Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Thu, 27 April 2017 22:29 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0615129BF7; Thu, 27 Apr 2017 15:29:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXxaEVLgQLNH; Thu, 27 Apr 2017 15:29:37 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50053129440; Thu, 27 Apr 2017 15:26:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=84100; q=dns/txt; s=iport; t=1493332008; x=1494541608; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=B8LnyecRjkz3FN37yCyY5hXs9hKyiCOGEjbZqmtIZHg=; b=h1+KuRw/PuXt1YajFhzjkhUxBRbsXAP3gC32RcPR0Xw7hFato1jK7w7S +YArkRvu4YgDOUmAQZvZIP+sf6/43yXq777yK9qF/pdEVRdWJggKaPXnn kxe7VucXk7GnebnHE4jFTC52j/0TAWcm2Y5ob7zNkmEiUR3oBKbEZswAt A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CsAQAJbwJZ/5BdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm48K2GBDAeDYYoYkUuIIo1KggwDIQEOhXQCGoQJPxgBAgEBAQE?= =?us-ascii?q?BAQFrKIUVAQEBAQMBARgJBAZBCxACAQYCEQQBARYLAQYDAgICHwYLFAkIAgQBD?= =?us-ascii?q?QUIiX0DFQ6QQJ1hgWw6hzANg0cBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYZUgV0?= =?us-ascii?q?BgxqCU4IjDxAJgkeCXwWWUoZDOwGKSYN2hEOCC4U3iiWLGYkNAR84WTFvFUSEc?= =?us-ascii?q?QUXgWN1AYd/AYEMAQEB?=
X-IronPort-AV: E=Sophos;i="5.37,385,1488844800"; d="scan'208,217";a="415899989"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Apr 2017 22:26:46 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id v3RMQkh2016090 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 27 Apr 2017 22:26:46 GMT
Received: from xch-aln-001.cisco.com (173.36.7.11) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 27 Apr 2017 17:26:45 -0500
Received: from xch-aln-001.cisco.com ([173.36.7.11]) by XCH-ALN-001.cisco.com ([173.36.7.11]) with mapi id 15.00.1210.000; Thu, 27 Apr 2017 17:26:45 -0500
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: Alexander Okonnikov <alexander.okonnikov@gmail.com>, "Naiming Shen (naiming)" <naiming@cisco.com>
CC: "draft-ietf-isis-reverse-metric.authors@ietf.org" <draft-ietf-isis-reverse-metric.authors@ietf.org>, "isis-wg@ietf.org" <isis-wg@ietf.org>
Thread-Topic: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05
Thread-Index: AdK+JxQJA15q8GGGTXq4r5Ic9IlvxQA+vzUAAAc4QdAABvVfAAAWXjgAAAJ7YgAAA7sEgAAADUQAAAoTAIA=
Date: Thu, 27 Apr 2017 22:26:45 +0000
Message-ID: <cfcc086432dc430a868c11ab833d1569@XCH-ALN-001.cisco.com>
References: <f6c2518144e64aa8af7d66db894f9dde@XCH-ALN-001.cisco.com> <72C10D04-235B-41BA-81F3-A20D9E1A38A0@cisco.com> <1ee0be462930461fad0a7fba11e550b8@XCH-ALN-001.cisco.com> <f61bbe7b-d735-6c1d-dd13-183c919a15c2@gmail.com> <7542D91F-690B-4D76-99FF-542B26F83B2C@cisco.com> <d4922fd4-27ab-460a-8c9c-bfbf29aa8e58@Spark> <B3705765-15F9-49A2-8158-925E5774F29E@cisco.com> <f3640fe2-b511-4687-a222-0a3c442398ea@Spark>
In-Reply-To: <f3640fe2-b511-4687-a222-0a3c442398ea@Spark>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.107.151.87]
Content-Type: multipart/alternative; boundary="_000_cfcc086432dc430a868c11ab833d1569XCHALN001ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/isis-wg/MZG27a-Qqsp6fbk0joW_vUMFyQ4>
Subject: Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2017 22:29:42 -0000

Alex –

This is NOT correct – if it were SPF would be broken because nodes remote from the LAN – who do not see the hellos – would see the topology differently than the nodes connected to the LAN.

