Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05

"Les Ginsberg (ginsberg)" <> Sun, 30 April 2017 19:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A9249129510; Sun, 30 Apr 2017 12:59:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.512
X-Spam-Status: No, score=-14.512 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hqRMmLsUN1HR; Sun, 30 Apr 2017 12:59:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E599B1293F4; Sun, 30 Apr 2017 12:57:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=102180; q=dns/txt; s=iport; t=1493582250; x=1494791850; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=oZq1WpoheelzXqkMUolVN8WRyJBcj0RLw/6b7M+0uo8=; b=h55+pnGOY8Hv2uDfDEpOvS/fWV4nE/j7DC17H/MYyw4jkSLqRx/E+FUG jbjsniakuYQV2ugzPI7NFmyis6IrleGpwLFdzad3P4yPKjQ6MfUW2huQm NOi4JiS9LNW05dZ1999gkmjd/3xyAnhbRM1tkTlNR1+pAUuLeVjDXGjYL M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.37,396,1488844800"; d="scan'208,217";a="237808584"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Apr 2017 19:57:29 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id v3UJvTiN014926 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 30 Apr 2017 19:57:29 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sun, 30 Apr 2017 14:57:28 -0500
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Sun, 30 Apr 2017 14:57:28 -0500
From: "Les Ginsberg (ginsberg)" <>
To: Alexander Okonnikov <>, "Naiming Shen (naiming)" <>
CC: "" <>, "" <>
Thread-Topic: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05
Thread-Index: AdK+JxQJA15q8GGGTXq4r5Ic9IlvxQA+vzUAAAc4QdAAJDaMgAAAFvKAAApQidD//759gIAAUixQ//+z8wCAAAD1gIAABv8AgAACd4D//EXsQIAH5H4AgAAVPvA=
Date: Sun, 30 Apr 2017 19:57:28 +0000
Message-ID: <>
References: <> <> <> <> <> <> <0901fd7b-eb58-42ad-897d-449460960b84@Spark> <> <a222fa05-91e3-4146-a856-7af469239711@Spark> <> <ed29f02f-b8bb-4f1a-a04c-ca7ff4ab4821@Spark> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_da58409675094b50a4d0808c9d0030c3XCHALN001ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 30 Apr 2017 19:59:40 -0000

Alex –

I agree with you – however the language in the draft is not nearly as specific as what you describe below.
If the draft is to promote use of reverse-metric to address IGP-LDP sync issues on a LAN it needs to include much of the language you suggest.


From: Alexander Okonnikov []
Sent: Sunday, April 30, 2017 9:10 AM
To: Les Ginsberg (ginsberg); Naiming Shen (naiming)
Subject: Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05

Hi Les,

I think that this is alternative to RFC 6138 and complement to RFC 5443. Per my understanding, it is supposed that only startup router is responsible for advertising Reverse metric. It also applies procedure from RFC 5443 (i.e. increases its forward metric). According to that, all other routers on the LAN will have high metric towards startup router. Startup router also has high metric towards LAN (per RFC 5443). At the same time routers on the LAN, except startup router, can use this LAN for transit traffic. I expect that other routers will not apply RFC 5443 on this LAN and will not advertise Reverse metric when new node appears on the LAN, unless for startup of their own interface to this LAN. To make this procedure reliable, other router can monitor metric over LAN towards startup router, and if it equals to 2^24-2 (assumed that Reverse metric value will be 2^24-2 for this application), they don't apply procedure from RFC 5443. Otherwise they fallback to RFC 5443 (DIS is not compatible to the draft and ignores Reverse metric). Once startup router has received EoL over all LDP sessions over LAN (or their synchronization timeouts have been expired), it could revert its forward metric back to configured one. Once it have sent EoL over all LDP sessions over LAN, it ceases advertisement of its Reverse metric.

Nevertheless, let's wait Naiming's clarifications on this.

Thank you.

30.04.2017 17:37, Les Ginsberg (ginsberg) пишет:
Naiming/Alex –

Regarding Appendix C, I think you have to be careful here.

If a LAN is operational with three nodes (A, B, C) – all LDP sessions established, then a new node (D) is introduced to the LAN, what should one do?

As RFC 5443 states (Section 3):

“On broadcast links with more than one IGP/LDP peer, the cost-out
   procedure can only be applied to the link as a whole and not to an
   individual peer.  So a policy decision has to be made whether the
   unavailability of LDP service to one peer should result in the
   traffic being diverted away from all the peers on the link.”

If you are going to position reverse-metric as an alternative/enhancement to RFC 5443 I think you need to discuss this is more detail.

For myself, I can see that reverse-metric would be useful in a node startup case where the new node would steer traffic away from the LAN when the nexthop was itself – but I would be reluctant to use it after startup when some other node comes up.

I also think a non-normative reference to RFC 5443 would be in order.


