Re: [Lsr] https://tools.ietf.org/html/draft-wang-lsr-prefix-unreachable-annoucement-05

Gyan Mishra <hayabusagsm@gmail.com> Thu, 11 March 2021 18:26 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 345B53A0C0D; Thu, 11 Mar 2021 10:26:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aZMTvBliVyXV; Thu, 11 Mar 2021 10:26:05 -0800 (PST)
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97A5F3A0C06; Thu, 11 Mar 2021 10:26:05 -0800 (PST)
Received: by mail-pg1-x534.google.com with SMTP id x29so14213625pgk.6; Thu, 11 Mar 2021 10:26:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=D+cxq7639U0iq4QlF/WoPK4DXavGC3qy2kzERPOP/0E=; b=ZZuOEotBJgkv8oZ++mWrY+DO1NYJp1gjhFUNiSp+isVVswcEUotRJ79MVVahN3mS5P cy3k0Z6griXGmjH4fp3xX0txR8vyZBH1Hfb65BGHHds2Mtv23uA7tgEXwd2AbN9HHBmk Jl3z3uoGFm0b+/2pazPJ75yYuwv+1Fj9eSbpPO/e0T6bSbsi/R6hFXeG8wXbtr+NRGo6 Bpquuyn8w54NRuL6nyr5qvbihWd6nnErcqB/0540d6escmhJ5VjLThscCzn/bxrmP18S R8Jp6Yo2aH34tiA6TtsipIdlHJvZhCEHh9p9gsCdRic2UHP1OpvlV8bZg+9iLlETyDyp dTwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=D+cxq7639U0iq4QlF/WoPK4DXavGC3qy2kzERPOP/0E=; b=uNknd6/S6o/Csm9+ckH31D6yfVaG6Bp+NcemueW2xxBY3Fy5QnLNO4c4yqgDqkrt0r 0uR6pEmoRt0vDp1uIHljkWSuQs/v15IUNA82HcW9RCFJcvaWCDoLpn0CEdd2WGel3Hr/ HJJdDf9taR90PM+rr1o/52h+gjYh0zC3gS4nwt4hk6b4VH8qas9/1xeUjZXHN0WM+VU8 FqLoG7mV1gZ0/fUCufxhPwDeE/I9T0M/miL5/JJakID6CIEFYsYWvRZ9SEFfamwVhRBE ikAJ1G6e1Gv98q4DostuZ9x9JRDbW1O8a6DbYPyue8l98IfdZLMFBDOkrpyOJjLZv4en aN3w==
X-Gm-Message-State: AOAM530BC1u+PLp+jwrEPR/ar9cyxsaejiP/OqTrPFqRv5Vogp5Qfuvd pDHaKyI+Ryu3bky48nEpHlgw554b+sI1FiCH9Zg=
X-Google-Smtp-Source: ABdhPJxo5eJwMn3cBUrmJgP602lbTJwBcZRrQ3N0AYnG05hnAaLRRPQJKmve5NagM5K2NUyfmTny7eVZjVU/BOXNlQM=
X-Received: by 2002:a05:6a00:168d:b029:1ba:d500:1209 with SMTP id k13-20020a056a00168db02901bad5001209mr8983779pfc.4.1615487163400; Thu, 11 Mar 2021 10:26:03 -0800 (PST)
MIME-Version: 1.0
References: <CABNhwV2=HTRYG5PTgiGYanm8LeT1HYcrPKQ4R4TQHZ-GO9ecJQ@mail.gmail.com> <439DD1F9-9924-405F-9FBD-6704D85B05D6@cisco.com> <CABNhwV3ky4nbYxo7qLowu0GyHpSYRKWdTQ3y-uQpvU-p0bskww@mail.gmail.com> <0E39A8D4-547D-482C-BD01-4A8CDE48324A@cisco.com>
In-Reply-To: <0E39A8D4-547D-482C-BD01-4A8CDE48324A@cisco.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Thu, 11 Mar 2021 11:29:59 -0500
Message-ID: <CABNhwV0FhouRWmNKn4xjf=Hz7D0gP=px41506_1+JKmHKKz_xA@mail.gmail.com>
To: "Acee Lindem (acee)" <acee@cisco.com>
Cc: Aijun Wang <wangaj3@chinatelecom.cn>, draft-wang-lsr-prefix-unreachable-annoucement <draft-wang-lsr-prefix-unreachable-annoucement@ietf.org>, lsr <lsr@ietf.org>
Content-Type: multipart/related; boundary="00000000000084069105bd46ea62"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/qfNDdDwtBnmnugdo4qmhEfgwvzc>
Subject: Re: [Lsr] https://tools.ietf.org/html/draft-wang-lsr-prefix-unreachable-annoucement-05
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 18:26:09 -0000

Hi Acee

Thank you for your comments.

