Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal-route-reflection-22

Dear Authors

I have a few comments on this draft.

This is a historical well known issue exists where a RR will compute the
best path based on IGP topology metric least cost to the exit point and
will advertise those paths based on the topological position of the RR to
the exit point.  The major issue is the best path reflected by the RR
should be based on the Clients IGP shortest path to exit point and the RRs
shortest path.

A workaround to this issue is RFC 7911 add paths where all paths are
advertised to all Client PEs as well as all RR as mentioned in section 4
deployment considerations.  What is missing in the Section 4 verbiage is
the add path to both RRs and all clients so advertisement of all paths are
advertised  to all clients as well as RR.  So to  resolve the issue with
the RR making the best path decision the RR must have add paths send /
receive MP Reach capability enabled to all clients and must select and
advertise all paths to all clients so that each client can now make the
best path decision based on its best path lowest IGP metric to the exit
point.

Using RFC 7911 add paths to all clients the hot potato issue is resolved.

The caveat with add paths is if you have many RRs and many exist points you
end up with many paths per prefix in the BGP RIB.

With modern high end routers these days this does not impact scalability
issues that I am aware of.

With this draft it seems the goal is to only advertise the pertinent paths
based on the client IGP location rooted topological path to the exit point
and not advertise all paths.  This would cut down on the number of paths
advertised by the RR so all paths are not flooded to the clients as the
current solution today to the hot potato issue.

Am I reading this correctly?

Kind Regards

Gyan

On Thu, Mar 18, 2021 at 3:32 PM Alvaro Retana <aretana.ietf@gmail.com>
wrote:

