IETF Logo Mail Archive

Re: [Idr] Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community

John Scudder <jgs@juniper.net> Wed, 28 February 2024 01:35 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C24CDC15153C; Tue, 27 Feb 2024 17:35:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="XpoV1kNW"; dkim=pass (1024-bit key) header.d=juniper.net header.b="Eo28YE+E"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BABpA3KFikEM; Tue, 27 Feb 2024 17:35:43 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04D7DC14CE42; Tue, 27 Feb 2024 17:35:42 -0800 (PST)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41RLKQmk028766; Tue, 27 Feb 2024 17:35:40 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=PPS1017; bh=n3qMYgehGKF6c61+xxGm6XGAnDIML0ZJwjcgHYM9vxw=; b=X poV1kNWbYsLRtxnRJd/uJ5tVEiIC6jaY26ShoSSXxGL8CjTEhcvQPgB52VenRYiq pUaTBjGWxICjfCVTzVQ/+iymE80JD66r1LdgM+ksNgS6rIYji09/ZtdCj6qC/6j8 cWhiekXk72oDi+MoBcPPIBDtnhYiIStpv2qhjmAZiapM9C5D/kG2ipOvfaQ4CbwR DoYbsNWgU/wOZLG/icew++VDFBkxsScc2cw2fI2tCfyz7mteQLxcU6s9qM74Hb5P /gwDjbI149rwTPqNt+l6ZHE8VP8wEhj2jL6nkeDMtBy4j18zovMFqEw2r79GT+ST rpmT3+I2cb15SyHTxpjfw==
Received: from bl2pr02cu003.outbound.protection.outlook.com (mail-eastusazlp17012018.outbound.protection.outlook.com [40.93.11.18]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3wffk9weye-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Feb 2024 17:35:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GcrmwLkRXFkFf+6SS+ad21WA2lpT7NyuzT343tRmf6JknO4+WPcX71YzA6X1AH1SQdlKzGMFyJ7m/nojb3TeGwzBekbV8BA8bM1TeFdezWYiN2rmiN6u+LCzayaLVZImno/IxbUqQY06xYxDTe5Phuqa6cApyCGU5nQA35y9J16G+42AisqoZ9nKwDfcl7o1LyJvUeTv/TpGwryiTTPieSZ/rjHUCnoopr0MDfBCR2ufW/dmLw2tLM+Y3+vwxJLGcUeDPaYUDw3nWdvT/v73prp58grTltjVYRi47go3ufZsaafiInwj8D4Tk8PYKh6U6+9BVTetblHQYHW1T1W0eA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n3qMYgehGKF6c61+xxGm6XGAnDIML0ZJwjcgHYM9vxw=; b=j87oUECEB7dvdM/hoKvVLV2bOIL93RdD+7yCUkJBuM8cnjL7lqJx7XHP1z6N1LBi/ASm0oCWFBmD20FPFGOWlIowqqgGQpQK7vMmDf42I2gNDXG7u62A8G8lp6LUAc2ykkJBLS6Whht2cFenPTeIQEw1+WVmVjS5QSUaYca7Mp5hcxS6allB/fxpzNEahm7AxhSzgCqONO+ZKohJ6AsZ9sxMJD7QaT2pX1pnmabuEMuKDg943A4S2lR/B3I9G9WuVsYSopJgYLNxl331pAlH3YZMo+DwNEV5XzqEtnvsOdNk+vFnZ7YE9ZILB+GL/YbJuFxgt1Azgf/gXGzXk1KkiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n3qMYgehGKF6c61+xxGm6XGAnDIML0ZJwjcgHYM9vxw=; b=Eo28YE+EzZHa69r9o34AzHk4AbBb+xmqB6tXMDci/YLerawOWJCGM3+jyKlcnlZPlXAW2RiFT6+NLswzCLSKRsQP8JvNsT8ZJ7mq8zW0ed4Ni8VA/CJ4BrzcNLVqYTHu7tJLxNUZ7yTxgjP+dYbyyIl7EFFB9IOWKYsoAB1wbxM=
Received: from CH2PR05MB6856.namprd05.prod.outlook.com (2603:10b6:610:3e::11) by SA1PR05MB8611.namprd05.prod.outlook.com (2603:10b6:806:1c4::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.39; Wed, 28 Feb 2024 01:35:37 +0000
