[Idr] VPN black holing because of non-checking next-hop

Antonio Huete <antonio.huete@telefonica.com> Tue, 12 March 2013 22:11 UTC

Return-Path: <antonio.huete@telefonica.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id F38F311E8104 for <idr@ietfa.amsl.com>; Tue, 12 Mar 2013 15:11:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id sBFGmzTLcEZy for <idr@ietfa.amsl.com>; Tue, 12 Mar 2013 15:11:03 -0700 (PDT)
Received: from smtpar2.telefonica.com (smtpar2.telefonica.com []) by ietfa.amsl.com (Postfix) with ESMTP id 14D0B21F8D77 for <idr@ietf.org>; Tue, 12 Mar 2013 15:11:02 -0700 (PDT)
Received: from smtpar2.telefonica.com (unknown []) by IMSVA (Postfix) with ESMTP id A28C416016A for <idr@ietf.org>; Tue, 12 Mar 2013 20:13:30 -0200 (ARST)
Received: from ARCRSMSP023.latam.telefonica.corp (unknown []) by smtpar2.telefonica.com (Postfix) with ESMTP id 3244916013D for <idr@ietf.org>; Tue, 12 Mar 2013 20:13:30 -0200 (ARST)
Received: from ARCRNMSP223.latam.telefonica.corp ([]) by ARCRSMSP023.latam.telefonica.corp ([]) with mapi id 14.01.0355.002; Tue, 12 Mar 2013 19:10:57 -0300
From: Antonio Huete <antonio.huete@telefonica.com>
To: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: VPN black holing because of non-checking next-hop
Thread-Index: Ac4fbhx8HdFDdNkRT4OZDDr/A8uR1Q==
Date: Tue, 12 Mar 2013 22:10:56 +0000
Message-ID: <391EA8C7AA431041830DE3479304D61E0906E839@ARCRNMSP223.latam.telefonica.corp>
Accept-Language: es-ES, en-US
Content-Language: es-ES
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_391EA8C7AA431041830DE3479304D61E0906E839ARCRNMSP223lata_"
MIME-Version: 1.0
X-TM-AS-Product-Ver: IMSVA-
X-TM-AS-Result: No--24.365-4.5-31-10
X-imss-scan-details: No--24.365-4.5-31-10; No--24.365-5.0-31-10; No--24.365-7.0-31-10
X-TM-AS-User-Approved-Sender: No;No;No
X-TMASE-Result: 10--24.365000-5.000000
X-TMASE-MatchedRID: VbDjonkTuAN81j9Wf8dpYgDPuhU4P53Ka/fioJ9l4HizU0R+5DbDbH8J MdpwzKz4dEDqyVj171adDe9G+rkqX4T3OBUyTeledrpCZsJVIIXj5lyuq8IOQbrtDe4+j0ojMqC UTVmFLuDPnPWaRQAlImVxZV0zkIQxsK4O5i/VzFpVQgTT+PED/UGtrAxy5ENOB6d3D+KIwZC01l mLjXy41ME694Sm1MGAJkWp8xW6vdaajZkb8TuLczahjZPEodkXSwEYzljUBczvxSNLwtVQB/iOu W9Uv+JMQo31LhYNThdCSG6Jy4XpzSYw947zyArghxT8BJzgrJ0M1ogghUEDAXjQ0NqHYhIh0mgR L+cIbrle1lp5qVD4EF7fEJ4VhiWI9V+mUd/djaHdqSkE1xnhSp0JB6wB6CqmmKWeZXzVEGU2R4r UqdSXs7BkTz1Ysg0VrO6LId5oxdYi6tSZFYdkV97WbjzlfTkve77gz7lToJuAcW0+Rk61r6nyL1 DZazgUgclMfTdtajvXF9jrp/6/uJTVbblBCXFjTuRpUOBlLe/y1N5yYpkPtVADxsP3Lo16iKJu3 ChLBBCpX66kRu+SXTplVPuToxGOZyztC5un3fbXofvcw18cu0PI0IXztzRMh6b+mDkg2nI8PK8r /QaqV+/SUJ9UDJ26tF3RbBlJV01NlZ1zEcyAY0dAWPMBu8kQIWrhso05H/WIZavNxxGy/uPp9KJ VfkC/so2qWm1H1zOEPVbodiNAP3jxgHkp9duC5vUFmHFhD8agYBcCzz40YLHZcwGSmHg7fzvFL4 hqh28bGvHMviJxJ7Hc43RGXTgzLhReJTwAZKEURSScn+QSXpXxsKTUj1Z+uME6WhSqqOHm0EqN7 mnB3i6YfK3K7WcPe2vDPnADIStzaScfW7/YPLaxtPXxjDne098Ez5b++f8=
X-Mailman-Approved-At: Thu, 14 Mar 2013 10:17:44 -0700
Cc: Antonio Huete <antonio.huete@telefonica.com>, Ignacio Vazquez Tirado <ignacio.vazquez@telefonica.com>, Pablo Sesmero <pablo.sesmero.ext@telefonica.com>, Nuria Juarez Bengoa <nuria.juarez.ext@telefonica.com>
Subject: [Idr] VPN black holing because of non-checking next-hop
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 22:14:09 -0000

Dear all,

I write this e-mail for you because I knew you were working in draft http://datatracker.ietf.org/doc/draft-ietf-idr-bgp-bestpath-selection-criteria/ and the technology group I work in is very interested in these kinds of features as we consider them an important improvement when selecting next-hops that will become eligible, removing those that do not meet needed rules to become a best path.

Let me explain some historical data about our network:

-          Since 2001, the main vendor deployed in our network has been Juniper (close to 95% of routers) and the another 5% were Cisco 7600 acting as PE routers. But from last year, Cisco CRS-3 (in the core) and ASR9000 (in the edge) are being deployed, allowing this vendor to increase its presence in our network at the expense of Juniper.

-          Historically,  Juniper routers have developed mechanisms to check if next-hops are valid, and if so they become as "eligible" as a previous step to become the "best". If they are not valid they become "Unusable", but never it will be selected as a best path, in which case it could provoke a traffic blackholing.

-          Let me put a real example to illustrate how we take advantage of features like this:

o   Our company offers MPLS VPN service to our clients

o   LDP is used as transport mechanism

o   If for any reason a label is not available for this next-hop (FEC) we find out 2 different behaviors:

§  If it is a Juniper PE, it checks this next-hop is not valid and it declares it as "Unusable", using the next  option it has available  as "best" path.

§  If it is a Cisco PE (IOS or IOS-XR), no checking is done at all and if this next-hot meets conditions to become the "best" it is selected as such, causing service disruption because of traffic black-holing

I would like you to be aware of the importance this feature has for us and take into account we have always had this feature on Juniper routers, but we found it was not available in Cisco devices, which is amazing for us.

I also would like to know if you have plans to continue developing this draft.

Best Regards,

Antonio Huete | Telefónica Global Solutions
IP Technology - Network Area
Ronda de la Comunicación, s/n
Oeste 1. Pl. 3, 28050 Madrid, Spain
+34 670419485| +34 914830596



Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição