IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt

Nandan Saha <nandan@arista.com> Tue, 10 October 2017 03:39 UTC

Return-Path: <nandan@arista.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5CFA132F3F for <idr@ietfa.amsl.com>; Mon, 9 Oct 2017 20:39:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=arista.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfVjc0qP520b for <idr@ietfa.amsl.com>; Mon, 9 Oct 2017 20:39:55 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A0D3133090 for <idr@ietf.org>; Mon, 9 Oct 2017 20:39:55 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id q132so1340611wmd.2 for <idr@ietf.org>; Mon, 09 Oct 2017 20:39:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UnEOJA2tmiy+RM2oUQvv7H6eLUJp3SbVs3vA0MM0Ais=; b=b4uFODoTQzKl9Vl+P7k3KQ4rpVRUPfJuLILDuPxJvq2B6K9iW7u9ID2KOAzQSLdCzi kbwui7I6z9ZGUKf+jUKpXZHT6NkDyvJMjXJFnMffRGfqtRiQ9rGVKNg5FRipGCHBAj5Q Xk6i5+DAD/U8ObRtWmzBThl/MyvBCY9THn+oY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UnEOJA2tmiy+RM2oUQvv7H6eLUJp3SbVs3vA0MM0Ais=; b=e0vzquVmH6isbVrqHFOFaxcyg/oDGHsNoojNu1pUX5GrZaSmeRWq7y2wgnTDoA9tgJ 0xMAU2vYq7MMn3CT4tuTtgt/ptuWC3QgbaX8IwG3yxkvSRJW+vxQsoxNzm9J6tsKMIeL BYMZtjCjFjEaG/Yktkabv6Sk2c7yIIZl21vWFa3en2+aLmNvw8RGtmWT6zisgVKGMsHf Oef/uAuo6cbA81apuSQ8O7B9VXFmQF2Y9e01l3cdXa5vJZ0tVWC2YVf/xp3IxSxeemKO 5RZMkXgqK5bM7TWGvSeypPBo2t+Ek8rXrz+p68x7myZ9iiANZ757BWn07auTGHzqL9eW HSTg==
X-Gm-Message-State: AMCzsaW7FrJ1lFeCT7/lKWhhcNy5sWaLaefIKtBX0uE/+CQY6KWlJ5it XpOpao8Ug2Q1PepUJmK2zwF6FaP5SkDnhvzr0Tg7ciF4
X-Google-Smtp-Source: AOwi7QAnGfn0ZJAfFZWzFnWX98/URkfj4BgaV5XtfD9abj0MT5vte7mDfLkSA5f4ru4kQ2IyrTX1ASlYnN/YlyhNiLw=
X-Received: by 10.80.171.77 with SMTP id t13mr16681311edc.180.1507606793563; Mon, 09 Oct 2017 20:39:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.132.232 with HTTP; Mon, 9 Oct 2017 20:39:52 -0700 (PDT)
In-Reply-To: <65dbb5ba-9589-09a6-8093-f5f7e72fc5f7@juniper.net>
References: <149824800169.17379.9099679082498238196@ietfa.amsl.com> <CAE+itjf-1OPtKbADxAVft5+XufAWo3ebbXsamS+Mpt_2cTwzzg@mail.gmail.com> <CAB3683F-D029-4387-86A6-382E61A51ACD@previdi.net> <CAE+itjd1mE7_a+SA=dBhGrJNtcGWt1WTiRddTsEC4vp=COdOLQ@mail.gmail.com> <CAE+itjcuxbNHrwVq4wcgBC11rX=PwYUsvm3su5Axwko3X1beZw@mail.gmail.com> <CAE+itjcJK8TcszPyTto4ZfXz4LHr3Z9i9PbkuePHOWsuufPfzg@mail.gmail.com> <65dbb5ba-9589-09a6-8093-f5f7e72fc5f7@juniper.net>
From: Nandan Saha <nandan@arista.com>
Date: Tue, 10 Oct 2017 09:09:52 +0530
Message-ID: <CAE+itjfPqspXw7mP0R3ZXWKgwAf91oUn2N9L6ZhQQ8S9jTRHdw@mail.gmail.com>
To: Eric C Rosen <erosen@juniper.net>
Cc: stefano previdi <stefano@previdi.net>, idr@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c0ebb38647158055b290f7f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/lzI_bYPS-H_sW3iufOgmEYULIY8>
Subject: Re: [Idr] I-D Action: draft-previdi-idr-segment-routing-te-policy-07.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2017 03:39:58 -0000

