[Idr] are the Tunnel Encap Attribute in a BGP UPDATE applicable to all the NLRI listed in the MP_REACH_NLRI path attribute?

Linda Dunbar <linda.dunbar@futurewei.com> Tue, 22 October 2019 20:27 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D89421200A4 for <idr@ietfa.amsl.com>; Tue, 22 Oct 2019 13:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r118m_4LaP10 for <idr@ietfa.amsl.com>; Tue, 22 Oct 2019 13:27:36 -0700 (PDT)
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-dm3nam05on071b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe51::71b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BA7A12008B for <idr@ietf.org>; Tue, 22 Oct 2019 13:27:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D2UfeJhGxPWl5+apnbx9hztf377UDu7YPld2QvR0f6YobJzRSS8SlR6aeu/Wqo4Fx+TiPoRY8ljcpKv0tqxko/zZUoGGg1Z1KjN0HwJ2jrycO42vNTs50Ew0+XK5k0Ds/F1y5UCjfJbAph046RVmilo4i9mibJONQKjcYtreMlxoehsn2tp9Xa6m32tJnhSrRdGREkWb1GcchOMZU+s+rr1H/anQXK9CNBbjvaEJYVHHU2u7+dg4ke/+4EniJZMiusIrtj2N/t7/evYDrP5tSAOdF7RZq4PuoLR5DFBTLk0LX7PMVy8lTN7tpaGxvo0/cdONpeZqZ/R9e9xGAtvd3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aXaZSktATt+oCgtadVKmGqiIPTgTcv2MO7DX42SnFEU=; b=BZREG7dXiTkkp496xHpp3RXDq2zrj3022YDUPYMmuOCgDvP2AyCcfSigHJAAR6J2go+R2n0LxmKHUV2MIkOxQ1daIMcFPNoRkKuMm1QJOCxM0uwVUPgaTuMI2Ly/Uvwsrgd12ozGkWjWbHhhuQZOx1UKE1Ky69qHzZVVWDLjuITLkA/aJGgWdrexVhoe8onU6OIfn8v5vCKX9IgMKDVI7uhLgN2YWRJrU8rhQdWjsP8mdZsoPhXOSVigJ8Bvlaz0uqVqXKjYfF5jZockBtmi6CcM/+xPk6BtKfkY1kChPBmgQEKkDLR8xhs0mn9cbTn9tx02JgpbJ+1nZSCD0UoXpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aXaZSktATt+oCgtadVKmGqiIPTgTcv2MO7DX42SnFEU=; b=eyrFLxsnAmjMY2aZawqKC1MOsbq/SH3YcBJlPMxM5Gvd5HBdq5nJMRDev4yOXCvlSdUJJpBOmelFwhyNJIYFSOx6dT5kGZLeRHE8fQcWpccnRty0vS+ODNs/7dfyPYPX1RYIV+MX9NGTlw1RsIWXRLnnRrpjMcm/PShcn2GzIwg=
Received: from BN8PR13MB2628.namprd13.prod.outlook.com (20.178.219.10) by BN8PR13MB2897.namprd13.prod.outlook.com (20.178.220.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.13; Tue, 22 Oct 2019 20:27:32 +0000
Received: from BN8PR13MB2628.namprd13.prod.outlook.com ([fe80::9f3:c754:7ac8:b3dd]) by BN8PR13MB2628.namprd13.prod.outlook.com ([fe80::9f3:c754:7ac8:b3dd%7]) with mapi id 15.20.2387.016; Tue, 22 Oct 2019 20:27:32 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: John Scudder <jgs@juniper.net>
CC: Hares Susan <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: are the Tunnel Encap Attribute in a BGP UPDATE applicable to all the NLRI listed in the MP_REACH_NLRI path attribute?
Thread-Index: AdWJEt32Ku83RKAYSwSXotnJM+oxhQ==
Date: Tue, 22 Oct 2019 20:27:32 +0000
Message-ID: <BN8PR13MB26289AA01B54327E0B86553B85680@BN8PR13MB2628.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=linda.dunbar@futurewei.com;
x-originating-ip: [206.16.17.231]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0427011a-8f75-4f55-21a0-08d7572e44a8
x-ms-traffictypediagnostic: BN8PR13MB2897:
x-microsoft-antispam-prvs: <BN8PR13MB28975943E5EAD681FB947FBE85680@BN8PR13MB2897.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01986AE76B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(366004)(39850400004)(396003)(376002)(136003)(129404003)(189003)(199004)(4743002)(33656002)(14454004)(64756008)(1941001)(102836004)(66556008)(478600001)(8676002)(6436002)(7736002)(66476007)(66446008)(74316002)(54896002)(81166006)(81156014)(2906002)(6306002)(66946007)(53546011)(55016002)(9686003)(76116006)(236005)(8936002)(99286004)(3846002)(186003)(256004)(25786009)(7696005)(14444005)(66066001)(6506007)(5660300002)(6116002)(790700001)(2420400007)(52536014)(26005)(71190400001)(486006)(86362001)(44832011)(4326008)(316002)(71200400001)(15650500001)(6916009)(476003)(7110500001)(66574012)(54906003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN8PR13MB2897; H:BN8PR13MB2628.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gT0PnA5ac++S6rPwamqGdZXyg/9EsdhZejqlqraLhsOyt4HfSLWe/EMDmph0rpeCX2tsr3/pMyZU3vCgU5ZlonUSfH4rgRqOIHf/GbX5YcTk+VPfW+vFXPmaP1yoMe2QxNvRohxmUUapk7E2Sc+vIaKBTc/86vpOSBIGdy2fpDphcBBkkFTA+pwvKsHOXsGFa4hMUgQJNVISY6MGl4EsrzW9liBQTIF0OunH5Fsd32qFEnyW+dqQ9xpwiUs+pOLx7gSaqfzVFRJmK/5skn8OwY4Snj8j0KoJ1vq5udc/fOuiaS0+F3VksRqVYrltnFrFEVbCqCanyaXAoqVmDx1Y0jxo+rsnbIG4ktH+hF9ZGRxWyy5bIIPv8exg9RW5YmjiMG84j7v3Tb5xEDIiLBQScenKh1Fu+YGi2sv6kV5T0+jUVJJJDxurz1FX04LxuRL1
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN8PR13MB26289AA01B54327E0B86553B85680BN8PR13MB2628namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0427011a-8f75-4f55-21a0-08d7572e44a8
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Oct 2019 20:27:32.6327 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cqZI89Uhbh+hksnVTTPsQkHpWFGCv1NsvGZCq5ge0aKqkS36wYPG4Tl/HYU6sp5aCHp9w6GyGv0KrYk8WjvxYw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR13MB2897
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/jjwm-3X3mGBZZXPCsMCW2IHt-uo>
Subject: [Idr] are the Tunnel Encap Attribute in a BGP UPDATE applicable to all the NLRI listed in the MP_REACH_NLRI path attribute?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 20:27:40 -0000

