Re: [Idr] draft-chen-bgp-redist-01.txt

Enke Chen <enchen@paloaltonetworks.com> Thu, 01 July 2021 21:49 UTC

Return-Path: <enchen@paloaltonetworks.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAF5A3A07C7 for <idr@ietfa.amsl.com>; Thu, 1 Jul 2021 14:49:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b=dnYNtlY2; dkim=pass (2048-bit key) header.d=paloaltonetworks-com.20150623.gappssmtp.com header.b=d24/vtw7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BhmndrK5lJTX for <idr@ietfa.amsl.com>; Thu, 1 Jul 2021 14:49:03 -0700 (PDT)
Received: from mx0b-00169c01.pphosted.com (mx0a-00169c01.pphosted.com [67.231.148.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C83A3A07C0 for <idr@ietf.org>; Thu, 1 Jul 2021 14:49:02 -0700 (PDT)
Received: from pps.filterd (m0048493.ppops.net [127.0.0.1]) by mx0a-00169c01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 161Ll8I5013875 for <idr@ietf.org>; Thu, 1 Jul 2021 14:49:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=PPS12012017; bh=I8M3gTz/oyJQklDI3HbyObDNyBhdvcvsMwmaHaLcbLY=; b=dnYNtlY2GmvmOoHw0F3CZCyW1UloD83TjIXYUruCiiETfVnx34u3belnGmzT+6cggySg geIM9utyJ3ByT20c5wF5zWuQnMxl544GWxNdPGRDRWa/kKQRQxIF+Sw0lx/8NIR9AKmR q0jDNsdHF2DuABO7eCDPJAV+TVc62894JXM/eqp6sZ8oXoXhga5CVumfqQlyaTLascmy NvpixG60iut+R8MW68a1yCh5IG7DotCVXw6gKhdWcVNtR94hYpRHzbW7IA3QgW5BEZkZ 47uoDSKpzHnZ9Ir0uGB069QqD0SSBeTCzqY3GbH5K9QDZzYir+ThmBZSorHVZL8yA1ZM MA==
Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by mx0a-00169c01.pphosted.com with ESMTP id 39hcq0d0aw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <idr@ietf.org>; Thu, 01 Jul 2021 14:49:01 -0700
Received: by mail-lj1-f200.google.com with SMTP id w18-20020a2e30120000b029017e30723e29so2430724ljw.2 for <idr@ietf.org>; Thu, 01 Jul 2021 14:49:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=I8M3gTz/oyJQklDI3HbyObDNyBhdvcvsMwmaHaLcbLY=; b=d24/vtw7trnZiE2PJiOWklhV/r6csDOiJSVtWw97q4MbH+tm4B6sfBamWem8LKptwR vKONjbXIaeXQvMw6BD6AIx60b2HBGu6YOghnWoj8cbYRxnHXxQQqnlKSb8MofjHrvKSU UgoQre7VpJ7KRUrtgvBQbbwLtL0vffmHXKgiUMCff1HNXkNpIeBtAMVQ7A1zToDciT4W FxOQu9OUshWI4gy/f29MED4HuyM0dMPjaSu6gyJN8aEQJ/q/H9qxBgoq0sVx3CXqE5Ce GA8RoPbOxy2ENDZDTmhCS5wZPIefIex2VOJGs4FmdZrHMRX15w+KycWE6Zt1pcHFElPI xHWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I8M3gTz/oyJQklDI3HbyObDNyBhdvcvsMwmaHaLcbLY=; b=fBOhyHgSaQAENhjnN1mPodAr4B67AOxWKmiqbRA7j1UcbrGjY3J5jnG23FQ5Rp+Xxb oKoYkDSCwVnPdzhE+ky/W1CHM+04/Q3njb5C+ViicgI7yuTVzL5a5zFqBKFDeLsETM+J TYPF0W6BZSLsT5tsj8/Aj1ahcX176vhY1/faNINEDNpLfQ5Bw/rcGUs50zMQisMAJnLk C3YbqYGMxgUknFNjOs+NY4660ZkAAVAnfYM1A3z35LIg/pTeCRFwDy4b91pIaSFdgw/K xUHw2zpS/Abe0O16zNMVT81sBNeVriU6D/M8N9yU8RQYTcrSQeLslfPlI/FQrm0bhEgi BZtw==
X-Gm-Message-State: AOAM532yefBPa14X7wUzty5ntbmMQYSraB3N+bQEDUI09aISjIwDbfo6 tZ1lFyePOuBFGYeXq/ikj/82RYKcXQbZ3bewtj2nfaEiMF6c/oVuy/u7VVrT+jWw/Zz7SvaQ4hi sRiU6vq3Fy65hVY04zh8=
X-Received: by 2002:ac2:419a:: with SMTP id z26mr1297812lfh.307.1625176139027; Thu, 01 Jul 2021 14:48:59 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxWt67bVTbiI0lvpQzxoPmi35+rLNW6IvpBR49JiE+hwVF14W+0pr1cMIimVVeIYIFq4LZXyZ5RJavVhmPmnnA=
X-Received: by 2002:ac2:419a:: with SMTP id z26mr1297751lfh.307.1625176137874; Thu, 01 Jul 2021 14:48:57 -0700 (PDT)
MIME-Version: 1.0
References: <CANJ8pZ_2yk666tSca818-e0YdziKjK3dMqhopOtYAP3vKXTEmQ@mail.gmail.com> <CAOj+MME5zZeZDnhpfivbdKj00JwBzi9rjMmzBXxE_fFqkxEVpA@mail.gmail.com> <CANJ8pZ9Und3fF324tzTAkhrMFV0MZfhHYfZussiYSCNUx-n_Hw@mail.gmail.com> <CABNhwV3BXk=+fuxVSg_9j+u+5Ffr+NQGE9P75NCPpTaUr5LqYQ@mail.gmail.com> <CAOj+MMFxM_yvrPDEyQ+dpO7ZxoiQKa0DE4ZQf763Cuidj76QXg@mail.gmail.com> <CAH1iCirqM8wB7AhiGRJdwxLsxMoRFrB-UebU6xhpyjZ87btezw@mail.gmail.com>
In-Reply-To: <CAH1iCirqM8wB7AhiGRJdwxLsxMoRFrB-UebU6xhpyjZ87btezw@mail.gmail.com>
From: Enke Chen <enchen@paloaltonetworks.com>
Date: Thu, 1 Jul 2021 14:48:46 -0700
Message-ID: <CANJ8pZ_FffQOHsiTji68USnv6PY3Am1fLoDLMmNijNGBQZpPkg@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: Robert Raszuk <robert@raszuk.net>, "idr@ietf. org" <idr@ietf.org>, Jenny Yuan <jyuan@paloaltonetworks.com>, Enke Chen <enchen@paloaltonetworks.com>
Content-Type: multipart/related; boundary="00000000000065d07a05c616cea2"
X-Proofpoint-GUID: KGLoe-DbAKxF3VjrySnVVjHl5gfm4tZL
X-Proofpoint-ORIG-GUID: KGLoe-DbAKxF3VjrySnVVjHl5gfm4tZL
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-01_12:2021-07-01, 2021-07-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 bulkscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1015 adultscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107010127
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ni_Zz10F97wu_uuEoL8r1lW6WR4>
Subject: Re: [Idr] draft-chen-bgp-redist-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 21:49:09 -0000

