Re: [Idr] Possible to set up priority for Tunnels established by draft-ietf-idr-tunnel-encaps-09 ?
Eric C Rosen <erosen@juniper.net> Tue, 10 July 2018 15:24 UTC
Return-Path: <erosen@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C110131001; Tue, 10 Jul 2018 08:24:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M_v5wBw6aXhO; Tue, 10 Jul 2018 08:24:50 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 178E7130FF9; Tue, 10 Jul 2018 08:24:50 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w6AEsbVk021363; Tue, 10 Jul 2018 07:59:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type; s=PPS1017; bh=h62VlQu2xCVdrfsON/JgkFcA5GujgDvQMQ+8czNEHc0=; b=QCl9OR1TIHY/U7KnA5bL9mTpKzbqL+u9q4Cx5SSZrVXIlTLLPYHqcGzji+7SMN/1SThf fzUIM9VmFKBsQKgf4/xZ3Hcz2cfIbEiitxthIKbDMhOFio9ofHuQJ9Q7EKvVa564DyVs /kUDiFt2+W7XEAMu3sZW0/jGrVfuF2u50GiAvmJO7b/ef/QL9f5GZi6STdwHFZ/GXLvs /IFuXjIALeK04DtPWHNsnKUTEEezacE7+l3AN2ymTBT4idYujNcFV0GupSppvEIu14iR fKV8bAICwsmrN6EHrqhzmsrye6vuHHbctshKyRQ0F7C9uPa/cx0jYIE5LNknDk4/zvup PQ==
Received: from nam05-by2-obe.outbound.protection.outlook.com (mail-by2nam05lp0240.outbound.protection.outlook.com [216.32.181.240]) by mx0b-00273201.pphosted.com with ESMTP id 2k4tbsrk3q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 10 Jul 2018 07:59:42 -0700
Received: from [172.29.35.4] (66.129.241.10) by DM5PR0501MB3864.namprd05.prod.outlook.com (2603:10b6:4:7b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.8; Tue, 10 Jul 2018 14:59:38 +0000
To: Linda Dunbar <linda.dunbar@huawei.com>, "idr@ietf.org" <idr@ietf.org>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>
References: <4A95BA014132FF49AE685FAB4B9F17F66B0A7BA3@sjceml521-mbs.china.huawei.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <9edd33e0-f845-a872-8cd2-9aa056b8c132@juniper.net>
Date: Tue, 10 Jul 2018 10:59:34 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.0
MIME-Version: 1.0
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F66B0A7BA3@sjceml521-mbs.china.huawei.com>
Content-Type: multipart/alternative; boundary="------------6DB56E613AA3F7ABC0B37652"
Content-Language: en-US
X-Originating-IP: [66.129.241.10]
X-ClientProxiedBy: BN6PR02CA0030.namprd02.prod.outlook.com (2603:10b6:404:5f::16) To DM5PR0501MB3864.namprd05.prod.outlook.com (2603:10b6:4:7b::27)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b58def17-6b95-4181-1e36-08d5e675c2b3
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(48565401081)(2017052603328)(7153060)(7193020); SRVR:DM5PR0501MB3864;
