IETF Logo Mail Archive

Re: [Idr] Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community

John Scudder <jgs@juniper.net> Wed, 28 February 2024 04:12 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43830C151095; Tue, 27 Feb 2024 20:12:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="NVeWsmrO"; dkim=pass (1024-bit key) header.d=juniper.net header.b="ccLAoEye"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1YRKr4K5oYgz; Tue, 27 Feb 2024 20:12:44 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 718B8C151091; Tue, 27 Feb 2024 20:12:44 -0800 (PST)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41RKq6W2012770; Tue, 27 Feb 2024 20:12:42 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=PPS1017; bh=oVnpulY3mj53Vs/g5yNvOO rJJpzoVBAr5j90q3RqR+Y=; b=NVeWsmrOWW1MZnBfXY88scG6ry1lrd5coWluhd oYhe0Qosbr6Jp8ivOslLpdP0ohEwM/4Rh2t+gV6peS4AEqone0xQIvntu7huiefk OcAt0b6OqlpreGDhEK8WxklX1N/Ek8jLGVXZO6Q762mki3TsMSd7oLF0AYIBSIYp IyymY98nPx1jmIBF0aw+YSPkKirxxBTOt/aUjtJ5s1aubZ2xaO/ujEaOoRBnhSc/ Z/i25olFOwLuHZuA6rU08A1CsaQOzqbYsd7us7w3G7PjHEuaAAdtBAtrqljfdu/J eqCCak/Gq+uzYk9obEKW8YB04ry9sfGT7H6P+jKCnXh4ZoGQ==
Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazlp17013022.outbound.protection.outlook.com [40.93.13.22]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3wh5fyvxmp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Feb 2024 20:12:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Apr+p0oEUAH17ipnfeJ5jOJm6DFC+MNM1bL8SyHZ8aKDnM0mSMQCYmTvswDHLTCvUAv5rdifaLM88N3+goxQ3K/G2QQ5LLVWVjiUqFfcMotlMCRojVGikDXNQjPVWtD7X9AHXgGIwiXVZcIyMJEfPAJLjjq9eqSF/7/k1oa1tpFx9p6eBvN6Hnv3TIEA54aA28CRkXl7ub9z7gSejntPR5RDZwLxCcKpjVpmm3EZ1JDsdNdfYum6NlCZqFSHxaDwS5sUbZzB9thxWkiePSaWhRuIzpSnkuWUcbgYR14ESoZdMN8Nay2HiJuIdWtzdNxxP7vg8jFD8AkWrx2yHYPbow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oVnpulY3mj53Vs/g5yNvOOrJJpzoVBAr5j90q3RqR+Y=; b=LatUvuWkncbXpaYhT5jsu8jeTCcgJ+Y21lEqku1ahkzTvgXpeiXrvsfb6kIQuAkFGvku58CpYVYzkYthCGSkFV5De0UgEwpo7tJBrmwZMKn5vJ8dfSsbOShRc3TAiXufTrRje/NlsswIufDZ2hUp44HW07Yw/TzWhI5WWKq9l/97QQvyZdYChYPAzvLlot7DMwfb1mYD4D0Jd2n14H0zdKVFqIjdtVudOypmqzmuVCeGAAgjapDIR9hLwpOOwiby/gSH0HJ90/L35T7H6pGtrmSDJbUNIBLd3PEd3h5FwdFXUsMEs3Eb0RbUcu9Vjm0D2CkeB96l6MWJOWYWHOEbkw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oVnpulY3mj53Vs/g5yNvOOrJJpzoVBAr5j90q3RqR+Y=; b=ccLAoEyeJnv0aDhUo6KVAjsox5sL8zHavvIIXvYuGc5FpeWQdkTZyab3llWburTgnXo2x2tOfreIjW6X3GbXs+agjwntockSqz/KcP4sNyJ2o1Dnod6hTHuoLK5QUHfb8/6zpKAuOWMNLaYGL1RDySyXITu6P9DcXx/WDbuwSOc=
Received: from CH2PR05MB6856.namprd05.prod.outlook.com (2603:10b6:610:3e::11) by LV8PR05MB10421.namprd05.prod.outlook.com (2603:10b6:408:187::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.21; Wed, 28 Feb 2024 04:12:39 +0000