Hi, Brian:

The route sourced by the "network" command has the same ordering issue as
the route sourced by the "redistribute" command.

Thanks.   -- Enke

On Thu, Jul 1, 2021 at 1:42 PM Brian Dickson <brian.peter.dickson@gmail.com>
wrote:

> Top-reply, sorry if anyone doesn't like that.
>
> So, serious question:
> What if the solution to this problem is simply, "do not redistribute
> anything into BGP"?
> (If that is the case, maybe changing this draft to say that and nothing
> else is the best approach?)
>
> Specifically, instead of doing any redistributes, configure a prefix as
> locally originated (in cisco-speak, "network" within a BGP config section,
> IIRC).
> The BGP rules would result in it being announced into BGP if and only if
> it is (and only while it continues to be) resolvable (i.e. has a next hop
> in the RIB, I believe.)
>
> Does this actually fix the problem?
> (I have never liked redistribution, as it leads to a lot of funky
> behavior, including extraneous update messages that pollute the global BGP
> DFZ.)
>
> Brian
>
> On Thu, Jul 1, 2021 at 11:55 AM Robert Raszuk <robert@raszuk.net> wrote:
>
>> Gyan,
>>
>> > My understanding is by default most all implementations that I know of
>> for example Cisco & Juniper which have use identical default AD
>>
>> Can you provide source(s) of your above information ?
>>
>> To the best of my knowledge they are quite different ...
>>
>> Cisco:
>>
>> [image: image.png]
>>
>> Juniper:
>>
>> [image: image.png]
>>
>> Except connected I do not see much of "identical default AD"
>>
>> And that is as the draft says especially important when your intention is
>> to control active - backup paths for a given net.
>>
>> Thx,
>> R.
>>
>>
>> On Thu, Jul 1, 2021 at 8:02 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:
>>
>>>
>>> Hi Enke
>>>
>>> My understanding is by default most all implementations that I know of
>>> for example Cisco & Juniper which have use identical default AD,
>>> redistribution of the route only occurs from the source protocol that is
>>> being redistributed for example static versus OSPF or ISIS based on AD.
>>>
>>> So if you have multiple protocols redistribution into BGP, the source
>>> protocol with the lowest AD is what is inserted into the default RIB/FIB
>>> and its that specific route from the source protocol that is redistributed
>>> into BGP.   All implementations that I know of work that way.
>>>
>>> I don’t see any issue with deterministic redistribution as exists today
>>> with implementations.
>>>
>>> Normally you are only running one IGP but let’s say you are running OSPF
>>> and ISIS and you have a Juniper and Cisco ASBR redistribution into BGP, as
>>> OSPF has default AD 110, the OSPF prefix would be inserted into the Default
>>> RIB and redistributed into BGP.  Let’s say you set AD for ISIS down to 90
>>> and now the ISIS route is inserted into the RIB and now both Juniper and
>>> Cisco ASBR Will redistribute the ISIS route into BGP.
>>>
>>> I am not seeing the issue that you are trying to solve.
>>>
>>> Kind Regards
>>>
>>> Gyan
>>>
>>> On Wed, Jun 30, 2021 at 3:19 AM Enke Chen <enchen@paloaltonetworks.com>
>>> wrote:
>>>
>>>> Hi, Robert:
>>>>
>>>> 1) Usually the default admin-distance is configurable. Having the same
>>>> admin-distance across implementations would certainly make things simpler,
>>>> but that is not required. What matters is the local_pref value for the
>>>> redistribute backup route:
>>>>
>>>>             local_pref = default_local_pref - delta;
>>>>
>>>> It needs to be in the right order (relatively) for the "role" the route
>>>> is supposed to play.
>>>>
>>>> It's a good question. We will try to clarify it in the next revision.
>>>>
