Re: [OSPF] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06

Rob Shakir <> Tue, 06 October 2015 15:23 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1647A1B40B3; Tue, 6 Oct 2015 08:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VXjAHNG12ZLI; Tue, 6 Oct 2015 08:23:13 -0700 (PDT)
Received: from ( [IPv6:2a03:9800:10:4c::cafe:b00c]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CD6B81B40EA; Tue, 6 Oct 2015 08:23:12 -0700 (PDT)
Received: from [] (helo=corretto.local) by with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <>) id 1ZjU4l-0008UX-3v; Tue, 06 Oct 2015 16:22:47 +0100
Date: Tue, 06 Oct 2015 16:23:03 +0100
From: Rob Shakir <>
To: "" <>, "Black, David" <>, "" <>, "" <>, "" <>, "General Area Review Team (" <>, "" <>
Message-ID: <etPan.5613e757.1304c9b1.208@corretto.local>
In-Reply-To: <>
References: <>
X-Mailer: Airmail Beta (331)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <>
Cc: "" <>, "Black, David" <>, "" <>
Subject: Re: [OSPF] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Oct 2015 15:23:15 -0000

Hi David,

On October 6, 2015 at 00:37:42, Black, David ( wrote:
> > As an OPS-Dir member, I'm concerned by the above RFC 5706 answers,  
> and in particular treating all operational issues as vendor-  
> and/or
> operator-specific. One possible alternative would be to scope  
> the
> draft down to interoperably specify what's needed for LFA

I’ll quote this part of your mail, but respond to the general question around whether this draft should be tighter scoped (and the operational considerations of what one can do with the mechanism).

In general, this mechanism is meant to give ways for an operator to add their own logic on-top of the routing protocol selection of the OSPF protocol. Specifically, this is for the case where there are sets of paths that OSPF considers valid, but the operator has a particular preference for a particular subset to be included or excluded. To this end, the harm that one can do by preferring paths with a particular admin tag (or set of admin tags) on them is simply to select a subset of the paths that would have been used anwyay. 

So, from the examples in the document, the admin tag lets one:

	* Prefer a specific LFA from a set of valid LFAs. The operator has a business reason to prefer specific ones (e.g., OSPF metric is set based on bandwidth, but we want to minimise latency, or we only want to capacity plan for FRR between P nodes never transiting a PE). There are many different reasons that one might have this preference, and they will be different by operator - so, removing the ability of an operator to specify arbitrary tags will make this mechanism ineffective. Whilst there could be unintended consequences of preferring specific LFAs, actually there are probably worse consequences of NOT preferring particular LFAs, such as traffic going via a PE in another country such that latency is increased over all other LFAs. Bruno and Stephane from FT have given many examples of this in the LFA manageability drafts presented in RTGWG. The admin tag will never result in a new LFA that would never have been selected via the standardised mechanisms being selected - so, in my view, has little potential to cause new ‘harm’.
	* Prefer a specific path from a set of paths. This is similar to the case above. No new candidate path is being added to the routes that could be used by the admin tag mechanism. It simply says that when a device that must select N ECMPs to install from M candiates (N < M), then the operator can influence which based on the admin tag. All are still valid ECMPs - so new risk is created. Again, selecting a particular subset of that M without any consideration may be more harmful than doing the operator-specific selection. Again, the logic of which are ‘OK’ PEs and which are not is something that is operator specific, and may only apply to a subset of applications using OSPF to select paths (an example of this is devices that do not scale well as MPLS-TE midpoints, but are OK for transit IP traffic - at this point, we may want to influence CSPF to stay away from them, but not IP - the fact that these devices are ‘not-OK-for-transit-MPLS-TE’ is not something that we can easily enumerate and standardise).

Given that we are really selecting candidates from within a set of paths that have already been selected by OSPF as valid, and usable - then I’m not sure that I can understand the logic behind this sentence from your review: "There appears to be more than enough enabled by this draft to wreak serious operational havoc”.

I strongly disagree with the idea that we should try and enumerate what the tags should be, rather than maintain the ability of an operator to add their own specific logic with these tags. This is what is done today with link affinity, or tags elsehwere in the IGP protocols. 

Re-reading the draft, perhaps we need to clarify that this does not change the underlying SPF process that OSPF uses today - would this address your concern?