IETF Logo Mail Archive

Re: [Idr] soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties

Linda Dunbar <linda.dunbar@futurewei.com> Fri, 28 June 2019 16:57 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7170512049C for <idr@ietfa.amsl.com>; Fri, 28 Jun 2019 09:57:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_wEzqcCC7VP for <idr@ietfa.amsl.com>; Fri, 28 Jun 2019 09:57:25 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780134.outbound.protection.outlook.com [40.107.78.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96DFA1204EB for <idr@ietf.org>; Fri, 28 Jun 2019 09:57:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mseZbiliXxhKoaIucKM4Ht94E/26gWvZTquN4z1ksrU=; b=CnUWN2gMatJKXTPK0C+LdeSCCp10sDmoJp6VCOq1HUoUL7aOdSAScKHGtqdjhYqk7vMTO7o4EtNkgJS5QUW4G266HkK3w27mo7YPoOTvpwPNblIELhHBepsWfjQzU4zEaXTE5aj/ktfoLgZql9G0+MeROTbQasFpWUGsYhNe3eg=
Received: from MN2PR13MB3582.namprd13.prod.outlook.com (10.255.238.139) by MN2PR13MB2672.namprd13.prod.outlook.com (20.178.251.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2032.12; Fri, 28 Jun 2019 16:57:22 +0000
Received: from MN2PR13MB3582.namprd13.prod.outlook.com ([fe80::a8cd:e9ef:5219:67ea]) by MN2PR13MB3582.namprd13.prod.outlook.com ([fe80::a8cd:e9ef:5219:67ea%6]) with mapi id 15.20.2032.012; Fri, 28 Jun 2019 16:57:22 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: "Ali Sajassi (sajassi)" <sajassi@cisco.com>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties
Thread-Index: AdUtPjQZBxvBfPhSTlipZ74SwoimTQABjpGAACCLVvA=
Date: Fri, 28 Jun 2019 16:57:22 +0000
Message-ID: <MN2PR13MB3582DAAAFB3E6F67C917A80585FC0@MN2PR13MB3582.namprd13.prod.outlook.com>
References: <MN2PR13MB35827C9D8B4F6E09577D7A7185FD0@MN2PR13MB3582.namprd13.prod.outlook.com> <DA6ED6BC-0221-4E06-B049-3F8C2254DB88@cisco.com>
In-Reply-To: <DA6ED6BC-0221-4E06-B049-3F8C2254DB88@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=linda.dunbar@futurewei.com;
x-originating-ip: [12.111.81.95]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 69653760-f1bb-4e15-ece8-08d6fbe9b061
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:MN2PR13MB2672;
x-ms-traffictypediagnostic: MN2PR13MB2672:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <MN2PR13MB2672649CCB7E583EEA1D763B85FC0@MN2PR13MB2672.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 00826B6158
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(376002)(39850400004)(346002)(366004)(136003)(199004)(189003)(33656002)(446003)(54896002)(68736007)(2501003)(236005)(5660300002)(86362001)(256004)(71190400001)(5024004)(8676002)(66446008)(6246003)(66576008)(66476007)(66556008)(81156014)(790700001)(99936001)(3846002)(54556002)(6116002)(53936002)(71200400001)(76116006)(66066001)(9686003)(64756008)(14444005)(73956011)(55016002)(66574012)(733005)(6306002)(186003)(6436002)(102836004)(2906002)(316002)(7736002)(26005)(6506007)(53546011)(8936002)(966005)(7696005)(44832011)(478600001)(14454004)(76176011)(606006)(66946007)(11346002)(476003)(81166006)(52536014)(229853002)(110136005)(486006)(99286004)(74316002)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR13MB2672; H:MN2PR13MB3582.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: vhkIah8UjU6Kn1+N6b927rPO8uE8ikudhOLYdrsaEF1sm+6n/W1uLZFPct9AaQEE12sA2rs0+u5HdkMHeEerLtR5vlJIi4uzCvdIFC/F9U/DHz3PX/A5xJnZalRYlbuVJRAwSrKJ0DGg9eCPw1I08VnAHNNwTYiK8FllwEbkURc7ldHNWvzbgq2w2nwR2Topx92MC5n+9rE9RNPiV5sHkERWXrVdTzoUpPwLe2XYvX0EtS6RCeDy9bQSq9UYXu0efXn0cXUgcljniSq+dRcZjt7gHyDM1EDHVGLb1Mqn1QhQf1ATKEg20enb+VS73e2TH191hi/ANybgEHM130IU7Y/MI9zlSDdwBzTULF6auG0kCBb7p8a7g4n8Yh5+WAQvug2GLy5qGDrrtx9AxIRQI44u/+nN5OcQaFJRGPBCDnY=
Content-Type: multipart/related; boundary="_005_MN2PR13MB3582DAAAFB3E6F67C917A80585FC0MN2PR13MB3582namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 69653760-f1bb-4e15-ece8-08d6fbe9b061
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2019 16:57:22.3044 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ldunbar@futurewei.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB2672
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/8tnOa2z-W7Wh_h2fLhP2FN6W-Uc>
Subject: Re: [Idr] soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 16:57:30 -0000

Ali,

Thank you very much for the comments. A few more questions on your suggestions.

You said
“The Tunnel-Encap attribute does NOT need to be sent along with each tenant’s route”.

Then what will be the “route” in the UPDATE message?
Per RFC4271, An UPDATE message is used to advertise feasible routes that share common path attributes to a peer.

You stated in another email using  [Tunnel-encap] “recursive resolution and coloring” to propagate the WAN ports properties to RR (Controller). The Section 7 of Tunnel-encap Recursive Next Hop Resolution is about how R2 advertises route “P” on behalf of R1 which doesn’t support Encapsulation, or allowing nested tunnels:

[cid:image003.png@01D52DA8.A2765F80]


Can you elaborate how to  [Tunnel-encap] “recursive resolution and coloring” to propagate the WAN ports properties to RR (Controller)?

For SDWAN scenario (Figure below), the C-PE-1 needs to do two separate actions:

  1.  advertise to the SDWAN Ctrl on this WAN port A1 & A2 properties: A1 is assigned with private address, and A2 is connected to MPLS (e.g. AWS Direct Connect port)



  1.  Advertise the client routes attached to C-PE-1 to SDWAN Ctrl.



[cid:image004.png@01D52DA8.A2765F80]

I re-read the Section 7 (suggested by your other email), but still can’t figure out. Any help would be greatly appreciated.

Thank you very much.

Linda
From: Ali Sajassi (sajassi) <sajassi@cisco.com>
Sent: Friday, June 28, 2019 2:00 AM
To: Linda Dunbar <linda.dunbar@futurewei.com>; idr@ietf.org
Subject: Re: [Idr] soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties


Linda,

After the long thread we had on the topic of Tunnel-Encap, it should hopefully be clear by now that tunnel-encap can be used for your “WAN ports” and the property associated with a tunnel for these WAN ports can be signaled via the attribute. The Tunnel-Encap attribute does NOT need to be sent along with each tenant’s route and the [Tunnel-Encap] specified two way to do that: 1) recursive resolution and 2) coloring.  Furthermore, [Tunnel-Encap] allows you to setup multiple tunnels to a given end-point by advertising a single route along with the attribute for these tunnels. [Tunnel-Encap] does a nice job in providing examples for all of these.

Cheers,
Ali

From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> on behalf of Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Date: Thursday, June 27, 2019 at 4:34 PM
To: "idr@ietf.org<mailto:idr@ietf.org>" <idr@ietf.org<mailto:idr@ietf.org>>
Subject: [Idr] soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties

IDR Experts:

We would love to hear your feedback, criticism, or suggestion for https://datatracker.ietf.org/doc/draft-dunbar-idr-sdwan-port-safi/<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-dunbar-idr-sdwan-port-safi%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C8b44503c6fe840dcf4c508d6fb964ed0%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C636973020328257074&sdata=xe6HeEhhFo4VYyMrMEX2KMOpIOyMd8Vpa9dDNS%2BgqN4%3D&reserved=0>

The document specifies a new BGP NLRI and SAFI for advertising WAN ports properties of a SDWAN edge node. SDWAN edge node’s WAN ports may face untrusted networks, such as the public internet, may get assigned IP addresses from the Internet Service Providers (ISPs), may get assigned dynamic IP addresses via DHCP, or may have private addresses (e.g. inside third party Cloud DCs). Packets forwarded through those SDWAN WAN ports might need to be encrypted (depending on the user policies) or need to go through NAT. SDWAN edge nodes need to propagate those WAN ports properties to the peers who are authorized to communicate across different types of underlay networks including the untrusted networks.

Many people have suggested using the SAFI/NLRI used by draft-ietf-idr-tunnel-encaps-12. Here is why Tunnel-Encap is not enough:


  *   Tunnel-Encap draft describes how to construct a BGP UPDATE messages that advertise endpoints’ tunnel encapsulation capability and the respective attached client routes, so that the receivers of the BGP UPDATE can establish appropriate tunnels with the endpoints for the client routes. Tunnel-encap has a “Remote endpoint subTLV” for controller to advertise a node’s encapsulation capabilities.   The receivers of the Tunnel UPDATE would construct the encapsulation header with the Outer Destination Address equal to the address carried in the “Remote Endpoint sub-TLV”..
  *   The Tunnel-Encap draft doesn’t cover the SDWAN Edge WAN ports properties advertisement propagation, especially over untrusted networks.
  *   The addresses advertised by Tunnel-Encap UPDATE are the addresses of client routes reachable via the advertised encapsulation headers. The Address Family for the WAN ports of SDWAN Edge is totally different address family. The goal is to register the WAN port properties to its respective controller. Therefore, it is cleaner, less processing on receivers for implementation, and less error prone to have a different NLRI for WAN ports properties registration than re-using client route NLRI.

Greatly appreciate feedback and criticisms.

Thank you
Linda

v2.23.0 | Report a Bug | By Email