Hi Eric,

On Tue, Oct 10, 2017 at 1:46 AM, Eric C Rosen <erosen@juniper.net> wrote:

> On 10/6/2017 10:38 AM, Nandan Saha wrote:
>
>> 5. Conflicting mandate for malformed NLRI handling.
>> In section 4.2.1 of this draft, the first bullet point's 2nd sentence is
>> <<<
>> If the NLRI is not one of the legal lengths, a router
>>       supporting this document and that imports the route MUST consider
>>       it to be malformed and MUST apply the "treat-as-withdraw" strategy
>>       of [RFC7606]
>> >>>
>> Where as the last sentence in section 4.2.1 is
>> <<<
>> A unacceptable SR Policy update that has an invalid NLRI portion MUST
>>    trigger a reset of the BGP session
>> >>>
>> Can the draft be updated to simply remove the reference to
>> treat-as-withdraw in the first statement since one cannot withdraw a NLRI
>> if one cannot parse it; and also because it conflicts with the 2nd mandate.
>>
>
> You do not want to trigger a reset of the BGP session unless the UPDATE is
> so mangled that you can't  continue to parse the TCP octet stream.
> If the UPDATE is well-formed, but the NLRI is not one of the two legal
> lengths (12 or 24), treat-as-withdraw is appropriate.
>
To do a treat-as-withdraw, the receiver needs to be able to parse the NLRI
to extract the 3-tuple of {distinguisher, color, endpoint}. It cannot
remove the policy from it's adj-Rib-in otherwise, as it's keyed on the
3-tuple.
If the NLRI length < the valid length, then it's impossible to extract a
valid 3-tuple.
If the NLRI length > the valid length, then should the receiver extract
upto the valid length?
In the general case rfc7606 section 3, point j, mentions that one needs to
be able to parse the NLRI to be able to do treat-as-withdraw.

>
> Probably the sentence about triggering a reset of the BGP session can be
> omitted, since that is only necessary when the UPDATE is totally mangled,
> and in that case it is normal BGP behavior and nothing particular to do
> with the SAFI being discussed.
>
> 1. Behavior when only one of Color / Remote end point sub-tlv is present
>> in the Tunnel encap tlv.
>>   Should the match on either color or remote end point be done for
>> acceptance? For example the color sub-tlv is present, but the remote end
>> point isn't. So the color of the color sub-tlv must match the color in the
>> NLRI. Or should the condition for matching of color / remote end point be
>> done only if both color and remote end point are present.
>>
>> 2. What is the rationale for including remote end point / color sub tlvs
>> in the tunnel encap tlv.
>>   The NLRI already has the color and endpoint. Why is there an option to
>> also include a end point and color in the tunnel encap tlv and then have to
>> make sure it matches the NLRI?
>>
>
> I believe the Remote Endpoint is mandatory, according to the tunnel-encaps
> draft.  (There has been some controversy on this point though.)
> The color sub-tlv is not mandatory, but you can't really stop someone from
> including it.
>
> The purpose of these rules is to cause a policy to be rejected if it
> contains contradictory information.
>
For a receiver of an update with the sr te safi and sr policy tunnel encap
tlv, the source of truth for the end point and color is in the NLRI. So the
endpoint and color in the tunnel tlv doesn't add any new information. In
fact, in the draft today the _only_ thing a receiver has to do with the
color and endpoint in the tunnel encap tlv is to compare against the NLRI.
To me, it seems that things would be much simpler to simply ignore the
contents of the color and remote endpoint sub tlvs as that information is
already in the NLRI.


Thanks,
Nandan

v2.23.0 | Report a Bug | By Email