IETF Logo Mail Archive

Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-11.txt

Alvaro Retana <aretana.ietf@gmail.com> Fri, 17 February 2023 13:00 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBF5C14CE54; Fri, 17 Feb 2023 05:00:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZjXqb8TxdAf2; Fri, 17 Feb 2023 05:00:04 -0800 (PST)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92832C14CE4D; Fri, 17 Feb 2023 05:00:04 -0800 (PST)
Received: by mail-pj1-x102b.google.com with SMTP id p15-20020a17090a2d8f00b00233ceae8407so1077202pjd.3; Fri, 17 Feb 2023 05:00:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:from:to:cc:subject:date :message-id:reply-to; bh=Hzt9/CVOGnBzU0lJFhu2wIfHmjqq7dISPt/nqtYNtWg=; b=G5TMtXePK0E5mp4ERIWJQwwuASzDKGBvF7B263FCaBF2L0bYpEGIClRETlg2GnV8Bc fjcJ0+7mk8vOuCW9ZfjpWu3Dx63Z4lA5vwEVQ+ul7dXpuHejIBRqY6gSbcf4+17kL54f zyrO5z3ioXHg34E+CIv/VqaikajDYGYeynk7qWdq+Mdmg7QZAflBppx+AdToH/OSHL+W oIRxpxU4PRpeXp6HpK3D3KhRt4MWooGnEAvl+RsAD65LLl2ajW5EirnTdd86vFfa6D1E oeNepq1/d433EddGd+GSgo0wfavx65ADQghBjs0gUG0Di5DbjEWPrBB/uZC7pvrJawpO d9fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Hzt9/CVOGnBzU0lJFhu2wIfHmjqq7dISPt/nqtYNtWg=; b=AwuSsCZ5WeloD/OzSjABntyqnSQuWpTmkA2tCeHtVKwvTuB9wB7rp2bM5BIQVGZSb4 O5aveATsUyPX3KwEmUkl1yv8DUPpczVUUlI3VrTH2XZhrQCcmi1QIHJtBXaKa0KJxv80 T7kkN5RDS2nlrUsa+qE10yETtflVIzzA8CGmIZ8mlElKAf2giHtX2rUBgMO5vN+1w6Fa +998zrbiDUkUYKBfDAvyEvUr6brUTyNfBaDv+/ASXnvcbjiwwJI2pSovcILiaweZpe14 UMtgrmVaIIYRiJThQwnZs3vJxNKecad33RJda5nXIcUEk+JLKfNC8dMGfuHI3UWpkaH/ 7jcg==
X-Gm-Message-State: AO0yUKUiw4xldxlWXmBUESPR6kJsktBAiFI5Hwh9Bg00OFfdm5MY7t0u VuR/si83ixB1NCL+gR1/ZneCjZkmkxwhHox4J7OG7vem
X-Google-Smtp-Source: AK7set8sG9ia+714UJzO0ukj5VEq6X86fvtNk2TYSDBBsf/hBJ/BFLLn5hnFGurUxcTX/w9RyesfQkA+TOfH3AeTmXg=
X-Received: by 2002:a17:903:2798:b0:19b:5221:4f7 with SMTP id jw24-20020a170903279800b0019b522104f7mr225946plb.9.1676638803985; Fri, 17 Feb 2023 05:00:03 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 17 Feb 2023 05:00:02 -0800
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <D8B4BE5D-AA66-4B83-92D0-5A425D7CF8DF@gmail.com>
References: <F1DFEA4B-600C-4989-AA84-F81AAF3BD19B@cisco.com> <CAMMESsxTfAnhEKsm63THP9e9+JxEsJ3j1qgUCE_AJKatddv6qg@mail.gmail.com> <D8B4BE5D-AA66-4B83-92D0-5A425D7CF8DF@gmail.com>
MIME-Version: 1.0
Date: Fri, 17 Feb 2023 05:00:02 -0800
Message-ID: <CAMMESsxLZ3uEWxRE9Cs+Rp5Rym=LXJwwP1ML6Mn8-YqsZK5x9A@mail.gmail.com>
To: Acee Lindem <acee.ietf@gmail.com>
Cc: "draft-ietf-lsvr-bgp-spf@ietf.org" <draft-ietf-lsvr-bgp-spf@ietf.org>, "lsvr@ietf.org" <lsvr@ietf.org>, Victor Kuarsingh <victor@jvknet.com>, lsvr-chairs@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/ibS5J7c7nVdS4SZzDp-ySTlWmJo>
Subject: Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-11.txt
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2023 13:00:09 -0000

On February 15, 2023 at 2:41:08 PM, Acee Lindem wrote:


Acee:

Hi!


...
> >> 2. Initial synchronization - we need to discuss this in the draft
> >> and potentially add an option to require this, such as the IS-IS
> >> suppress adjacency option. I don't think we'd want to require
> >> this as it would limit deployment.
> >
> > I didn't find anything about this in -18.
> >
> > Thinking out loud. The End-of-RIB marker from rfc4724 could be used
> > as a default behavior in BGP SPF (for this specific SAFI) without a
> > Capability. I know that Graceful Restart is not supported -- the
> > suggestion is to only use the End-of-RIB marker part of rfc4724.
>
> We added requiring EoR synchronization as an option. This change impacted
> mainly section 4 but other sections were modified as well.

It seemed weird to me that the EoR was introduced there (BGP Peering
Models), in a mostly informative section and not as a general option.
It looks like using the EoR is an option in all cases -- and then
there's §10.1.2 which has general applicability (but still says
"depending on the peering model").

It would be better if you specified (Normative language) things only
one.  The use of of "MAY be required" is confusing because a
requirement is a MUST...

Here's a suggestion for text in §10.1.2:

OLD>
   10.1.2. Adjacency End-of-RIB (EOR) Marker Requirement

   Depending of the peering model, topology, and convergence
   requirements, an End-of-RIB (EoR) Marker marker [RFC4724] for the
   BGP-LS-SPF SAFI MAY be required from the peer prior to advertising a
   BGP-LS Link NLRI for the peer. If configuration is supported, this
   SHOULD be configurable at the BGP SPF instance level and SHOULD be
   configured consistently throughout the BGP SPF routing domain.


NEW>
   10.1.2. Adjacency End-of-RIB (EOR) Marker

   An End-of-RIB (EoR) Marker [RFC4724] for the BGP-LS-SPF SAFI MAY be
   expected prior to advertising any BGP-LS NLRI received from the peer.
   This option SHOULD be configurable at the BGP SPF instance level and
   should be enabled consistently throughout the BGP SPF routing domain.

   A failure to consistently configure the use of the EoR marker can
   result in transient micro-loops and dropped traffic due to incomplete
   forwarding state.


You should be able to remove the related text from the other sections.

The new text in §4.3 (without the EoR-related example) is:

   The controller MAY use constraints to determine when to advertise
   BGP-LS-SPF NLRI for BGP-LS peers. These constraints are outside the
   scope of this document and, since they are internal to the controller,
   need not be standardized.

s/MAY/may  : the constraints are out of scope, so we can't Normatively
point at them.



BTW, the title of §4 should be "BGP SPF Peering Models" (not "BGP
Peering Models").



...
> >> 4. Single session requirement for BGP-LS. Right now we don't
> >> prevent this.
> >
> > As with BGP-LS, it would be nice if you (at least) RECOMMENDED it.
> > Given the peering models and that they don't map to "normal" BGP
> > deployments, it would be nice to have that separation.
> >
> > This is the related text from rfc7752bis (especially the last sentence):
> >
> > Distribution of the BGP-LS NLRIs SHOULD be handled by dedicated route
> > reflectors in most deployments providing a level of isolation and
> > fault containment between different BGP address families. In the
> > event of dedicated route reflectors not being available, other
> > alternate mechanisms like separation of BGP instances or separate BGP
> > sessions (e.g. using different addresses for peering) for Link-State
> > information distribution SHOULD be used.
> >
> > As you mention, any peering configuration is ok, nothing is prevented.
> >
> > BTW, I noticed that you borrowed the "AFI/SAFI disable" text from
> > rfc7752bis; §7.2 now reads:
> >
> > ...
> > such malformed NLRIs as 'Treat-as-withdraw'. In other cases, where
> > the error in the NLRI encoding results in the inability to process
> > the BGP update message (e.g., length related encoding errors), then
> > the router SHOULD handle such malformed NLRIs as 'AFI/SAFI disable'
> > when other AFI/SAFI besides BGP-LS are being advertised over the same
> > session. Alternately, the router MUST perform 'session reset' when
> > the session is only being used for BGP-LS-SPF or when its 'AFI/SAFI
> > disable' action is not possible.
> >
> > The recommendation above (for a separate BGP-LS-SPF session) would be
> > a good follow up to this too.
>
> Added this to section 4.2:
>
> However, since there are BGP sessions between every directly-connected node
> in the BGP SPF routing domain, there is only a reduction in BGP sessions when
> there are parallel links between nodes. Hence, this peering model is
> RECOMMENDED over the single-hop peering model Section 4.1.

This is fine, but we're talking about different things:

- the new text in §4.2 talks about a single session between routers,
which is good.

- I'm talking about a BGP session carrying ONLY BGP-LS-SPF routes.
Nothing else.  This avoids an error in a different AFI/SAFI that may
result in a session reset affecting BGP SPF...and vice versa.  That is
what the text above (from rfc7752bis) says.


Thanks!

Alvaro.

v2.23.0 | Report a Bug | By Email