Re: [Isis-wg] draft-ietf-isis-auto-conf

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Sun, 26 March 2017 02:10 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A044A1294AF; Sat, 25 Mar 2017 19:10:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ju8cCcjZN8s8; Sat, 25 Mar 2017 19:10:51 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08E51126D73; Sat, 25 Mar 2017 19:10:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=34158; q=dns/txt; s=iport; t=1490494251; x=1491703851; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=lzdzDAuUL/UMOuTHB2Kq/NCiUuC9O+zsHEc7wwfxxA0=; b=TqhWBG2tV1Y8vpKV2tz9183hyGmcTJAJAzudAEMQk7j0t+xgCEG6JWUI xurNZ2++ccZfzPZjrlO8JsnZorwW+9JvF+OEh0P47kL0DsD9vSkhvIB7Z yu1I/GLKS24UqmtEXHg7tHndcHyffiSSURRAcwQiDZrjNhaXhZ2YHZ4p2 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DLAQDJItdY/4sNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm47K2GBCweDW4oPkU2IF400gg6GIgIagw8/GAECAQEBAQEBAWs?= =?us-ascii?q?ohRUBAQEBAyMKWAQCAQYCEQQBASEHAwICAh8RFAkIAgQBEgiJZwMVjRudW4Imh?= =?us-ascii?q?yYNgwcBAQEBAQEBAQEBAQEBAQEBAQEBAQEdhk6DZoEJglGCGh+CUIJfBYkWiBe?= =?us-ascii?q?EX4YVOgGOFYQtkTqKbYh3AR84WCxZFUGEWB2BY3WHXQeBKYENAQEB?=
X-IronPort-AV: E=Sophos;i="5.36,223,1486425600"; d="scan'208,217";a="403016110"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Mar 2017 02:10:26 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id v2Q2APek013611 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 26 Mar 2017 02:10:25 GMT
Received: from xch-aln-001.cisco.com (173.36.7.11) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sat, 25 Mar 2017 21:10:24 -0500
Received: from xch-aln-001.cisco.com ([173.36.7.11]) by XCH-ALN-001.cisco.com ([173.36.7.11]) with mapi id 15.00.1210.000; Sat, 25 Mar 2017 21:10:25 -0500
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: Alexander Okonnikov <alexander.okonnikov@gmail.com>, "draft-ietf-isis-auto-conf@ietf.org" <draft-ietf-isis-auto-conf@ietf.org>, "isis-wg@ietf.org" <isis-wg@ietf.org>
Thread-Topic: draft-ietf-isis-auto-conf
Thread-Index: AQHSpJeBr/WQcNWu4EKcia+cO0QRtaGlMJjwgAEVQwCAABWKMA==
Date: Sun, 26 Mar 2017 02:10:24 +0000
Message-ID: <9a8cd2b8fe5145c3881c6e4363dc1cb7@XCH-ALN-001.cisco.com>
References: <abbd4431-aea2-a452-0623-5cb6786c9248@gmail.com> <5ca27479629540269b82a0daf1421abb@XCH-ALN-001.cisco.com> <fa19698c-a62f-4823-acee-8e2007ba963f@Spark>
In-Reply-To: <fa19698c-a62f-4823-acee-8e2007ba963f@Spark>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.32.32]
Content-Type: multipart/alternative; boundary="_000_9a8cd2b8fe5145c3881c6e4363dc1cb7XCHALN001ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/isis-wg/zFp01vAGkoxq2KMISlQLvO3T8Gw>
Subject: Re: [Isis-wg] draft-ietf-isis-auto-conf
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 02:10:53 -0000

Alexander -

From: Alexander Okonnikov [mailto:alexander.okonnikov@gmail.com]
Sent: Saturday, March 25, 2017 12:26 PM
To: draft-ietf-isis-auto-conf@ietf.org; isis-wg@ietf.org; Les Ginsberg (ginsberg)
Subject: RE: draft-ietf-isis-auto-conf

Hi Les,

My point was to make start-up procedure less disruptive, not a replacement of current one.

Let's consider two cases:

1) Two routers in the network with the same System ID, one is in start-up mode:

IS in start-up mode can establish adjacencies, but it doesn't advertise its LSP#0 (and doesn't enlist it in its CSNP) until start-up mode timer will be expired or until IS will determine that its System ID is unique. After establishing adjacencies it receives CSNPs from its neighbors. Even if it sees LSP description for its own System ID, it still requests this LSP (rather than generates its new with higher seq num). On receipt of this LSP it further analyses Fingerprint value. If it is the same as its own, then there are two cases: "bening" and "pathological" ones, as specified in draft. In this case we follow DD-LSP procedure, specified in 3.4.6. If Fingerprint value is not the same, start-up router regenerates its System ID and restarts IS-IS process. It allows us to don't make disruption by injecting LSP of start-up router into network and thus replacing LSP of another (already working) router with the same System ID.

[Les:] Under current draft, the router in startup mode (call it S) only generates LSP #0 and is forbidden from including IS Neighbors  or IP/IPv6 Reachability. Sequence # is 1.
The router NOT in startup mode (call it N) is guaranteed to have LSP #0  with at least sequence #2 since once it exited Startup mode it added neighbors/prefix reachability. This means the injection of S-00.00(Seq #1) will NOT produce any disruption since the existing LSP N-00.00(Seq # > 1) will be seen by all routers as newer.

