4UFiHqyB50XU0SFJuXvpJBN/bcoQEa3uAW7P7TneR/LGM e6hiESrudYJnUK4T2ioBf4wuvI0okVKR2Eq3lzZRVto2HOiR98rXKtBti7I3fizxUK59 Yx+f8b2iogx9/1MMaBO1QCWUkS2cvD3hu+K/wREW7m+NzBIGtMMInPC0JWyUE975DYiA Bz3na1JRPw6c/LHmXwOiQau5UgfARCp0o9wipqoI4mvLNdJGvSmS4CidFFlGMj/g4R3N J4Hw==
X-Gm-Message-State: APjAAAVo7piHUqQ/wP+0IzR56/g/2wUKQ43mwGRSueKjnf2OIalj6jcf bkmmXeGHS2SzkTdv/bZq6+8y06hLE0ClifV3coiS/6Fd
X-Google-Smtp-Source: APXvYqx1VOZO17AxwM8HTLidagzi4WHZtI/25zLccY4gTcYZ3sllZN5IjSXgWiaVgJujMUvYlBIUm7s9ZWgZU8Zw/IE=
X-Received: by 2002:a37:274e:: with SMTP id n75mr7569904qkn.134.1569751209979; Sun, 29 Sep 2019 03:00:09 -0700 (PDT)
MIME-Version: 1.0
References: <154650798507.29744.11843661823190688795@ietfa.amsl.com> <CAOj+MMGPmUs4fAzDEwhq4z47r=TK78Kk-6Tp+KMHS0K4O=VdGg@mail.gmail.com> <CAF4+nEHwwPNL4cmXH-TMhL3xnT3LGiP-hWov-YCf=h4B-+N7QQ@mail.gmail.com>
In-Reply-To: <CAF4+nEHwwPNL4cmXH-TMhL3xnT3LGiP-hWov-YCf=h4B-+N7QQ@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Sun, 29 Sep 2019 12:00:02 +0200
Message-ID: <CAOj+MMFQbY3WY9jYSLVXMUvOVMGzOCd1LsFKJupPM0W_3oFJDQ@mail.gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Cc: "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000041c3460593ae2fe0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/dNWPP_YnBgGvhUOnuClgr2hJMPo>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-flowspec-l2vpn-09.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Sep 2019 10:00:15 -0000

Hi Donald,

The draft says:

The following changes are defined:

   "SAFI 134 for dissemination of L3VPN flow specification rules" to now
   be defined as "SAFI 134 for dissemination of VPN flow specification
   rules"

   For SAFI 134 the indication to which address family it is referring
   to will be recognized by AFI value (AFI=1 for VPNv4, AFI=2 VPNv6 and
   AFI=25 for L2VPN).  Such modification is fully backwards compatible
   with existing implementation and production deployments.

   For SAFI 134 the indication to which address family it is referring
   to will be recognized by AFI value (AFI=1 for VPNv4, AFI=2 VPNv6 and
   AFI=25 for L2VPN).  Such modification is fully backwards compatible
   with existing implementation and production deployments.



Which at least to me clearly gives the impression that newly defined NLRI
elements and format are targeted to all AFIs listed 1, 2 & 25.

If you do not intend to ever use them with AFI 1 or 2 then the draft must
state this very clearly that they are only applicable to AFI 25.

On the topic of renaming IANA registry to extend  L3VPN SAFI 134 to also
cover L2VPN my personal view is that we should not do it. We should define
a new SAFI for L2VPN and clearly separate those two.

You either match on L2 or L3 and not both in a given packet. Of course you
can send both SAFIs and match on both against traffic on a given interface.
Changing SAFI 134 now will require not only adjustment to IANA registry ...
Just imagine the effort required to change all vendor's documentation.

