IETF Logo Mail Archive

Re: [Idr] RFC 4684 pedantry - routes with no Route Target

Eric Rosen <erosen@cisco.com> Wed, 21 May 2014 15:21 UTC

Return-Path: <erosen@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8460B1A087D for <idr@ietfa.amsl.com>; Wed, 21 May 2014 08:21:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wAb9xLXjYtNb for <idr@ietfa.amsl.com>; Wed, 21 May 2014 08:21:50 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EC601A06D6 for <idr@ietf.org>; Wed, 21 May 2014 08:21:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2670; q=dns/txt; s=iport; t=1400685706; x=1401895306; h=from:to:cc:subject:in-reply-to:reply-to:date:message-id; bh=zUI+BY/fgBPzs67K//H16c2EeLjYVcQ6XZaCCsIYtgw=; b=bBoRjNx65wHjiKQNIVMHORir/iYCbjNtViFcDbWjAJXygOi7v8Q2JWsR jac6yf6LKUrYSPnAtCSgrIVtaXspOGFSa9vsA3O1+H7DoVQxkYpXapULT gJ0WSsLyaGIQ7rCxJ8g7Mp0M1mba+2c7WqrO0YnuCI17PqaRLApfb4hZ7 k=;
X-IronPort-AV: E=Sophos;i="4.98,880,1392163200"; d="scan'208";a="45883597"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-3.cisco.com with ESMTP; 21 May 2014 15:21:45 +0000
Received: from erosen-lnx.cisco.com (erosen-lnx.cisco.com [161.44.71.19]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id s4LFLj81017543; Wed, 21 May 2014 15:21:45 GMT
Received: from erosen-lnx (localhost [127.0.0.1]) by erosen-lnx.cisco.com (Postfix) with ESMTP id D258E75B; Wed, 21 May 2014 11:21:44 -0400 (EDT)
From: Eric Rosen <erosen@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>
In-reply-to: Your message of Wed, 21 May 2014 08:47:53 -0400. <20140521124753.GC5675@pfrc>
Date: Wed, 21 May 2014 11:21:44 -0400
Message-ID: <8540.1400685704@erosen-lnx>
Archived-At: http://mailarchive.ietf.org/arch/msg/idr/n6L93JZ94otCE3VALGZFyRloMn4
Cc: idr@ietf.org
Subject: Re: [Idr] RFC 4684 pedantry - routes with no Route Target
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: erosen@cisco.com
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2014 15:21:54 -0000

Jeff> In RFC 6037 ("draft-rosen" multicast VPNs), the MDT SAFI has the
Jeff> following documentation in section 4.4:

:   When a PE distributes this NLRI via BGP, it may include a Route
:   Target (RT) Extended Communities attribute.  This RT must be an
:   "Import RT" [RFC4364] of each VRF in the MD.  The ordinary BGP
:   distribution procedures used by [RFC4364] will then ensure that each
:   PE learns the MDT-SAFI "address" of each of the other PEs in the MD,
:   and that the learned MDT-SAFI addresses get associated with the right
:   VRFs.

The next paragraph though makes it clear (well, sort of) that the MDT-SAFI
routes without RTs need to be distributed to all the PEs, and filtered as
necessary by the PEs to which they are distributed.  
   
Jeff> RFC 4684's procedure says in section 6:
:   A VPN NLRI route should be advertised to a peer that participates in
:   the exchange of Route Target membership information if that peer has
:   advertised either the default Route Target membership NLRI or a Route
:   Target membership NLRI containing any of the targets contained in the
:   extended communities attribute of the VPN route in question.

Jeff> Quite frankly, we have a bug in that MDT's are not getting propagated
Jeff> when RT-C is in use because we're treating it as a "VPN NLRI".

Yes, one might conclude that whoever decided to omit the RTs from MDT-SAFIs
wasn't much concerned about the use of RT-C (or any other RT-based filtering
mechanisms) to constrain the distribution of routes to or from intermediate
nodes.

Jeff> The broader question I'd put to the working group is whether any NLRI
Jeff> not  having RTs isn't really a "VPN NLRI" for purposes of RT-C
Jeff> filtering

I don't think RFC4684 really intends to restrict its applicability to "VPN
routes".  It does say in section 1: "This mechanism is applicable to any BGP
NLRI that controls the distribution of routing information by using Route
Targets".  The problem arises because, on some NLRIs, the use of RTs is
optional.  What you're suggesting is that RT-C should never filter out
routes that don't have any RTs.  That does seem right.

You may want to look at draft-zzhang-l3vpn-mvpn-global-table-mcast-02.txt,
especially section 2.2 ("Route Targets").  In that draft, there are routes
of the MCAST-VPN SAFI that may (optionally) carry RTs, and the intention is
that it be possible to use RT-C to constrain the distribution of those
routes, if (and only if) the routes carry RTs.  However, those routes cannot
really be said to be VPN routes, as they are used for controlling multicasts
that do not occur in a VPN context.

v2.23.0 | Report a Bug | By Email