IETF Logo Mail Archive

Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)

Robert Raszuk <robert@raszuk.net> Sun, 21 August 2022 12:00 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85DCDC14F738 for <idr@ietfa.amsl.com>; Sun, 21 Aug 2022 05:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DWBkx3KLaRrT for <idr@ietfa.amsl.com>; Sun, 21 Aug 2022 05:00:34 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BFDBC14F72A for <idr@ietf.org>; Sun, 21 Aug 2022 05:00:34 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id ce26so722248ejb.11 for <idr@ietf.org>; Sun, 21 Aug 2022 05:00:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=B6FYI7zeWSLdJh0nQ8MCC37pC1v3rsfsAio7fS86H1Y=; b=SfYQYbQNUvo+1c3mEbsb2OLfjfCCVHQfAnQ33K07zGMVeCMrJwD7X01TdXWS8V1Buj qwF3E2RWRSyCx9MQdemulzZV24AAmSpm1/ZXDT687PB7wlst64mbyalH5XJR0JZHeKvb pIz5DrF2fRzuopyz3dX1MvJHBP1FkJ6dCZTqOgBtFIQzU4SeVtsY8ulrW6angrcs1hhJ a6JHjcUad0CW+y3B0Jtipucd19qj7iGgCSMIin0EUBPxnqIRrRG5Wrmw1FY5tyQ+BHMu 3tWX7DHP1xPq1Sirp4oVMasqNmdlv3zpLAwCrUysl8ao0ZkAchc2VHhZApLI9hlpaR4n ngGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=B6FYI7zeWSLdJh0nQ8MCC37pC1v3rsfsAio7fS86H1Y=; b=YPdO6AFT9eFV0nyS99jvhROZOP0j2GViUPdc0lYNVs2k0lBJzCvdv4CPCFhoPtQxiq fvscLULss6eXEZbF5Gd2p2ofMa9zpgs0ELqxkv4hN63MjSJiHr5YgLa602cK96bVU9wa W7v70DysV0uOkYwdPlqMPS/XnmclW5rwXCp/3+ITZCqK94cPm9hvPrqc7kkT7mG6XEby tZbNQCqMgevxuvR7u4bOjSrDdj7eV28hOT5m6vzZ2bk72oCSXkboNdc1n4CMLLvEtpWG dTXWVOdcJ0YqudNdnT1bawMZaWUvuQUZuzwlnzzHoq8FX2eMZgnTwciyTeHwRrLjc/5s V6MQ==
X-Gm-Message-State: ACgBeo1V5wEhrTDqbXIW8A+aZBfHlnoEwr0V1BzSxXr/CxkOl0KVfGr+ UDWItsQz1W+/q4R3e2VG8zcWLHUZ1102ksmRHLDRb/m6xLO91Q==
X-Google-Smtp-Source: AA6agR7CQk8BVTpGee5EPmAmrxSsGr1BJR/5SYj6K4wW56g1p1dNOQNjc0LM49kx/SZ9DtvviOYEL+Ntr4c3p8iiy6M=
X-Received: by 2002:a17:907:1c1f:b0:73d:6883:9869 with SMTP id nc31-20020a1709071c1f00b0073d68839869mr3576073ejc.241.1661083232679; Sun, 21 Aug 2022 05:00:32 -0700 (PDT)
MIME-Version: 1.0
References: <517EF247-76AF-4981-B33B-8A1707E0103B@tsinghua.org.cn>
In-Reply-To: <517EF247-76AF-4981-B33B-8A1707E0103B@tsinghua.org.cn>
From: Robert Raszuk <robert@raszuk.net>
Date: Sun, 21 Aug 2022 14:00:21 +0200
Message-ID: <CAOj+MMGvBKBL__Pk2AuAYWoiBkMeLW3eZkyp_GD-aXjEtZkJkw@mail.gmail.com>
To: Aijun Wang <wangaijun@tsinghua.org.cn>
Cc: Susan Hares <shares@ndzh.com>, "idr@ietf. org" <idr@ietf.org>, Zhuangshunwan <zhuangshunwan=40huawei.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000006d0b605e6bf143b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/kEaGFECMDXFmBnLM1SPk6zLGI5U>
Subject: Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Aug 2022 12:00:38 -0000

Aijun,

Actually I did read the -03 version of the draft and changes made actually
make it even less attractive.

Let's first establish what is the format of the ORF message you are
proposing to advertise and when those optional TLVs are added ?

Quote 1 - PE2 triggers the VPN  Prefix ORF message *(RD1, RT1, comes from
PE3)*.

Quote 2 - VPN Prefix ORF entry *(RD31, RT1, RT2, comes from PE3)*

Your email suggest that *"and global allocation(in this case, the source PE
will be attached)"*

There is no clear and exhaustive definition when each defined TLV (Source
PE or RT) needs to be added by the node generating this new ORF message.

It is fascinating that you have now added a list of RTs to the spec. We
argued from the beginning that a list of RTs offers a good solution for
such filtering and RTC RFC4684 can be used instead.

More inline ...

#1 - RD allocation can be per VRF or Global in a given VPN. This scheme
> works only in the case of per VRF allocation.
>
> [WAJ]The proposed mechanism works both in per VRF allocation and global
> allocation(in this case, the source PE will be attached)
>


How do you handle multipaths ? How do you handle anycast ? How do you
determine the src PE ?

Please observe that during import there is no ordering of paths. So when
you are just about to reach the vrf prefix limit and 95% of imported routes
come from PE1 suddenly the vrf prefix limit is exceeded when just a few
paths arrive from PE2. Are you now going to suppress those few routes as
they were unlucky and happened to exceed the prefix limit ?


> #3 - Use of prefix ORF can be applied where prefix is just /64 RD without
> any new draft. The draft says:
>
>
>
> *Using Address Prefix ORF to filter VPN routes need to pre-
>  configuration, but it is impossible to know which prefix may cause
>  overflow in advance.*
>
>     .. which clearly is not correct as irrespective on the encoding you
> need to know what RD to push.
>     Here in this context of RFC5292 PREFIX == RD == /64 PREFIX
>
>
> [WAJ] This point has been discussed throughly in the first round
> discussions. The key answer is that you cannot know in advance which RD
> will cause the overflow VPN routes. And one more point again, current VPN
> ORF prefixes doesn’t depend only the automatic extracted RD information.
>

No one is saying you need to know this in advance. Sure questionable source
PE and RTC like list of RTs will not fit RFC5292.

While we are at this, asking anyone to configure a list of <src RDs+src
PEs> limits on each PE is beyond even commenting on.


> #4 - Change of ORF list results in advertisement of ALL routes of a a
> given AFI/SAFI to the peer.
>         That is the same irrespective if IMMEDIATE or DEFER flags are set.
> That puts burden on the peer especially in
>         VPN cases when the number of routes may be high.
>
>
> [WAJ] What you described is the current ORF mechanism. There are some
> spaces to optimize it.
>


Yes this is how ORF works.

And I don't think there is any consensus to break it.

Actually looking at your -03 version I have a suggestion.

Forget about hacking ORF. Just use new SAFI and push those policies in the
new address family. Just like we did with RTC. And please do not try to fix
RTC :) Leave it alone and transfer your policy to new AFI/SAFI
advertisements.

It will also be automatically transitive so you should have much better
coverage with that.

Alternatively you may find some traction to add this into Flowspec v2 work.

Kind regards,
Robert

v2.23.0 | Report a Bug | By Email