Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Fangsheng <fangsheng@huawei.com> Thu, 21 May 2020 10:01 UTC

Return-Path: <fangsheng@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9DF3A0B5B; Thu, 21 May 2020 03:01:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cRYvufGx5mNt; Thu, 21 May 2020 03:01:14 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D75223A0B6A; Thu, 21 May 2020 03:01:12 -0700 (PDT)
Received: from lhreml713-chm.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id D33F0C4324AD6D28F4C8; Thu, 21 May 2020 11:01:09 +0100 (IST)
Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by lhreml713-chm.china.huawei.com (10.201.108.64) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 21 May 2020 11:01:04 +0100
Received: from nkgeml707-chm.china.huawei.com (10.98.57.157) by nkgeml705-chm.china.huawei.com (10.98.57.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 21 May 2020 18:01:01 +0800
Received: from nkgeml707-chm.china.huawei.com ([10.98.57.157]) by nkgeml707-chm.china.huawei.com ([10.98.57.157]) with mapi id 15.01.1913.007; Thu, 21 May 2020 18:01:01 +0800
From: Fangsheng <fangsheng@huawei.com>
To: "Ketan Talaulikar (ketant)" <ketant@cisco.com>, Robert Raszuk <robert@raszuk.net>
CC: "Chengli (Cheng Li)" <c.l@huawei.com>, "draft-ietf-spring-segment-routing-policy@ietf.org" <draft-ietf-spring-segment-routing-policy@ietf.org>, idr wg <idr@ietf.org>, SPRING WG <spring@ietf.org>, stefano previdi <stefano@previdi.net>, Yangang <yangang@huawei.com>
Thread-Topic: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)
Thread-Index: AdYek4MmKSUhOySlR86q9L0AexcDnQANyexg//+EXgCAHHfPgP/8lbwQgAaffAD//2s+AIAA6H2A//7yCjA=
Date: Thu, 21 May 2020 10:01:01 +0000
Message-ID: <243a75cc7ba6415e944cda97d37b53d8@huawei.com>
References: <C7C2E1C43D652C4E9E49FE7517C236CB029FAC88@dggeml529-mbx.china.huawei.com> <MW3PR11MB45702B49025A293583346F36C1AA0@MW3PR11MB4570.namprd11.prod.outlook.com> <CAOj+MMGbjvgn6VL3dKviuxzNNRk0pwFkBOTJUz15D8iSM9=-Rw@mail.gmail.com> <MW3PR11MB457083E56B77688CA68A2500C1B80@MW3PR11MB4570.namprd11.prod.outlook.com> <83bae48cc52d4a5da9a7ee76529a8d20@huawei.com> <CAOj+MMFs2fGy0ciyBJvoWng++oepamF8YxyO=QtR9yYWbazbqg@mail.gmail.com> <05da1ce8c7f949cf9ba5bec27fd1d64c@huawei.com> <MW3PR11MB457080117E6483332BE0F2B1C1B60@MW3PR11MB4570.namprd11.prod.outlook.com>
In-Reply-To: <MW3PR11MB457080117E6483332BE0F2B1C1B60@MW3PR11MB4570.namprd11.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.202.139]
Content-Type: multipart/related; boundary="_009_243a75cc7ba6415e944cda97d37b53d8huaweicom_"; type="multipart/alternative"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/pUY81huEEKHMyvQn3MNS-RT1OxQ>
Subject: Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2020 10:01:19 -0000

Hi Ketan Talaulikar,

The BGP best-path run at CSG1 will pick one of the two paths from the two RRs since it is the same NLRI from two neighbors. So the best path is what would be given by BGP to the SR Policy component. The other path is to provide/offer redundancy at the BGP level as Robert mentioned.

è  Oh Yes, you are right, I made a mistake, it is redundancy at the BGP level

But the core problem is how to define a key for a candidate path, this key can be consistent between CSG1’s SR Policy component and the controller.
I think the key is <Protocol-Origin, ASN, node-address , discriminator>, but I guess you mean the key should be  <Protocol-Origin, discriminator>?

you wished the “originator” that was reported to SR Policy component to be the controller instead of either RR1 or RR2 in the current case

è Yes, because I think for both the SR Policy component and controller  the candidate path key should be <Protocol-Origin, ASN, node-address , discriminator> , so I wish the “originator” that was reported to SR Policy component in any case.