When N-00.00(Seq # > 1)  is flooded to S, S will realize there is duplicate system-id and will restart with a new system-id.
No disruption to the network has occurred.

2) Two routers in the network with the same System ID, both are in start-up mode:

In this case, after expiring start-up mode timer, both routers are advertising their LSPs #0 into network. In this case procedure from 3.4.4 is performed (both S-bits are clear), if LSPs were advertised at almost the same time.

[Les:] There is no advantage to delaying the sending of LSP #0. In fact there is an advantage to sending it immediately since the two routers will discover more quickly that there is a duplicate.

Regarding DIS on broadcast links: it is not clear from text that pseudonode LSP could be generated (along with LSP #0) in case start-up router is to be elected as DIS. Text says that only LSP #0 (without IS Neighbors) could be generated in start-up mode. In this case election of start-up router as DIS will break forwarding between routers in its LAN. But, even if procedure for generating pseudonode LSP is used from 10589 without modifications, it also could be disruptive, in case of duplicate System IDs in the network (not in the same LAN). Keeping in mind that Ethernet links will be used with high probability, there is chance that pseudonode LSP of start-up router will replace pseudonode LSP of existing router with the same System ID (provided that latter was elected as DIS as well, and both use the same LAN ID).

[Les:] Prudent implementations – even in the absence of auto-config - delay DIS election on a LAN for a time so that they do not assume that role prematurely i.e. before they have brought up adjacencies with all the systems on the LAN.
The non-DIS systems cannot safely assume the node they have elected as DIS has actually assumed that role until they get both a LAN IIH with a non-zero LANID and a matching pseudo-node LSP. Purging of the old pseudo-node LSPs should not occur until after the new pseudo-node LSPs have been propagated.  If systems do not do these things then a DIS change will be disruptive even in the absence of duplicate system-ids. Therefore I do not see that any special behaviors are required for auto-config.

During this delay there is ample time to discover the existence of duplicate IDs.

   Les

Thank you.

Best regards, Alexander Okonnikov

On 25 марта 2017 г., 11:11 +0300, Les Ginsberg (ginsberg) <ginsberg@cisco.com<mailto:ginsberg@cisco.com>>, wrote:

Alexander -

I am not sure why you did not send your comments to the WG list as well. I have added the WG alias as this may be of interest to other folks in the WG.
Inline.


-----Original Message-----
From: Alexander Okonnikov [mailto:alexander.okonnikov@gmail.com]
Sent: Friday, March 24, 2017 5:09 AM
To: draft-ietf-isis-auto-conf@ietf.org<mailto:draft-ietf-isis-auto-conf@ietf.org>
Subject: draft-ietf-isis-auto-conf

Hi authors,


Per procedure of protocol operation in start-up mode, router generates its
LSP#0. Isn't it better to modify procedure such that start-up router will
suppress generation of its LSP#0 (and omitting its LSP entry in its CSNP), until
it will obtain full database, and will check presence of duplicate system ID. If
duplicate system ID is present in the network (LSP with the same system ID,
but S-bit clear), start-up router will perform change of its system ID. If its
system ID is unique, it is advertising its LSP#0 into network. With current
procedure there is possibility for traffic disruption, when LSP of existing
router with the same system ID will being replaced by LSP of start-up router
(the same case when two routers with the same system ID in regular IS-IS
are present in the network).
[Les:] As we have defined the S-bit(Startup) in the Fingerprint TLV and the tie-breaking rules in case of duplicate system-ids favor the router NOT in startup mode we accomplish the same thing - and also handle the possible case when two routers who come up at roughly the same time have duplicate system-ids - which would have to be handled even we followed your suggestion as eventually the new routers have to send their first LSP.


Also, the draft doesn't specify when pseudonode LSP should be generated
(in case of start-up router is on broadcast link and is chosen to be DIS). Per
current procedure, start-up router is not generating pseudonode LSP. But, in
case it is DIS from point of view of other routers on the same LAN, previous
DIS will purge its pseudonode LSP.
Each other router will calculate start-up router as a new DIS. It also could be
cause of disruption (absence of pseudonode LSP from new DIS).
Hence, proposal is to start-up router to set its LAN priority to lowest value
(0). The draft also could specify that for routers operating in non-start-up
mode, LAN priority should not be less than 1. Once start-up router has
finished its start-up mode, it could increase its LAN priority to
configured/default value.
[Les:] As per the base protocol (ISO10589) a router cannot declare itself DIS until it has at least one neighbor established on the LAN. As duplicate system-id detection via hellos prevents adjacencies from coming up in the event of a duplicate system-id, normal procedures regarding election of DIS can be safely used. Also the base protocol rules about new DIS pseudo-node LSP generation and purging of the pseudo-node LSPs generated by the old DIS can be safely used.

Clever implementers find ways to avoid the disruption associated w DIS change when a new router comes up by using "make-before-break" logic.

Les



Thank you.


BR,

Alexander