Re: [mpls] working group adaption poll (wgap) for draft-hegde-mpls-spring-epe-oam

[Shraddha Hegde <shraddha@juniper.net>]

Hi Ketan,

Snipping open comments..


> 2) For the Peer Node SID, the control plane definition is https://urldefense.com/v3/__https://tools.ietf.org/html/draft-ietf-idr-bgpls-segment-routing-epe-19*section-4.1__;Iw!!NEt6yMaO-gk!W0-Gp88WKnqRfX4kdfeWV8aIHqrXTj0Pzz9Vl-B2ZVn78SFO60XGBDi2Y6sXdlcY$<https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-idr-bgpls-segment-routing-epe-19*section-4.1__;Iw!!NEt6yMaO-gk!W0-Gp88WKnqRfX4kdfeWV8aIHqrXTj0Pzz9Vl-B2ZVn78SFO60XGBDi2Y6sXdlcY$>  and the FEC description in this draft is not aligned with the corresponding control plane. The Peer Node SID is meant for the packet to be delivered to a specific BGP peer and it does not matter over which interface it is received. So why have those interface addresses as mandatory in the FEC. The only thing the control plane indicates is the peering session itself.

>

> 3) Same as (2) above, for the Peer Set SID, the interfaces are don't care.

<Shraddha> The reason for need to have interface addresses specified is for incoming interface validation as explained above. For Peer Node SID interfaces are advertised with draft I-D.hegde-idr-bgp-ls-epe-inter-as.I have added this to the reference and updated text as to why it is needed. Also the ingress can send 0 pair of addresses in which case Incoming interface validation will be skipped and success will be sent based on other validations.

Pls check -07 version and let me know if you are OK with it.

[KT] I have a concern here. The semantics of the FEC for Peer Node and Set SIDs does not include (i.e. does not care about the interface over which the packet was received). So the link information is in any case part of the response that is sent back to the requester which can perform this validation. I don't see how it can be included in the FEC definition.



<Shraddha>Lets say you have ASBR A connecting two different ASBRs in different ASes B and C. Lets assume there are multiple links between A->B and A->C.

                     Lets say there is a multi-hop eBGP session between A->B  between A->C.

                     Lets say peerNode SID has been advertised for A->B and A->C.  The Link descriptors for the PeerNode Sid include the BGP session local addresses and for a multi-hop BGP

                      BGP session its going to be loopback addresses so from available information, it is not possible to derive which interface the traffic will be flowing.

                      Now lets say  there is a requirement that certain application should use a guaranteed 10G bandwidth on these

                     Inter-as links. If the EPE controller does not know which interfaces the traffic will be flowing, it cannot figure out which peerNodeSID to pick to build the path.

                    Draft-hegde-idr-bgp-ls-epe-inter-as talks about the usecases and required protocol extensions.

                  For any reasonable traffic engineering using peerNodeSID I think that this information is required.

                 It is also useful to know if the control plane and dataplane are in sync with OAM. If the control plane is advertising peerNodeSID to be

                Going over some link but the actual traffic flow is on a different link, it will screw-up the traffic engineering. MPLS WG has built OAM has tools/techniques

                For years to find these kind of problems.We are trying to  apply these to EPE SIDs.



       Rgds
Shraddha





Juniper Business Use Only
From: Ketan Talaulikar (ketant) <ketant@cisco.com>
Sent: Wednesday, June 3, 2020 2:48 PM
To: Shraddha Hegde <shraddha@juniper.net>; Loa Andersson <loa@pi.nu>; draft-hegde-mpls-spring-epe-oam@ietf.org
Cc: mpls-chairs@ietf.org; mpls@ietf.org
Subject: RE: [mpls] working group adaption poll (wgap) for draft-hegde-mpls-spring-epe-oam

[External Email. Be cautious of content]


Hi Shraddha,



Thanks for your response and update. Please check inline below.



-----Original Message-----
From: Shraddha Hegde <shraddha@juniper.net<mailto:shraddha@juniper.net>>
Sent: 03 June 2020 11:49
To: Ketan Talaulikar (ketant) <ketant@cisco.com<mailto:ketant@cisco.com>>; Loa Andersson <loa@pi.nu<mailto:loa@pi.nu>>; draft-hegde-mpls-spring-epe-oam@ietf.org<mailto:draft-hegde-mpls-spring-epe-oam@ietf.org>
Cc: mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>; mpls@ietf.org<mailto:mpls@ietf.org>
Subject: RE: [mpls] working group adaption poll (wgap) for draft-hegde-mpls-spring-epe-oam



Hi ketan,



Thanks for the detailed review and comments. Pls see inline for response.