We know that a candidate path key only needs to ensure that it is unique within an SR Policy, so when discussing the candidate path key from a network perspective, we no longer emphasize the SR Policy key. Let's take a look at the standards related to SR Policy:

One BGP SR Policy route for candidate path, the key contains just <Distinguisher> which means <discriminator>.
https://datatracker.ietf.org/doc/draft-ietf-idr-segment-routing-te-policy/?include_text=1
[cid:image006.jpg@01D62F99.AB2EEF90]


One BGP LS route for candidate path, the key contains <Protocol-Origin, ASN, node-address , discriminator>.
https://datatracker.ietf.org/doc/draft-ietf-idr-te-lsp-distribution/?include_text=1
[cid:image007.jpg@01D62F99.AB2EEF90] [cid:image010.jpg@01D62F99.AB2EEF90]

PCEP TLV for candidate path, the key contains <Protocol-Origin, ASN, node-address , discriminator>
https://datatracker.ietf.org/doc/draft-barth-pce-segment-routing-policy-cp/?include_text=1
[cid:image013.jpg@01D62F99.AB2EEF90]

YANG for candidate path, the key contains <Protocol-Origin, ASN, node-address , discriminator>
https://datatracker.ietf.org/doc/html/draft-raza-spring-sr-policy-yang-02
[cid:image016.jpg@01D62F99.AB2EEF90]


According to this information, in order to uniquely identify a candidate path in the network, we need its key to be stable and unique, so the <Originator> is best determined by the producer and can be transmitted with the protocol message.
We recommend carrying the Route Origin Community (defined in RFC 4360) directly when the controller advertises BGP routes.  In this way, the key  of the CP is determined by the controller and will not change during the advertisement of BGP routes.


In addition,  in my case, CSG1 cannot receive BGP SR Policy routes from RR1 and RR2 at the same time, therefore, it is possible to receive the route from RR1 first, the SR Policy component creates a candidate path, and then receives the route from RR2. BGP decides to prefer this new route. For the SR Policy component, the Originator follows A change has occurred, so a switch between paths will be performed.



From: Ketan Talaulikar (ketant) [mailto:ketant@cisco.com]
Sent: Thursday, May 21, 2020 1:59 AM
To: Fangsheng <fangsheng@huawei.com>om>; Robert Raszuk <robert@raszuk.net>
Cc: Chengli (Cheng Li) <c.l@huawei.com>om>; draft-ietf-spring-segment-routing-policy@ietf.org; idr wg <idr@ietf.org>rg>; SPRING WG <spring@ietf.org>rg>; stefano previdi <stefano@previdi.net>et>; Yangang <yangang@huawei.com>
Subject: RE: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Hi Fangsheng,

The BGP best-path run at CSG1 will pick one of the two paths from the two RRs since it is the same NLRI from two neighbors. So the best path is what would be given by BGP to the SR Policy component. The other path is to provide/offer redundancy at the BGP level as Robert mentioned.

See example 1 in https://tools.ietf.org/html/draft-filsfils-spring-sr-policy-considerations-05#section-4

The only aspect that I understood or misunderstood was that you wished the “originator” that was reported to SR Policy component to be the controller instead of either RR1 or RR2 in the current case. Or at least I got the impression that was what Chengli was trying to say but I may be wrong.

As such, it is not a functional issue per se. The “originator” is used only for the tiebreaker between CPs in the SR Policy component and nothing else.

Thanks,
Ketan

From: Fangsheng <fangsheng@huawei.com<mailto:fangsheng@huawei.com>>
Sent: 20 May 2020 19:33
To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: Ketan Talaulikar (ketant) <ketant@cisco.com<mailto:ketant@cisco.com>>; Chengli (Cheng Li) <c.l@huawei.com<mailto:c.l@huawei.com>>; draft-ietf-spring-segment-routing-policy@ietf.org<mailto:draft-ietf-spring-segment-routing-policy@ietf.org>; idr wg <idr@ietf.org<mailto:idr@ietf.org>>; SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>; stefano previdi <stefano@previdi.net<mailto:stefano@previdi.net>>; Yangang <yangang@huawei.com<mailto:yangang@huawei.com>>
Subject: RE: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Hi,

I don't think CSG1 needs to "generate" anything. Peers which send you particular policy are well known at CSG1.

è Yes, The word “generate” is indeed inaccurate, I mean that CSG1 finalizes the key of the candidate path, not the controller. For example, when CSG1 needs to notify the controller of the traffic statistics of each segment list, the controller cannot recognize the key of the candidate path to which these segment lists belong.


