Re: [Lsr] Thoughts about PUAs - are we not over-engineering?

["Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com>]

wrt partitioned area’s and UPA’s. The wang PUA draft has an interesting proposal for assuring that even with UPAs and partitioned area’s non-conflicting information exist.
The solution proposal does come at cost of increased ISIS churn. This could be an acceptable cost, especially considering that UPAs will only appear by exception and even more rare in combination with area partitioning.

Lets consider the following (based upon section “3.2 from draft-wang-lsr-prefix-unreachable”):

For ISIS,  R2 L1/L2 would advertise the PUA for Pt2.
R4 L1/L2 router receives the L2 PUA route for Pt2 and because it is also summarizing Pt2 from L1, it now decides to advertise a specific route to Pt2.
R2 now sees that R4 advertises a specific route for Pt2 and programs Pt2 next hop to R4. This will stop the PUA advertisement on R2 immediately.

Although this enhancement as described is in the draft-wang-lsr-prefix-unreachable draft it should work with draft-ppsenak-lsr-igp-ureach-prefix. A side effect is more churn.
This setup where R2 and R4 only see each other in L2 causes a lot of churn as a PUA needs to be advertised for Pt2 and all downstream routes of T2.
On top , R4 now advertises specific route for each of the PUA’s and a bit later R2 floods the same LSPs again but without the PUA’s.


***
     +---------------------+------+--------+-----+--------------+
     | +--+        +--+   ++-+   ++-+    +-++   + -+        +--+|
     | |S1+--------+S2+---+R1+---|R0+----+R2+---+T1+--------+T2||
     | +-++Ps1     +-++   ++-+   +--+    +-++   ++++    Pt2 +-++|
     |   |           |     |               |     ||           | |
     |   |           |     |               |     ||           | |
     |   |           |     |              L2     ||           | |
     |   |           |     |               |     ||           | |
     | +-++Ps4     +-++   ++-+           +-++   ++++     Pt4+-++|
     | |S4+--------+S3+---+R3+-----------+R4+---+T3+--------+T4||
     | +--+        +--+   ++-+           +-++   ++-+        +--+|
     |                     |               |                    |
     |                     |               |                    |
     |                     |     ISIS L2   |      ISIS L1       |
     +---------------------+---------------+--------------------+

    Inter-Area Prefix Unreachable Announcement Scenario


3.2.  Inter-Area Links Failure Scenario

   In a link failure scenario, if the link between T1/T2 and T1/T3 are
   down, R2 will not be able to reach node T2.  But as R2 and R4 do the
   summary announcement, and the summary address covers the bgp next hop
   prefix of Pt2, other nodes in area 0 area 1 will still send traffic
   to T2 bgp next hop prefix Pt2 via the border router R2, thus black
   hole sink routing the traffic.

   In such a situation, the border router R2 should notify other routers
   that it can't reach the prefix Pt2, and lets the other ABRs(R4) that
   can reach prefix Pt2 advertise one specific route to Pt2, then the
   internal routers will select R4 as the bypass router to reach prefix
   Pt2.
***

G/


-----Original Message-----
From: Peter Psenak <ppsenak@cisco.com>
Sent: Thursday, June 16, 2022 12:04 PM
To: Van De Velde, Gunter (Nokia - BE/Antwerp) <gunter.van_de_velde@nokia.com>; Gyan Mishra <hayabusagsm@gmail.com>; Voyer, Daniel <daniel.voyer=40bell.ca@dmarc.ietf.org>
Cc: draft-ppsenak-lsr-igp-ureach-prefix-announce@ietf.org; draft-wang-lsr-prefix-unreachable-annoucement <draft-wang-lsr-prefix-unreachable-annoucement@ietf.org>; lsr@ietf.org
Subject: Re: [Lsr] Thoughts about PUAs - are we not over-engineering?

Hi Gunter,

please see inline (##PP):

On 16/06/2022 10:09, Van De Velde, Gunter (Nokia - BE/Antwerp) wrote:
> Hi Gyan, Daniel, Peter, All,
>
> Thanks for sharing your insights and I agree mostly with your feedback
>
> I agree and understand that summarization is needed to reduce the size
> of the LSDB. I also agree summarization good design practice,
> especially with IPv6 and SRv6 in mind. There never has been doubt about that.
>
> I am not sure I agree that UAP/UPA is ‘optimal-design’. Maybe it is
> the best we can do, however I have a healthy worry we could be
> suffering tunnel vision and that proposed solution may not be good enough.
>
> We should not be blind and believe that advertising UPA/PUA does not
> come without a cost. The architectural PUA/UPA usage complexity cost
> may not be worth the effort (none of the integration of using a
> PUA/UPA event triggers come for free). Do we really believe that
> PUA/UPA solve all the SID reachability problems for all IGP network
> design and SR use-cases elegantly? Maybe some use-case design
> constraints and assumptions should be documented to clarify
> architecturally where PUA/UPA is most beneficial for operators? Just
> stating “outside scope of the draft” seems unfair to operators
> interested in PUA/UPAs