Received: from CH2PR05MB6856.namprd05.prod.outlook.com ([fe80::e182:8767:9915:7b07]) by CH2PR05MB6856.namprd05.prod.outlook.com ([fe80::e182:8767:9915:7b07%6]) with mapi id 15.20.7316.037; Wed, 28 Feb 2024 04:12:38 +0000
From: John Scudder <jgs@juniper.net>
To: Linda Dunbar <linda.dunbar@futurewei.com>
CC: Robert Raszuk <robert@raszuk.net>, "idr@ietf.org" <idr@ietf.org>, "draft-ietf-idr-sdwan-edge-discovery@ietf.org" <draft-ietf-idr-sdwan-edge-discovery@ietf.org>
Thread-Topic: Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community
Thread-Index: AQHaab1b0El+Em0vTUqZbYQ57EWzzbEezuKAgAAB5ICAAAbwgIAABJsAgAABokaAAAQxgIAABswAgAAgDACAAAv2dYAADRuAgAADM9o=
Date: Wed, 28 Feb 2024 04:12:38 +0000
Message-ID: <D0C3031E-713E-4069-93B5-73FE6CABB5F0@juniper.net>
References: <7FDF55CE-3E6B-47EC-8504-C9884BD212A9@juniper.net> <CO1PR13MB4920A302CE1D5AE545CD243485592@CO1PR13MB4920.namprd13.prod.outlook.com> <3CC853C3-960C-4AE2-BB45-69E8F48356B9@juniper.net> <CO1PR13MB4920C89AD7FCF4245DF9444185592@CO1PR13MB4920.namprd13.prod.outlook.com> <CAOj+MMEpC5caAtKCLSc6MrHUX1Qa3gtPO919nYpk9jyTdYXuSA@mail.gmail.com> <1DB2D1F0-E0F9-41F6-B49A-0126D25BE2DD@juniper.net> <PH0PR13MB4922F82CF2D623474D4BD8A585582@PH0PR13MB4922.namprd13.prod.outlook.com> <A1DC1B7C-B767-48A9-9BEA-A5EFBE85E9C9@juniper.net> <CO1PR13MB4920A1105DE8C0461BA1614F85582@CO1PR13MB4920.namprd13.prod.outlook.com> <ACC38EDA-99CF-4036-B6E8-866853A068B4@juniper.net> <CO1PR13MB4920A008CD4854E99F8BA8B585582@CO1PR13MB4920.namprd13.prod.outlook.com>
In-Reply-To: <CO1PR13MB4920A008CD4854E99F8BA8B585582@CO1PR13MB4920.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH2PR05MB6856:EE_|LV8PR05MB10421:EE_
x-ms-office365-filtering-correlation-id: 6be3607d-fe6f-4c38-5610-08dc38138014
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ShXgV0Nq99kjydjk++Gc1l/khmWG3lwcaesGBMlKojU1rlxOx/41r3y5nwzDEGv/4zg7l0tTXpQ3gt0tEXjxF74KU//rSMMN3JBU3MBuxXv0ovVu8kxFcNJWY2jkhXaUZBbZgIof1ros5gDX8lu3yyk4DaIKD+hL4bxWmedBdi/u24qytoss0eAKqUBsjZbKV04PJKfgbMfeXkCp1U/UtKta5eXywRX2B3TSKlfUlVMhtRtT4vCotTYO8ghgFS9YX6tlhTlRWp/6HSEgVlpAAubrD2HkVnnc31Jetl6TOkIlz2HEpuLbt8SKhiABUJLNX0pRQnScznblQHV8o97tXa2SB/GPjsaAx3f0sZM8g11W82Wh1LEuGYgP0bWzhj4cqH4vP21+6KHqp/QDvjO98V+w7aHVfitjm2n4vhuUMGvhGjju5jdtPbdy5Y3VR11zFhbP0IDrSTjNyfjOgoJwseHBYxeWNBdnsvfjOnOojH3cRjjU1G+sgUAFnoEMuAAbGABKt5FHwgCIEkVA8QoPOXbquGZZ8+ZCbjOsGmSW2FRncTCzqX+PY9Afj7q7b3X/xHfHFXj7A6YEEtZ25v4/IRpWyuq4vimzYscK+JpTmYbUdpjN2xFB5L5LLJEn2T1epG5oEt0dIGHs7ERWttjIeK6FgZQAkAD4hKGAh6aWamYQASYnlgzeM+TM0IBvUmj9yD2P37tbFFA0z4nwkY/12YuYFSToRhA9SQrcV0DHr3c=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR05MB6856.