Well what you call "waste" I call redundancy. Sure keeping extra paths requires some cost, but building redundancy in control plane pays off.


è I think it is enough to keep the route redundant in the BGP SR Policy address family, but for the SR Policy component, because the keys of the two candidata paths are different, it does not even know that these two paths are redundant


Thx

From: Robert Raszuk [mailto:robert@raszuk.net]
Sent: Wednesday, May 20, 2020 8:59 PM
To: Fangsheng <fangsheng@huawei.com<mailto:fangsheng@huawei.com>>
Cc: Ketan Talaulikar (ketant) <ketant@cisco.com<mailto:ketant@cisco.com>>; Chengli (Cheng Li) <c.l@huawei.com<mailto:c.l@huawei.com>>; draft-ietf-spring-segment-routing-policy@ietf.org<mailto:draft-ietf-spring-segment-routing-policy@ietf.org>; idr wg <idr@ietf.org<mailto:idr@ietf.org>>; SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>; stefano previdi <stefano@previdi.net<mailto:stefano@previdi.net>>; Yangang <yangang@huawei.com<mailto:yangang@huawei.com>>
Subject: Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Hi,

> the node-address is generated by CSG1

I don't think CSG1 needs to "generate" anything. Peers which send you particular policy are well known at CSG1.

> The process described above will result in a waste of redundant candidate paths on CSG1,

Well what you call "waste" I call redundancy. Sure keeping extra paths requires some cost, but building redundancy in control plane pays off.

Thx,
R.




On Wed, May 20, 2020 at 2:32 PM Fangsheng <fangsheng@huawei.com<mailto:fangsheng@huawei.com>> wrote:
Hi Robert,
Take the following picture as an example, I think you can understand our problem more easily.
The controller needs to notify the headend CSG1 through BGP SR Policy to create a candidate path of SR Policy. This BGP SR Policy route will be advertised to CSG1 through RR1 and RR2.
According to the definition in draft, the key of a candidate path is <Protocol-Origin, originator, discriminator>, where originator = <ASN, node-address>, so a complete candidate path key is <Protocol-Origin, ASN, node-address , discriminator>.
However, in this specific example, the node-address is generated by CSG1, and because CSG1 receives BGP SR Policy routes from RR1 and RR2, respectively, CSG1 will get two different node-addresses. CSG1 thinks that it is necessary to create two  candidate paths, and the controller does not know what the node-address CSG1 will eventually generate. Maybe:
Candidate path 1’ key:  <BGP,RR1’s ASN, RR1’ BGP Router ID, discriminator1>
Candidate path 2’ key:  <BGP,RR2’s ASN, RR2’ BGP Router ID, discriminator2>
The process described above will result in a waste of redundant candidate paths on CSG1,
At the same time, when CSG1 needs to announce the SR Policy information to the controller through BGP LS, it needs to carry the keys of the candidate path in it, and the controller cannot recognize these keys.


[cid:image001.png@01D62F57.B5A3A7F0]

To solve these problems,  We recommend carrying the Route Origin Community (defined in RFC 4360) directly when the controller advertises BGP routes.
In this way, the key  of the CP is determined by the controller and will not change during the advertisement of BGP routes.




发件人: Ketan Talaulikar (ketant) [mailto:ketant@cisco.com<mailto:ketant@cisco.com>]
发送时间: 2020年5月18日 20:00
收件人: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
抄送: Chengli (Cheng Li) <c.l@huawei.com<mailto:c.l@huawei.com>>; draft-ietf-spring-segment-routing-policy@ietf.org<mailto:draft-ietf-spring-segment-routing-policy@ietf.org>; idr wg <idr@ietf.org<mailto:idr@ietf.org>>; SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>; Fangsheng <fangsheng@huawei.com<mailto:fangsheng@huawei.com>>; stefano previdi <stefano@previdi.net<mailto:stefano@previdi.net>>
主题: RE: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Hi Robert,

You are right that the “Originator” is not used in BGP best path and is just for a tie-breaking logic in SRTE between paths from different protocols and controllers. I doubt if there is a functional issue here.

I thought that Chengli was bringing in some new/different requirement for the “Originator” field for some deployment design. I haven’t seen a response/clarification from him as yet, and so perhaps I misunderstood him in which case we are ok here.