> Dear authors:
>
>
> Thank you for your work on this document.  I know that the draft and
> the related ideas have been around for a long time.
>
> I have a couple of significant issues that I want to highlight
> upfront, and many comments inline (see below).  In general, my focus
> is to make sure that the specification of this mechanism is clear, not
> just to the experienced reader, but to the casual one as well.  I
> believe that all the issues should be easy to resolve.
>
> (1) Terminology.  Please use the terminology already defined in
> rfc4271/rfc4456 instead of creating new one by indirection.  My first
> inline comment is about the use of "best path", which is not what
> rfc4271 uses -- there are other occurrences later on.
>
> (2) Deployment Considerations.  §6 says that a compliant
> implementation is one that allows the operator to configure "a logical
> location from which the best path will be computed, on the basis of
> either a peer, a peer group, or an entire routing instance".  Please
> spend some time providing guidance so an operator can decide what best
> works for their network.  [I pointed below to other places there
> operational guidance would be ideal.]
>
> (3) I don't think that §5 (CPU and Memory Scalability) and Appendix A
> (alternative solutions with limited applicability) should be part of
> this document.  To start, comparisons are never good and the work has
> already been through the WG so there's no need to keep justifying it
> by comparing it to other work.  Both sections contain several claims
> (e.g. "extra cost in terms of CPU", "implemented efficiently",
> "expected to be higher but comparable", "large amount of BGP state and
> churn", "result in tens of paths for each prefix") that don't have
> references, and could be considered subjective because they are
> clearly relative and can change depending on the specific deployment
> and configuration of the network.  I am not saying that the claims are
> false, simply requesting to take these two sections out.
>
>
> Thanks!
>
> Alvaro.
>
>
> [Line numbers from idnits.]
>
> ...
> 17      Abstract
>
> 19         This document defines an extension to BGP route reflectors.  On
> route
> 20         reflectors, BGP route selection is modified in order to choose
> the
> 21         best path from the standpoint of their clients, rather than
> from the
> 22         standpoint of the route reflectors.  Multiple types of
> granularity
> 23         are proposed, from a per client BGP route selection or to a per
> peer
> 24         group, depending on the scaling and precision requirements on
> route
> 25         selection.  This solution is particularly applicable in
> deployments
> 26         using centralized route reflectors, where choosing the best
> route
> 27         based on the route reflector IGP location is suboptimal.  This
> 28         facilitates, for example, best exit point policy (hot potato
> 29         routing).
>
> [major] "best path"  rfc4271 doesn't use the term "best path".  The
> terminology used in this document should, at the very least, match
> what the base spec defines.  Let's please not create new terminology
> by indirection using the "definition of terms" section.
>
>
> [minor] "proposed"  This document is in line to be come an RFC; we're
> far beyond proposing things.  There are a couple of places later on
> where this same wording is used.  Please change it to specified or at
> least described (the latter probably fits best in this specific case).
>
>
> [nit] s/from a per client BGP route selection or to a per peer
> group/from per client BGP route selection or per peer group
>
>
> [nit] s/precision requirements on route selection./precision requirements.
>
>
> [nit] s/route reflector IGP location/route reflector's IGP location
>
>
> [major] "IGP location"  Before I forget -- please clearly define (not
> in the Abstract of course) what an "IGP location" is.
>
>
> ...
> 70         1.  Definitions of Terms Used in This Memo  . . . . . . . . . .
> .   2
> 71         2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . .
> .   3
>
> [nit] It would be nice if the Introduction came up before the terminology.
>
>
> ...
> 91      1.  Definitions of Terms Used in This Memo
>
> [minor] To avoid repeating some terms, it is good practice to indicate
> which other RFCs the reader should be familiar with.  In this case
> rfc4271 and rfc4456 come to mind.
>
>
> ...
> 132     2.  Introduction
> ...
> 153        Section 11 of [RFC4456] describes a deployment approach and a
> set of
> 154        constraints which, if satisfied, would result in the deployment
> of
> 155        route reflection yielding the same results as the IBGP full mesh
> 156        approach.  This deployment approach makes route reflection
> compatible
> 157        with the application of hot potato routing policy.  In
> accordance
> 158        with these design rules, route reflectors have traditionally
> often
> 159        been deployed in the forwarding path and carefully placed on
> the POP
> 160        to core boundaries.
>
> [nit] s/have traditionally often/have often
> Redundant...
>
>
