Re: [mpls] MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec

[Italo Busi <Italo.Busi@huawei.com>]

Hi Deepti/co-authors,

Thanks for having addressed my comment and my apologize for the late reply (too busy with other topics in the last few weeks)

It is now clear to me what is the problem you are trying to address and why the existing solutions are not suitable, so the document is ready for WG adoption

I have a couple of comments which can be addressed as you prefer before or after WG adoption and hopefully could help improving the clarify and the solution


1)      I have been a bit confused by this text:



>   ... When router in the label-stack path

>   receives MPLS ping/traceroute packets, there is no definite way to

>   decide on whether its egress or transit since Nil FEC does not carry

>   any information.



I would propose the following rephrase:



>   ... When router in the label-stack path

>   receives MPLS ping/traceroute packets, there is no definite way to

>   decide on whether it is the intended egress router since Nil FEC does not carry

>   any information.



With a reference to your example, my understanding is that if the MPLS ping/traceroute packet is mis-delivered to an incorrect destination (e.g., R8), R8 will behave as R7 and set Best-return-code to 3.



I do not think there is any issue if the packet arrives to an intermediate node (e.g., R6) since R6 will set Best-return-code to 8.



2)      With the current rules, the solution works if and only if all the egress routers are upgraded to support the EGRESS TLV. Otherwise, if the MPLS ping/traceroute packet is mis-delivered to an incorrect destination that does not support the EGRESS TLV, that egress router will behave as the intended destination and set Best-return-code to 3.



I am wondering whether a new return-code should be defined to report that the  EGRESS TLV has been checked and validated.

My 2 cents

Italo

From: Deepti Rathi [mailto:deeptir@juniper.net]
Sent: lunedì 5 luglio 2021 04:21
To: Deepti Rathi <deeptir@juniper.net>; Italo Busi <Italo.Busi@huawei.com>
Cc: draft-rathi-mpls-egress-tlv-for-nil-fec@ietf.org; mpls-chairs@ietf.org; mpls@ietf.org
Subject: RE: MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec


Thanks Italo for the comments.

I have posted the new version of draft taking care of all the review comments.



Regards,

Deepti




Juniper Business Use Only
From: Deepti Rathi <deeptir@juniper.net<mailto:deeptir@juniper.net>>
Sent: Thursday, June 17, 2021 7:08 PM
To: Italo Busi <Italo.Busi@huawei.com<mailto:Italo.Busi@huawei.com>>
Cc: draft-rathi-mpls-egress-tlv-for-nil-fec@ietf.org<mailto:draft-rathi-mpls-egress-tlv-for-nil-fec@ietf.org>; mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>; mpls@ietf.org<mailto:mpls@ietf.org>
Subject: Re: MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec


Hi Italo,
Please find my comments inline.
I will update draft for:

  1.  why "NIL FEC + EGRESS TLV" and not Generic IPV4/IPV6 FEC.
  2.  Backward compatibility.

Regards,
Deepti



Juniper Business Use Only
From: mpls <mpls-bounces@ietf.org<mailto:mpls-bounces@ietf.org>> On Behalf Of Italo Busi
Sent: Monday, June 14, 2021 7:26 PM
To: 'mpls@ietf.org' <mpls@ietf.org<mailto:mpls@ietf.org>>
Subject: [mpls] MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec

[External Email. Be cautious of content]

Hi all,

I have been selected as one of the  MPLS-RT reviewers of draft-rathi-mpls-egress-tlv-for-nil-fec-04

>>IMHO, being able to use LSP Ping/Traceroute perform to validate only the data path and not the control plane state makes sense but I think that the draft requires more information about the problem that >>it is trying to address and why existing solutions are not suitable
[Deepti]:
NIL FEC is used to traverse the path without validation for cases where the FEC is not defined or routers are not upgraded to support the new FECs (like newer features, explicit-null, router-alert etc).
But it is a very powerful tool to check any combination of segments on any data path.
Since it does not carry any information to identify the intended egress/destination,
n  Mis-forwarding of the packet is possible
n  Not possible to figure out mis-configuration of label stack
But in any case it will always return success even though egress/destination is not the intended one which is not desired.
To overcome this and to provide minimal validation, EGRESS TLV is added in the packet. This will help to do egress/destination validation.
NIL FEC processing will be same as defined in RFC 8029. This draft is for addition of EGRESS TLV as extension to NIL FEC for path egress/destination validation.

>Let me try to clarify my confusion after having read the draft

>Unless I am missing something, section 4.4.1 of RFC8029 already provides support for checking only the data path and not the control plane state:

>  If the outermost FEC of the Target FEC stack is the Nil FEC, then the
> node MUST skip the Target FEC validation completely.

>The draft mention some challenges with the current definition, but it seems describing only one potential issue:

>   ... When router in the label-stack path
>   receives MPLS ping/traceroute packets, there is no definite way to
>   decide on whether its egress or transit since Nil FEC does not carry
>   any information.

>However, I am not sure about this issue: looking at the example in the draft, my understanding is that R7 will reply with code 3 while, in traceroute, the intermediate nodes will reply with code 8.

>Reading the procedure in section 4.2, I am wondering whether the real intention is to be able to validate the prefix X in R7, rather than the SR path toward R7.

>However, in this case, it is not clear why using a FEC for the prefix X instead of the Nil FEC is not suitable.

[Deepti]: The real intention is to reach the correct egress/destination node.
The details of generic FEC and validation procedures are not very detailed in the RFC 8029.
The use-case mostly specifies inter-AS VPNs as the motivation.

Certain aspects of Segment Routing such as anycast SIDs required clear guideline on how the validation procedure should work.
Also Generic FEC may not be widely supported and if transit routers are not upgraded to support validation of generic FEC, traceroute may fail.
So instead of adding such clarifications to generic FEC, we went with new EGRESS TLV in Nil FEC.
Its an optional TLV so the procedures will work fine even if transit routers are not upgraded.
While we clearly specify the processing of egress tlv so that all SR cases are well specified.

Since explicit path can be created using node-sid, adj-sid, binding-sid, anycast-sids etc. EGRESS TLV prefix will be derived from path egress/destination and not based on labels used in the path to reach the destination.

I will update introduction section of draft with this comparison.

>>I also think that section 5 requires more details about how backward compatibility is achieved. What is the behavior of a node that does not support this solution when it receives the EGRESS TLV?

[Deepti]:
Backward compatibility on egress-node:
On egress/destination, it will ignore EGRESS TLV and use current NIL-FEC procedure with return code 3 but egress validation will not be done (same as RFC 8029). So we wont know for sure if packet has reached the correct path egress.

Backward compatibility on transit-node:
If the transit node doesn't support, it will use current NIL-FEC procedure and send return code of 8.

I will add section in draft for backward compatibility.

Italo