IETF Logo Mail Archive

Re: [Lsr] Thoughts about PUAs - are we not over-engineering?

Peter Psenak <ppsenak@cisco.com> Thu, 16 June 2022 10:04 UTC

Return-Path: <ppsenak@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1DBFC14F73A; Thu, 16 Jun 2022 03:04:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.228
X-Spam-Level:
X-Spam-Status: No, score=-12.228 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iSo6Ecw5_Dhe; Thu, 16 Jun 2022 03:04:07 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9994CC14F741; Thu, 16 Jun 2022 03:04:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10049; q=dns/txt; s=iport; t=1655373847; x=1656583447; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=4ZeJ2PApfdNsTGaWQ99h5W7qFWMfKVxXRQcszRRwBfI=; b=OBOA5QgYau7D4lFI5duYE9rmktd79ls49Rd0SM9/czGM4rPql+AZSOUT O2+9oR6yjulCr8pDFklGg5D3Evf2qY6KxJ9ufL/HIgsZhhNrq8q2M8S9H /UK1hbNBhKwS3slybaJCE4lBu3gFVcPSaNWLDjkl1J5NuquewMT6d3jm+ 0=;
X-IPAS-Result: A0ADAACT/6pilxbLJq1XAxoBAQEBAQEBAQEBAwEBAQESAQEBAQICAQEBAUCBPgIBAQEBCwGBe4EpVSwSRIROiQCIDAOLF5FogWgLAQEBDywLCwQBAYUDAoVKJjcGDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAQkbBgwFEDWFaA2GQgEBAQECAQEBIQQLAQU2CxAJAgcKBAEBAQICIwMCAiEGHwkIBgEMBgIBAReCClgBgmUDDSMDD5Jpmxp6fzKBAYclDWeBZYERLAGGHIQ7hB1DgUlEgRUnggJRMD6CIEIBAQKBKQESARIwCxuDD4JlBI1Ei1UmBA8DGi00EoEhcQEIBgMDBwoFMgYCDBgUBAITElMdAhIFBwocDhQcJBkMDwMSAxEBBwILEggVLAgDAgMIAwIDIwsCAxcJBwoDHQgKHBIQFAIEEx4LCAMZHywJAgQOA0MICwoDEQQDExgLFggQBAYDCS8NKAsDBQ8NAQYDBgIFBQEDIAMUAwUnBwMhBwsmDQ0EHAcdAwMFJgMCAhsHAgIDAgYXBgICbwomDQgECAQcHSQQBQIHMQUELwIeBAUGEQkCFgIGBAUCBAQWAgISCAIIJxsHFhkdGQEFXQYLCSEcCh8LBgUGFgMjcwUKPg8pNTY8LyEbCoEPFyoGIgEbApl8EVsHNi4DDi0IDwFQCyAIAkAQaAUlEJITBgctrQRFa4NYhBmVfYVoBg8ELYN1jEGGMZF6hyKOeFIggiuOPJYugXeBD3AzGggbFTuCaAlIGQ+OLA0JgQQBDoI9hRSFTEIxAgE4AgYBCgEBAwmMO4JGAQE
IronPort-Data: A9a23:fNbjzq2eiWF724uFRvbD5VZxkn2cJEfYwER7XKvMYLTBsI5bp2AGy jMaCGDUOf+IZ2SmLdsjbN+19k8FvZ+Gzt9iQQVq3Hw8FHgiRegpqji6wuYcGwvIc6UvmWo+t 512huHodZxyFjmGzvuUGuCJQUNUjclkfZKhTr+dUsxNbVU8En1510s9w7dRbrNA2LBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2yxH5OKkiyZSZdBMUdGX78tmSH I4vxJnhlo/QEoxE5tmNyt4XeWVSKlLe0JTnZnd+A8CfbhZ+SiMa6LYEb+IMLlVui2uSp4gs5 dp3ssyrcFJ8VkHMsLx1vxhwGixkeKZB4rKCeD60sNeYyAvNdH6EL/dGVR5te9ZIvLwvWicUr 5T0KxhVBvyHr/qu27+9Q+pEjcU4J86tN4Qa0p1l5WuEV6t6GsGrr6Pi5YRy8icVv+l1Ov/uP 8g2cyV3VDXqbEgaUrsQIMtuwLj37pXlSBVcs0i9pKcr7S7U1gMZ+LT3OdTJP8ODQ8oQml2C4 3rc8mr4ElQHMsaSwDGF+3ioi6rGmyX8RYkfEbC+6tZrjUGdgGsJB3U+WUGyr+X8klalVtRWK