##PP
we are trying to solve a particular problem of remote PE going down in network where summarization is used. I believe that is stated clearly in the UPA draft.

>
> Let me give two examples where PUA/UPA benefit is unclear:
>
> (1) Multiple-ABRs
>
> I was wondering for example if a ingress router receives a PUA
> signaling that a given locator becomes unreachable, does that actually
> really signals that the SID ‘really’ is unreachable for a router?
>
> For example (simple design to illustrate the corner-case):
>
> ingressPE#1---area#1---ABR#1---area---ABR#2---area#3---egressPE#2
>
>       |                                                      |
>
>       |                                                      |
>
>       +--------area#1---ABR#3---area---ABR#4---area#3--------+
>
> What if ABR#4 would loose connectivity to egressPE#2 and ABR#2 does not?
>
> In that case ABR#4 will originate a UPA/PUA and ABR#2 does not
> originate a PUA/UPA.
>
> How is ingressPE#1 supposed to handle this situation? The only thing
> ingressPE#1 see is that suddenly there is a PUA/UPA but reachability
> may not have changed at all and remains perfectly reacheable.

##PP
we are not trying to solve the area partitioning problem with UPA.

Clearly, if you summarize on both ABRs and your area partitions, you connectivity is broken, as you have no control on which ABR the traffic will use to enter the partitioned area. If you hit the one that has no connectivity to the egress PE, your traffic will be dropped.

With UPA, at least the service traffic can be switched to an alternate egress PE, if there is one, preserving the connectivity for the service prefixes.

>
> (2) with sr-policy or SRv6 SRTE
>
> What if we have an inter-area/domain/level SRTE or sr-policy and
> suddenly there is a PUA/UPA for one of the SIDs in the sid-list of the path.
>
> will this impact the srte or sr-policy in any way? Will transit
> routers do anything with the UPA/PUA and drop packets. Will transit
> routers trigger fast-restoration?

##PP
we are not specifying any of that. If the implementation decide to use UPA on transit routers for some application, we do not prohibit it.

>
> Can PCEs/controllers use the SID for crafting paths? Will all
> SRTE/sr-policy using the locator be pruned or re-signaled?
>
> Will ingress router do something with the PUA information? Should
> PUA/UPA draft give guidelines around this?

##PP
UPA draft only describes the ISIS asignalling part, not the external application handling of the UPA. That would not be appropriate in IGP draft.