> 162        The evolving model of intra-domain network design has enabled
> 163        deployments of route reflectors outside of the forwarding path.
> 164        Initially this model was only employed for new address
> families, e.g.
> 165        L3VPNs and L2VPNs, however it has been gradually extended to
> other
> 166        BGP address families including IPv4 and IPv6 Internet using
> either
> 167        native routing or 6PE.  In such environments, hot potato routing
> 168        policy remains desirable.
>
> [minor] "new address families, e.g. L3VPNs and L2VPNs"  These are not
> the name of the AFs.  Maybe call them new services.
>
>
> [minor] "IPv4 and IPv6 Internet"  The name of the AF is IP/IP6; again,
> you probably mean service/application.
>
>
> [nit] "native routing or 6PE"  Not 4PE applications?  ;-)   It seems
> to me that you can save some ink by ending the sentence after
> "Internet".
>
>
> ...
> 194     3.  Modifications to BGP Best Path selection
>
> 196        The core of this solution is the ability for an operator to
> specify
> 197        the IGP location for which the route reflector should calculate
> 198        routes.  This can be done on a per route reflector basis, per
> peer/
> 199        update group basis, or per peer basis.  This ability enables the
> 200        route reflector to send to a given set of clients routes with
> 201        shortest distance to the next hops from the position of the
> selected
> 202        IGP location.  This provides for freedom of route reflector
> physical
> 203        location, and allows transient or permanent migration of this
> network
> 204        control plane function to an arbitrary location.
>
> [major] "ability for an operator to specify the IGP location for which
> the route reflector should calculate routes.  This can be done on a
> per route reflector basis, per peer/update group basis, or per peer
> basis."
>
> When should an operator choose per RR vs per peer group vs per peer?
> Choice is good, but providing guidance for the deployment is much
> better.  Please consider adding text to §6 about the considerations to
> chose one or the other.
>
>
> [minor] "peer/update group"  Where is this defined?  Is there a
> reference to a non-implementation-specific definition?  Can it be
> called "a group of peers"?  Maybe you also want to include it in the
> definitions in §1.
>
>
> ...
> 215        o  it can, and usually will, have a different position in the
> IGP
> 216           topology, and
>
> [] "usually will"   The position in the topology will *always* be
> different!
>
>
> ...
> 222        This document defines, on BGP Route Reflectors [RFC4456], two
> changes
> 223        to the BGP Best Path selection algorithm:
>
> [nit] s/defines, on BGP Route Reflectors/defines, for BGP Route Reflectors
>
>
> ...
> 235        A route reflector can implement either or both of the
> modifications
> 236        in order to allow it to choose the best path for its clients
> that the
> 237        clients themselves would have chosen given the same set of
> candidate
> 238        paths.
>
> [major] Please provide guidance for the operator to consider then one
> or both should be used in their network.
>
>
> 240        A significant advantage of these approaches is that the route
> 241        reflector clients do not need to run new software or hardware.
>
> [nit] s/do not need to run new software or hardware./do not need to be
> modified.
>
>
> 243     3.1.  Best Path Selection from a different IGP location
>
> 245        In this approach, optimal refers to the decision made during
> best
> 246        path selection at the IGP metric to BGP next hop comparison
> step.  It
> 247        does not apply to path selection preference based on other
> policy
> 248        steps and provisions.
>
> [major] Please be specific about what is the "IGP metric to BGP next
> hop comparison step".  There is no step with that name, or even a
> string match in rfc4271.  Later you talk about the step e) tie-breaker
> -- don't wait to be specific!
>
>
> ...
> 263           e) Remove from consideration any routes with less-preferred
> 264           interior cost.  The interior cost of a route is determined by
> 265           calculating the metric from the selected IGP location to the
> 266           NEXT_HOP for the route using the shortest IGP path tree
> rooted at
> 267           the selected IGP location.
>
> [major] Note that the specification talks about "interior cost", but
> the descriptions in this document uses "IGP cost" and "IGP metric" to
> refer to the same thing.  Please be consistent with existing
> terminology!
>
>
> [major] Related to the definition of "IGP location" and its
> configuration.  How does the IGP location (and thus the calculation of
> the interior cost, as above) change when the configuration is done per
> peer/update groups instead than per peer?  This is another point where
> operators could benefit from guidance (for the peer/update-group and
> whole RR cases, of course).
>
>
> ...
> 275        The configuration of the IGP location is outside of the scope
> of this
> 276        document.  The operator may configure it manually, an