John,

Thank you very much for the explanation.

Just want to confirm my understanding:

Assume we have :  R1  ----- R2
where R2 is the next hop for 10.1.x.x/16 and  10.2.x.x./16
and R2 supports both GRE and VxLAN encapsulation.

R2 would send a BGP UPDATE with the following path attributes:

        Path Attribute - MP_REACH_NLRI    (Type Code=14)
  Next hop network address : R2
  Network layer reachability information:
10.1.x.x/16
10.2.x.x./16

        Path Attribute – Tunnel-Encap    (Type Code=23)
Tunnel-Type = VxLAN
Tunnel Endpiont Sub-TLV (4 octets for AS, 2 octets for Address family, Address?) /* is  the actual address = R2?*/
VxLAN’s MAC address sub-TLV
Tunnel-Type = GRE
Tunnel Endpiont Sub-TLV (4 octets for AS, 2 octets for Address family, Address?) /* is  the “Address” = R2?*/
GRE subTLV /*

Question:

  1.  does it mean that all the tunnel types listed in the Type-code =23 (Tunnel-Encap) are applicable to all the NLRIs in the update?
  2.  Does R2 appeal multiple times as “Tunnel Endpoint Sub-TLV”  under each Tunnel-Type?
  3.  When there are changes to the tunnel information carried by TUNNEL Path attributes, does it mean all the NLRI has to be repeated?

Thank you very much,

Linda Dunbar

From: John Scudder <jgs@juniper.net>;
Sent: Friday, October 11, 2019 12:39 PM
To: Linda Dunbar <linda.dunbar@futurewei.com>;
Cc: Hares Susan <shares@ndzh.com>;
Subject: Re: Can one Destination Address appear in both Tunnel Encap Attribute and in MP_REACH_NLRI ?