From: Naiming Shen (naiming)
Sent: Thursday, April 27, 2017 5:33 PM
To: Alexander Okonnikov
Cc: Les Ginsberg (ginsberg);<>;<>
Subject: Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05

Hi Alex,

Sure. Will do. thanks.

- Naiming

On Apr 27, 2017, at 5:24 PM, Alexander Okonnikov <<>> wrote:


One more comment about Appendix C of the draft. Description looks like this use case is applicable only for LDP session between DIS and non-DIS with Reverse metric. What about LDP sessions between pairs of any routers on the LAN? I.e. may be it would be better to replace 'LDP adjacency to the DIS' by 'LDP adjacencies to other routers on the LAN', and 'completion of transmission of End-of-LIB towards DIS' by 'completion of transmission of End-of-LIB on all LDP sessions with routers on the LAN'.

Thank you.

28 апр. 2017 г., 2:59 +0300, Naiming Shen (naiming) <<>>, писал:

Hi Alex,

Will add this ‘Two-way connectivity check’ requirement to emphysize the point
in that section.

- Naiming

On Apr 27, 2017, at 4:55 PM, Alexander Okonnikov <<>> wrote:


Exactly, and my concern about other implementations that adhere that Annex.

May be it would be good to make clarification in the draft about these specifics.

Thank you!

28 апр. 2017 г., 2:51 +0300, Les Ginsberg (ginsberg) <<>>, писал:

Alex –

I think you are referring to ISO 10589:2002 Annex C.2.4
Note that this section is non-normative and is simply describing one possible way to implement the algorithm. When  there is a question between this description and the normative portions of the specification the normative portions MUST be followed.

Note that some implementations choose to initialize the tent from their own LSPs..


From: Alexander Okonnikov []
Sent: Thursday, April 27, 2017 4:34 PM
To: Naiming Shen (naiming); Les Ginsberg (ginsberg)
Subject: Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05

Hi Les,

Yes, I agree that two-way check via LSPs is performed, thank you for correction.

The problem that I'm talking is that in step 0 neighbors are put on the TENT from adjacency database, not from LSP of the router that is running SPF. Hence, for example above, when R1 will install routes via R2, metric for those routes will be based on the metric of R1's LAN interface, and not on sum of metrics 'R1 -> pseudonode' + 'pseudonode -> R2' from LSPs.

28 апр. 2017 г., 1:41 +0300, Les Ginsberg (ginsberg) <<>>, писал:
Thanx Naiming – sounds good.


From: Naiming Shen (naiming)
Sent: Thursday, April 27, 2017 3:33 PM
To: Les Ginsberg (ginsberg)
Subject: Re: Comments on draft-ietf-isis-reverse-metric-05

and add a bit to ‘link-attribute’ bit value of the sub-TLV 19
in the codepoint registry.

- Naiming

On Apr 27, 2017, at 3:30 PM, Naiming Shen (naiming) <<>> wrote:


We’ll add more text into the section 1.2 ‘Distributed Forwarding Planes.
We’ll remove the reference to mobility in the text.

- Naiming

On Apr 26, 2017, at 9:07 PM, Les Ginsberg (ginsberg) <<>> wrote:

Naiming –

Thanx for the reply.
Inline – look for LES:

From: Naiming Shen (naiming)
Sent: Wednesday, April 26, 2017 6:47 PM
To: Les Ginsberg (ginsberg)
Subject: Re: Comments on draft-ietf-isis-reverse-metric-05


Thanks for the detailed comments. See some of my replies inline
between [NS->] [<-NS]:

On Apr 25, 2017, at 6:01 PM, Les Ginsberg (ginsberg) <<>> wrote:

Naiming/Michael/Shane -

Some comments on the draft.

Section 1.2.  Distributed Forwarding Planes

RFC 5306 (Restart Signaling) has already defined use of the SA bit in the Restart TLV to request that  a neighbor suppress advertisement of the adjacency thus preventing 2-way connectivity check from passing on that link. It is not clear to me why SA bit is not sufficient.
For that matter, the local system could simply not advertise the adjacency to the neighbor and achieve the same result. Why do we need any extension to handle the adjacency bringup case?

I have some points on this:
(1) if the linecard resets on the router, that is not a graceful restart case for IS-IS
(2) related to the comments you were with Mikael on the ‘a matter of seconds’,
      this issue is more with BGP VPN than with IS-IS routes. IS-IS routes can be
      downloaded into the line card quickly, but millions of VPN routes may take
      a while
(3) During this ‘take a while’, we still want to be the last resort of connection
      to our neighbors, instead of just blindly refuse any traffic inbound
(4) Outbound traffic direction may not have any problem, we certainly want
      to reuse the link as soon as possible.

How about we add some text to refer to those reasonings on this use-case?

[Les:] SA bit is not restricted to restart cases. This is discussed in RFC 5306. But SA bit is probably not the right mechanism here either as it is designed to delay adjacency advertisement until the full link state DB is acquired – this isn’t relevant here. Apologies for mentioning it.