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(230273577357003)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: nZvC8ujyHkvfvAvv6G0eqproxNaeboYHb1R3zsaoq4wNtsnhtUwXOheDVXES7TfWaeo/9z8vr0JhhBk+QG1PiL4qoHb1SbsRS1T6jIGc6sRzGx27hpR6B+ZFb2uIb//e322C8wWVi5Trq0rKzSxXCLvVCO//xQEkTb9/JwNK26r1MWQjwgTb6TceQRuOjuvLoyGuvZnv5fvmHwzk2IXek8oOQxqOWrC0Hgjxf2Vgqlx0i/P4IkB7jq13xOIwh8IUjdEH159mPJPr8EYZc9ntdwkGRfFXT5yTCj46BKSHylzKKQROFX7uyxVn2Yp9cLzgfBAtmY3EF5U8A8VnZK1jqfVxsKsRWMz1LKzKu9NnO8FqoQHEmMt3/yJNaCQzXY8kHQSwHjwXgn8eDpSctsiNkanBPW6dcSPPtMVOIAgEL0ijLgmsK94EtAdVKXXYnDa6BVyTPT8MWPM76puNu0++EneiE32z6IPAPnQajrt5MTP4CkpwEV/C2LXoSrz7ehwqbTmPkJQb3reC7DENqlpxEQDP8a7xEbR2/y7PxAzRfHzLgKJg8HxPz+41hz03n2mmUTggpBc/+ns/YOdo+0OHch/gVwLzI6BPE8AT3MkBPWMutXfJ20Y+vtnZyGtMkxuO5BuIDg+NeKPyRL5JlOHglXd2FagLUG4OIRK5kMNjr5ez2L3HAGiZXKBjzHUuL4tMpNgOYSw1SotbirieeRjqESeUbjoE2satNNpbtCLskvwUig+ybt7JZsoDlwKettA2kF2iF6fTYRM2UzFCpd8GNxs4vAgUkCP2yfiQQXenEyuHCebMCyLGS0Pmk3WuxGEbGedPtdD29LZs+57x9i6bgws0iESDM/dSN2LjF8Hr5Yn6tLme+WBNe17a8gYMZnIdWnPog7yUvOlEUyLlm59/yxMay2zo472mZ6w+gcE1TjSlVUCnWxkpmuIEdou+sXeb3glbFmJwdXrFKBAEbW3n6OxBmfXuA0DfOR92fF7o/syMbQ1OaftA73auXZ1f8Lsyqw20W/np4lv8iqTnsAP8DxyxXhwD2YG2XsnYHqYUA7JEW4wrXb2481PRRyHK+9tA2FZSHkj4tIFrrRwkeNkFJ4GmuqXvl8wddg/+eVA5WWYSgk/Uq9pzvtCj13+Hbr83B8EBuxiWn3GdvMVI74palDNKhkdlv+9svAFgewXxlFI5F/FsPbhvFpNxSIyvJ5Xsw49GPyaXgjkznsq4HNyEkF4NVUvqGyOh9s/EckK21vn5e7ijD4aUUpx2NnEhpvxAXXaeH9Mlqm7qvqCszSepOF083cGX1kdbTVT58yhucYB2YTFMcGwAOEVxBd3moqfVJjR+oJOVzUi+1LXRop/6JfMzdc/K2VWO/jUbxwluuAf8X44gzx1+iGQmNXujzf0fvGWL+Wqu70CzWd4qXK5Sf7PqJFU8MdPuLd//IZsfiendSjuD/yeio5sHMRi4t0SshUMQsRS/AxjKmawt3GC/QVoS8/l7gEKQYLzUyj0y1t6W4uCr43Q+whlCm6UOeakIPfO0wtjYl3MFzq+t7UmCZ4znnDoF48fwI+EacjQJUyTjjQSvkpd3X7OKLcKizQO9
Content-Type: multipart/alternative; boundary="_000_D0C3031E713E406993B573FE6CABB5F0junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR05MB6856.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6be3607d-fe6f-4c38-5610-08dc38138014
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2024 04:12:38.3600 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3gEFsi6/VNCMRukF+rNB4NDINoCQMya+Igd9Ss+5fNhUQmp44na1gxyc9Dukioak
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR05MB10421
X-Proofpoint-GUID: GQUEpqCsSDlUJoyqrwsJw91lGfiG_k5b
X-Proofpoint-ORIG-GUID: GQUEpqCsSDlUJoyqrwsJw91lGfiG_k5b
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-28_03,2024-02-27_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 spamscore=0 clxscore=1015 phishscore=0 priorityscore=1501 lowpriorityscore=0 impostorscore=0 mlxscore=0 malwarescore=0 bulkscore=0 suspectscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2402280029
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/is3iLVY5paM9b13S1NbCgqqng4Y>
Subject: Re: [Idr] Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 04:12:48 -0000

