Re: [OSPF] [Isis-wg] Mail regarding draft-ietf-ospf-segment-routing-extensions

Pushpasis Sarkar <> Mon, 05 January 2015 06:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D10471A1B07; Sun, 4 Jan 2015 22:14:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id L3TTPhlnV5fA; Sun, 4 Jan 2015 22:13:57 -0800 (PST)
Received: from ( [IPv6:2a01:111:f400:fc10::777]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 04F061A1BB4; Sun, 4 Jan 2015 22:13:55 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 5 Jan 2015 06:13:32 +0000
Received: from ([]) by ([]) with mapi id 15.01.0049.002; Mon, 5 Jan 2015 06:13:31 +0000
From: Pushpasis Sarkar <>
To: "Les Ginsberg (ginsberg)" <>, Shraddha Hegde <>, "Peter Psenak (ppsenak)" <>, "" <>, "" <>, Hannes Gredler <>
Thread-Topic: [OSPF] [Isis-wg] Mail regarding draft-ietf-ospf-segment-routing-extensions
Thread-Index: AQHQKK66B1KMscQ/xkWPDwIGW7L8zQ==
Date: Mon, 5 Jan 2015 06:13:30 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
authentication-results: spf=none (sender IP is );
x-dmarcaction: None
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(3005003);SRVR:BY1PR0501MB1383;
x-forefront-prvs: 0447DB1C71
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(377454003)(13464003)(24454002)(189002)(479174004)(51704005)(99286002)(68736005)(83506001)(107046002)(2656002)(46102003)(77156002)(36756003)(19580395003)(62966003)(19580405001)(4396001)(105586002)(87936001)(106356001)(97736003)(2201001)(50986999)(76176999)(54356999)(120916001)(99396003)(66066001)(561944003)(15975445007)(40100003)(102836002)(64706001)(20776003)(122556002)(86362001)(21056001)(2950100001)(2900100001)(93886004)(230783001)(101416001)(579004); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0501MB1383;; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2015 06:13:30.6341 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1383
Cc: "" <>, "" <>
Subject: Re: [OSPF] [Isis-wg] Mail regarding draft-ietf-ospf-segment-routing-extensions
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Jan 2015 06:14:02 -0000

Hi Les,

On 1/5/15, 11:23 AM, "Les Ginsberg (ginsberg)" <> wrote:

>Pushpasis -
>The key point is that the proposal does not have any lasting impact on
>traffic flow. A simple topology should suffice to illustrate this.
>          |       |
>          E----F
>(All links have the same cost)
>Suppose we wish to have traffic entering at A flow along the path A-B-C-D
>- but if the link B---C fails we do NOT want traffic to take the path
>You propose to have C advertise an address with two node-sids - one which
>allows protection - call it C(P) - and one which does NOT allow
>protection - call it C(NP).
[Pushpasis] No. My proposal is for D to advertise two node sids, D1 with
NP set to 0 and D2 with NP set to 1. Applications on that do not need B,
or C to protect the A-B-C-D path will use D2. B and C will not install
backup paths for D2. Other apps can use D1 as they are supposed to do
otherwise. Wether to protect D1 or not is a local decision of B and C.
Hope I could clarify enough :)

>If the label stack specifies C(NP) - then while the link B--C is UP
>everything works as desired (primary path to C(NP) on Node B is via link
>However, when the link B--C goes down, the network will reconverge and in
>a modest amount of time the new primary path to C(NP) on node B will be
>via link B-E.
[Pushpasis] Yes agreed. But only applications on A will be injecting
traffic using D2. Once the B-C link-down event reaches router A will stop
injecting traffic using D2. A path re-compute will be triggered on A. Yes
I agree that if B converges D2 (not FRR) before A re-compute, there is
still chance that some small amount of traffic is sent over A-B-E-F-C-D.