AkQ4TBrrKcqsVGxQ9D2X1igunOKvw5ZUtxWFPA84wyly6fI7UCeHGdsZjJIbt0rsIkoQi0nz ArVx9nkATgpu7S9RXeU7LzSrD6uN24SN2BqTS8NXAIP/sLqr5o2ph3KR9dnVqWyi7XdFiz23 z2Q6jY3gYIfgPkV2qG38HjBhDGtr97CSQtd2+nMdmuo9EZ4fIm/e8mu4ESd5vdbJ4HfRV6E1 JQZpySAxNoeMsqVhGufeeVTB4nxutuKCjqMmmc6SvHN6A+R03KkeIlR5hR3K0FoLtsIdFfVX aPDhe9CzMQMYybyPMebd6r0Wpt6l/GxfTjwfqmMNoImX3RnSOOQEMhTia+sM4LFzBhEfUIXY MnznSOQ4ZEyU/0P8dZOb71BuYLHPwhnrY8pebj1zg68zZ2Vb2OPRLEOPTOmN75ksfjd/1WOq 4oCbqNmLimztsWjP0E7FqZOczg3wYQTXvgaVuQOLLfYe1o6cI3fI6aKmOtJl3NZc1R9z7eUo S7Vtr5ww1vkjnqPMhSRdn1mc9vSsWVX8xoG0dgXFQ/wgRALON/3hI9GLstfVeR3pYRLkK8vJ 9FYKproPxi6Ymmek9jrRcKm99IKmdXCrV/mAhdJlxBkJsM9GVGUoYa1FuYtnQFXZheKWQIFi +XI/mvmrVArHmyO0O6+hCqT8m6M
IronPort-HdrOrdr: A9a23:Bs4oxK0RG33lkVXKjj6TBwqjBIMkLtp133Aq2lEZdPWaSL36qy ncppUmPHjP+VAssRAb6Le90ca7LE80maQFhLX5eI3SODUO21HFEGgB1+HfKlTbckWUygce79 YDT0EUMrPN5DZB7foSrDPWLz7lq+P3iJxBQozlvg5QcT0=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,304,1647302400"; d="scan'208";a="2525439"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Jun 2022 10:04:04 +0000
Received: from [10.147.24.42] ([10.147.24.42]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTP id 25GA43KG005373; Thu, 16 Jun 2022 10:04:04 GMT
Message-ID: <ae0c8954-17a9-d508-8d73-9fabb9af62d1@cisco.com>
Date: Thu, 16 Jun 2022 12:04:03 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: "Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com>, Gyan Mishra <hayabusagsm@gmail.com>, "Voyer, Daniel" <daniel.voyer=40bell.ca@dmarc.ietf.org>
Cc: "draft-ppsenak-lsr-igp-ureach-prefix-announce@ietf.org" <draft-ppsenak-lsr-igp-ureach-prefix-announce@ietf.org>, draft-wang-lsr-prefix-unreachable-annoucement <draft-wang-lsr-prefix-unreachable-annoucement@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>
References: <027146C0-7FC4-4990-B326-D766E0071957@bell.ca> <CABNhwV3pKCVRMuDeYE-MPow5_DXt9VJ4bz1kiC54oadBbmTuhQ@mail.gmail.com> <AM0PR07MB6386AB1E60D3F5EF11B453C8E0AC9@AM0PR07MB6386.eurprd07.prod.outlook.com>
From: Peter Psenak <ppsenak@cisco.com>
In-Reply-To: <AM0PR07MB6386AB1E60D3F5EF11B453C8E0AC9@AM0PR07MB6386.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Outbound-SMTP-Client: 10.147.24.42, [10.147.24.42]
X-Outbound-Node: aer-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/5tbzUd0Hv6XeM1uSrmw6Dv0Hrdk>
Subject: Re: [Lsr] Thoughts about PUAs - are we not over-engineering?
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 10:04:12 -0000