>>>> 2) Certainly it would work if we define the "delta" (or "local_pref")
>>>> for the redistributed route based on its role (e.g., primary, secondary,
>>>> tertiary). But extra config would be needed for specifying the "role".  The
>>>> algorithm described in the draft does not require additional config other
>>>> than the existing "admin-distance".  When more than two paths are involved
>>>> in a multi-vendor environment, the admin-distance needs to be carefully
>>>> assigned in order to get the desired local_pref value.
>>>>
>>>> Thanks.   -- Enke
>>>>
>>>> On Tue, Jun 29, 2021 at 1:05 PM Robert Raszuk <robert@raszuk.net>
>>>> wrote:
>>>>
>>>>> Hi Enke,
>>>>>
>>>>> How do you assure that admin distance is the same or delta would be
>>>>> the same across implementations ?
>>>>>
>>>>> Looking at say junos I see quite different values then when comparing
>>>>> with other implementations ...
>>>>>
>>>>>
>>>>> https://www.juniper.net/documentation/en_US/junos/topics/reference/general/routing-protocols-default-route-preference-values.html
>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.juniper.net_documentation_en-5FUS_junos_topics_reference_general_routing-2Dprotocols-2Ddefault-2Droute-2Dpreference-2Dvalues.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=GOhXjwEf1z0GAfIQVgVAc4sHvcAog6czTO30VhKwzQk&e=>
>>>>>
>>>>> Would it be simpler to define here verbatim what the local pref should
>>>>> be for redistributed routes ? Then at least those could be used as default
>>>>> local pref values unless overwritten by operator's policy during
>>>>> redistribution.
>>>>>
>>>>> Thx,
>>>>> Robert
>>>>>
>>>>>
>>>>> On Tue, Jun 29, 2021 at 7:14 PM Enke Chen <enchen@paloaltonetworks.com>
>>>>> wrote:
>>>>>
>>>>>> Hi, Folks:
>>>>>>
>>>>>> Apologies for the very long delay in updating the draft:
>>>>>>
>>>>>>        https://datatracker.ietf.org/doc/draft-chen-bgp-redist/01/
>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dchen-2Dbgp-2Dredist_01_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=IBn3kTJmGrWISvSq8L3M9GLLamXIqw7t2PvEdtvhmos&e=>
>>>>>>
>>>>>> The issue still exists, and shows up from time to time. The revised
>>>>>> version provides a complete solution that covers the use cases involving a
>>>>>> single router as well as multiple routers in a network.
>>>>>>
>>>>>> Your review and comments are welcome.
>>>>>>
>>>>>> Thanks.   -- Enke
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Idr mailing list
>>>>>> Idr@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/idr
>>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=iUboWFiSpP9QvSDj9hoG8_DO7R_8EOQvfEHnwyX-mc0&s=O1wpTf7XmDmE4-mQGDJ9YNEx2UVZW-k1meY3fd-tQrE&e=>
>>>>>>
>>>>> _______________________________________________
>>>> Idr mailing list
>>>> Idr@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/idr
>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=snEqNB2zn3PvbOz6evLTF_RY0Y4hzTk6um8tPviaKC0&s=8-pP2p8g4JLMvXje26e9nDe3D3DL9meBfLpDGDkyfvk&e=>
>>>>
>>> --
>>>
>>>
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.verizon.com_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=snEqNB2zn3PvbOz6evLTF_RY0Y4hzTk6um8tPviaKC0&s=_ULOmZGbd9QRxwUuthq4UtFMoMWiPDLHMxcRhJYAlk0&e=>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions A**rchitect *
>>>
>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>
>>>
>>>
>>> *M 301 502-1347*
>>>
>>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=snEqNB2zn3PvbOz6evLTF_RY0Y4hzTk6um8tPviaKC0&s=8-pP2p8g4JLMvXje26e9nDe3D3DL9meBfLpDGDkyfvk&e=>
>>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwICAg&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=snEqNB2zn3PvbOz6evLTF_RY0Y4hzTk6um8tPviaKC0&s=8-pP2p8g4JLMvXje26e9nDe3D3DL9meBfLpDGDkyfvk&e=
>