IETF Logo Mail Archive

Re: [Idr] update proposal to draft-ietf-idr-rfc5575bis-14

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 09 May 2019 20:53 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24A8312015F for <idr@ietfa.amsl.com>; Thu, 9 May 2019 13:53:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.49
X-Spam-Level:
X-Spam-Status: No, score=-14.49 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=WqA1N3c+; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=FO3bUB0v
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xz2iDoo1Jef6 for <idr@ietfa.amsl.com>; Thu, 9 May 2019 13:53:45 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DAC21200DE for <idr@ietf.org>; Thu, 9 May 2019 13:52:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=28946; q=dns/txt; s=iport; t=1557435179; x=1558644779; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=xzUHeLKf7OIWL2rSsl9QXAr4PgqstMHKwF1fQ5VX9Dc=; b=WqA1N3c+scy/yX6h6vuYENjj6jlr7XG9pUMuwTzUigcIIv9UEZixWX7d 3TyWVw1F1n0bd9OTPlua7xM6LrbaGq+ijDcx+wkHZetnrCBROHOqN2/F+ 7nO1ahvfSotQqez3MUCodr7lpwrq5/mX642XnsVN8v1NzNdOGl2RHxFGx E=;
IronPort-PHdr: 9a23:UERqphRkb4dYpyw+v7qj8uNkXdpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESUDNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOi46EcVeRndu/mqwNg5eH8OtL1A=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B8AADpkdRc/4QNJK1kGQEBAQEBAQEBAQEBAQcBAQEBAQGBZYEPLyQFJwNpVSAECyEHCoQHg0cDjn2CV36WJ4JSA1QJAQEBDAEBGAEKCgIBAYRAAheBcSM4EwEDAQEEAQECAQRtHAyFSgEBAQQBARARChMBASwLAQ8CAQgRBAEBIQcDAgICJQsUCQgBAQQBDQUIDAcHgko3gR1NAx0BAgUHoh0CgTWIX3GBL4J5AQEFgTYCg0oYgg8JgRwWhGWFTIEeF4FAPyZrRoIXNT6CVgsBAQECgUoQBh0IBgmCVBcbgiaLBIJXhE0gh2qNFwkCggmGHYQ2iBxVgTtjhWONA4sOgReBDRSEVVeEB4h6gSkCBAIEBQIOAQEFgWYhgVdwFTuCbAmCBhESgQEBAoJIg0aBToJOgnFyAYEojAWBMAGBIAEB
X-IronPort-AV: E=Sophos;i="5.60,450,1549929600"; d="scan'208,217";a="270749570"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 May 2019 20:52:58 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x49Kquqc000379 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 9 May 2019 20:52:57 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 9 May 2019 15:52:56 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 9 May 2019 15:52:55 -0500
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 9 May 2019 15:52:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xzUHeLKf7OIWL2rSsl9QXAr4PgqstMHKwF1fQ5VX9Dc=; b=FO3bUB0vDUnsKMnS78M9IL80/Jncyvt4ZduwnUlBD1A5vWb4pESwzIQ/nYqLi5Lc7xcNLjV5R3fKM3tu5A7YbXXORmpFxm4gBdmLcWdXy+iJxcFOSXbouZWX3PCLJ1TKFbtbCZt9b733IcMemJC9qGQ5DoSLa3IvPMovY4+6ufk=
Received: from BYAPR11MB3751.namprd11.prod.outlook.com (20.178.238.144) by BYAPR11MB3384.namprd11.prod.outlook.com (20.177.186.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.12; Thu, 9 May 2019 20:52:54 +0000
Received: from BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::98d7:3ca9:426f:e81e]) by BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::98d7:3ca9:426f:e81e%5]) with mapi id 15.20.1878.022; Thu, 9 May 2019 20:52:54 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Robert Raszuk <robert@raszuk.net>, ERCIN TORUN <ercin.torun@turkcell.com.tr>
CC: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] update proposal to draft-ietf-idr-rfc5575bis-14
Thread-Index: AdUGXHTzplGDl0iZSU++Kkdbu+geogAKRhyAAAih27A=
Date: Thu, 09 May 2019 20:52:53 +0000
Message-ID: <BYAPR11MB3751AD010F84D24B84591A32C0330@BYAPR11MB3751.namprd11.prod.outlook.com>
References: <d0255cf9976644d7a29b11f2fc68fa98@turkcell.com.tr> <CAOj+MMEeAW+cp3+nbo1UvZvg=zhmoYuRAooLpoCwUtM=c3qYew@mail.gmail.com>
In-Reply-To: <CAOj+MMEeAW+cp3+nbo1UvZvg=zhmoYuRAooLpoCwUtM=c3qYew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com;
x-originating-ip: [128.107.241.186]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2f004a59-4a1e-428c-6cfa-08d6d4c04ed5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR11MB3384;
x-ms-traffictypediagnostic: BYAPR11MB3384:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <BYAPR11MB3384E36C66F5CCFF7C2B8499C0330@BYAPR11MB3384.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 003245E729
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(136003)(366004)(346002)(396003)(189003)(199004)(53754006)(76176011)(186003)(5660300002)(102836004)(7696005)(2906002)(66066001)(3846002)(6116002)(790700001)(26005)(7110500001)(446003)(55016002)(8936002)(6506007)(99286004)(53546011)(8676002)(11346002)(14444005)(25786009)(486006)(229853002)(561944003)(66574012)(236005)(6246003)(53936002)(54896002)(9686003)(6306002)(476003)(4326008)(53376002)(256004)(74316002)(7736002)(14454004)(733005)(966005)(478600001)(33656002)(19627235002)(86362001)(66446008)(64756008)(555904003)(76116006)(66476007)(71200400001)(606006)(316002)(71190400001)(68736007)(52536014)(2420400007)(15650500001)(81166006)(81156014)(73956011)(6436002)(66556008)(110136005)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3384; H:BYAPR11MB3751.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: jwSzJ36oaq5cqpVT46GAE4aFzawaAGELo1UMQARZ4sQ2TJHgCSpzbaFJMzZYrNNTeR8o1qKuf48hBjFOeEtD4v3aLprth28YXxxz6u30njEaugvpJdsqXRQPqOHMXthEJvKLHOnHMr+Wg7NpIuZP26OqPtcR+x1BZoNJhcyn8NrboACPHJIbbVMZoUvFMjfQKIqIvlFhNhYvIf8VLSwYmnETNaJt8PoN07Xg6JcljSohrx9fVJefmBbw6LP99ADpGvq0MiKTo7OUyRpVM9BrIG/RkY9FdGdhb2PewH/aluU9uJrMTuwDIqn1+2Z2/C5RxuhAS3xxRPo3uUuJJjR2Xm6HlzzNkIQPE1ueud8qYTLMipL0DnN9EbQJiW446ESQuFdlvzACoI4wlAglurlqthM5qQIEoEZz62MEu3MU1HU=
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB3751AD010F84D24B84591A32C0330BYAPR11MB3751namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f004a59-4a1e-428c-6cfa-08d6d4c04ed5
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2019 20:52:53.8914 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3384
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/wE-N-JsLNRNMMpv7plXinRDgD14>
Subject: Re: [Idr] update proposal to draft-ietf-idr-rfc5575bis-14
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 20:53:51 -0000