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0501MB3864; 3:dKOH7nhEjC1YjkxXxKsb+DjwQ7n0YOfICVitliOyS3xfIddIw48NsMiqr4E13H5Bt9mq0+qmCvPsunJ7JPvT04TbYPMcGqItbRsgbcAQiDWOcq/msG5J8dNh1r1NHHnlBn1XeuyGLBuNT/tXU0ByuZeDSAGR0g8w1AUEJnoLBjUTLQj0b2UTuV5cNdN1U8gK7MoW/UdIbKdkyxXDeqbY3FYjFD3wHW93duE8y3JQabK3WkOKOUwVN4LnaC7NrRTj; 25:yD22fZgh1kw10zcCdIRKvcw3wdJcCozPRA9G8zIL1aIfez3NxxrQeJxSSiFg4+1wNDbJPbmwwPcy+5XaO5F7obzcz5j7K8vE9rgRPyOybaCuaaXO0GSRS3DJzvp9Ra3uKFVBj7r+523nzO0SZ3evHakWSAn3uNwsmobU2j1OE2UIFXyP1aQMifCIoBS2PwXqvHzyOyWtl6KYGTvwfAIsdHllIF8LyFWkW9R0gQ/Cm184nTb0RY7h2uUjI+VOxm53TN9uj+uJgHQeM4X5vgi8/aKGzTcpfR86VbwCY5zSRzFM//Nuut83JU+by2B4hhT+G3huBaRtNxeyPHmX816PBg==; 31:DBxTaYAO+tUwmVxjWzE2VIi5a4fuRnwdTNVR0mcf6GafjMxkp970oeDEqVtcdAiMnYukqjWwDaC5+Mc6sllE3v4TNOD9XqINdUfX1/19wiXXpFih/nxY1Kgw23/AZ57ByUgInMNvu8Ol5qJO1w55JZMNXHjCJOGFYGyQRkb7gRKwCD4sTEiFetA5d3U09sSeeocc1ME/zggMw6+s46XO4jPmLsu48M8OGC56Zq/XloU=
X-MS-TrafficTypeDiagnostic: DM5PR0501MB3864:
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0501MB3864; 20:5Dnxl3jSYRLCbp8ZvyY7gTF1PpeGqRWw/4p0OHY0HfMBmwoDB44Fw2VZvftjH70SU+rhXFeIF+hgkESJrKnjLPYplRh/QMP30MYMDqdWn1xX2+KnNPwa1FtWSCLWU7W+wQN4MNWAr0Z1oblpFY/DOnT2VqJAO0BNwOdyv+JulxF/tYkWcaSxW+mzLlm05+2d+EwKcSWF8pC4VYCgF4MtqOWA2zw/B1OLBGkV13pMnUi4IQxdJZSYaqPrM6d0zX7+Tdm2y31bmp3PRFfbVvmQ55shdytpeGvveNDmvrTLZP7vthiGuouYCq0OAXRtmWW4DITAs+baxqCXCQtM8L1y2aMWnoK9qwbwKvX70KPHSF8uvL/DHuzcY9Lm1e2EEhzLJQUa0RH4NPQQEAWGoVCq9h9ntf3B4IXy3wso+eK1/412wXDL5wNlXOVSnXqqZ9TPdESE4Uk4dDqX9YKyqCotC8U0eQiAyasV/XgkUyGmWKTQPjqnbe+nvRRM8hH1HrbrT07UX2W1zrQ235LqtWG+l8sJm0/YjTk3/bEWwEOdtxWmyMMEc3ZG5RclHHeeTtQoffdYlMqcqfwAYzMLud4ZWu0OZfgtk1l+74XPJaefObM=; 4:u8LpANGposUERlCc4rSbjXjl1L978713r84UfQ9RZUiJv2ZlT4fPtUHeeQxdKTpi4qZNC1udWdzGSK2MI3sCe15a/aVZdpgoLkDv/SIcgYcJH10nCMw6sRTHVZvsty7Z7WzJx1mqDfFDiN6sfU3PHXF+owth4M2+yvBVO7nN5HEkTkArNsJJ0ULEWi8gaUNn4FZkfnMIym39nmjMZnDj7TkTovPKr65ImFUSp9Chr+4wGYyb4k4wDYKGyWnxzkONJ5CF3ee9HfIi5ouC2BvklDzFsJFpsJqpZ9HEzpKBfFJaQgP9/hYtwNAFezsz9EF4
X-Microsoft-Antispam-PRVS: <DM5PR0501MB3864334D10EAD9009CAFFBDFD45B0@DM5PR0501MB3864.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(50582790962513);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:DM5PR0501MB3864; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0501MB3864;
X-Forefront-PRVS: 0729050452
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(366004)(396003)(136003)(346002)(39860400002)(376002)(199004)(189003)(6116002)(3846002)(77096007)(3260700006)(6486002)(25786009)(790700001)(65826007)(7736002)(31686004)(26005)(106356001)(5660300001)(6246003)(6666003)(478600001)(105586002)(53546011)(386003)(64126003)(76176011)(52116002)(53936002)(54896002)(66066001)(446003)(65806001)(65956001)(316002)(86362001)(81166006)(14444005)(486006)(97736004)(2201001)(11346002)(84326002)(2616005)(476003)(956004)(36756003)(16576012)(37036004)(2906002)(110136005)(16586007)(229853002)(58126008)(8676002)(2501003)(16526019)(68736007)(8936002)(81156014)(31696002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0501MB3864; H:[172.29.35.4]; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0501MB3864; 23:WLDABCsayVzyaF41hCdAtUfMtQcxrSeJACE2VO3wlpLVRrrEPNVNgXYHkpyTuKOgBI+twY2SgFaoViqSxYZlxTnQ+0iBZDCy2EA0BLFlOq4cS03LKCYbZcdoqJdySWNE1c1C9g6hwjH9T1iU85Fn5TAPZ9qdwxzESdRwSI6mzXH+ZKmjv8d5vuW6JKN0zDCeEHIGU06B6ARv++V/WklY/eStzo+z02nYMiG6NoV3bVPosV70a2v7Y9wDf4Fu1y9VRzvmkXxxb8t2kejzhQKu4BfaLfEx174pCWGW4mqn/AyaqfSYJOp1wMITxvVi2YFOdu3m27HhZfFHYQLYFp2j8xu5pGi9nh62LnutLAn0ZCE8UC//EsDvn0ImqWLtKnF1x/B3oFaHNrYEnlA22n8d5g2DFENR7qHGPyOjkTbfq3lhTFIit9MGk38PR2/BnJDRN/p3iI7mM6GbaXr2Ay/u7OMsob6vgQ9wgTqC28cJkA2QHWpDvvMWPZFO+kTwSW+o5roOfczPLrm1UiTJYvf1ku4EkPuzurpHMS02cDcY7RjE0qKomJo02ZPQbKAbrKsvMyTvS8T0YW9wqzYEiPaChBVgP2TM3KQ0rD8JF12r5H9vE9LOq/PV+xNL2meYieezlHcray/z9irLi06BK9hmjjhqGvCuR8URacU3FxO/ejCsTvovtfWuCDJKlwsGEQ7FRsJRMeGQVebWHtFFzGvkY+mV/l+QMJyvlvfAaCGMff7YWzX2tOuLsH9uFyQDIbWVYJ98X6GNOm/punC6YzvqAoVqeOoH69I7g/NSllB1e4lliLxUqHkhvwK9q/G6GwaFH612eH/WNkuCkJE2B3ApvLBlD1iRfRuGbP/POiBeGP3gAMCbEC+dHNznm93kTxrj5jTKjRQpLLu59OE06Z3gvmsCh+yRraUjRzPqyUJUcZgpB+YxcgQziWVntib/owWCmVAQO2A/1HPVAHIeaMw+fh+RU5Y9xNIuuhDq4y4GJPO07FyNT69KDxjKg5RTPAwX2h0L6NnTbJTGrY8SqgcPzZs6+x08LQz3ZmfbJt4muslfbFVXcUm+DPAVA9loZ0e45QVjJNDqz2mzaeNG01mx3owAY9RQFjsyyml+IpI3t6Jha4e0wKe2WMwHh8RXbsBevRJ2pztCJcsODKHkT/EpJQfcLUDUgVBzmPw8Zvo28xwWBpNNfiep2BIcdUrdwGQ8+RoUJgmWs9PQL89gDdjT9zjEQM04kpnhC68nYc2nuhczoO6vX5KWTxBXK7Y4jhyb2w/MWEi/WK6Va85yjCtrqlZbDR5ZHWekMP43qjVf6SrLiiUdfQ7/TVNQXxxES+Rmhym0rwfJhri2ZPqwnx/rBO+V6z4kAC4+qxJ8gesgD7HbyDnJZvGm23Dp64LWxXAO
X-Microsoft-Antispam-Message-Info: PdArdKaerqdwxCDrCgT2PjR8aJ6y2h94JDgWJz+g/Vy+OoRjoWFaS8b5Sa0X1qZJMih9rw5Bxa/qZxz7l+q+7rKhNOtGXkyOiN0URbn7I7jR+3009T2BVKAlve0dtQ7gFPWxvlAwRUcCB0fEM3DF34Et6G1LoG9BptnaidzI7/NuTOLCBG1ppMn6Swc88m+lCLW6ThgUxcxcnTNA83Kats1oxEBmg/fnepMB2vxaUaZGQk7gSThKLtnWd2U7RFXS4yddb4t+Mxk+8W2+cbWx0khSrmPuEh40MyOWXfeZHArudKvLoGRHIJ4gn/6bLVuoDRqF/6URH+HktPVOsbxWhrZu9c2DTHfmz4AWQgw43T0=