Received: from CH2PR05MB6856.namprd05.prod.outlook.com ([fe80::e182:8767:9915:7b07]) by CH2PR05MB6856.namprd05.prod.outlook.com ([fe80::e182:8767:9915:7b07%6]) with mapi id 15.20.7316.037; Wed, 28 Feb 2024 01:35:37 +0000
From: John Scudder <jgs@juniper.net>
To: Hares Susan <shares@ndzh.com>
CC: Linda Dunbar <linda.dunbar@futurewei.com>, "idr@ietf.org" <idr@ietf.org>, "draft-ietf-idr-sdwan-edge-discovery@ietf.org" <draft-ietf-idr-sdwan-edge-discovery@ietf.org>
Thread-Topic: Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community
Thread-Index: AQHaab1b0El+Em0vTUqZbYQ57EWzzbEezuKAgAAmvICAAAO2AA==
Date: Wed, 28 Feb 2024 01:35:37 +0000
Message-ID: <124F7999-540B-4199-B50F-A962AF9E8673@juniper.net>
References: <7FDF55CE-3E6B-47EC-8504-C9884BD212A9@juniper.net> <CO1PR13MB4920A302CE1D5AE545CD243485592@CO1PR13MB4920.namprd13.prod.outlook.com> <DM6PR08MB48572A69AE176CB03531AE89B3582@DM6PR08MB4857.namprd08.prod.outlook.com>
In-Reply-To: <DM6PR08MB48572A69AE176CB03531AE89B3582@DM6PR08MB4857.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.400.31)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH2PR05MB6856:EE_|SA1PR05MB8611:EE_
x-ms-office365-filtering-correlation-id: a245d613-d371-4a83-2193-08dc37fd90a6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6oSX9VXuJ2qKkWAyVihdAB/ROyUQdoXVLjnhYX80feC4RFb4O9h+0EyLLVX4ZDpg9SxCeVtqKKRskEQxSTuO6cUi5A2GT6M///jMl5s6v1d8r7DLO6uz1nWnnEHyngHCKp3MMmQTW4XNKyo7Wm8HDwGRbsNupQUX17L1qS04+r7CDRXEaTs+aJXOmGMBY1j6nQ3gFjnpAwOwbjItxaamBHd8+EpR0x4OpLdntCA/MKQ6HHtxhlFFngzfBL15aT7K4l1BJg/P9jMa6g1SQpUVxO4Kx2z0LMnABWno+vlsR1BCkWc5mNmn2r8A2UJ7rXUbd2780V/TDqUAy9clAga/j2HMiy8KuNqAD2t5FL2XFIVRqmxl3+iIiHsP4zsYFiggfmzdpuuwuBJG77ArvdchewIzNH4HVSPkM/3MhH7HOsCyZEyqYb424KPadySEkaWlNCKhw0kOucXCAA3Ba1moYYy4omavmBoFjUhgiojJBQt/GPGd3TrY7A76sZ+7qdR+QBrbOjOncQ22ZseHanozW3VtFOnjtjMNgC5R6zBJqSpqZcRqSsds/WtxnWRWXdHm1VeGLzVl5ZKS5nzr3W+yHi6fYupsIf7+cV20/LwJPkKGqw2hBNj0DbC2a9qmHq/i5oVfcEUODTH/5GaORwby9X0Nyu2kf2Ol9CpyrIFked8Uon38g0/T1XMFJGxZnVowRgd02mNuZ2M7M2FAs0ygZZvPd9zCA6FObKBDRFAB6zs=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR05MB6856.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 9dpVrTcHQpfHR6fIkFfBpcQIeT/HOgOuH+f2kO+yuqM+/M0Zu7RIq3szhBeTJ5m+HR7W19DvnWE095QIuJXYif5bmxXec6H2iZTg5SJEzJbCwekx37MC/JKwxxK32yXxhHRmqSvMYNGjZb/2s9rS+Z2I3UjMLxyaOYNGEK60TAglsMI3Lz9j0TLVdGQoK9DIzYRsUjrtfboIuKymSAkV2EUxtjjzFjojkIRVFLwdZeE0TXzm+1S7iIK6JyDvq73BE+TiKGmoS1t4SCW1IZxjFER0A0yvwz9omtw7SJbBiM9vvcSjvJTvsQqh1EN61pnHIGvKwG5MSrfjrvIWQBd32cuup4bovQCapw1M+7mNUO7qvCGFhNkujnJmxaIncvZ38DnFE/qQGoCxEQWgMFh9quph9D0afBwH0D1p98YNzMDrQWQc4o0ET+TXsY5YB6+bIMflsx8HK/80hmlwTC0lIfTLYJTtu02u/VJiyIJb4jEE10aGL5iHJree8H+vWQd/w5kAktasx1ZEm9RnMDHjLR6+kbNbZSSWqCEfIh85gqM4q/LcQpjpQM0S2zzXiOddizaM3pv91LrKIrA/xEKzPhJzGMNDJYjO4FEyObc7bD0mX8gvRkAei+C1/Vyk9cESmJfwz9x7N5q5m8lB0AHpN2doWCAKRA12+ARNu5j6lznFSqUY20ed/Mx/fpzjaeT7oUKAZ8FW/QnKCwZEDMiiEHClg13ENfP4CvLAE8DAPbb/yfj