See ISO 10589:2002 Section 7.2.8.2 Two-way connectivity check

“The Decision Process shall not utilise a link between two Intermediate Systems unless both ISs report the link.”

   Les


From: Alexander Okonnikov [mailto:alexander.okonnikov@gmail.com]
Sent: Thursday, April 27, 2017 3:13 PM
To: Naiming Shen (naiming)
Cc: Les Ginsberg (ginsberg); draft-ietf-isis-reverse-metric.authors@ietf.org; isis-wg@ietf.org
Subject: Re: [Isis-wg] Comments on draft-ietf-isis-reverse-metric-05

Hi Naiming,

Two-way connectivity check is performed by virtue of LAN Hello. When both routers see each other in their LAN Hellos (3-way handshake on LAN) they conclude that adjacency has been established. No needs to analyse LSP of each other.

Thank you.

On 28 апр. 2017 г., 1:11 +0300, Naiming Shen (naiming) <naiming@cisco.com<mailto:naiming@cisco.com>>, wrote:


Hi Alexander,

Ok, got you. Although the spec also says it needs to do ‘Two-way connectivity check’ in order
to use this IS-IS system in your SPF. Even the R1 has the adjacency to the R2, but the
R2’s LSP does not show the ‘IS Neighbor’ to R1, it only has the ‘IS Neighbor’ on this LAN to
R3’s Pnode. The ’Two-way connectivity check’ fails. So in the SPF for R1 to connect to R2,
it needs to go R1< -> R3 Pnode <-> R2.

The reverse-metric from R3’s Pnode towards R2 now will be used by both R3 and R1, and
any remote nodes not on the LAN.

thanks.
- Naiming

On Apr 27, 2017, at 1:24 PM, Alexander Okonnikov <alexander.okonnikov@gmail.com<mailto:alexander.okonnikov@gmail.com>> wrote:

Hi Naiming,

I'm talking about SPF that is running on non-DIS router connected to the LAN. Let's assume that we have LAN with three routers - R1, R2, and R3. R1 is a regular non-DIS, R2 - non-DIS that advertises Reverse metric, and R3 - DIS. Now let's look at R1's SPF process (from RFC 1195 which extends SPF from ISO 10589 for handling of IP reachability). It is supposed that R1 has established adjacencies with R2 and R3. R1 (at step 0) adds R2 and R3 (R1's adjacency database) into its TENT list (each with metric equal to R1's interface metric). Then R1 analyses pseudonode LSP for adjacencies that pseudonode LSP has, but R1 doesn't. As soon as there are no such adjacencies (LAN is not split), R1 goes to step 2 (moves adjacencies from TENT to PATHS) and eventually to step 1. At this step it calculates routes to prefixes connected to R2 and R3 and then iterates SPF to step 0 (analyses R2's and R3's LSPs). As mentioned above, R2 advertises Reverse metric (in its Hello message), but it is ignored by R1. Hence R1 has routes to prefixes behind R2 with metric of link R1-R2 equal to R1's interface metric, rather than R1's interface metric + R2's Reverse metric offset.

Of course, routers that are behind the LAN, will correctly derive modified metric from pseudonode LSP of that LAN.

Thank you.

On 27 апр. 2017 г., 22:13 +0300, Naiming Shen (naiming) <naiming@cisco.com<mailto:naiming@cisco.com>>, wrote:


Hi Alexander,

What this paragraph meant is that, since the ‘reverse-metric’ TLV is inside
the IIH PDU, which has nothing to do with the SPF, and only the DIS will
respond to this IIH PDU that contains ‘reverse-metric’ TLV (to add the
offset-metric in the pseudo-node LSP). As long as the DIS changes it’s
pseudo-node LSP, all the nodes in the domain will see and run SPF
the same way. The non-DIS node sees this TLV of IIH PDU, it has no
way of processing that since they don’t generate pnode-LSPs.