Hi Gunter,

please see inline (##PP):

On 16/06/2022 10:09, Van De Velde, Gunter (Nokia - BE/Antwerp) wrote:
> Hi Gyan, Daniel, Peter, All,
> 
> Thanks for sharing your insights and I agree mostly with your feedback
> 
> I agree and understand that summarization is needed to reduce the size 
> of the LSDB. I also agree summarization good design practice, especially 
> with IPv6 and SRv6 in mind. There never has been doubt about that.
> 
> I am not sure I agree that UAP/UPA is ‘optimal-design’. Maybe it is the 
> best we can do, however I have a healthy worry we could be suffering 
> tunnel vision and that proposed solution may not be good enough.
> 
> We should not be blind and believe that advertising UPA/PUA does not 
> come without a cost. The architectural PUA/UPA usage complexity cost may 
> not be worth the effort (none of the integration of using a PUA/UPA 
> event triggers come for free). Do we really believe that PUA/UPA solve 
> all the SID reachability problems for all IGP network design and SR 
> use-cases elegantly? Maybe some use-case design constraints and 
> assumptions should be documented to clarify architecturally where 
> PUA/UPA is most beneficial for operators? Just stating “outside scope of 
> the draft” seems unfair to operators interested in PUA/UPAs

##PP
we are trying to solve a particular problem of remote PE going down in 
network where summarization is used. I believe that is stated clearly in 
the UPA draft.

> 
> Let me give two examples where PUA/UPA benefit is unclear:
> 
> (1) Multiple-ABRs
> 
> I was wondering for example if a ingress router receives a PUA signaling 
> that a given locator becomes unreachable, does that actually really 
> signals that the SID ‘really’ is unreachable for a router?
> 
> For example (simple design to illustrate the corner-case):
> 
> ingressPE#1---area#1---ABR#1---area---ABR#2---area#3---egressPE#2
> 
>       |                                                      |
> 
>       |                                                      |
> 
>       +--------area#1---ABR#3---area---ABR#4---area#3--------+
> 
> What if ABR#4 would loose connectivity to egressPE#2 and ABR#2 does not?
> 
> In that case ABR#4 will originate a UPA/PUA and ABR#2 does not originate 
> a PUA/UPA.
> 
> How is ingressPE#1 supposed to handle this situation? The only thing 
> ingressPE#1 see is that suddenly there is a PUA/UPA but reachability may 
> not have changed at all and remains perfectly reacheable.

##PP
we are not trying to solve the area partitioning problem with UPA.

Clearly, if you summarize on both ABRs and your area partitions, you 
connectivity is broken, as you have no control on which ABR the traffic 
will use to enter the partitioned area. If you hit the one that has no 
connectivity to the egress PE, your traffic will be dropped.

With UPA, at least the service traffic can be switched to an alternate 
egress PE, if there is one, preserving the connectivity for the service 
prefixes.

> 
> (2) with sr-policy or SRv6 SRTE
> 
> What if we have an inter-area/domain/level SRTE or sr-policy and 
> suddenly there is a PUA/UPA for one of the SIDs in the sid-list of the path.
> 
> will this impact the srte or sr-policy in any way? Will transit routers 
> do anything with the UPA/PUA and drop packets. Will transit routers 
> trigger fast-restoration?

##PP
we are not specifying any of that. If the implementation decide to use 
UPA on transit routers for some application, we do not prohibit it.

> 
> Can PCEs/controllers use the SID for crafting paths? Will all 
> SRTE/sr-policy using the locator be pruned or re-signaled?
> 
> Will ingress router do something with the PUA information? Should 
> PUA/UPA draft give guidelines around this?

##PP
UPA draft only describes the ISIS asignalling part, not the external 
application handling of the UPA. That would not be appropriate in IGP draft.