1Ouoxq7lb5BeHu0cyBc3y/uOB5bbbp4IRKiZyXRDvNit94aUxeEx+71XBLonomxYcjf8a5iaPxtZPEnAxyL5rEc5vH9PGlKVEklwJ8x88gXpnXKdxH2C6Nw5v/eLtK14OH8bZ7f0LEt1JqEFNPFq7dVG1/Lc1Vnwqd4skmmj0+Xr2nxKtx5fvmwvFF1NqyRYna9ajP2l+9jOO7QID4RUExiMU7bvuPsN4mLR4f48zQJzIl3gdU/vcAcEE749GfxHrt3M7ZgkVRK5Uho8ogHZxgqIHnW8k69pqQOP48Xd9C7sKckZkEx7AWJJX97moPjOTE8app5RBfmj7FS2+U/oKxpsumu8yEZvR6mvB12zK2p+PYSL0OyVqv9owZ8B4rdlixqLMgE0khGs5xs568OjAEc/cG/vuRJTS5GBIv4puTeGjGIYO81VfM6IiGJZEBk50QRun0DzQwPRH5IpCdi5L/vkcME4452ogkbSU1dr/9cCuWmRRLsHgt2Fe7ZBAj3m48w9SSzLtBcEu1egpC+2f+BDIpOgy5GIkyQ82vPT0kRFVldAK3dzHOjO2k5lr3JH64kxjiuqVT8wpXlizeNgmpk34usnAwN04j+nS0MsCvNtv9orl7XhV/tfhaR3aapk46cgX2O6T9O7HbjnmjST4gco4MOWoMw4c3BnJLUhTMcTOE1/nC0gtkGLdp4arNzknYhCZApH0sRtarOluBNCooRINztj8s+3hzH49AcflBpBoh/iDCAqdzb54S9L7HRlrUqmGc2JMo+dcO2iO6nHLex2jkuP1Q6GHtQlDgzWj5qjRBOD4lfHn/RzMNBKUn7JQt5ppnydPOwNn7Tgd
Content-Type: text/plain; charset="utf-8"
Content-ID: <D342EA3ECEABBB42ACFC588FDF7A1231@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR05MB6856.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a245d613-d371-4a83-2193-08dc37fd90a6
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2024 01:35:37.2800 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: q4bnTI1IOOsM50qYC4V6a3nQfwcoSuai2pp0ZPACMo/oWw4kycPazItsWmKRL03u
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR05MB8611
X-Proofpoint-GUID: _-uwv1mUeKz-f9Z_HssrdkA4_7ziv9Kh
X-Proofpoint-ORIG-GUID: _-uwv1mUeKz-f9Z_HssrdkA4_7ziv9Kh
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-27_11,2024-02-27_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxlogscore=999 mlxscore=0 priorityscore=1501 bulkscore=0 impostorscore=0 adultscore=0 spamscore=0 lowpriorityscore=0 clxscore=1015 phishscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2402280011
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/m1TROt8b8yM_GECNGyIgxjEDCgw>
Subject: Re: [Idr] Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 01:35:46 -0000

Yes, what Sue said. However, a similar issue indeed affects the related document draft-ietf-bess-bgp-sdwan-usage-20.

—John

> On Feb 27, 2024, at 8:22 PM, Susan Hares <shares@ndzh.com> wrote:
> 
> 
> Linda:
>  The only version of draft-ietf-idr-sdwan-edge-discovery published is -12.
>  Sue  From: Linda Dunbar <linda.dunbar@futurewei.com>
> Sent: Tuesday, February 27, 2024 6:04 PM
> To: John Scudder <jgs@juniper.net>
> Cc: idr@ietf.org; draft-ietf-idr-sdwan-edge-discovery@ietf.org
> Subject: RE: Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community
>   John
>  The  Encapsulation Extended Community is only in the client routes BGP UPDATE, which is the BGP-based VPN/EVPN client routes UPDATE message. There are no sub-TLVs added. Section 6's first paragraph states the Client Route UPDATE follows the BGP-based VPN/EVPN client route UPDATE message..