We can make the text clearer on this.

thanks.
- Naiming

On Apr 27, 2017, at 1:32 AM, Alexander Okonnikov <alexander.okonnikov@gmail.com<mailto:alexander.okonnikov@gmail.com>> wrote:

Hi authors,

In the beginning of the section 3.3 you say that non-DIS routers should not take into account reverse metric. But wouldn't it break reverse metric application? Router that running SPF puts into TENT all routers from its adjacency database (not only DIS, as OSPF does). Hence, to the router that have originated Reverse Metric TLV, some non-DIS router will have two alternative paths - direct (with regular metric) and via DIS (with composite metric). As a result, it will choose direct path. Please, correct me if I am wrong.

Thank you.

27.04.2017 07:07, Les Ginsberg (ginsberg) пишет:
Naiming –

Thanx for the reply.
Inline – look for LES:

From: Naiming Shen (naiming)
Sent: Wednesday, April 26, 2017 6:47 PM
To: Les Ginsberg (ginsberg)
Cc: isis-wg@ietf.org<mailto:isis-wg@ietf.org>; draft-ietf-isis-reverse-metric.authors@ietf.org<mailto:draft-ietf-isis-reverse-metric.authors@ietf.org>
Subject: Re: Comments on draft-ietf-isis-reverse-metric-05


Les,

Thanks for the detailed comments. See some of my replies inline
between [NS->] [<-NS]:

On Apr 25, 2017, at 6:01 PM, Les Ginsberg (ginsberg) <ginsberg@cisco.com<mailto:ginsberg@cisco.com>> wrote:

Naiming/Michael/Shane -

Some comments on the draft.

Section 1.2.  Distributed Forwarding Planes

RFC 5306 (Restart Signaling) has already defined use of the SA bit in the Restart TLV to request that  a neighbor suppress advertisement of the adjacency thus preventing 2-way connectivity check from passing on that link. It is not clear to me why SA bit is not sufficient.
For that matter, the local system could simply not advertise the adjacency to the neighbor and achieve the same result. Why do we need any extension to handle the adjacency bringup case?

[NS->]
I have some points on this:
(1) if the linecard resets on the router, that is not a graceful restart case for IS-IS
(2) related to the comments you were with Mikael on the ‘a matter of seconds’,
      this issue is more with BGP VPN than with IS-IS routes. IS-IS routes can be
      downloaded into the line card quickly, but millions of VPN routes may take
      a while
(3) During this ‘take a while’, we still want to be the last resort of connection
      to our neighbors, instead of just blindly refuse any traffic inbound
(4) Outbound traffic direction may not have any problem, we certainly want
      to reuse the link as soon as possible.

How about we add some text to refer to those reasonings on this use-case?
[<-NS]

[Les:] SA bit is not restricted to restart cases. This is discussed in RFC 5306. But SA bit is probably not the right mechanism here either as it is designed to delay adjacency advertisement until the full link state DB is acquired – this isn’t relevant here. Apologies for mentioning it.

But in cases where the trigger (link/adjacency up) is known to all impacted routers at the same time reverse-metric is unnecessary.

Reverse metric can be useful when you want to administratively change the state of an operational link and have it impact traffic flow in both directions. Because  there is no change to the operational state of the link all affected routers have to be notified of the administrative state change in some manner – reverse-metric makes this more convenient by requiring the administrative command to be signaled only on one node and have it immediately propagated to the other affected nodes. But it serves no purpose in cases where the operational state of the link is already being signaled to the control plane of all affected routers. it is in fact redundant in such cases as each router is already aware. If you use reverse-metric in such a case both routers will each tell the other one to do something that they are already doing.


Section 1.3 Mobility Cases

I am not clear on why both ISs in such a case would not detect the change in proximity and both do metric adjustment. What is the need for use of reverse metric in this case?


[NS->]
Yes, you are right if the link is point-to-point. As described in RFC 8042
“OSPF Two-Part Metric”, if the base-station is the DIS, it does not want
to set link metric for all the remote stations, and it could be only one
remote station moves away or closer.

How about we remove the point-to-point circuit in the text of this use-case?
[<-NS]

[Les:] I am struggling to see reverse-metric as equivalent to RFC 8042. If we support RFC 8042 then we don’t need reverse-metric.
If we do not support RFC 8042, reverse-metric does not provide the same optimization as RFC 8042 as it requires multiple routers to send updates. Are you really positioning reverse-metric as an RFC 8042 alternative?
Or am I missing something?


