Re: [Idr] BGP Classful Transport Planes

Kaliraj Vairavakkalai <kaliraj@juniper.net> Mon, 19 October 2020 02:26 UTC

Return-Path: <kaliraj@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0583A1235 for <idr@ietfa.amsl.com>; Sun, 18 Oct 2020 19:26:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.202
X-Spam-Level: *
X-Spam-Status: No, score=1.202 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, THIS_AD=1.399, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=WLce1iWA; dkim=pass (1024-bit key) header.d=juniper.net header.b=HoC4eB8O
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3whraRZs-Rs1 for <idr@ietfa.amsl.com>; Sun, 18 Oct 2020 19:26:38 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 321763A1232 for <idr@ietf.org>; Sun, 18 Oct 2020 19:26:38 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09J2NYpP007724; Sun, 18 Oct 2020 19:26:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=El0BNjGnXuIq3831a2mLjEqz2CjKzFRsqIm0KKbo02c=; b=WLce1iWAuRm7FUIPGuUO1TsbmmfOTx8l772kKlCKEe9XgXHSMVJu1EbjHL3kqSw1hazU mA7baHkZ6XO6KX6/XMdWLs+urdYC1DwwOXDkaXM+Z8nuuH4wwPeKMiL/+XIq81Tras8j RJ9JDfrcKygHc6cc6e69eW71e6M3QncpXB0OgRckPW6tsoFVj+D62It5slIWt/Uoy6xp r1aoYmCesKsZ4aTNMWOhHagi0FDgVTTDBe3/UkOouPWBDAAUSP4ow7G6XT8tj/VqBUAO cqB0MlDgNjrYp5nqQYZ4A0D/oBFImB91q3rXennR2Q/XLHIi9cYuZOvrvSWw32JUtnqj 8A==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2177.outbound.protection.outlook.com [104.47.55.177]) by mx0a-00273201.pphosted.com with ESMTP id 347xjy1mqq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 18 Oct 2020 19:26:36 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C5G/+htxq9K85r56/YAWdglniZpMyzks9dS6EY7xF7XW9u7RQScph5xUHwkV4FNxy9gSRUcPkDcGh5MRb0zAJX8zfsNk6Bn2XvV6jZf1ZAWYs02Gkt6+aLEVqjKMjbPSaoW1RmboY+z0k5gi1kpLi39QXcOihPOutgmJDHKn2/yxZ477mIlWNkcZyqL3VtS1HQLEJBvoANFgMDrt3NlCR3LNuuGZ+YtIopEas33ng7Q41pfpGu31xlniVfVL4qyw7+HIk2MRph69we4vBcoc5+GGrN+iwW0+kW7pUkXCah/bTruxFk9yf/ZQ3VMAWhbM6Ck8a7k5+WRld4C0r7SA9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=El0BNjGnXuIq3831a2mLjEqz2CjKzFRsqIm0KKbo02c=; b=jDuH78rXg8LP5tKQfIU+AFnd5oMFSy82imJ6anBoiJ7WsPny7q8l2V2NotALxAKaR1MrzWpnhaKH5MnDq/3Ccr54ucEOA4b7jPc+YwFXZ2ocDW7OsIhEUBjW3H8tZ+iicZS5d/oP8GkEa3UqXYN0REfZ/Orxbnl7g7cN4I71ubMVkFXMGOiWTU8y0p+BcgDckAl85Y2paRaabjKFB+/vIEHUvTPlqIgsQsvwnyk27ZL8UGQi6IE1uj/AHm7eKdjMuZPAuKlVD+LdfV5Ph9oLc/w0joctv2zqVY0y2PQ/K4top/5ajpLQHEF+EW2vTYmSITxIVuC3GRL2h2wPis8XtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=El0BNjGnXuIq3831a2mLjEqz2CjKzFRsqIm0KKbo02c=; b=HoC4eB8OZLJZLql2XuwF8xLuVw4cAJLDFwgOmal87k27liYf/6gakHfVRdw+Ml+94gf3Ti6FJHcT2XMjfgOdCTQmDxtT8UX251P+WfjbwF5am6ciYwEezfiQP/28jnOcc9AqlTn90vTH3KatmpM9wv0Wsr2F2yFMbDcK25OO3Bc=
Received: from BY5PR05MB7075.namprd05.prod.outlook.com (2603:10b6:a03:1bd::32) by BYAPR05MB4501.namprd05.prod.outlook.com (2603:10b6:a02:f4::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.15; Mon, 19 Oct 2020 02:26:32 +0000
Received: from BY5PR05MB7075.namprd05.prod.outlook.com ([fe80::f944:d24a:1401:410f]) by BY5PR05MB7075.namprd05.prod.outlook.com ([fe80::f944:d24a:1401:410f%7]) with mapi id 15.20.3499.015; Mon, 19 Oct 2020 02:26:32 +0000
From: Kaliraj Vairavakkalai <kaliraj@juniper.net>
To: Robert Raszuk <robert@raszuk.net>
CC: Natrajan Venkataraman <natv@juniper.net>, Balaji Rajagopalan <balajir@juniper.net>, "idr@ietf. org" <idr@ietf.org>, Shraddha Hegde <shraddha@juniper.net>
Thread-Topic: BGP Classful Transport Planes
Thread-Index: AQHWpJpxW14vpdCoWEu7NQcRLbFx66mcARyAgAE8MYCAAIKogA==
Date: Mon, 19 Oct 2020 02:26:32 +0000
Message-ID: <27047AC9-E52C-49D5-BCB2-362D6B559386@juniper.net>
