Re: [mpls] MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec

Tarek Saad <> Tue, 13 July 2021 12:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 29A813A0060; Tue, 13 Jul 2021 05:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FQ2I7uXELEJH; Tue, 13 Jul 2021 05:13:16 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D74AE3A0063; Tue, 13 Jul 2021 05:13:15 -0700 (PDT)
Received: by with SMTP id t3so32848017edc.7; Tue, 13 Jul 2021 05:13:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language:msip_labels :mime-version; bh=9OAinuE1wL32DC8Ll6ITyqBPVMS2dk21v8/tAQaJyz4=; b=WrSl76HWGtYiSts9N9VlY30SOpRntXPkYFiXH/Q2Z0OtcEIxuVq0hETJbK4xcxLQ/P 6DRW/IYt6Qyo5QNBUKYrbQICwaHXwNUZ8l8z8A09Fh9GpePnPYsdXF9GbOEHZnkc08gP xXUTxEmQKpCaeNIU5astZ7nkn+VmUGaTWubqBEZMCMm5g8q6FjR2jwJOsxVEoTir3UGM nyn0d75guoYADYfWceHEFmS71WXODBsxxMDex1/wLitrBy5HcipxVTezfjJsz16mO81y VVBKmQfW2TtbDW50U/He3QANbEvIah1SKgWVY6wgUfznBOMSKrquQ8VbGUjvlCjZd4uV Z2jQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:msip_labels:mime-version; bh=9OAinuE1wL32DC8Ll6ITyqBPVMS2dk21v8/tAQaJyz4=; b=nGKjHBYLs+I/WtJu35oq69sqCm5wpjPEtCn0x9Kx53JTOvf54k/WJNRkYBMr3baQI/ /eUwj1eqel6T8i5DxJ2R/GrlLHGxby97oAoakiKcLnojsjswaNZaZfaUOwhzLIBsLWYi S0PrhDgzpDJ/3vbNgVbqDScvDhwUl4ICEAd02XwcnCK9Rr87LMGCEZWY3Rzts8FwwDud OMX7h2Rkkjt0ZCNOf5dFE/mLV0StT79wgo848UB606//VXnq/ExpOwbMXzA8uHz7kidA DOWZeuRL7uDiEVE29LoQjVnirJLEfOhOWzWAPnjP8DpxvXanwYnjGYdsPgy2iBGWyPK+ 8gmg==
X-Gm-Message-State: AOAM532ELRV6zvpHDJ/4RlzXMD9YJtkUQAi3Be4nF2t1N22gEaNtd5Qc DV1LI5NFPSkmDRIxniQg21A=
X-Google-Smtp-Source: ABdhPJz75HuuFZF6mBOWKFdzxQJraTyZtYU5F1Cy4gjpFbJT0YZcyAJ4sGYpmbp9+DlckmO52hMuNQ==
X-Received: by 2002:a05:6402:1042:: with SMTP id e2mr5187374edu.144.1626178392780; Tue, 13 Jul 2021 05:13:12 -0700 (PDT)
Received: from ([2603:1036:4:9e::5]) by with ESMTPSA id s18sm8090638ejh.12.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Jul 2021 05:13:11 -0700 (PDT)
From: Tarek Saad <>
To: Deepti Rathi <>, Italo Busi <>
CC: "" <>, "" <>, "" <>
Thread-Topic: MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec
Thread-Index: AddhI9L1yOOS4MxaRt24LmA/Qqe0iAAl+X+wAGq/JjAABL76EANyqPmgAab3Hmk=
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Tue, 13 Jul 2021 12:13:09 +0000
Message-ID: <>
References: <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-RecordReviewCfmType: 0
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2021-07-05T02:21:01.0000000Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard
Content-Type: multipart/alternative; boundary="_000_DM5PR1901MB2150FC082AF25E41AE3CB632FC149DM5PR1901MB2150_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [mpls] MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Jul 2021 12:13:21 -0000

Thanks Italo for the review and comments.
Thanks Deepti and authors for trying to address them.

Italo/authors, are there any outstanding issues that still need to be addressed?

Tarek (as mpls WG Chair)

On 7/4/21, 10:21 PM, "Deepti Rathi" <> wrote:

Thanks Italo for the comments.

