IETF Logo Mail Archive

Re: [Idr] draft-wang-idr-vpn-routes-control-analysis (was Re: rd-orf problem clarification at the local level)

Robert Raszuk <robert@raszuk.net> Fri, 26 February 2021 11:40 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D95F83A1396 for <idr@ietfa.amsl.com>; Fri, 26 Feb 2021 03:40:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AlQelDQGdD1Z for <idr@ietfa.amsl.com>; Fri, 26 Feb 2021 03:40:49 -0800 (PST)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56B873A138D for <idr@ietf.org>; Fri, 26 Feb 2021 03:40:49 -0800 (PST)
Received: by mail-lj1-x22c.google.com with SMTP id h4so10054817ljl.0 for <idr@ietf.org>; Fri, 26 Feb 2021 03:40:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jN/mKe5TpWDCAXW/l9+7am5gUEzmnsTZrH0r+wtNYO0=; b=Z4j4VTvGUE4yQxFXNKHqxgMVKDNL8ba6QPpRpDa0E6iVzSBOJTZ1HMckVllDroCGDJ PPhbpeZRUDqBaPU1DrZLpUD2rZV/avhVxaOUAnSvSVkRDM7dvlY7ssGgqTi53ieCdt+k RwvwiaCA0Yw8SBdepQH+Tl96uW0VDIAegirEAbUnmESZzuV1BTFUhYNFu3zPPP+IRYuf OL/IKaAKDVMWH08ALowsFv9n2iWccgmW/5S4rKgKqyBVuAwrHDybNeOggB54UngANrxR uFDqkZJJmvwhQNCGSg0ukmStYuPi0QPBkTMb/INHfW/abI06i5DkIYHEi16HxJLV3oxy TQLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jN/mKe5TpWDCAXW/l9+7am5gUEzmnsTZrH0r+wtNYO0=; b=CWRK2mq4QSEC48/g99olkW6+Usd7096PVoSJG+S9AxxNqSRJ707BvRsZdvDJDp32JF qrbsJ9gvb673vfM7wglcg+OoEgpvSfWEe9S8egyM0rn6oM6VBp0DP7RiiwLbsou3Yj/b DQ6Hy/BtbAhGHhQVSg8pJIjCushVk4+mOrjznisVzNcRECM0JKCdE7RS+1GZ8mT/yYRw EnnxmKPGpVFDvZAO6G167lMlyf66dRwFkQWRcankHE5bpPTn46TebtRjvQ4YOaQ6fcns wQg9Zwek4QVlfDFl/SLuH31FzU1GpoVW7Ge4nC2eVTaHvnDCf+Dl35OftRimeSYpcpdI KgoQ==
X-Gm-Message-State: AOAM533nMo+Q7mqwXFxv/w/WjjJFt8ySYfvvDVl2sAVMUeQAb9RjUIeH pzdcVnk3giC+WEPzqub5vDxmvSMI7N1GdNFYPdcrLw==
X-Google-Smtp-Source: ABdhPJxrwkc/wOEZ602qVhCja3dDAaystNJ2u9wfjRfUiIuhw/azZ+hc8drOyRkeZ32PwkxkR0OS34l0dNS5nw169XI=
X-Received: by 2002:a2e:8e6e:: with SMTP id t14mr1436707ljk.23.1614339647185; Fri, 26 Feb 2021 03:40:47 -0800 (PST)
MIME-Version: 1.0
References: <CAOj+MMGgY198Z4Uz8NBDMDMYtinBCauxtPxEojzhiQekJwOYaw@mail.gmail.com> <71BBA315-1E03-4DA8-A7F3-9DBAFBD55E26@tsinghua.org.cn>
In-Reply-To: <71BBA315-1E03-4DA8-A7F3-9DBAFBD55E26@tsinghua.org.cn>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 26 Feb 2021 12:40:38 +0100
Message-ID: <CAOj+MMGYJ3B0Rdj+EPgGtaNpC_UL7yEFGFqej1NYmgcGn_RbVQ@mail.gmail.com>
To: Aijun Wang <wangaijun@tsinghua.org.cn>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, Aijun Wang <wangaj3@chinatelecom.cn>, draft-wang-idr-rd-orf@ietf.org, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000037b41e05bc3bbdf9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/w09sEFqz45jYdwtHasLHiyRypww>
Subject: Re: [Idr] draft-wang-idr-vpn-routes-control-analysis (was Re: rd-orf problem clarification at the local level)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2021 11:40:52 -0000

Aijun,


> Your proposal just let RTC act as the behavior of RD-ORF.
> I think no one will agree with you.
>

I think you did not understand it. But that's ok.

And if you think that it is better to make any routing protocol decision
(in regards to route distribution) by collecting information from more then
one protocol source then indeed no point to discuss this  any further.

Kind regards,
R.



> I think what Jeff’s proposal is to utilize the information from RTC to let
> the RR decide when to send out the RD-ORF message on behalf of its peers,
> not to change the behavior of RTC.
>
> Aijun Wang
> China Telecom
>
> > On Feb 26, 2021, at 18:48, Robert Raszuk <robert@raszuk.net> wrote:
> >
> > Gyan,
> >
> > What you said is pretty obvious I think to everyone here.
> >
> > But I think the point of bringing RTC into this picture was a bit
> > different.
> >
> > Just imagine RTC is running between PE and RR and signals interest in set
> > of RTs to the RR. Let's say those RTs are RT100, RT200, RT300, RT400,
> RT500
> >
> > Further imagine one VRF importing RT200 overflows on said PE with
> incoming
> > (pre-import routes of RD_FOO and RT100, RT200 and RT 300).
> >
> > So what if now PE via RTC will simply readvertise interest to get RT200
> > with new BGP attribute say called BLOCK_RD and lists in such attribute
> body
> > Route Distinguisher of RD_FOO ?
>
> [WAJ] The action on RR then will be advertised VPN routes that with RT200,
> but the RD part is not RD_FOO?
>
>
> >
> > The overall mission accomplished. No need for any new ORF type. It can be
> > even transitive if we apply a little hack and adjust the way RR will
> select
> > the best path for RTC (meaning include this attribute in advertisements
> > only if all peers sending RT200 attached it with such RD_FOO).
>
> [WAJ] Normally RTC message will be flooded within the network immediately
> . Your proposal here just let it wait responses from all its peers. If so,
> why using BGP UPDATE message?
>
> >
> > To me this is very simply RTC extension and it seems solves this entire
> > "problem".
> >
> > And no - by proposing the above I am not changing my mind that it is
> simply
> > wrong network operation to even allow such problem to happen in the first
> > place.
> >
> > Best,
> > R.
> >
> >
> >> On Fri, Feb 26, 2021 at 4:52 AM Gyan Mishra <hayabusagsm@gmail.com>
> wrote:
> >>
> >>
> >> Hi Jeff
> >>
> >> Keep in mind that RTC is an optimization that does not apply to every
> >> scenario especially in cases where all PEs have all the same VPNs
> defined
> >> with explicit RT import.  The special cases were RTC does apply is for
> >> incongruent VRFs in cases of a sparse RT distribution graph where PEs
> don’t
> >> all import the same RTs.  By default all PE have RT filtering enabled by
> >> default meaning if their is not an explicit VRF definition to match and
> >> import the RT, the RT is dropped.  With RTC the distribution graph of
> what
> >> RTs are advertised RR-PE is now optimized with RT membership, and now
> only
> >> RTs explicitly imported by the PEs are now advertised by the RR to PE
> for
> >> processing.  In the case of RD-ORF, it provides a layer of needed
> >> granularity as the RD PE originator of the flood is a subset of all the
> VPN
> >> prefixes represented by the RT permitted by RTC to be advertised to the
> >> PE.  The RD-ORF now dynamically blocks the offending PE prefixes that
> would
> >> otherwise have been advertised by RTC RR to PE and accepted by the PE
> for
> >> processing and added to the VRF RIB being overloaded.
> >>
> >>
> >> Kind Regards
> >>
> >> Gyan
> >>
> >> On Thu, Feb 25, 2021 at 6:21 PM Aijun Wang <wangaj3@chinatelecom.cn>
> >> wrote:
> >>
> >>> Hi, Jeff:
> >>> Thanks for your suggestions!
> >>> I think combine RTC and RD-ORF information can accomplish the fine
> >>> control for the upstream propagation of unwanted VPN routes.
> >>> We will also try to find other ways to achieve the same effect.
> >>>
> >>> Aijun Wang
> >>> China Telecom
> >>>
> >>>> On Feb 25, 2021, at 22:01, Jeffrey Haas <jhaas@pfrc.org> wrote:
> >>>>
> >>>> Aijun,
> >>>>
> >>>> On Thu, Feb 25, 2021 at 12:07:49PM +0800, Aijun Wang wrote:
> >>>>>> In the prior discussions, it was clear that remediation was trying
> to
> >>> be
> >>>>>> done on a per-RD basis.  The text in this draft seems to be a larger
> >>> scope
> >>>>>> than that; perhaps per VPN (and thus route-target?).  Is that your
> >>>>>> intention?
> >>>>> [WAJ] Yes. We are considering to add RT information to the current
> >>> RD-ORF
> >>>>> semantic, to identify/control the "excessive routes" in more granular
>
>

v2.23.0 | Report a Bug | By Email