> implementation
> 277        may automate it based on heuristics, or it can be computed
> centrally
> 278        and configured by an external system.
>
> [nit] s/outside of the scope/outside the scope
>
> [major] There are several places later on that talk about the
> configuration, even making it a requirement for compliance (§6).  I
> think that you don't mean the configuration itself, but the way in
> which the configuration is instantiated in the router (which could be
> considered an implementation detail).  As written, the text is not
> clear.
>
>
> 280        This solution does not require any change (BGP or IGP) on the
> 281        clients, as all required changes are limited to the route
> reflector.
>
> [] This was also claimed before.
>
>
> 283        This solution applies to NLRIs of all address families that can
> be
> 284        route reflected.
>
> [] Are there AFs that cannot be reflected?  Just wondering if you
> really need to say this.
>
>
> 286     3.1.1.  Restriction when BGP next hop is BGP prefix
>
> 288        In situations where the BGP next hop is a BGP prefix itself,
> the IGP
> 289        metric of a route used for its resolution SHOULD be the final
> IGP
> 290        cost to reach such next hop.  Implementations which can not
> inform
> 291        BGP of the final IGP metric to a recursive next hop SHOULD
> treat such
> 292        paths as least preferred during next hop metric comparison.
> However
> 293        such paths SHOULD still be considered valid for best path
> selection.
>
> [major] The recursive resolution is already covered in rfc4271
> (§5.1.3/§9.1.2.1).  Why isn't that enough?
>
> There seems to be a difference: if an implementation "can not inform
> BGP of the final IGP metric to a recursive next hop...SHOULD still be
> considered valid for best path selection."  rfc4271 treats these
> routes as unresolvable.  Do you want to consider unresolvable routes?
>
> Finally, there are a lot of SHOULDs in this paragraph.  Under which
> conditions is it ok to not perform the actions?  IOW, why are these
> actions recommended and not required?
>
>
> 295     3.2.  Multiple Best Path Selections
>
> 297        BGP Route Reflector as per [RFC4456] runs a single best path
> 298        selection.  Optimal route reflection may require calculation of
> 299        multiple best path selections or subsets of best path selection
> in
> 300        order to consider different IGP locations or BGP policies for
> 301        different sets of clients.
>
> [] It hasn't been mentioned before, but the talk about policy made me
> think about this:   Can a client be present on different sets?  How is
> that handled in terms of BGP sessions?  Do we need multiple sessions?
> Or is add-path required?
>
>
> 303        If the required routing optimization is limited to the IGP cost
> to
> 304        the BGP Next-Hop, only step e) as defined [RFC4271] section
> 9.1.2.2,
> 305        needs to be duplicated.
>
> [major] I'm not sure if this paragraph is referencing §3.1 (where step
> e) was just modified), or or you're saying that for each subset (from
> the last paragraph) only step e) is considered, or something else.  ??
>
>
> 307        If the routing optimization requires the use of different BGP
> 308        policies for different sets of clients, a larger part of the
> decision
> 309        process needs to be duplicated, up to the whole decision
> process as
> 310        defined in section 9.1 of [RFC4271].  This is for example the
> case
> 311        when there is a need to use different policies to compute
> different
> 312        degree of preference during Phase 1.  This is needed for use
> cases
> 313        involving traffic engineering or dedicating certain exit points
> for
> 314        certain clients.  In the latter case, the user MAY specify and
> apply
> 315        a general policy on the route reflector for a set of clients.
> For a
> 316        given set of clients, the policy SHOULD in that case allow the
> 317        operator to select different candidate exit points for different
> 318        address families.  Regular path selection, including IGP
> perspective
> 319        for a set of clients as per Section 3.1, is then applied to the
> 320        candidate paths to select the final paths to advertise to the
> 321        clients.
>
> [] Similar comment as before...   The use of "duplicated" is confusing me.
>
>
> [major] "the user MAY specify..."  s/MAY/may   It seems to me that
> you're simply stating a fact (the user can do this), and not
> specifying an optional behavior.
>
>
> [major] "...the policy SHOULD in that case allow the operator to
> select different candidate exit points for different address
> families."  There's no interoperable action that "the policy" can
> execute.  It sounds as if you're recommending that specific knobs
> ("allow the operator to...") be implemented.  Please reword.
>
>
> [] You use "IGP perspective" I guess as equivalent to "IGP location"
> -- is that right?
>
>
> 323     4.  Implementation considerations
>
> 325     4.1.  Likely Deployments and need for backup
>
> [nit] Do we really need a sub-section if all the text for §4 is in it?