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0501MB3864; 6:J6/SrUzHuuQwz8Z49IKo868VPZFSBLbpENsttUU6wyE0DHdsLSGucIcIDboemTlU73UHdNwkbcMcLp1Bm6u+OtvPpAFQSKcyN86TlHsTdteq1xqQGtp836uVIEY8JxBqQ78QwJ/fXrX5itQEvqmhV0u6OqKFaZ8gIGqtA9J02TyAO6u68rcJLgHk2tVxH2RSqTb2Vsk/Amug2t63duoXpC7zpLaR3Xtivo8ZppEJvNBNrqjvOGb4Ef84kT8BMqtpe1N31g8/X8wZmjZ24iJIv24bQGWaNQoIea9E1WhG0gYtBo51giM3I77AIR8c3TKA0QgyoILbuU4ZavYxzlKG2OFm2f47+MtVjaXtBPiblXtGTXP/iC9+lzpZaH+7tUrFy9gWRUhpu3F/9TcfaxldQH63PumyhJSZoQcR8kV9OvNJW0SOkih08yLSWnlXoD1B0AKemSLwoCw5G/trwL6yXA==; 5:VSrbUQzkrid+Rf+sbxaS++01NqM0ckEvdu6VAiakif+Pmb8DqfLof4NbB24ErQs3rw4FRqRxfEvJ70Dch2iWqIT1mhrMRTPkpyq4EiB0WQAfG2SrQO0OUbffrqVaTP3iKTx7bZaRwStJLxnM4i0GgC5/vj6uRpQOdPdsHRJgDqw=; 24:QKPUV++VpaFtuGDHM069lZ4e9tp/DVvtHBi0XgGImxW73IxRoRnUFrA5QzQgfZlxjwKb5GqGGGPAAGve0c8nE293BaU1YK9edWbKlb1jfQM=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0501MB3864; 7:IJrcTWFtV/kg4SX29O8hoUWW3IyW6x6T5Ar+gihVjXbNSL9XQt/EWF4L6X6OSBa+4jqHs2R/3DMQzHmuLMEV2t661INwVF+t0gCQG6oLELQPfkR7FNcOvvbyXNd4+XasNKePoSqTnZVbxNK4Kg7D5bplzCmb9z9X+xKcvEGLmoWiLJOhlbSjfSwv64utKBzDRcEzOKV6JG3HHvq6edhro1ONFVMUh+YkQ2Ix+W9vOtMDh66sA0ZyYXcea6rlOXse
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2018 14:59:38.8623 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b58def17-6b95-4181-1e36-08d5e675c2b3
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0501MB3864
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-10_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=2 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807100160
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/fa3mdSiz4swNtdgxq6J3BUn9dzI>
Subject: Re: [Idr] Possible to set up priority for Tunnels established by draft-ietf-idr-tunnel-encaps-09 ?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 15:24:53 -0000
If you want a controller to use BGP to convey instructions for a particular node, there is a draft that does something very similar: draft-ietf-idr-segment-routing-te-policy. That draft defines a new AFI/SAFI for conveying segment routing te policies, and the policies are encoded as Tunnel Encapsulation attributes. That draft does require the use of the NO_ADVERTISE community when an UPDATE is a command targeted to a single router. The draft also allows the use of Route Targets to cover the case where a given command is targeted to a set of routers, as well as the case where the targeted router is separated from the controller by a RR or ASBR. While your application is not about sr-te-policies, the way a controller would use BGP to pass the commands to the targeted routers is similar; you should take a look. On 7/9/2018 4:13 PM, Linda Dunbar wrote: > > Eric, > > draft-ietf-idr-tunnel-encaps-09 discussed ways to resolve conflicts of > multiple UPDATE messages with Tunnel Encap attributes. > > Is it possible to have following