Re: [mpls] MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec

[Tarek Saad <tsaad.net@gmail.com>]

Thanks Italo for the review and comments.
Thanks Deepti and authors for trying to address them.

Italo/authors, are there any outstanding issues that still need to be addressed?

Regards,
Tarek (as mpls WG Chair)

On 7/4/21, 10:21 PM, "Deepti Rathi" <deeptir@juniper.net> wrote:



Thanks Italo for the comments.

I have posted the new version of draft taking care of all the review comments.



Regards,

Deepti




Juniper Business Use Only
From: Deepti Rathi <deeptir@juniper.net>
Sent: Thursday, June 17, 2021 7:08 PM
To: Italo Busi <Italo.Busi@huawei.com>
Cc: draft-rathi-mpls-egress-tlv-for-nil-fec@ietf.org; mpls-chairs@ietf.org; mpls@ietf.org
Subject: Re: MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec


Hi Italo,
Please find my comments inline.
I will update draft for:

1.       why “NIL FEC + EGRESS TLV” and not Generic IPV4/IPV6 FEC.

2.       Backward compatibility.

Regards,
Deepti



Juniper Business Use Only
From: mpls <mpls-bounces@ietf.org<mailto:mpls-bounces@ietf.org>> On Behalf Of Italo Busi
Sent: Monday, June 14, 2021 7:26 PM
To: 'mpls@ietf.org' <mpls@ietf.org<mailto:mpls@ietf.org>>
Subject: [mpls] MPLS-RT review for draft-rathi-mpls-egress-tlv-for-nil-fec

[External Email. Be cautious of content]

Hi all,

I have been selected as one of the  MPLS-RT reviewers of draft-rathi-mpls-egress-tlv-for-nil-fec-04

>>IMHO, being able to use LSP Ping/Traceroute perform to validate only the data path and not the control plane state makes sense but I think that the draft requires more information about the problem that >>it is trying to address and why existing solutions are not suitable
[Deepti]:
NIL FEC is used to traverse the path without validation for cases where the FEC is not defined or routers are not upgraded to support the new FECs (like newer features, explicit-null, router-alert etc).
But it is a very powerful tool to check any combination of segments on any data path.
Since it does not carry any information to identify the intended egress/destination,

n  Mis-forwarding of the packet is possible

n  Not possible to figure out mis-configuration of label stack
But in any case it will always return success even though egress/destination is not the intended one which is not desired.
To overcome this and to provide minimal validation, EGRESS TLV is added in the packet. This will help to do egress/destination validation.
NIL FEC processing will be same as defined in RFC 8029. This draft is for addition of EGRESS TLV as extension to NIL FEC for path egress/destination validation.

>Let me try to clarify my confusion after having read the draft

>Unless I am missing something, section 4.4.1 of RFC8029 already provides support for checking only the data path and not the control plane state:

>  If the outermost FEC of the Target FEC stack is the Nil FEC, then the
> node MUST skip the Target FEC validation completely.

>The draft mention some challenges with the current definition, but it seems describing only one potential issue:

>   ... When router in the label-stack path
>   receives MPLS ping/traceroute packets, there is no definite way to
>   decide on whether its egress or transit since Nil FEC does not carry
>   any information.

>However, I am not sure about this issue: looking at the example in the draft, my understanding is that R7 will reply with code 3 while, in traceroute, the intermediate nodes will reply with code 8.

>Reading the procedure in section 4.2, I am wondering whether the real intention is to be able to validate the prefix X in R7, rather than the SR path toward R7.

>However, in this case, it is not clear why using a FEC for the prefix X instead of the Nil FEC is not suitable.

[Deepti]: The real intention is to reach the correct egress/destination node.
The details of generic FEC and validation procedures are not very detailed in the RFC 8029.
The use-case mostly specifies inter-AS VPNs as the motivation.

Certain aspects of Segment Routing such as anycast SIDs required clear guideline on how the validation procedure should work.
Also Generic FEC may not be widely supported and if transit routers are not upgraded to support validation of generic FEC, traceroute may fail.
So instead of adding such clarifications to generic FEC, we went with new EGRESS TLV in Nil FEC.
Its an optional TLV so the procedures will work fine even if transit routers are not upgraded.
While we clearly specify the processing of egress tlv so that all SR cases are well specified.

Since explicit path can be created using node-sid, adj-sid, binding-sid, anycast-sids etc. EGRESS TLV prefix will be derived from path egress/destination and not based on labels used in the path to reach the destination.

I will update introduction section of draft with this comparison.

>>I also think that section 5 requires more details about how backward compatibility is achieved. What is the behavior of a node that does not support this solution when it receives the EGRESS TLV?

[Deepti]:
Backward compatibility on egress-node:
On egress/destination, it will ignore EGRESS TLV and use current NIL-FEC procedure with return code 3 but egress validation will not be done (same as RFC 8029). So we wont know for sure if packet has reached the correct path egress.

Backward compatibility on transit-node:
If the transit node doesn’t support, it will use current NIL-FEC procedure and send return code of 8.

I will add section in draft for backward compatibility.

Italo