Thanks,
Ketan

From: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Sent: 30 April 2020 14:46
To: Ketan Talaulikar (ketant) <ketant@cisco.com<mailto:ketant@cisco.com>>
Cc: Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>>; draft-ietf-spring-segment-routing-policy@ietf.org<mailto:draft-ietf-spring-segment-routing-policy@ietf.org>; idr wg <idr@ietf.org<mailto:idr@ietf.org>>; SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>; Fangsheng <fangsheng@huawei.com<mailto:fangsheng@huawei.com>>; stefano previdi <stefano@previdi.net<mailto:stefano@previdi.net>>
Subject: Re: [Idr] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Hi Chengli and Ketan,

Well I think (perhaps to your surprise) the current text is actually correct.

See the overall idea of section 2.4 is not to define the real source of the candidate path. That is done in section 2.5 The idea here is to keep multiple *paths or versions* of the candidate paths in the local system uniquely.

See if you continue reading section 2.6 demystifies the real objective:


   The tuple <Protocol-Origin, originator, discriminator> uniquely

   identifies a candidate path.



So the real originator is encoded in discriminator and here it just means the peer candidate path was

received from. And if you read on this entire exercise only servers best path selection as described in section 2.9.



.... the following order until only one valid best path is selected:



   1.  Higher value of Protocol-Origin is selected.



   2.  If specified by configuration, prefer the existing installed

       path.



   3.  Lower value of originator is selected.



   4.  Finally, the higher value of discriminator is selected.

+

      The originator allows an operator to have multiple redundant

      controllers and still maintain a deterministic behaviour over

      which of them are preferred even if they are providing the same

      candidate paths for the same SR policies to the headend.

Thx,
R.

On Thu, Apr 30, 2020 at 10:46 AM Ketan Talaulikar (ketant) <ketant=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>> wrote:
Hi Cheng,

I assume you are recommending the use of Route Origin Extended Community (https://tools.ietf.org/html/rfc4360#section-5) for conveying the “Originator” when the SR Policy update is propagated over eBGP sessions via other eBGP/iBGP sessions instead of direct peering with the headend.

I believe it does address the scenario you describe given that it is expected that SR Policy propagation via BGP is happening within a single administrative domain even if it comprises of multiple ASes.

Also copying the IDR WG for inputs since this would likely need to be updated in draft-ietf-idr-segment-routing-te-policy.

Thanks,
Ketan

From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> On Behalf Of Chengli (Cheng Li)
Sent: 30 April 2020 07:34
To: draft-ietf-spring-segment-routing-policy@ietf.org<mailto:draft-ietf-spring-segment-routing-policy@ietf.org>
Cc: SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>; huruizhao <huruizhao@huawei.com<mailto:huruizhao@huawei.com>>; Fangsheng <fangsheng@huawei.com<mailto:fangsheng@huawei.com>>
Subject: [spring] Comments: Route Origin Community in SR Policy(draft-ietf-spring-segment-routing-policy)

Hi authors,

In section 2.4 of [draft-ietf-spring-segment-routing-policy-06], introduced how the node-address of "Originator of CP(Candidate Path)" is generated when the Protocol-Origin is BGP. It says:
    “Protocol-Origin is BGP SR Policy, it is provided by the BGP component on the headend and is:
     o  the BGP Router ID and ASN of the node/controller signalling the candidate path when it has a BGP session to the headend, OR
     o  the BGP Router ID of the eBGP peer signalling the candidate path  along with ASN of origin when the signalling is done via one or  more intermediate eBGP routers, OR
     o  the BGP Originator ID [RFC4456] and the ASN of the node/controller  when the signalling is done via one or more route-reflectors over  iBGP session.”

In the operator's network, in order to reduce the number of  BGP sessions in controller and achieve scalability, the controller only establishes eBGP peer with the RR. And the RR establishes iBGP peers with the headends. As mentioned in the draft, the headend will use the RR's Router ID as the CP's node-address (the signaling is done via route transmission from RR to the headend instead of route reflection).  The headend needs to carry the CP's key when reporting the SR Policy status to the controller through BGP-LS. And there is a problem that the controller may not recognize the key because the node-address is generated by the RR node.

For network robustness, two or more RRs are usually deployed. This will introduce another problem.. When the same CP advertised by the controller is delivered to the headend through different RRs, the headend cannot distinguish whether it is the same CP because the node-address in the CPs' key  comes from different RRs.

To solve these problems,  We recommend carrying the Route Origin Community (defined in RFC 4360) directly when the controller advertises BGP routes.  In this way, the key  of the CP is determined by the controller and will not change during the advertisement of BGP routes.

Thanks,
Cheng
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr