Re: [Isis-wg] Handling same SID mapped to different prefixes and vice versa cases

Pushpasis Sarkar <psarkar@juniper.net> Thu, 01 October 2015 10:54 UTC

Return-Path: <psarkar@juniper.net>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49CA31A1B7D; Thu, 1 Oct 2015 03:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C0oYu5GaCYcj; Thu, 1 Oct 2015 03:54:08 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0113.outbound.protection.outlook.com [65.55.169.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 873441A1BE7; Thu, 1 Oct 2015 03:54:07 -0700 (PDT)
Received: from CY1PR05MB1980.namprd05.prod.outlook.com (10.162.216.26) by CY1PR05MB1978.namprd05.prod.outlook.com (10.162.216.24) with Microsoft SMTP Server (TLS) id 15.1.280.20; Thu, 1 Oct 2015 10:54:04 +0000
Received: from CY1PR05MB1980.namprd05.prod.outlook.com ([10.162.216.26]) by CY1PR05MB1980.namprd05.prod.outlook.com ([10.162.216.26]) with mapi id 15.01.0280.017; Thu, 1 Oct 2015 10:54:04 +0000
From: Pushpasis Sarkar <psarkar@juniper.net>
To: Imtiyaz Mohammad <technotaz2004@gmail.com>, "isis-wg@ietf.org list" <isis-wg@ietf.org>, "spring@ietf.org" <spring@ietf.org>
Thread-Topic: [Isis-wg] Handling same SID mapped to different prefixes and vice versa cases
Thread-Index: AQHQ/Dd8ZHY2tzwKVkC3NPX2Igqk/A==
Date: Thu, 01 Oct 2015 10:54:04 +0000
Message-ID: <72EDEE92-4D49-49E0-99F7-9C6B18332A37@juniper.net>
References: <CANk4F3Ppzo2_Xkc2V_x=Q6LEWQvMUb-2_h+Xd-mwzr3WzE85bA@mail.gmail.com>
In-Reply-To: <CANk4F3Ppzo2_Xkc2V_x=Q6LEWQvMUb-2_h+Xd-mwzr3WzE85bA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/0.0.0.150911
authentication-results: spf=none (sender IP is ) smtp.mailfrom=psarkar@juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [116.197.184.12]
x-microsoft-exchange-diagnostics: 1; CY1PR05MB1978; 5:HIkT/aGQHlRhGSKNURvXvusxRxS28i/fJNuzVHmFKEYJ3Z8f1ZPZ17GP+Vx3J69ynvotA42/V65e6eDZ4ykz0WFQ4ZxSpwJhRN/o3lcOB2Kz9CTVaKdRnwqYajLRxPv5U9hw8qSAi/lDbObU7zQtAw==; 24:i2Pyj05WnsBgT3UqJ0KCkGEhyaaGDAUwM9OF+2EpOCN0S+68Fvgt3xxoSzah7Re5KE3BbDVhHYuw/RtXa6+aIXohTz8QVh4ReEULNmTvJaI=; 20:S+punZUwH4PULazVJGLiPXmjLzVtmq7pa40oJzWWvnJNNIcpyJFO14v95I3xfcLsL5O8JSVCqBGlg0PrVY/8YQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR05MB1978;
x-microsoft-antispam-prvs: <CY1PR05MB1978ACD72FFB750A198A2FA6BC4C0@CY1PR05MB1978.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(8121501046)(5005006)(3002001); SRVR:CY1PR05MB1978; BCL:0; PCL:0; RULEID:; SRVR:CY1PR05MB1978;
x-forefront-prvs: 0716E70AB6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6019001)(269900001)(189002)(52604005)(377454003)(199003)(5004730100002)(97736004)(102836002)(19617315012)(2950100001)(101416001)(64706001)(15975445007)(105586002)(77096005)(2900100001)(5001860100001)(5001960100002)(46102003)(40100003)(19580405001)(66066001)(122556002)(19580395003)(16236675004)(2501003)(33656002)(106116001)(5007970100001)(99286002)(68736005)(5008740100001)(4001540100001)(77156002)(10400500002)(107886002)(5001770100001)(62966003)(83716003)(81156007)(86362001)(106356001)(4001350100001)(82746002)(5001830100001)(50986999)(11100500001)(36756003)(5890100001)(87936001)(54356999)(92566002)(189998001)(83506001)(5002640100001)(76176999)(104396002)(256605007)(16193025007); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR05MB1978; H:CY1PR05MB1980.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_72EDEE924D4949E099F79C6B18332A37junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2015 10:54:04.4325 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR05MB1978
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/TTNmTSAseEJvOUFIqSOXx9QCI3w>
Subject: Re: [Isis-wg] Handling same SID mapped to different prefixes and vice versa cases
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2015 10:54:11 -0000

Hi imtiyaz,

Thanks for bringing this to the working groups attention. Please find some comments inline.