capability? > > -Have a bit indicating a specific UPDATE is from authoritative source, > therefore overwrite all other Tunnel Attributes for the Prefix X to > avoid recursive next hop issues and tunnel selection at the receiving > Router? > This is not a good idea. If you want to verify that a particular UPDATE is from an authoritative source, you need a lot more than can be conveyed in a single bit. > -Have a bit indicating that a specific UPDATE only contain Tunnel > attributes for the receiving Router, therefore can’t be forwarded? > Please compare draft-ietf-idr-segment-routing-te-policy, and its use of NO_ADVERTISE and Route Targets. > You said that SAFI 7 is deprecated because no one seemed interested in > using it. We are very interested in using it because > > -it can be easily distinguished from normal BGP UPDATE > > - The receiving router doesn’t have to “Filter” the tunnel attributes > before forwarding to others. > > -Can even be used for passing reconfigured IPsec keys to two ends of a > tunnel. > > Therefore we think SAFI 7 should be reserved. > It sounds like you need to write a draft proposing the specifics of how you would like to use BGP as part of your SD-WAN control. The draft would then be free to propose a new SAFI, much as draft-ietf-idr-segment-routing-te-policy did.
- Re: [Idr] Possible to set up priority for Tunnels… Eric C Rosen
- Re: [Idr] Possible to set up priority for Tunnels… Eric C Rosen
- Re: [Idr] Possible to set up priority for Tunnels… Linda Dunbar
- Re: [Idr] Possible to set up priority for Tunnels… Keyur Patel
- Re: [Idr] Possible to set up priority for Tunnels… Robert Raszuk
- Re: [Idr] Possible to set up priority for Tunnels… Robert Raszuk
- Re: [Idr] Possible to set up priority for Tunnels… Linda Dunbar
- Re: [Idr] Possible to set up priority for Tunnels… Jeff Tantsura
- Re: [Idr] Possible to set up priority for Tunnels… Robert Raszuk
- Re: [Idr] Possible to set up priority for Tunnels… Linda Dunbar
- Re: [Idr] Possible to set up priority for Tunnels… Jeff Tantsura
- Re: [Idr] Possible to set up priority for Tunnels… Linda Dunbar
- Re: [Idr] Possible to set up priority for Tunnels… Jeff Tantsura
- [Idr] Possible to set up priority for Tunnels est… Linda Dunbar
- Re: [Idr] Possible to set up priority for Tunnels… Robert Raszuk
- Re: [Idr] Possible to set up priority for Tunnels… Linda Dunbar
- Re: [Idr] Possible to set up priority for Tunnels… Robert Raszuk
- Re: [Idr] Possible to set up priority for Tunnels… Linda Dunbar
- Re: [Idr] Possible to set up priority for Tunnels… Linda Dunbar