Many thx,
Robert

On Sun, Sep 29, 2019 at 6:05 AM Donald Eastlake <d3e3e3@gmail.com> wrote:

> Hi Robert,
>
> Thanks for your review. Apologies for the delay in response.
>
> On Thu, Jan 3, 2019 at 6:04 AM Robert Raszuk <robert@raszuk.net> wrote:
> >
> > Hi,
> >
> > Two observations:
> >
> > 1.
> >
> > The current draft extends exisiting SAFI 134 with new NLRI types.
> > That means that now we have new giant NLRI in SAFI 134.
> >
> > Have any consideration been made to just define a new flow spec SAFI
> > instead for L2 filtering ? I am quite skeptical from implementation,
> > operational and deployment points of view to extend the existing
> > SAFI and it makes a gradual deployment a nightmare if not mission
> > impossible.
> >
> > Any change to NLRI format without signalling it with new capability is
> > far from good practice.
>
> My understanding is that flow spec capabilities are signalled by an
> AFI/SAFI pair as specified in RFC 2858. So I think that
> AFI=25/SAFI=134 already is a new capability. The draft should be
> clarified to present things in those terms.
>
> It would be easy, from the IANA Considerations point of view, to get a
> new SAFI that could be used with AFI=25 for L2VPN flowspec. But I
> don't really see the benefit of burning a new SAFI value, say xyz, and
> using AFI=25/SAFI=xyz instead of ARI=25/SAFI=134.
>
> In my opinion, the general format for the NLRI in this draft ia
> similar to the flow specs for IPv4 and IPv6.  The components that are
> added by this draft differ from the IPv4 and IPv6 components in the
> generally the same way that the IPv4 and IPv6 components differ from
> each other.
>
> > 2.
> >
> > The draft is pretty silent on adjusting validation procedures to make
> sure only
> > senders of the original L2 information may inject the L2 flow routes..
> >
> > I would hope that this is basic omission and will be consider for
> addition into
> > next version of he draft.
>
> That is an excellent point and the next version should have adjusted
> validation procedures in it.
>
> Thanks,
> Donald
> =============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  1424 Pro Shop Court, Davenport, FL 33896 USA
>  d3e3e3@gmail.com
>
> > Thx,
> > R.
> >
> >
> >
> > On Thu, Jan 3, 2019 at 10:33 AM <internet-drafts@ietf.org> wrote:
> >>
> >> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> >> This draft is a work item of the Inter-Domain Routing WG of the IETF.
> >>
> >>         Title           : BGP Dissemination of L2VPN Flow Specification
> Rules
> >>         Authors         : Weiguo Hao
> >>                           Donald E. Eastlake, 3rd
> >>                           James Uttaro
> >>                           Stephane Litkowski
> >>                           Shunwan Zhuang
> >>         Filename        : draft-ietf-idr-flowspec-l2vpn-09.txt
> >>         Pages           : 13
> >>         Date            : 2019-01-03
> >>
> >> Abstract:
> >>    This document defines a BGP flow-spec extension to disseminate L2 VPN
> >>    Ethernet traffic filtering rules.  SAFI=134 in [RFC5575] is redefined
> >>    for this purpose.  A new subset of component types and extended
> >>    community also are defined.  A new subset of component types and new
> >>    extended community also are defined.
> >>
> >>
> >>
> >> The IETF datatracker status page for this draft is:
> >> https://datatracker.ietf.org/doc/draft-ietf-idr-flowspec-l2vpn/
> >>
> >> There are also htmlized versions available at:
> >> https://tools.ietf.org/html/draft-ietf-idr-flowspec-l2vpn-09
> >> https://datatracker.ietf.org/doc/html/draft-ietf-idr-flowspec-l2vpn-09
> >>
> >> A diff from the previous version is available at:
> >> https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-flowspec-l2vpn-09
> >>
> >>
> >> Please note that it may take a couple of minutes from the time of
> submission
> >> until the htmlized version and diff are available at tools.ietf.org.
> >>
> >> Internet-Drafts are also available by anonymous FTP at:
> >> ftp://ftp.ietf.org/internet-drafts/
>

v2.23.0 | Report a Bug | By Email