>
>
> 327        With IGP based optimal route reflection, even though the IGP
> location
> 328        could be specified on a per route reflector basis or per
> peer/update
> 329        group basis or per peer basis, in reality, it's most likely to
> be
> 330        specified per peer/update group basis.  All clients with the
> same or
> 331        similar IGP location can be grouped into the same peer/update
> group.
> 332        An IGP location is then specified for the peer/update group.
> The
> 333        location is usually specified as the location of one of the
> clients
> 334        from the peer group or an ABR to the area where clients are
> located.
> 335        Also, one or more backup locations SHOULD be allowed to be
> specified
> 336        for redundancy.  Implementations may wish to take advantage of
> peer
> 337        group mechanisms in order to provide for better scalability of
> 338        optimal route reflector client groups with similar properties.
>
> [major] "IGP based optimal route reflection"
>
> This is the first time you use "IGP based optimal route reflection"; I
> peeked forward and see that §5 also mentions "policy based optimal
> route reflection".  But you didn't define them anywhere -- in fact,
> the description before now focuses on the IGP location, which makes me
> think about "IGP based".
>
> I could guess that the "policy based" version is related to §3.2, but
> (1) no one should have to guess (!), and (2) the end of that section
> says that "IGP perspective...is then applied", making it also "IGP
> based".  ??
>
> Please either define these types of ORR earlier in the text, or
> (better yet) don't use the terms.  Instead, and given that the names
> are used just a couple of times, change "policy based" to "the case
> where a policy is applied"...
>
>
> [major] "one or more backup locations SHOULD be allowed to be
> specified for redundancy"
>
> (1) §3.1 says that the "configuration of the IGP location is outside
> of the scope of this document".  If that is true, then you can't
> recommend anything related to the configuration.
>
> (2) If there were "backup locations", how would they be used?
>
>
> [minor] This is the only time that "optimal route reflector client
> groups" is used.  I had been assuming that a group of clients would
> correspond to a specific peer/update group (as mentioned many times
> before).  Is there a difference between a "client group" and grouping
> clients to correspond to a peer/update group?
>
>
> [] "for better scalability of optimal route reflector client groups"
> What exactly does this mean?  I asked before about
> references/definitions for peer/update groups; this point may be
> related.
>
>
> ...
> 373     6.  Advantages and Deployment Considerations
>
> 375        The solutions described provide a model for integrating the
> client
> 376        perspective into the best path computation for route reflectors.
> 377        More specifically, the choice of BGP path factors in either the
> IGP
> 378        cost between the client and the nexthop (rather than the IGP
> cost
> 379        from the route reflector to the nexthop) or other user
> configured
> 380        policies.
>
> [] "solutions"?   I only see one, where the "second" one simply adds
> policy, which is a pervasive tool in BGP.
>
>
> 382        The achievement of optimal routing relies upon all route
> reflectors
> 383        learning all paths that are eligible for consideration.  In
> order to
> 384        satisfy this requirement, path diversity enhancing mechanisms
> such as
> 385        BGP add-path [RFC7911] may need to be deployed between route
> 386        reflectors.
>
> [mayor] "path diversity enhancing mechanisms...may need to be deployed
> between route reflectors"  Given that this is the Deployment
> Considerations section, please provide guidance on when these
> mechanisms are needed, and when they're not.
>
>
> [minor] "path diversity enhancing mechanisms such as BGP add-path
> [RFC7911]"  Just out of curiosity, what other mechanisms are you
> thinking of?  Are there deployment considerations, when using ORR, to
> prefer one?
>
>
> 388        Implementations considered compliant with this document allow
> the
> 389        configuration of a logical location from which the best path
> will be
> 390        computed, on the basis of either a peer, a peer group, or an
> entire
> 391        routing instance.
>
> [] I guess that "logical location" is another name for IGP location...
>
>
> [major] §3.1 says that the "configuration of the IGP location is
> outside of the scope of this document".  If that is true, then the
> configuration cannot be a consideration for compliance.
>
> A better wording for compliance would be: "An implementation MUST
> allow the configuration..."
>
>
> 393        These solutions can be deployed in traditional hop-by-hop
> forwarding
> 394        networks as well as in end-to-end tunneled environments.  In
> networks
> 395        where there are multiple route reflectors and hop-by-hop
> forwarding
> 396        without encapsulation, such optimizations SHOULD be enabled in a