thanks,
Peter

>
> Be well,
>
> G/
>
> If there is an SRTE or sr-policy using a given SID somewhere in the
> SID list… and suddenly
>
> *From:*Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>>
> *Sent:* Thursday, June 16, 2022 6:12 AM
> *To:* Voyer, Daniel <daniel.voyer=40bell.ca@dmarc.ietf.org<mailto:daniel.voyer=40bell.ca@dmarc.ietf.org>>
> *Cc:* Van De Velde, Gunter (Nokia - BE/Antwerp)
> <gunter.van_de_velde@nokia.com<mailto:gunter.van_de_velde@nokia.com>>;
> draft-ppsenak-lsr-igp-ureach-prefix-announce@ietf.org<mailto:draft-ppsenak-lsr-igp-ureach-prefix-announce@ietf.org>;
> draft-wang-lsr-prefix-unreachable-annoucement
> <draft-wang-lsr-prefix-unreachable-annoucement@ietf.org<mailto:draft-wang-lsr-prefix-unreachable-annoucement@ietf.org>>; lsr@ietf.org<mailto:lsr@ietf.org>
> *Subject:* Re: [Lsr] Thoughts about PUAs - are we not over-engineering?
>
> Summarization has always been a best practice for network scalability
> thereby reducing the size of the RIB and LSDB.
>
> So in this case as Dan pointed out,  the summary route is an
> abstraction of the area and so if a component prefix of the summary
> became unreachable we need a way to signal that the PE next hop is no
> longer reachable to help optimize convergence.
>
> We are just trying to make summarization work better then it does
> today so we don’t have to rely on domain wide flooding of host routes.
>
> Thanks
>
> Gyan
>
> On Wed, Jun 15, 2022 at 4:42 PM Voyer, Daniel
> <daniel.voyer=40bell.ca@dmarc.ietf.org
> <mailto:40bell.ca@dmarc.ietf.org>> wrote:
>
>     Hi Gunter,
>
>     Thanks for your comments,
>
>     The idea, here, with summarization is to "reduce" the LSDB quite a
>     lots and make a given backbone much more scalable / flexible and
>     allow to simplify NNI's within that given backbones considerably.
>     Summarization is "needed" for better scale and, in the context of
>     IPv6, will help in preventing blowing up the IGP.  With the size of
>     an IPv6 prefix range (ex. /64) allocated per domain - summarization
>     will help to contain the LSDB to that domain.
>
>     What we are "highlighting" in
>     draft-ppsenak-lsr-igp-ureach-prefix-announce-00, is an easy way to
>     overcome the fact that PEs are hidden behind a summary route and
>     need a fast way to notify other PEs when they become unreachable.
>
>     I don't see "over-engineering" here, I see "optimal-engineering"
>     instead.
>
>     Thanks
>     Dan
>
>     On 2022-06-14, 4:59 AM, "Van De Velde, Gunter (Nokia - BE/Antwerp)"
>     <gunter.van_de_velde@nokia.com
>     <mailto:gunter.van_de_velde@nokia.com>> wrote:
>
>          Hi All,
>
>          When reading both proposals about PUA's:
>          * draft-ppsenak-lsr-igp-ureach-prefix-announce-00
>          * draft-wang-lsr-prefix-unreachable-annoucement-09
>
>          The identified problem space seems a correct observation, and
>     indeed summaries hide remote area network instabilities. It is one
>     of the perceived benefits of using summaries. The place in the
>     network where this hiding takes the most impact upon convergence is
>     at service nodes (PE's for L3/L2/transport) where due to the
>     summarization its difficult to detect that the transport tunnel
>     end-point suddenly becomes unreachable. My concern however is if it
>     really is a problem that is worthy for LSR WG to solve.
>
>          To me the "draft
>     draft-wang-lsr-prefix-unreachable-annoucement-09" is not a preferred
>     solution due to the expectation that all nodes in an area must be
>     upgraded to support the IGP capability. From this operational
>     perspective the draft
>     "draft-ppsenak-lsr-igp-ureach-prefix-announce-00" is more elegant,
>     as only the A(S)BR's and particular PEs must be upgraded to support
>     PUA's. I do have concerns about the number of PUA advertisements in
>     hierarchically summarized networks (/24 (site) -> /20 (region) ->
>     /16 (core)). More specific, in the /16 backbone area, how many of
>     these PUAs will be floating around creating LSP LSDB update churns?
>     How to control the potentially exponential number of observed PUAs
>     from floating everywhere? (will this lead to OSPF type NSSA areas
>     where areas will be purged from these PUAs for scaling stability?)
>
>          Long story short, should we not take a step back and re-think
>     this identified problem space? Is the proposed solution space not
>     more evil as the problem space? We do summarization because it
>     brings stability and reduce the number of link state updates within
>     an area. And now with PUA we re-introduce additional link state
>     updates (PUAs), we blow up the LSDB with information opaque to SPF
>     best-path calculation. In addition there is suggestion of new
>     state-machinery to track the igp reachability of 'protected'
>     prefixes and there is maybe desire to contain or filter updates
>     cross inter-area boundaries. And finally, how will we represent and
>     track PUA in the RTM?
>
>          What is wrong with simply not doing summaries and forget about
>     these PUAs to pinch holes in the summary prefixes? this worked very
>     well during last two decennia. Are we not over-engineering with PUAs?
>
>          G/
>
>     ------------------------------------------------------------------------------
>          External Email: Please use caution when opening links and
>     attachments / Courriel externe: Soyez prudent avec les liens et
>     documents joints
>
>
>     _______________________________________________
>     Lsr mailing list
>     Lsr@ietf.org<mailto:Lsr@ietf.org> <mailto:Lsr@ietf.org>
>     https://www.ietf.org/mailman/listinfo/lsr
>     <https://www.ietf.org/mailman/listinfo/lsr>
>
> --
>
> <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> /Network Solutions Architect /
>
> /Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com> <mailto:gyan.s.mishra@verizon.com>/
>
> /M 301 502-1347/
>