Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- Adoption call (2/4/2022 to 2/18/2022)

[Jeffrey Haas <jhaas@pfrc.org>]

Wei,

On Fri, Feb 25, 2022 at 02:26:37PM +0800, Wei Wang wrote:
>    Thanks for your valuable suggestions and scene refinement, we think the following principles can be applied to the drop strategies:
> 
> when a <RD, source PE> tuple past the "fair" ratio but the prefix limit of VRF is not exceeded, PE should send warnings to the operator, and the drop strategies should not be triggered.
> 
> when a <RD, source PE> tuple past the "fair" ratio and the prefix limit is exceeded and there is no other VRFs on offended PE need VPN routes with this RD, they should be dropped.
>    The above strategies is only an example, there may exist other algorithms to be explored further and should be researched in another document in details. The operators just need to make sure the algorithms in different devices consistent. 
> 
>    If you agree with the above strategies, we will update our draft accordingly to reflect them. 

If this is your general intent for how the feature works, I think many of
the participants in the thread would appreciate such discussion becoming
part of your proposal.

Further discussion below:

>    For our considerations on the use of the principles in your mentioned scenarios, please see in-line replies with [WW].
> 
[...]

> Setup:
> RD-1, RD-2, RD-3: 10 routes
> RD-4: 40 routes.

[...]

> Scenario 2: RD-1, RD-2, RD-3 increase to 25 routes each.
> The load on the system is now at 155 routes.  RD-1, RD-2, RD-3 are still
> using the theoretical fair share.  Do we drop RD-4?  I believe this is what
> the proposal suggests.
> 
> Is this fair to RD-4?  They were previously permitted to burst past the fair
> share and changed nothing.  RD-4 may have been operating stably at that
> level for a while.
> [WW] After RD-4 past the "fair" ratio, router should send warnings to operators for further adjustment. If the prefix limit of VRF-A is exceeded and RD-4 still past the "fair", router will drop RD-4.

For this example, your intention is clear.

> Scenario 3, different setup:
> RD-1, RD-2: 26 routes
> RD-3: 25 routes
> RD-4: 10 routes
> 
> Utilization at start of scenario: 87%
> 
> We see that RD-1 and RD2 are past "fair" and RD-3 is at "fair".
> 
> RD-4 increases to 24 routes, less than "their fair share".  Utilization is
> now at 101%.  Who do we drop?  RD-1?  RD-2?
> [WW] If RD-1 and RD-2 still past the "fair" when utilization is higher than 100%, router should drop them both.

This is also clear.

> It should also be clear that the contrived examples above get much more
> complex when we deal with the real world.  Whether route contribution per-RD
> is uniform or highly asymmetrical depends on the deployment.  Sometimes the
> contributor of the most distinct routes per-RD is the most important router;
> e.g. the access router outside of the VPN.  This can lead to an outage for
> the VPN.
> [WW] If we do nothing, the offending VPN routes may influence the communication among VPNs and the communication between PE and the router outside of the VPN. If we filter the route from the access router outside of the VPN, only the latter communication will be influenced. 

I understand your point, but believe we have different scenarios in mind
that impact the outcome.  That's fine.  I believe you understand my point
that dropping the largest may sometimes have negative impact to overall VPN
operations.  Your choice is that the negative impact of the excess routes is
more important.

-----

I want to add one final point to the scenarios I have been using for
discussion.  These examples all use a fixed number of RDs for the 1/N ratio.

For "fair" to be able to be determined, it would be necessary to know the
total number of expected RDs present at a given PE for a given VRF.  This is
effectively a form of per-RD-per-VRF prefix limit.

If you agree that this is per-RD-per-VRF prefix limit as configuration
state, I believe you now have a point of clarity you can add to your
proposal that defines its expected operation.  This permits more flexibility
than 1/N fairness where N is unknown.

-- Jeff