> 397        consistent way on all route reflectors.  Otherwise, clients may
> 398        receive an inconsistent view of the network, in turn leading to
> 399        intra-domain forwarding loops.
>
> [major] "optimizations SHOULD be enabled in a consistent way on all
> route reflectors"
>
> Is "a consistent way" different than "on all"?   s/.../optimizations
> SHOULD be enabled on all route reflectors
>
> When is it ok for all RRs not to be enabled with the optimizations?
> IOW, why is it recommended and not required?  Avoiding "intra-domain
> forwarding loops" sounds like a good reason to require it.
>
>
> ...
> 406        As per above, these approaches reduce the amount of state which
> needs
> 407        to be pushed to the edge of the network in order to perform hot
> 408        potato routing.  The memory and CPU resources required at the
> edge of
> 409        the network to provide hot potato routing using these
> approaches is
> 410        lower than what would be required to achieve the same level of
> 411        optimality by pushing and retaining all available paths
> (potentially
> 412        10s) per each prefix at the edge.
>
> [] This paragraph sounds very speculative and doesn't seem necessary.
> In line with §5.
>
>
> 414        The solutions above allow for a fast and safe transition to a
> BGP
> 415        control plane using centralized route reflection, without
> 416        compromising an operator's closest exit operational principle.
> This
> 417        enables edge-to-edge LSP/IP encapsulation for traffic to IPv4
> and
> 418        IPv6 prefixes.
>
> [] "allow for a fast and safe transition"  Besides this statement
> sounding like a marketing brochure, if you're going to talk about
> transition, please talk about it in detail.  Please take a look at
> §2/rfc5706 and include details about the transition and how it is
> "fast and safe".
>
>
> 420        Regarding Best Path Selection from a different IGP location, it
> 421        should be self evident that this solution does not interfere
> with
> 422        policies enforced above IGP tie-breaking in the BGP best path
> 423        algorithm.
>
> [minor] Don't assume anything is self evident to anyone.
>
> Suggestion (maybe more appropriate in §3.1)>
>    The modification specified in Section 3.1 does not impact any previous
>    considerations in the BGP Decision Process.
>
>
> 425     7.  Security Considerations
>
> 427        Similarly to [RFC4456], this extension to BGP does not change
> the
> 428        underlying security issues inherent in the existing IBGP
> [RFC4456].
>
> [minor] No need to reference rfc4456 twice in the same sentence.
>
>
> 430        It however enables the deployment of base BGP Route Reflection
> as
> 431        described in [RFC4456] to be possible using virtual compute
> 432        environments without any negative consequence on the BGP
> routing path
> 433        optimality.
>
> [] I'm not sure how this relates to the specification itself (platform
> independent), but I'm sure the Security ADs will have a lot of
> questions about the security of "virtual compute environments" -- and
> where the details are included in this document.   IOW, that sounds
> like an unnecessary assertion.
>
>
> [major] "without any negative consequence"  The new functionality
> specified in this document is having the RR run the client's selection
> for them (even specific policy) -- there are risks related to the
> duplication of the policy, the location of the RRs and the blind trust
> that the clients need to have.  Or should the clients rerun the policy
> locally?
>
> This behavior is not necessarily different from normal RR, but the
> instantiation is different.   It would be very easy for a rogue RR to
> propagate incorrect routing information to its clients -- specially if
> policy is offloaded to them.
>
> In the worst case the result would be a sub-optimal route (maybe even
> worse than what the clients get today), but probably not a "real"
> security issue.  It is probably a good idea to explain why it is not a
> security risk.
>
>
> 435        This document does not introduce requirements for any new
> protection
> 436        measures, but it also does not relax best operational practices
> for
> 437        keeping the IGP network stable or to pace rate of policy based
> IGP
> 438        cost to next hops such that it does not have any substantial
> effect
> 439        on BGP path changes and their propagation to route reflection
> 440        clients.
>
> [major] "best operational practices"  Like what?  It would be good to
> provide (at least) informational references.
>
>
> [major] "to pace rate of policy based IGP cost to next hops such that
> it does not have any substantial effect on BGP path changes"   You
> will have to explain this further because the operation of an IGP is
> not mentioned anywhere else.
>
> IMHO, there's no need to go into IGP operational details in this
> document.  There is nothing special/different about the operation of
> an IGP.
>
>
> [End of Review]
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *

*Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*

*M 301 502-1347*