I have posted the new version of draft taking care of all the review comments.



Juniper Business Use Only
From: Deepti Rathi <>
Sent: Thursday, June 17, 2021 7:08 PM
To: Italo Busi <>
Subject: Re: MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec

Hi Italo,
Please find my comments inline.
I will update draft for:

1.       why “NIL FEC + EGRESS TLV” and not Generic IPV4/IPV6 FEC.

2.       Backward compatibility.


Juniper Business Use Only
From: mpls <<>> On Behalf Of Italo Busi
Sent: Monday, June 14, 2021 7:26 PM
To: '' <<>>
Subject: [mpls] MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec

[External Email. Be cautious of content]

Hi all,

I have been selected as one of the  MPLS-RT reviewers of draft-rathi-mpls-egress-tlv-for-nil-fec-04

>>IMHO, being able to use LSP Ping/Traceroute perform to validate only the data path and not the control plane state makes sense but I think that the draft requires more information about the problem that >>it is trying to address and why existing solutions are not suitable
NIL FEC is used to traverse the path without validation for cases where the FEC is not defined or routers are not upgraded to support the new FECs (like newer features, explicit-null, router-alert etc).
But it is a very powerful tool to check any combination of segments on any data path.
Since it does not carry any information to identify the intended egress/destination,

n  Mis-forwarding of the packet is possible

n  Not possible to figure out mis-configuration of label stack
But in any case it will always return success even though egress/destination is not the intended one which is not desired.
To overcome this and to provide minimal validation, EGRESS TLV is added in the packet. This will help to do egress/destination validation.
NIL FEC processing will be same as defined in RFC 8029. This draft is for addition of EGRESS TLV as extension to NIL FEC for path egress/destination validation.

>Let me try to clarify my confusion after having read the draft

>Unless I am missing something, section 4.4.1 of RFC8029 already provides support for checking only the data path and not the control plane state:

>  If the outermost FEC of the Target FEC stack is the Nil FEC, then the
> node MUST skip the Target FEC validation completely.

>The draft mention some challenges with the current definition, but it seems describing only one potential issue:

>   ... When router in the label-stack path
>   receives MPLS ping/traceroute packets, there is no definite way to
>   decide on whether its egress or transit since Nil FEC does not carry
>   any information.

>However, I am not sure about this issue: looking at the example in the draft, my understanding is that R7 will reply with code 3 while, in traceroute, the intermediate nodes will reply with code 8.

>Reading the procedure in section 4.2, I am wondering whether the real intention is to be able to validate the prefix X in R7, rather than the SR path toward R7.

>However, in this case, it is not clear why using a FEC for the prefix X instead of the Nil FEC is not suitable.

[Deepti]: The real intention is to reach the correct egress/destination node.
The details of generic FEC and validation procedures are not very detailed in the RFC 8029.
The use-case mostly specifies inter-AS VPNs as the motivation.

Certain aspects of Segment Routing such as anycast SIDs required clear guideline on how the validation procedure should work.
Also Generic FEC may not be widely supported and if transit routers are not upgraded to support validation of generic FEC, traceroute may fail.
So instead of adding such clarifications to generic FEC, we went with new EGRESS TLV in Nil FEC.
Its an optional TLV so the procedures will work fine even if transit routers are not upgraded.
While we clearly specify the processing of egress tlv so that all SR cases are well specified.

Since explicit path can be created using node-sid, adj-sid, binding-sid, anycast-sids etc. EGRESS TLV prefix will be derived from path egress/destination and not based on labels used in the path to reach the destination.

I will update introduction section of draft with this comparison.

>>I also think that section 5 requires more details about how backward compatibility is achieved. What is the behavior of a node that does not support this solution when it receives the EGRESS TLV?

Backward compatibility on egress-node:
On egress/destination, it will ignore EGRESS TLV and use current NIL-FEC procedure with return code 3 but egress validation will not be done (same as RFC 8029). So we wont know for sure if packet has reached the correct path egress.

Backward compatibility on transit-node:
If the transit node doesn’t support, it will use current NIL-FEC procedure and send return code of 8.

I will add section in draft for backward compatibility.