Well, you could use light red and dark red. Or you could use different next hop addresses. Or you could invent a new kind of extended community to indicate tunnel affinity. But Encapsulation Extended Community simply isn’t defined to do what you want.

—John

On Feb 27, 2024, at 11:01 PM, Linda Dunbar <linda.dunbar@futurewei.com> wrote:



[External Email. Be cautious of content]

John,

The Color Extended Community alone is not enough.
For example, one SD-WAN edge has 5 routes (Route #1 ~#5) with 3 types of underlay paths (IPsec over Internet, SRv6 , and unsecure internet).

Route #1 &  #2 have to be forwarded by SRv6, but Route #1 needs to use the SRv6 Red Color paths, Route #2 needs to use the SRv6 Blue Color paths.

In conclusion: SD-WAN routes (or customer traffic) need to have both Encapsulation Extended Community and the Color Extended Community.

Linda

From: John Scudder <jgs@juniper.net>
Sent: Tuesday, February 27, 2024 9:14 PM
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: Robert Raszuk <robert@raszuk.net>; idr@ietf.org; draft-ietf-idr-sdwan-edge-discovery@ietf.org
Subject: Re: Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community

You could accomplish that using the Color Extended Community. See second-last paragraph of Section 8.

—John


On Feb 27, 2024, at 9:31 PM, Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:

[External Email. Be cautious of content]

John,
Here is the SD-WAN scenario why simple Nexthop cannot do the job:

Suppose one SD-WAN edge has 3 client routes (#1, #2, #3)  and multiple underlay paths (public unsecure paths & private secure paths) to other peer nodes:
1) The client route #1 needs to be forwarded by a private path (such as network service provider's MPLS path),
2) The  client route #2 (at the same nextHop) can be forwarded by IPsec SA or MPLS (i.e., the Hybrid tunnel described in the document)
3) The client route #3 can be forwarded by unsecure path (such as web browsing traffic)

When this SD-WAN edge advertises Client Route #1, it needs to indicate the necessary encapsulation type to be MPLS.
When this SD-WAN edge advertises the Client Route #2, it needs to indicate the encapsulation type to be SD-WAN-Hybrid.
When the SD-WAN edge advertises the Client Route #3, it only needs to indicate the NextHop.

Linda

-----Original Message-----
From: John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>>
Sent: Tuesday, February 27, 2024 6:37 PM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Cc: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>; idr@ietf.org<mailto:idr@ietf.org>; draft-ietf-idr-sdwan-edge-discovery@ietf.org<mailto:draft-ietf-idr-sdwan-edge-discovery@ietf.org>
Subject: Re: Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community

Hi Linda,

> On Feb 27, 2024, at 7:12 PM, Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
>
> Our intent of using Encapsulation Extended Community is to indicate
> that Client routes need to be forwarded by a tunnel, but there is too much information about the  Tunnel attributes to be included in the Client route advertisement and those attributes are associated with the WAN ports (instead with Client Routes).
>
> We need to interpret the "barebones" as a hook to inform the peer nodes to use information carried in  the second UPDATE to establish the tunnel for the Client routes.

I don’t see why you need any indication beyond the next hop. It’s both necessary (so that the recipient can find the route that has the tunnel information) and sufficient (because once it finds that route, it will see it includes tunnel information). This is exactly what Section 8 explains.

> I don't understand why RFC9012 doesn't allow this. What harm does it cause?

If RFC 9012 was still in draft, and you had suggested the idea above as a change to the spec, we could have had this discussion. But it’s moot now — RFC 9012 is what it is, and what it is, very specifically and precisely does *not* allow a tunnel type that has mandatory sub-TLVs to be used as an Encapsulation Extended Community, and does *not* require any additional information beyond the next hop to “glue” a client route to an underlay route that has a tunnel attribute.

If you want to use RFC 9012, it is what it is. If you think (for some reason I don’t yet understand) that you need to have an extra “hook” beyond the next hop, you can specify some new thing to do that.

—John

v2.23.0 | Report a Bug | By Email