References: <CAOj+MMEdijdGVMKS3Qf-nabj0gZk+rrf7ygZ1H+6AyvxdP7xuA@mail.gmail.com> <59A888A2-682A-4A36-B80A-CC46DB02D1EA@juniper.net> <CAOj+MME2fY0HT0jKd-mVPgJPyModgwLwexb=XXsKxPxW91yfsw@mail.gmail.com>
In-Reply-To: <CAOj+MME2fY0HT0jKd-mVPgJPyModgwLwexb=XXsKxPxW91yfsw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=3b62f7ea-8ce9-4afa-b8e6-3c2d8d9a0ff5; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-10-19T01:26:28Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only;MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true;
authentication-results: raszuk.net; dkim=none (message not signed) header.d=none;raszuk.net; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.242.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 58ef686c-fa07-44a8-b7a0-08d873d664ea
x-ms-traffictypediagnostic: BYAPR05MB4501:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR05MB4501D60B690CC665B7E2E4CFA21E0@BYAPR05MB4501.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Wo+9C2MdRUOnqXp+C/vve3x4nzqNjhAcoLqhFv/XWt9CDGLFImsz2LwjS8/4/TNR7jlQV6Vg2aEGlrHREYK2PjFQ+5USfaMseKTlS6sFGdMJ5BDraKi4hfwDanB1oa/vo9LotZIZ6GVLP7cUX2sJL8/PKdnCMBIA9C9WfQk4nycg+pl95cqf0sldRzEmch4f8L5tNQv1Pbghcx3nnS1HPNY3vX0coWdKj+rydVus3MWUjBK258U2dgPkA5h9M827lOF2yp0YY9sAoSL4Pp6KDig5kBUQ4lIyWS8sAiegcZ8ZiLObTwfYvQtQg8EzqB5B4wlnBn6rnKhOI+X8v9a/gn3xp3Z+Mae9qMRV7hkFfXj6o51AXShhhLU6h6tu4ui8QX2kHVtxNmBSU+azNz1Wjw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR05MB7075.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(376002)(39860400002)(346002)(396003)(4326008)(6916009)(166002)(6512007)(83380400001)(6486002)(71200400001)(107886003)(2616005)(186003)(54906003)(26005)(36756003)(3480700007)(66946007)(64756008)(66446008)(8936002)(478600001)(66476007)(66556008)(316002)(86362001)(5660300002)(9326002)(8676002)(33656002)(53546011)(966005)(6506007)(76116006)(91956017)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: WKl99KOe4w7ua83HQ2tm9tEhd50AK6oot9N8LoIPJzjyzGG6sYlyGPKn2cGiASv1m3bKAgEykcYGk7RszihTI20s1MXoEHt9Wt3ZMjohxjl1c4dscBuWWw1I+gwb0VytRQfda681W+8eyYy5BrIW0vNDPwhyKpEtnPOSnKMJshLqnZhOGu4AQIKPzALozyxD8T3kGTrjPWfkUcAplJT2br+SH90X207Pbgt3Bi6ehGkn3BaNRDXayDXHy/6Mkjtjrw2Yo2JnGY+f8Ea5qkCqEGc90Xwf8iuem73voV17U262bLDIlHs5x1Ed2E5Q9mAc9+cndIhHVr5YXZF63cr/5XzpLFM3kP1ELNz0Vnd0a/mmAGkmxGEwDSVudkSqNoEje2nwn+Uf4vOv3qB+JXusmlh5PmRZC8VUALeiJzPB9N+OFLJIdpK6bHawXqB0TzW3dAGdQtnpkNjwG82raSGuk6ZWPPJ+g4YsCPhrPdRZyBQpBaZw0SHAPYCyEDuNEdwYlIOoFeMYeKY5XOcRdpsGl4h818Mr1F43q0tQ1tqhaxZQjfStyy09wu0zAKu+tZcYwqcLeQLmWgkERFGdh7yjsatCLkVOxnSt7GxSxs2asKsP3sYgygbJQXVAp2hbhLh5ANNA0IMZzPUdrg3f5IgwLw==
Content-Type: multipart/alternative; boundary="_000_27047AC9E52C49D5BCB2362D6B559386junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR05MB7075.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 58ef686c-fa07-44a8-b7a0-08d873d664ea
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Oct 2020 02:26:32.5435 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5lMnKSpTelwblThtAbqGcAk8lDlEmcFDx/bHngwjU+u0IImN/B73fZfy021OiJyeX7WGVN3B0VMWq+KUWJuf8A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4501
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-18_13:2020-10-16, 2020-10-18 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 bulkscore=0 clxscore=1015 phishscore=0 priorityscore=1501 malwarescore=0 adultscore=0 mlxscore=0 mlxlogscore=999 impostorscore=0 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010190019
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/qPXibwyogB0WUzvJ73o6E7vsrn8>
Subject: Re: [Idr] BGP Classful Transport Planes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 02:26:40 -0000