In thinking about this further, I have a guess as to where the disconnect may be occurring. Let me try:

We use BGP updates to advertise reachability for given destinations. Let us recall the definition in RFC 4271:


   Route

      A unit of information that pairs a set of destinations with the

      attributes of a path to those destinations.  The set of

      destinations are systems whose IP addresses are contained in one

      IP address prefix carried in the Network Layer Reachability

      Information (NLRI) field of an UPDATE message.  The path is the

      information reported in the path attributes field of the same

      UPDATE message.

So, when a router is trying to forward a packet towards destination D, and it matches against its FIB, as far as BGP is concerned the prefixes in its FIB are derived exclusively from the NLRI portion of the BGP updates it’s received. The associated next hops are derived from the NEXT_HOP attribute, or from the tunnel-encaps attribute.

Addresses found within any attribute that is not NLRI, are not used as destinations.

Part of my confusion about your question comes from your use of the term “are in”, as in “prefixes … are in … the tunnel encapsulation attribute”. I don’t think there is a field in the tunnel encapsulation attribute that can even encode a prefix (other than a /32 IPv4 “prefix” or a /128 IPv6 “prefix”). So a prefix can’t be physically in the attribute. A prefix can be “in” a tunnel in the sense of, the prefix is in the NLRI and the tunnel attribute is in the same update as that NLRI, and therefore the prefix is logically paired with the tunnel according to section 5 of the draft.

HTH,

—John



On Oct 11, 2019, at 12:34 PM, Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:

John,

Thank you very much for the explanation.

My question is:
If prefixes A, B, and C are in tunnel T in the tunnel encapsulation attribute under Next Hop R2, can Prefixes A, B, C also appear under the NLRI field under Next Hop R2? Assuming that R2 is the next hope for prefixes A, B, C and R2 supports tunnel T encapsulations (say GRE, VxLAN, etc.).

When R1 receives this Update with both NLRI (Code 14) and Tunnel Encapsulation attribute (code 23), does it mean R1 can use either plain forwarding or the tunnel T forwarding for the prefixes A, B, C?


Thank you.

Linda


From: John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>>
Sent: Thursday, October 10, 2019 7:58 PM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Cc: Hares Susan <shares@ndzh.com<mailto:shares@ndzh.com>>
Subject: Re: Can one Destination Address appear in both Tunnel Encap Attribute and in MP_REACH_NLRI ?

Hi Linda,

This is a quick reply, without referring to the draft since it’s getting late here but I want to answer. That said, I’m reasonably confident.

- The tunnel encapsulation attribute does NOT replace the “Network Layer Reachability Information” field of MP_REACH_NLRI. It is its own path attribute.
- So yes, it is listed at the same level as MP_REACH_NLRI (Code Point 14) in the Path Attributes lists.
- You can think of the tunnel encapsulation attribute as being kind of a replacement for the NEXT_HOP in the update. So, let’s say the update contains prefixes A, B, and C in the NLRI field, and tunnel T in the tunnel encapsulation attribute. This means packets for prefixes A, B, and C should be forwarded through tunnel T. (Actually I think it is “must be forwarded” but there may be some exception allowing fallback to regular forwarding if the tunnel type isn’t supported, I forget.)

Hope this helps.

—John



On Oct 10, 2019, at 6:59 PM, Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:

John and Sue,

Do you know the answer to my question? Can you get the authors to respond to my question posted on the list?

Thank you very much.

Linda

From: Linda Dunbar
Sent: Wednesday, October 09, 2019 3:26 PM
To: idr@ietf.org<mailto:idr@ietf.org>; draft-ietf-idr-tunnel-encaps@ietf.org<mailto:draft-ietf-idr-tunnel-encaps@ietf.org>
Subject: Can one Destination Address appear in both Tunnel Encap Attribute and in MP_REACH_NLRI ?

Dear authors:
draft-ietf-idr-tunnel-encaps specifies the The Tunnel Encapsulation attribute as an optional transitive BGP Path
attribute, with code point 23.
Does it mean Tunnel Encapsulation Attribute is listed at the same level as MP_REACH_NLRI (Code Point 14) in the Path Attributes lists shown in the following captured packets from Wireshark? If a Destination address is already listed in the MP_RACH_NLRI, is it listed again in the Tunnel Encap subTLV (if it can be reached via some tunnel, such as VxLAN/GRE/?


<image004.png>


Does the Tunnel Encapsulation Attributes have the same fields as MP_REACH_NLRI (RFC4760)?
Or the Tunnel Encapsulation Attributes is the “Network Layer Reachability Information” field of MP_REACH_NLRI?

<image006.png>


Thank you very much,

Linda Dunbar