Robert,

Section 8 applies to VPNv4 flow spec.

I see two differences in Ercin's proposal.
First, it is for IP Flow Spec, rather than for VPN
Second, the IPv4 address in the RT matches with the router-id.
This avoids the requirement to allocate and manage another identifier to match the RT.
that is an operational advantage.

I support Ercin's proposal.

Regards,
Jakob.

From: Idr <idr-bounces@ietf.org> On Behalf Of Robert Raszuk
Sent: Thursday, May 9, 2019 9:38 AM
To: ERCIN TORUN <ercin.torun@turkcell.com.tr>
Cc: idr@ietf.org
Subject: Re: [Idr] update proposal to draft-ietf-idr-rfc5575bis-14

Hi Ercin,

What you are asking/proposing has been standardized in the original RFC5575 already many years ago.

Please see section 8 specifically this paragraph:


   Propagation of this NLRI is controlled by matching Route Target

   extended communities associated with the BGP path advertisement with

   the VRF import policy, using the same mechanism as described in "BGP/

   MPLS IP VPNs" [RFC4364<https://tools.ietf.org/html/rfc4364>] ..

Thx,
Robert.


On Thu, May 9, 2019 at 2:04 PM ERCIN TORUN <ercin.torun@turkcell.com.tr<mailto:ercin.torun@turkcell.com.tr>> wrote:
Hello All,

My name is Ercin TORUN<https://tr.linkedin.com/in/ercintorun> and I’m working in Turkcell Turkey (35M-mobile/2M-fixed customer, +digital services) as an IP/MPLS Network Planning Engineer.  I would like to propose an update to draft-ietf-idr-rfc5575bis-14<https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-14>.

By default all flowspec entries (filters..) are applied to all routers, and unnecessary application of many filters can easily owerwhelm the capacity of routers resources (e.g. TCAM). We are pushing layer3 to the edges with solutions like seamless-mpls or leaf-spine next-generation DC topologies which widens the layer3 domain easily over thousands of devices. It is best to filter “dirty” traffic where it first enters a network. There are ways to accept BGP announcements only on the targeted router, like defining a community for each router and configuring policies, but an automated way would be much more easier and less error-prone. Our idea is using a route-taget to match with BGP Identifier so that only the targeted router might accept the announcement.

All in all, I propose to add below text to draft-ietf-idr-rfc5575bis-14<https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-14>

“   In a common use case, it is necessary to apply a filter to one or a few
   routers and to apply many different filters to many different routers.
   By default, all filters are applied to all routers. In this use case,
   the unnecessary application of the many filters can easily overwhelm
   the capacity of the routers. To simplify this use case,
   route-targets may be used to apply the filters to only the needed routers:

   If one or more IPv4-Address-Specific route-targets are present, then
   the IPv4 address of at least one route-
   target MUST match one of the BGP Identifiers of the receiver in order
   for the update to be accepted.
“

Regards
Erçin TORUN


[http://www.turkcell.com.tr/downloads/bireysel/img/Tcelldis.gif]<http://turkcell.li/iyaani>

Bu elektronik posta ve onunla iletilen butun dosyalar sadece gondericisi tarafindan almasi amaclanan yetkili gercek ya da tuzel kisinin kullanimi icindir. Eger soz konusu yetkili alici degilseniz bu elektronik postanin icerigini aciklamaniz, kopyalamaniz, yonlendirmeniz ve kullanmaniz kesinlikle yasaktir ve bu elektronik postayi derhal silmeniz gerekmektedir.

TURKCELL bu mesajin icerdigi bilgilerin doğruluğu veya eksiksiz oldugu konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne sekilde olursa olsun iceriginden, iletilmesinden, alinmasindan ve saklanmasindan sorumlu degildir. Bu mesajdaki gorusler yalnizca gonderen kisiye aittir ve TURKCELLin goruslerini yansitmayabilir

Bu e-posta bilinen butun bilgisayar viruslerine karsi taranmistir.

________________________________

This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted.

TURKCELL makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TURKCELL..

This e-mail has been scanned for all known computer viruses.
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email