thanks,
Peter

> 
> Be well,
> 
> G/
> 
> If there is an SRTE or sr-policy using a given SID somewhere in the SID 
> list… and suddenly
> 
> *From:*Gyan Mishra <hayabusagsm@gmail.com>
> *Sent:* Thursday, June 16, 2022 6:12 AM
> *To:* Voyer, Daniel <daniel.voyer=40bell.ca@dmarc.ietf.org>
> *Cc:* Van De Velde, Gunter (Nokia - BE/Antwerp) 
> <gunter.van_de_velde@nokia.com>; 
> draft-ppsenak-lsr-igp-ureach-prefix-announce@ietf.org; 
> draft-wang-lsr-prefix-unreachable-annoucement 
> <draft-wang-lsr-prefix-unreachable-annoucement@ietf.org>; lsr@ietf.org
> *Subject:* Re: [Lsr] Thoughts about PUAs - are we not over-engineering?
> 
> Summarization has always been a best practice for network scalability 
> thereby reducing the size of the RIB and LSDB.
> 
> So in this case as Dan pointed out,  the summary route is an abstraction 
> of the area and so if a component prefix of the summary became 
> unreachable we need a way to signal that the PE next hop is no longer 
> reachable to help optimize convergence.
> 
> We are just trying to make summarization work better then it does today 
> so we don’t have to rely on domain wide flooding of host routes.
> 
> Thanks
> 
> Gyan
> 
> On Wed, Jun 15, 2022 at 4:42 PM Voyer, Daniel 
> <daniel.voyer=40bell.ca@dmarc.ietf.org 
> <mailto:40bell.ca@dmarc.ietf.org>> wrote:
> 
>     Hi Gunter,
> 
>     Thanks for your comments,
> 
>     The idea, here, with summarization is to "reduce" the LSDB quite a
>     lots and make a given backbone much more scalable / flexible and
>     allow to simplify NNI's within that given backbones considerably.
>     Summarization is "needed" for better scale and, in the context of
>     IPv6, will help in preventing blowing up the IGP.  With the size of
>     an IPv6 prefix range (ex. /64) allocated per domain - summarization
>     will help to contain the LSDB to that domain.
> 
>     What we are "highlighting" in
>     draft-ppsenak-lsr-igp-ureach-prefix-announce-00, is an easy way to
>     overcome the fact that PEs are hidden behind a summary route and
>     need a fast way to notify other PEs when they become unreachable.
> 
>     I don't see "over-engineering" here, I see "optimal-engineering"
>     instead.
> 
>     Thanks
>     Dan
> 
>     On 2022-06-14, 4:59 AM, "Van De Velde, Gunter (Nokia - BE/Antwerp)"
>     <gunter.van_de_velde@nokia.com
>     <mailto:gunter.van_de_velde@nokia.com>> wrote:
> 
>          Hi All,
> 
>          When reading both proposals about PUA's:
>          * draft-ppsenak-lsr-igp-ureach-prefix-announce-00
>          * draft-wang-lsr-prefix-unreachable-annoucement-09
> 
>          The identified problem space seems a correct observation, and
>     indeed summaries hide remote area network instabilities. It is one
>     of the perceived benefits of using summaries. The place in the
>     network where this hiding takes the most impact upon convergence is
>     at service nodes (PE's for L3/L2/transport) where due to the
>     summarization its difficult to detect that the transport tunnel
>     end-point suddenly becomes unreachable. My concern however is if it
>     really is a problem that is worthy for LSR WG to solve.
> 
>          To me the "draft
>     draft-wang-lsr-prefix-unreachable-annoucement-09" is not a preferred
>     solution due to the expectation that all nodes in an area must be
>     upgraded to support the IGP capability. From this operational
>     perspective the draft
>     "draft-ppsenak-lsr-igp-ureach-prefix-announce-00" is more elegant,
>     as only the A(S)BR's and particular PEs must be upgraded to support
>     PUA's. I do have concerns about the number of PUA advertisements in
>     hierarchically summarized networks (/24 (site) -> /20 (region) ->
>     /16 (core)). More specific, in the /16 backbone area, how many of
>     these PUAs will be floating around creating LSP LSDB update churns?
>     How to control the potentially exponential number of observed PUAs
>     from floating everywhere? (will this lead to OSPF type NSSA areas
>     where areas will be purged from these PUAs for scaling stability?)
> 
>          Long story short, should we not take a step back and re-think
>     this identified problem space? Is the proposed solution space not
>     more evil as the problem space? We do summarization because it
>     brings stability and reduce the number of link state updates within
>     an area. And now with PUA we re-introduce additional link state
>     updates (PUAs), we blow up the LSDB with information opaque to SPF
>     best-path calculation. In addition there is suggestion of new
>     state-machinery to track the igp reachability of 'protected'
>     prefixes and there is maybe desire to contain or filter updates
>     cross inter-area boundaries. And finally, how will we represent and
>     track PUA in the RTM?
> 
>          What is wrong with simply not doing summaries and forget about
>     these PUAs to pinch holes in the summary prefixes? this worked very
>     well during last two decennia. Are we not over-engineering with PUAs?
> 
>          G/
>         
>     ------------------------------------------------------------------------------
>          External Email: Please use caution when opening links and
>     attachments / Courriel externe: Soyez prudent avec les liens et
>     documents joints
> 
> 
>     _______________________________________________
>     Lsr mailing list
>     Lsr@ietf.org <mailto:Lsr@ietf.org>
>     https://www.ietf.org/mailman/listinfo/lsr
>     <https://www.ietf.org/mailman/listinfo/lsr>
> 
> -- 
> 
> <http://www.verizon.com/>
> 
> *Gyan Mishra*
> 
> /Network Solutions Architect /
> 
> /Email gyan.s.mishra@verizon.com <mailto:gyan.s.mishra@verizon.com>/
> 
> /M 301 502-1347/
>

v2.23.0 | Report a Bug | By Email