Answers in-line.

Thank you

Gyan

On Thu, Mar 11, 2021 at 11:01 AM Acee Lindem (acee) <acee@cisco.com> wrote:

> Hi Gyan,
>
>
>
> I guess you didn’t understand my first PUA question. See inline.
>
>
>
> *From: *Gyan Mishra <hayabusagsm@gmail.com>
> *Date: *Monday, March 8, 2021 at 8:11 PM
> *To: *Acee Lindem <acee@cisco.com>
> *Cc: *Aijun Wang <wangaj3@chinatelecom.cn>cn>,
> draft-wang-lsr-prefix-unreachable-annoucement <
> draft-wang-lsr-prefix-unreachable-annoucement@ietf.org>gt;, lsr <lsr@ietf.org
> >
> *Subject: *Re:
> https://tools.ietf.org/html/draft-wang-lsr-prefix-unreachable-annoucement-05
>
>
>
>
>
>
>
> On Mon, Mar 8, 2021 at 7:37 PM Acee Lindem (acee) <acee@cisco.com> wrote:
>
> Speaking as a WG member:
>
>
>
> Hi Gyan,
>
>
>
> The first question is how do you know which prefixes within the summary
> range to protect? Are these configured? Is this half-assed best-effort
> protection where you protect prefixes within the range that you’ve
> installed recently? Just how does this work? It is clearly not specified in
> the draft.
>
>  Gyan>  All prefixes within the summary range are protected see section 4.
>
>
>
>    [RFC7794] and [I-D.ietf-lsr-ospf-prefix-originator <https://tools.ietf.org/html/draft-wang-lsr-prefix-unreachable-annoucement-05#ref-I-D.ietf-lsr-ospf-prefix-originator>] draft both define
>
>    one sub-tlv to announce the originator information of the one prefix
>
>    from a specified node.  This draft utilizes such TLV for both OSPF
>
>    and ISIS to signal the negative prefix in the perspective PUA when a
>
>    link or node goes down.
>
>
>
>    ABR detects link or node down and floods PUA negative prefix
>
>    advertisement along with the summary advertisement according to the
>
>    prefix-originator specification.  The ABR or ISIS L1-L2 border node
>
>    has the responsibility to add the prefix originator information when
>
>    it receives the Router LSA from other routers in the same area or
>
>    level.
>
>
>
> Acee> So, the ABR will only know about missing prefixes that it has recently received? What if the prefix is already missing when the ABR establishes adjacencies on the path to the PE? What if the prefix is being permanently taken out of service – then this negative advertisement will persist permanently. What if there is an unintentional advertisement in the summary range and it is withdrawn? How do you decide whether or not to protect a prefix with in the range?
>
>
>
>  Gyan>  In section 6 of the draft under implementation considerations we have a MAA (Max Address Announcement) threshold value that is configurable.
>
>     1.  If the number of unreachable prefixes is less than MAA, the ABR
>
>    should advertise the summary address and the PUA.
>
>    2.  If the number of reachable address is less than MAA, the ABR
>    should advertise the detail reachable address only.
>
>    3.  If the number of reachable prefixes and unreachable prefixes
>    exceed MAA, then advertise the summary address with MAX metric.
>
>
       If a prefix is already missing when the ABR establishes adjacency on
the path the prefix is not in the lsdb and so a PUA would not be sent for a
prefix that is unknown to the ABR.  Any traffic sent to that bgp next hop
would still be impacted as this is an adjacency forming timing issue.  We
will have investigated this issue with the authors and are thinking of
maybe a delay timer after the adjacency is formed as to when the PUA
mechanism becomes activated that we can add to the considerations section.