>The existence of C(NP) therefore only affects traffic flow during the
>reconvergence period i.e. if we assume B did NOT install a repair path
>for C(NP) traffic will be dropped only until a new primary path is
>calculated. I don’t see the value in this.
>As a (somewhat dangerous) aside, the functionality you are looking for is
>more akin to "not-via" as defined in RFC 6981 - though I am quick to add
>that I am NOT proposing to pursue that. :-)
>But reading that RFC might give you more insight into why simply setting
>"don't protect" for a prefix isn't useful for the purpose you have in
>   Les
>-----Original Message-----
>From: Pushpasis Sarkar []
>Sent: Sunday, January 04, 2015 8:34 PM
>To: Les Ginsberg (ginsberg); Shraddha Hegde; Peter Psenak (ppsenak);
>draft-ietf-isis-segment-routing-extensions@tools.ietf.orgorg; Hannes Gredler
>Subject: Re: [OSPF] [Isis-wg] Mail regarding
>Hi Les,
>Please find comments inline..
>Here is my proposal. Please let me know if this sounds reasonable or not.
>- A new ŒNo-Potection-Required¹ or ŒNP¹ flag be added to the Prefix-SID
>Sub-TLV/TLV. Setting this flag means none of the transit routers should
>try to protect this node-segment.
>- Let nodes advertise two node-sid-index each (per address-family), one
>without and one with ŒNP¹ flag set. For node-sid advertised with ŒNP¹
>flag 0, routers same behave the same way as today. But when they receive
>a node-sid with ŒNP¹ flag set, they avoid/skip finding a backup for that
>- Finally ingress servers or TE-applications may use these 'node-sids
>with NP-flag set¹ for use cases where it is better to drop traffic on
>topology outages rather than diverting it to some other paths. For such
>cases ingress router or TE-applications should look for node-sids with
>ŒNP¹ flag set and not the regular node-sids. For all other normal use
>cases(including L3VPN/6VPE etc) traffic should be carried using node-sid
>without ŒNP‹flag set.
>Thanks and Regards,
>On 1/5/15, 3:37 AM, "Les Ginsberg (ginsberg)" <> wrote:
>>Pushpasis -
>>I don't agree.
>>The use of one node-sid vs another has nothing whatever to do with the
>>request Shraddha has made i.e. should we introduce a flag indicating
>>whether a particular prefix should be protected or not. A node-sid only
>>dictates what (intermediate) node traffic should be sent to - not what
>>link(s) are used to reach that node.
>[Pushpasis] This is not about which links to take. It is about wether
>transit routers should try to protect the node-segment to the this
>node-sid or not. I think this opens up a lot many number of possibilities
>on the ingress router and TE controller-based applications.
>>Adjacency-sids have a different semantic - they identify the link over
>>which traffic is to be forwarded. Identifying an adjacency-sid as
>>unprotected means traffic will NEVER flow over a different link. There
>>is no equivalent behavior w a node-sid - which is what this discussion
>>has been about.
>[Pushpasis] I am not trying to draw a parallel between this new flag and
>the ŒB¹ flag in Adj-Sid SubTlv. Like said before
>>   Les
>>-----Original Message-----
>>From: Pushpasis Sarkar []
>>Sent: Sunday, January 04, 2015 8:51 AM
>>To: Les Ginsberg (ginsberg); Shraddha Hegde; Peter Psenak (ppsenak);
>>Subject: Re: [OSPF] [Isis-wg] Mail regarding
>>Hi Les,
>>I think the requirement Shraddha is referring is about the choice of
>>exact node-sid to use while constructing the label-stack for a
>>explicit-LSP on the ingress router, which will be typically done after
>>running some CSPF on the SPRING topology. And not the IGP on ingress or
>>transit routers.
>>On 1/3/15, 3:10 AM, "Les Ginsberg (ginsberg)" <> wrote:
>>>Shraddha -
>>>IGPs today do NOT perform constraint based SPFs - so I don't know why
>>>you believe that the primary SPF will meet a set of constraints that
>>>an LFA calculation will not. In fact , it is the opposite which is
>>>true because implementations today do support preferences in choosing
>>>LFAs based on various configured policy - something which is NOT done
>>>for primary SPF.
>>>If you want a certain class of traffic to avoid a subset of the links
>>>in the topology then you need to have a way of identifying the links
>>>(NOT the node addresses) and a way of calculating a path which only
>>>uses the links which meet the constraints of that class of service.
>>>Identifying a particular prefix as protected or unprotected won't
>>>achieve that.
>>>   Les
>>>-----Original Message-----
>>>From: Shraddha Hegde []
>>>Sent: Friday, January 02, 2015 10:54 AM
>>>To: Les Ginsberg (ginsberg); Peter Psenak (ppsenak);
>>>Subject: RE: [Isis-wg] Mail regarding
>>>Hi Les/Peter,
>>>      When reconvergence happens, the primary path will be calculated
>>>based on all constriants.
>>>This is not true with the protection path.Protection path is