>  The sub-TLVs discussed in the draft are under the Tunnel Encapsulation Path attribute in a separate UPDATE (U2 in the document) which DOES NOT have Encapsulation Extended Community for SD-WAN edges to advertise the information about their WAN ports. Please see below for the details.  p.s. Are you referring to version-20? 
>  Linda
> -----Original Message-----
> From: John Scudder <jgs@juniper.net> 
> Sent: Tuesday, February 27, 2024 2:42 PM
> To: draft-ietf-idr-sdwan-edge-discovery@ietf.org
> Cc: idr@ietf.org
> Subject: Error in draft-ietf-idr-sdwan-edge-discovery use of Encapsulation Extended Community
>  Hi Authors, WG,
>  I just noticed draft-ietf-idr-sdwan-edge-discovery-12 and was looking at its use of RFC 9012. There seems to be a fundamental misunderstanding of how the Encapsulation Extended Community can be used, and I thought you should be aware of it. TL;DR, you’re specifying the use of SD-WAN-Hybrid tunnel type in an Encapsulation Extended Community, but this isn’t allowed. Details follow.
>  [Linda] That is just an example for needing a different Tunnel Type in the Encapsulation Extended Community
>  - RFC 9012, Section 4.1 tells us that the only permissible use of the Encapsulation Extended Community is when there are *no sub-TLVs*, other than the Address Family sub-TLV (item 3 in the list of conditions).
> [Linda] That is our understanding as well. This document doesn’t specify additional sub-TLVs to be added to the BGP UPDATE with the Encapsulation Extended Community.
>  - In draft-ietf-idr-sdwan-edge-discovery-12 Section 6.3 we see the definition of the IPsec-SA-ID Sub-TLV of the SD-WAN-Hybrid tunnel type. This seems pretty central to the purpose of the spec. So, the SD-WAN-Hybrid tunnel type does have sub-TLVs in addition to the Address Family, and therefore MUST NOT be used in an Encapsulation Extended Community.
> [Linda] All those sub-TLVs are NOT used with Encapsulation Extended Community. Those Sub-TLVs are under the Tunnel Encapsulation Path attribute in a separate UPDATE (U2 in the document) for SD-WAN edges to advertise the information about their WAN ports. There is no Encapsulation Extended Community included when an edge node advertises its WAN port information. Please see Section 5 for BGP Walk Through details. 
>  - Also, in draft-ietf-idr-sdwan-edge-discovery-12 Section 5.1 we see that the client route update uses the Encapsulation Extended Community (emphasis added):
>  [Linda] The Client Route UPDATE can use the Extended Community to indicate that their associated tunnel information is advertised by separate UDPATE. The purpose is to reduce the size of the Clint Route UPDATE message size because the tunnel associated with IPsec has a lot of information to be exchanged. They don’t change at the same frequency as the Client Routes.
> ```
> 5.  Client Route UPDATE
>     The SD-WAN network's Client Route UPDATE message is the same as the
>    L3 VPN or EVPN client route UDPATE message.  The SD-WAN Client Route
>    UPDATE message uses the **Encapsulation Extended Community** and the
>    Color Extended Community to link with the SD-WAN Underlay UPDATE
>    Message.
> ```
>  - It’s clear from other parts of the spec that the tunnel type is SD-WAN-Hybrid, for example, this is both stated in Section 3.3, and then used in the example (same section).
> [Linda] The Client Route Update message is NOT using RFC9012. Here is to indicate that another type might be needed. As this is a BGP usage draft, with the intent to explain how to use BGP, with the justification to BGP extension later.  - But RFC 9012 §4.1 told us we can’t use a tunnel type with sub-TLVs as an Encapsulation Extended Community!
> [Linda] The Client Route Update message is NOT using RFC9012.
>  I think what you really must be trying to do is use the Tunnel Encapsulation attribute (only!) to carry the SD-WAN-Hybrid in the SD-WAN Underlay route, and then have the client routes making use of that tunnel recurse into the underlay route (including tunnel) as per RFC 9012 Section 8. Note that Section 8 does NOT require that the client route carry the Encapsulation Extended Community — the next hop address is both necessary and sufficient to effectuate the linkage to the underlay route.
> [Linda] You are correct. The Tunnel Encapsulation Attribute is used to carry the SD-WAN-Hybrid for SD-WAN edge nodes to advertise the WAN ports (i.e. the under route).    Thanks,
>  —John

v2.23.0 | Report a Bug | By Email