Section 2

From the description what is being advertised in the new TLV is not a metric but a metric offset i.e. you want the receiving IS to add the advertised value to its existing configured metric. Identifying the metric field as "metric offset" would make this point more clearly.

[NS->]
Agreed.
[<-NS]

In regards to the use of sub-TLVs, I think the only use case you have is to advertise a TE metric offset - but this could easily be done as an additional fixed field in the TLV itself. Unless you foresee other sub-TLVs I think sub-TLVs could be eliminated from the TLV definition. (I also think advertising TE metric offset is unnecessary – see additional comments on TE below)

If  you want to retain sub-TLVs for future proofing you do not need both an S flag indicating the presence of sub-TLVs and a sub-TLV length field. One or the other will suffice.

[NS->]
I think we were mainly for future proofing point on this. Sure, will get rid of the S flag.
[<-NS]



Last Paragraph of Section 3.1 states:

"If the router does not understand the Reverse Metric TLV..."

I don't think this needs to be said. It is standard IS-IS behavior to silently ignore TLVs which are not understood - and if a router does not understand the new TLV it certainly would not know what it is it "should not do". :-)

The point about allowing local policy to disable processing of the Reverse Metric TLV is a good one and the security reasons for it should be emphasized.



[NS->]
Agreed. Wll remove this sentence.
[<-NS]

Section 3.5

"During the period when a Reverse Metric TLV is used, IS-IS routers
   that are generating and receiving a Reverse Metric TLV MUST NOT
   change their existing IS-IS metric or Traffic Engineering parameters
   in their persistent provisioning database"

I would expect that use of Reverse Metric would often be associated with a maintenance window - in which case this is precisely the time to expect configuration changes. Because traffic has been diverted from the link this is actually the safest time to make configuration changes. Therefore I think this restriction is both unnecessary and undesirable.

[NS->]
Your suggested text (thread with Mikael):
"The use of Reverse Metric does not alter IS-IS metric parameters stored in a router's persistent provisioning database.”
looks good to me.
[<-NS]


Regarding the TE related text

https://www.ietf.org/id/draft-ietf-ospf-link-overload-06.txt  has highlighted that TE CSPF may not always be based on metric (IGP or TE). In which case altering the metric advertisement may not be sufficient to move TE traffic away from the link.

[NS->]
Sure, TE can be impacted by ‘color’, link congestion data from inband or out-band,
and many other things. Its hard to cover all the things from SND point of view.
[<-NS]


I think a more robust strategy would be to assign a bit in the link attributes sub-TLV defined in RFC 5029 to indicate that the state of the link is "maintenance" (or "overload") and that TE traffic should avoid this. That would be more robust than altering TE metric and would also eliminate the need to use the reverse metric to alter TE metric. Please see https://www.iana.org/assignments/isis-tlv-codepoints/isis-tlv-codepoints.xhtml#isis-tlv-codepoints-19of22 .

[NS->]
Ok. But which TE traffic? You can say even if it’s ‘overloaded’ I still want to
send certain TE traffic over. When this side of the link pushes a large
offset value of reverse-metric over and the other side adds this to the
link metric and TE metric values, if the controller wants to detect this
condition (normally the network uses metric below 3000, and this
link suddenly has the value of a billion, I’ll conside the other side of
this link is ‘overloaded’.

I’m just saying I’m not sure if this is a real case. We can certainly
add that if needed.
[<-NS]

[Les:] We agree that we do not want to try to account for every possible set of constraints. Metric is one possible constraint – but I do not see that it makes sense to treat this in a special way. If instead of modifying TE metric we advertise a link state (“maintenance” or “overload”) then TE on each router can decide for itself what adjustments it should make to all of the local tunnels independent of the set of constraints each tunnel has.

   Les

Best Regards,
- Naiming


   Les







_______________________________________________

Isis-wg mailing list

Isis-wg@ietf.org<mailto:Isis-wg@ietf.org>

https://www.ietf.org/mailman/listinfo/isis-wg