>
>
> When the ABR or ISIS L1-L2 border node generates the summary
>
>    advertisement based on component prefixes, the ABR will announce one
>
>    new summary LSA or LSP which includes the information about this down
>
>    prefix, with the prefix originator set to NULL.  The number of PUAs
>
>    is equivalent to the number of links down or nodes down.  The LSA or
>
>    LSP will be propagated with standard flooding procedures.
>
>
>
>    If the nodes in the area receive the PUA flood from all of its ABR
>
>    routers, they will start BGP convergence process if there exist BGP
>
>    session on this PUA prefix.  The PUA creates a forced fail over
>
>    action to initiate immediate control plane convergence switchover to
>
>    alternate egress PE.  Without the PUA forced convergence the down
>
>    prefix will yield black hole routing resulting in loss of
>
>    connectivity.
>
>
>
>    When only some of the ABRs can't reach the failure node/link, as that
>
>    described in Section 3.2 <https://tools.ietf.org/html/draft-wang-lsr-prefix-unreachable-annoucement-05#section-3.2>, the ABR th.at can reach the PUA prefix
>
>    should advertise one specific route to this PUA prefix.  The internal
>
>    routers within another area can then bypass the ABRs that can't reach
>
>    the PUA prefix, to reach the PUA prefix.
>
>
>
> The second comment is that using the prefix-originator TLV is a terrible
> choice of encoding. Note that if there is any router in the domain that
> doesn’t support the extension, you’ll actually attract traffic towards the
> ABR blackholing it.
>
>  Gyan> I will work with the authors to see if their is any alternative PUA
> process to signal and detect the failure in case prefix originator TLV is
> not supported.
>
> Acee> Note that in the case of OSPFv3, the prefix originator TLV is a
> Sub-TLV of the Inter-Area Prefix TLV advertised in the
> E-Inter-Area-Prefix-LSA. If there are any OSPFv3 routers in the domain that
> don’t support this functionality and receive traffic for the protected
> prefix, they will actually route it towards the blackhole.
>
>         Gyan>> If the OSPFv3 router does not support the prefix originator
TLV is a Sub-TLV of the Inter-Area Prefix TLV advertised in the
E-Inter-Area-Prefix-LSA then it would use the summary address advertised by
the ABR and black hole as the control plane would not converge to not use
the summary on that non supporting OSPFv3 router.  Agreed.  That support
dependency we will add to the considerations section 6.

>
>
> Further, I think your example is a bit contrived. I’d hope that an OSPF
> area with “thousands” of summarized PE addresses wouldn’t be portioned by a
> single failure as in figure 1 in the draft and your slides. I also that the
> option of a backbone tunnel between the ABRs was removed from the draft
> since it diminished the requirement for this functionality.
>
>  Gyan> This is a real world Metro access edge example as the impact is
> customers that have LSP built to the down egress PE that has not failed
> over.  In this scenario their is a Primary and Backup PE per Metro edge
> which is typical for an operator.
>
>
>
> The workaround used today is to flood all /32 next hop prefixes and not
> take advantage of summarization.  This draft makes RFC 5283 inter area FEC
> binding now viable for operators.
>
> Acee> Or add a reliable intra-area link between your ABRs. Or, as a
> backup, a tunnel through the backbone area (as was previously in the draft).
>
>         Gyan>  The issue is not redundancy.  The issue is when
summarization is used  as the component prefixes BGP next hop recursive to
the IGP are now hidden and with MPLS RFC 5283 inter area LSP use case, the
failover is broken.  It’s not just faster convergence it’s any convergence
as the traffic black hole dead ends on the ABR and cannot build the LSP to
the egress PE.  Please see the diagram below in the slide deck it details
this special use case. The LSP ends up dead ending  black hole on the ABR
once the FEC LPM goes away for the next hop when the PE has a link or node
failure.

[image: image.png]


Thanks,
> Acee
>
>
>
>
>
> Thanks,
> Acee
>
>
>
> *From: *Gyan Mishra <hayabusagsm@gmail.com>
> *Date: *Monday, March 8, 2021 at 6:57 PM
> *To: *Acee Lindem <acee@cisco.com>om>, Aijun Wang <wangaj3@chinatelecom.cn>cn>,
> draft-wang-lsr-prefix-unreachable-annoucement <
> draft-wang-lsr-prefix-unreachable-annoucement@ietf.org>gt;, lsr <lsr@ietf.org
> >
> *Subject: *
> https://tools.ietf.org/html/draft-wang-lsr-prefix-unreachable-annoucement-05
>
>
>
>
>
> Acee.
>
>
>
> Please ask the two questions you raised about the PUA draft so we can
> address your concerns.
>
>
>
> If anyone else has any other outstanding questions or concerns we would
> like to address as well and resolve.
>
>
>
> Once all questions and  concerns are satisfied we would like to ask for WG
> adoption.
>
>
>
> Kind Regards
>
>
>
> Gyan
>
> --
>
> *Error! Filename not specified.* <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions Architect *
>
>
>
> *M 301 502-1347 13101 Columbia Pike
> <https://www.google.com/maps/search/13101+Columbia+Pike?entry=gmail&source=g>
> *Silver Spring, MD
>
>
>
> --
>
> [image: Image removed by sender.] <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions Architect *
>
>
>
> *M 301 502-1347 13101 Columbia Pike  *Silver Spring, MD
>
>
>


-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *



*M 301 502-134713101 Columbia Pike *Silver Spring, MD