Juniper Business Use Only



-----Original Message-----

From: Ketan Talaulikar (ketant) <ketant@cisco.com<mailto:ketant@cisco.com>>

Sent: Wednesday, May 13, 2020 9:38 AM

To: Loa Andersson <loa@pi.nu<mailto:loa@pi.nu>>; draft-hegde-mpls-spring-epe-oam@ietf.org<mailto:draft-hegde-mpls-spring-epe-oam@ietf.org>

Cc: mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>; mpls@ietf.org<mailto:mpls@ietf.org>

Subject: RE: [mpls] working group adaption poll (wgap) for draft-hegde-mpls-spring-epe-oam



[External Email. Be cautious of content]





Hi  Loa,



There is no doubt about the need for LSP ping and traceroute operations to cover BGP EPE SIDs. So the requirement is real and something that the WG should be taking up.



My concerns is that the proposal in the draft is diverging from the control plane protocol semantics for what constitutes the FEC (or context) and how it is to be validated. These are some core aspects that IMHO need to be addressed before adoption while the rest may be taken up during its life as a WG document. I would suggest to wait for the authors response.



Thanks,

Ketan



-----Original Message-----

From: Loa Andersson <loa@pi.nu<mailto:loa@pi.nu>>

Sent: 13 May 2020 09:22

To: Ketan Talaulikar (ketant) <ketant@cisco.com<mailto:ketant@cisco.com>>; draft-hegde-mpls-spring-epe-oam@ietf.org<mailto:draft-hegde-mpls-spring-epe-oam@ietf.org>

Cc: mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>; mpls@ietf.org<mailto:mpls@ietf.org>

Subject: Re: [mpls] working group adaption poll (wgap) for draft-hegde-mpls-spring-epe-oam



Ketan,



Anything of this that need to addressed before wg adoption?





Authors



I leave the wgap opeb a few extra days to llow you to respond to this.





/Loa



On 12/05/2020 23:32, Ketan Talaulikar (ketant) wrote:

> Hello Authors,

>

> I have the following comments on this draft and would be good if you could clarify/respond.

>

> 1)The FEC description should match the "context" that is advertised in

> the control plane for Peer Adj SID. E.g. the local/remote Interface

> IDs are not being included from

> https://urldefense.com/v3/__https://tools.ietf.org/html/draft-ietf-idr<https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-idr>

> -bgpls-segment-routing-epe-1__;!!NEt6yMaO-gk!W0-Gp88WKnqRfX4kdfeWV8aIH

> qrXTj0Pzz9Vl-B2ZVn78SFO60XGBDi2Y-5xIny8$

> 9#section-4.2



<Shraddha> The EPE draft mandates interface-ids and allows remote interface-id to be zero.

Remote interface ID being zero does not help in validating the incoming interface which is very Useful OAM functionality. For this reason, this draft recommends sending interface addresses in the PeerADJ SID Link descriptors which is optional.



I have updated the PeerAdj SID section with this information and also updated with the possibility of sending zero In which case incoming interface validation should be skipped. This is to accommodate cases when the advertising node does not send the interface addresses

[KT] Ack - this sounds good to me. Thanks.



>

> 2) For the Peer Node SID, the control plane definition is https://urldefense.com/v3/__https://tools.ietf.org/html/draft-ietf-idr-bgpls-segment-routing-epe-19*section-4.1__;Iw!!NEt6yMaO-gk!W0-Gp88WKnqRfX4kdfeWV8aIHqrXTj0Pzz9Vl-B2ZVn78SFO60XGBDi2Y6sXdlcY$<https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-idr-bgpls-segment-routing-epe-19*section-4.1__;Iw!!NEt6yMaO-gk!W0-Gp88WKnqRfX4kdfeWV8aIHqrXTj0Pzz9Vl-B2ZVn78SFO60XGBDi2Y6sXdlcY$>  and the FEC description in this draft is not aligned with the corresponding control plane. The Peer Node SID is meant for the packet to be delivered to a specific BGP peer and it does not matter over which interface it is received. So why have those interface addresses as mandatory in the FEC. The only thing the control plane indicates is the peering session itself.

>

> 3) Same as (2) above, for the Peer Set SID, the interfaces are don't care.

<Shraddha> The reason for need to have interface addresses specified is for incoming interface validation as explained above. For Peer Node SID interfaces are advertised with draft I-D.hegde-idr-bgp-ls-epe-inter-as.I have added this to the reference and updated text as to why it is needed. Also the ingress can send 0 pair of addresses in which case Incoming interface validation will be skipped and success will be sent based on other validations.

Pls check -07 version and let me know if you are OK with it.

[KT] I have a concern here. The semantics of the FEC for Peer Node and Set SIDs does not include (i.e. does not care about the interface over which the packet was received). So the link information is in any case part of the response that is sent back to the requester which can perform this validation. I don't see how it can be included in the FEC definition.



>

> 4) The draft just says that the procedures are borrowed from RFC8287 but I don't think this is so straightforward or trivial. E.g. https://urldefense.com/v3/__https://tools.ietf.org/html/rfc8287*section-7.2__;Iw!!NEt6yMaO-gk!W0-Gp88WKnqRfX4kdfeWV8aIHqrXTj0Pzz9Vl-B2ZVn78SFO60XGBDi2Y3Z0DrZ_$<https://urldefense.com/v3/__https:/tools.ietf.org/html/rfc8287*section-7.2__;Iw!!NEt6yMaO-gk!W0-Gp88WKnqRfX4kdfeWV8aIHqrXTj0Pzz9Vl-B2ZVn78SFO60XGBDi2Y3Z0DrZ_$>  has the following:

>

>     The network node that is immediately downstream of the node that

>     advertised the Adjacency Segment ID is responsible for generating the

>     FEC Stack Change sub-TLV for POP operation for the Adjacency Segment

>     ID.

>



<shraddha> A new section for EPE FEC validation has been added in -06 version. This section specifies the details when return code 3 Has to be sent. As per  RFC 8029 sec 3.4.1.3 FEC stack change and IS_EGRESS code are treated identically.

" A Downstream Detailed Mapping TLV containing only one FEC stack

       change sub-TLV with pop operation is equivalent to IS_EGRESS

       (Return Code 3, Section 3.1) for the outermost FEC in the FEC

       stack.  The ingress router performing the LSP traceroute MUST

       treat such a case as an IS_EGRESS for the outermost FEC."



I don't see the need to re-iterate RFC 8029 sections in this draft. If it is still not clear let me know.

[KT] Sure. I think we can work through this once we converge on the FEC definition.



> In the case of IGPs, the downstream node does have the label and context for adjacency SID (which is functionally closest to BGP EPE SIDs). In the BGP-EPE SIDs case, this is not always the case. So I believe, it would be better if the entire operation were described.

<Shraddha> EPE SID validation section is added. Pls take a look and let me know if it looks good.

[KT] Same as previous comment.



>

> 5) The ping or traceroute done to any of the BGP EPE SID corresponding to an eBGP session may result in the packet being sent to another entity. The security consideration talk about it, but the problem is not addressed by the remote AS dropping the packets. The security issue is that the OAM packet could expose the FECs and information of the local AS to a remote AS. So it is more as an caveat for the operators performing the OAM operation to be mindful of this fact.

>

<Shraddha> Yes. This was raised in RT review and security section has been updated with this info in -06 version.



> In general, some more description that set the stage for the introduction of the new extensions and elaborate more on the operations (some considerations above on what is mandatory to evaluate and what is optional).

<Shraddha> Sure. Pls check the -07 version which I'll be posting soon and let me know if you have further comments.

[KT] Thanks again for the update. I believe we can work through the remaining/open points over course of time.



Thanks,

Ketan



>

> Thanks,

> Ketan

>

> -----Original Message-----

> From: mpls <mpls-bounces@ietf.org<mailto:mpls-bounces@ietf.org>> On Behalf Of Loa Andersson

> Sent: 30 April 2020 08:26

> To: mpls@ietf.org<mailto:mpls@ietf.org>

> Cc: mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>; draft-hegde-mpls-spring-epe-oam@ietf.org<mailto:draft-hegde-mpls-spring-epe-oam@ietf.org>

> Subject: [mpls] working group adaption poll (wgap) for

> draft-hegde-mpls-spring-epe-oam

>

> Working Group,

>

> This is to start a two week poll on adopting draft-hegde-mpls-spring-epe-oam as a MPLS working group document.

>

> Please send your comments (support/not support) to the mpls working group mailing list (mpls@ietf.org<mailto:mpls@ietf.org>). Please give a technical motivation for your support/not support, especially if you think that the document should not be adopted as a working group document.

>

> There is one IPR disclosure against this document.

>

> The authors have stated on the MPLS wg mailing list that they are unaware of any IPRs that relates to this document.

>

> The working group adoption poll ends May 15, 2020.

>

> /Loa

>



--



My mail server from time to time has come under DOS attacks, we are working to fix it but it may take some time. If you get denial of service sending to me plz try to use loa.pi.nu@gmail<mailto:loa.pi.nu@gmail>





Loa Andersson                        email: loa@pi.nu<mailto:loa@pi.nu>

Senior MPLS Expert

Bronze Dragon Consulting             phone: +46 739 81 21 64