But in cases where the trigger (link/adjacency up) is known to all impacted routers at the same time reverse-metric is unnecessary.

Reverse metric can be useful when you want to administratively change the state of an operational link and have it impact traffic flow in both directions. Because  there is no change to the operational state of the link all affected routers have to be notified of the administrative state change in some manner – reverse-metric makes this more convenient by requiring the administrative command to be signaled only on one node and have it immediately propagated to the other affected nodes. But it serves no purpose in cases where the operational state of the link is already being signaled to the control plane of all affected routers. it is in fact redundant in such cases as each router is already aware. If you use reverse-metric in such a case both routers will each tell the other one to do something that they are already doing.

Section 1.3 Mobility Cases

I am not clear on why both ISs in such a case would not detect the change in proximity and both do metric adjustment. What is the need for use of reverse metric in this case?

Yes, you are right if the link is point-to-point. As described in RFC 8042
“OSPF Two-Part Metric”, if the base-station is the DIS, it does not want
to set link metric for all the remote stations, and it could be only one
remote station moves away or closer.

How about we remove the point-to-point circuit in the text of this use-case?

[Les:] I am struggling to see reverse-metric as equivalent to RFC 8042. If we support RFC 8042 then we don’t need reverse-metric.
If we do not support RFC 8042, reverse-metric does not provide the same optimization as RFC 8042 as it requires multiple routers to send updates. Are you really positioning reverse-metric as an RFC 8042 alternative?
Or am I missing something?

Section 2

From the description what is being advertised in the new TLV is not a metric but a metric offset i.e. you want the receiving IS to add the advertised value to its existing configured metric. Identifying the metric field as "metric offset" would make this point more clearly.


In regards to the use of sub-TLVs, I think the only use case you have is to advertise a TE metric offset - but this could easily be done as an additional fixed field in the TLV itself. Unless you foresee other sub-TLVs I think sub-TLVs could be eliminated from the TLV definition. (I also think advertising TE metric offset is unnecessary – see additional comments on TE below)

If  you want to retain sub-TLVs for future proofing you do not need both an S flag indicating the presence of sub-TLVs and a sub-TLV length field. One or the other will suffice.

I think we were mainly for future proofing point on this. Sure, will get rid of the S flag.

Last Paragraph of Section 3.1 states:

"If the router does not understand the Reverse Metric TLV..."

I don't think this needs to be said. It is standard IS-IS behavior to silently ignore TLVs which are not understood - and if a router does not understand the new TLV it certainly would not know what it is it "should not do". :-)

The point about allowing local policy to disable processing of the Reverse Metric TLV is a good one and the security reasons for it should be emphasized.

Agreed. Wll remove this sentence.

Section 3.5

"During the period when a Reverse Metric TLV is used, IS-IS routers
   that are generating and receiving a Reverse Metric TLV MUST NOT
   change their existing IS-IS metric or Traffic Engineering parameters
   in their persistent provisioning database"

I would expect that use of Reverse Metric would often be associated with a maintenance window - in which case this is precisely the time to expect configuration changes. Because traffic has been diverted from the link this is actually the safest time to make configuration changes. Therefore I think this restriction is both unnecessary and undesirable.

Your suggested text (thread with Mikael):
"The use of Reverse Metric does not alter IS-IS metric parameters stored in a router's persistent provisioning database.”
looks good to me.

Regarding the TE related text  has highlighted that TE CSPF may not always be based on metric (IGP or TE). In which case altering the metric advertisement may not be sufficient to move TE traffic away from the link.

Sure, TE can be impacted by ‘color’, link congestion data from inband or out-band,
and many other things. Its hard to cover all the things from SND point of view.

I think a more robust strategy would be to assign a bit in the link attributes sub-TLV defined in RFC 5029 to indicate that the state of the link is "maintenance" (or "overload") and that TE traffic should avoid this. That would be more robust than altering TE metric and would also eliminate the need to use the reverse metric to alter TE metric. Please see .

Ok. But which TE traffic? You can say even if it’s ‘overloaded’ I still want to
send certain TE traffic over. When this side of the link pushes a large
offset value of reverse-metric over and the other side adds this to the
link metric and TE metric values, if the controller wants to detect this
condition (normally the network uses metric below 3000, and this
link suddenly has the value of a billion, I’ll conside the other side of
this link is ‘overloaded’.

I’m just saying I’m not sure if this is a real case. We can certainly
add that if needed.

[Les:] We agree that we do not want to try to account for every possible set of constraints. Metric is one possible constraint – but I do not see that it makes sense to treat this in a special way. If instead of modifying TE metric we advertise a link state (“maintenance” or “overload”) then TE on each router can decide for itself what adjustments it should make to all of the local tunnels independent of the set of constraints each tunnel has.


Best Regards,
- Naiming


Isis-wg mailing list<>