Hi Robert,

Please see inline.

From: Robert Raszuk <robert@raszuk.net>
Date: Sunday, October 18, 2020 at 4:39 AM
To: Kaliraj Vairavakkalai <kaliraj@juniper.net>
Cc: Natrajan Venkataraman <natv@juniper.net>et>, Balaji Rajagopalan <balajir@juniper.net>et>, "idr@ietf. org" <idr@ietf.org>rg>, Shraddha Hegde <shraddha@juniper.net>
Subject: Re: BGP Classful Transport Planes

[External Email. Be cautious of content]

Hi Kaliraj,

Just a few points as a follow up on your note.

Ad 1 - The point was that you can carry mapping (or if you will stitching information) by extending with new draft encoding defined in draft-ietf-idr-tunnel-encaps.

As you know tunnel SAFI (5512) was deprecated and going forward the recommendation is to use a new encap attribute. That is why I suggest you consider the use of a new attribute attached to RFC3107 SAFI 4 instead of defining new SAFI.

The new attribute attached to SAFI 76 (BGP-CT) route is a Route-Target extended-community. Ref: https://tools.ietf.org/html/draft-kaliraj-idr-bgp-classful-transport-planes-01#section-4

This RT helps this SAFI in following RFC-4364 mechanisms. I think it doesn’t make sense to use/extend TEA to perform RFC-4364 mechanisms (route leaking in BGP VPNs).

The ‘mapping community’ is just a new role for a bgp-community. Any community/extended-community can be used as a mapping-community. We re-use existing ext-community “Color extended community” as the mapping-community on service-routes.

A new SAFI is required because it carries RD and RT. RD is required to distinguish the NLRI of gold/silver reachability info for a PNH PE1/32. RT is required to associate the PNH route with a specific Transport-class and leak it to the associated Transport-VRF RIB (its just a Transport-layer BGP VPN).

These cannot be achieved using SAFI 4. Addpath-ID can help with path-hiding on a per-BGP-session scope, but it does not provide a proper end-to-end end-point ‘distinguisher’. RD is good for debugging, since looking at a RD1:PE1 route, one can figure out which node in the multi-domain option-C network originated this advertisement. AddPathID doesn’t help with that. Also, instead of redefining SAFI-4 to follow RFC-4364 and allow leaking using RT, it appeared much cleaner to define a new SAFI that uses RD, RT.

We could have overloaded SAFI-128 to carry transport-routes as-well. But separating it into a new SAFI made sense with respect to operational simplicity.

This is explained in https://tools.ietf.org/html/draft-kaliraj-idr-bgp-classful-transport-planes-01#section-9

Yes, defining a new SAFI means other vendors need to come on-board to implement this mechanism. We are hoping customers and fellow-vendors will see the value this proposal brings to brown-field deployments.

Ad 2a - You say "it will work" then just a few lines below you admit the current draft only addresses MPLS stitching via ASBR/ABRs.

Sorry, I must have said it ‘can be made to work’, as the architecture maintains clear separation between layers, and has room for extension. But yes, current draft only addresses MPLS forwarding at the border-nodes.

Ad 2b - All three points on value of MPLS Inter-AS or Inter-area stitching are quite questionable even in brownfield deployment. But that's not the point to debate any more here. Market will decide.

Agree, market will decide.

Ad 3 - No I was not asking for yet one more abuse of flowspec use case. I was not asking for new ACL based mapping to specific VRF either. If your draft is about "BGP Classful Transport" it better also define "Classful RIB" where forwarding decision is done not only based on destination address and its next hop but also on other fields in the packet. That was the first thing I was curious to see in your new SAFI definition but there is none.

OK. I think you are asking about CBF (Class based forwarding). IMHO, CBF is local implementation matter. So we didn’t specify anything in the draft about it. E.g. Junos will support mapping a ‘forwarding-class’ to a ‘transport-class’ by local policy configuration.

SAFI-76 itself is at the Transport-layer, so I feel it should not have any CBF related details, which are service-layer level information.

Ad 4 - I was asking where exactly is the Longest Prefix Match performed ? Based on aggregates generated by which network element and which protocol ? What set of destinations does the aggregate cover ? Assuming option-C don't you still need to leak all /32s or /128s across the domains - or you assume RFC5283 is in use ?

The LPM is performed on the transport-class specific transport-RIBs (e.g. gold.inet.3), which can contain routes from various transport-protocols.

Yes, the RD:PNH/32 or RD:PNH/128 routes will be leaked across all domains. There is no aggregation. And they will be collected in respective transport-ribs, e.g. gold.inet.3, bronze.inet.3 at the SN/BN nodes. Thus, e.g. When a route with mapping-community ‘gold’(Color:0:100) is received, to resolve it’s nexthop, we do the LPM in transport-RIB (gold.inet.3) associated with that transport-class. Routes in best-effort transport-rib (inet.3) will not be used. The RD:PNH/32 routes would have been leaked into this gold.inet.3, by virtue of carrying a RT: transport-target:0:100.

And, these transport-ribs can contain routes from various transport-protocols (RSVP, SRTE, BGP-CT, others). I hope I got your question right.

I think it would help whoever is reviewing this work to have an end to end illustration of how each SN/BN/RR hop service route and its next hop changes as well as how underlay transport and overlay tunnels are advertised at each BN with the use of real IP addresses and labels. Even Shraddha's blog post does not go into that level of details.

Sure, I will add details to the draft with specific example topology.

Thanks a bunch for taking time to review, and give comments.

Kaliraj


Juniper Business Use Only