Thanks
-Pushpasis

From: Isis-wg on behalf of Imtiyaz Mohammad
Date: Thursday, October 1, 2015 at 12:44 PM
To: Isis-wg, "spring@ietf.org<mailto:spring@ietf.org>"
Subject: [Isis-wg] Handling same SID mapped to different prefixes and vice versa cases

Hello experts !

The draft-ietf-isis-segment-routing-extensions draft states that:


 "The 'Prefix SID' MUST
   be unique within a given IGP domain (when the L-flag is not set)."

[Pushpasis] To me it means no two router in the same IGP domain should/can originate the same Prefix Sid index. However it does not mean that two or more prefixes originated by the same node cannot share the same prefix sid index as long as another node is not originating any prefix with the same index.


Makes sense from usage point of view. What if some implementation does not enforce a configuration time check and allows such possibilities in the network wherein the following three situations arise:


(1) Same SID is received from one device and mapped to multiple prefixes.

(2) Same SID is received from two devices and mapped to multiple prefixes.

(3) Same prefix is mapped with two different SID on two different devices.


Let me go through each case with examples.


(1) Same SID is received from one device and mapped to multiple prefixes.


devA-----ISIS------devB


devB has:

     node segment 100 for 30.30.30.30/32<http://30.30.30.30/32>

     node segment 100 for 40.40.40.40/32<http://40.40.40.40/32>


It sends prefix segment subTLV for both these entries.


devA receives these subTLVs and since they have arrived from the very same device, the LFIB entries would be same calculated through 30.30.30.30/32:100<http://30.30.30.30/32:100> or 40.40.40.40/32:100<http://0.40.40.40/32:100> because your next operation and nexthops would be identical.


[Pushpasis] Totally agree. For example if there are multiple loopback addresses on a single node, a single unique node sid index can be attached to all the loopback addresses. There can be cases that the operator may need to attach separate prefix-sid-indexes with all the loopback address, and I don’t say it is possible, but the same cannot be mandatory as well. So receivers receiving multiple prefixes with the same sid index from the same node should accept it and program one route for each of the prefixes with all of them using the same next hop label.


(2) Same SID is received from two devices and mapped to multiple prefixes.


devA-----ISIS---cost10---devB

          |

          |_____cost20___devC


devB has:

     node segment 100 for 30.30.30.30/32<http://30.30.30.30/32>


devC has:

     node segment 100 for 40.40.40.40/32<http://40.40.40.40/32>


This cause would clearly not work as devA would need to know SID 100 represents devB or devC. So, on receipt on such subTLV entries, we would syslog an error.

[Pushpasis] Totally agree.


(3) Same prefix is mapped with two different SID on two different devices.


devA-----ISIS---cost10---devB

          |

          |_____cost20___devC


devB has:

     node segment 100 for 30.30.30.30/32<http://30.30.30.30/32>


devC has:

     node segment 200 for 30.30.30.30/32<http://30.30.30.30/32>


Even in this case, things would fall apart as the 30.30.30.30/32<http://30.30.30.30/32> fec has two paths, one of them may be the best path or there might be an ecmp but one would not know when using incoming label 100 or 200 that the packet would go to devB or devC.

[Pushpasis] Agree.


Is my understanding correct for these three scenarios ?


I am thinking that in scenario (2) and (3), on receipt of duplicate subTLV entries ( same SID different prefixes or vice versa from different systemIDs ), we should store all of them, mark one of them as 'active' based on same criteria such highest systemID and use that for LFIB generation. The inactive subTLV entry would just lie there in case the active one ceases to exist for some reason later in time at which point, the inactive one could be made active and used for LFIB generation.


Comments / Opinions ?



--
Imtiyaz