>>>calculated locally (LFA/RLFA)  and does not consider the
>>>characteristics of the services running on that path.
>>>It's easier for some services to pick the unprotected path when the
>>>nature of the service is that it can be restarted  when there is a
>>>-----Original Message-----
>>>From: Les Ginsberg (ginsberg) []
>>>Sent: Friday, January 02, 2015 10:06 PM
>>>To: Peter Psenak (ppsenak); Shraddha Hegde;
>>>Subject: RE: [Isis-wg] Mail regarding
>>>Peter -
>>>The requirement Shraddha specified was to not allow a particular class
>>>of service ("heavy bandwidth services" was the example provided) to
>>>use certain links in the topology. My point is that advertising a flag
>>>for a given prefix which says "do not calculate a repair path for this
>>>does not help achieve this. Once the network reconverges following the
>>>failure of one of the links on which "heavy bandwidth services" is
>>>allowed/preferred it is quite likely that the new best path will be
>>>over a link on which "heavy bandwidth services" is NOT
>>>allowed/preferred. This will happen whether you have the new flag or
>>>not - so the flag will have no lasting effect. It would only affect
>>>traffic flow during the brief period during which the network is
>>>I think you and I are actually in agreement - I am simply sending a
>>>stronger negative message - not only do I think the flag is not useful
>>>- I think it does not achieve the goal Shraddha has in mind.
>>>   Les
>>>-----Original Message-----
>>>From: Peter Psenak (ppsenak)
>>>Sent: Friday, January 02, 2015 12:18 AM
>>>To: Les Ginsberg (ginsberg); Shraddha Hegde;
>>>Subject: Re: [Isis-wg] Mail regarding
>>>Hi Les,
>>>I believe the idea is not to exclude any particular link, it's
>>>actually much simpler - do not calculate backup for the prefix if the
>>>flag is set.
>>>I'm still not quite sure how useful above is, but technically it is
>>>On 12/30/14 17:22 , Les Ginsberg (ginsberg) wrote:
>>>> Shraddha -
>>>> When performing a best path calculation whether a given link is in
>>>>the set of best paths (to be protectedED) or not (could be used as a
>>>>protectING path) is a function of the topology - not the link.  If
>>>>there is a topology change it is quite likely that a given link will
>>>>change from being a protectED link to being a protectING link (or
>>>>vice versa).
>>>>So what you propose regarding node-SIDs would not work.
>>>> In the use case you mention below if you don't want a certain class
>>>>of traffic to flow on a given link it requires a link attribute which
>>>>is persistent across topology changes. There are ways to do that -
>>>>using Adj-SIDs is one of them. But using node-SIDs in the way you
>>>>propose is NOT.
>>>>     Les
>>>> -----Original Message-----
>>>> From: OSPF [] On Behalf Of Shraddha
>>>> Hegde
>>>> Sent: Monday, December 29, 2014 10:12 PM
>>>> To: Peter Psenak (ppsenak);
>>>> Cc:;
>>>> Subject: Re: [OSPF] [Isis-wg] Mail regarding
>>>> draft-ietf-ospf-segment-routing-extensions
>>>> Peter,
>>>>> The requirement here is to get an un-protected path for services
>>>>>which do not want to divert the traffic on protected path in any case.
>>>>> can you give an example of such a service and a reasoning why such
>>>>>service would want to avoid local protection along the path?
>>>> Heavy bandwidth services are potential candidates.  The network is
>>>>well planned and well provisioned for primary path but same is not
>>>>true for backup paths.
>>>> Diverting heavy bandwidth services along protection path can disrupt
>>>>the other services on that path, they are better-off un-protected so
>>>>that an event in the network Would result in disconnection and a
>>>>retry for such services.
>>>> Rgds
>>>> Shraddha
>>>> -----Original Message-----
>>>> From: Peter Psenak []
>>>> Sent: Monday, December 29, 2014 4:35 PM
>>>> To: Shraddha Hegde;
>>>> Cc:;
>>>> Subject: Re: [Isis-wg] Mail regarding
>>>> draft-ietf-ospf-segment-routing-extensions
>>>> Shraddha,
>>>> On 12/29/14 10:06 , Shraddha Hegde wrote:
>>>>> Peter,
>>>>> The requirement here is to get an un-protected path for services
>>>>>which do not want to divert the traffic on protected path in any case.
>>>> can you give an example of such a service and a reasoning why such
>>>>service would want to avoid local protection along the path?
>>>> thanks,
>>>> Peter
>>>>> So when the originator of node-sid signals un-protected path
>>>>>requirement, there is always an unprotected path.
>>>>> Regarding the protected path, it is the default behavior as it
>>>>>exists today. You get protection if it's available otherwise you
>>>>>don't get protection.
>>>>> In fact, you can have the new flag to say "NP flag" meaning
>>>>>non-protected flag which can be set for the unprotected path.
>>>>> By default it remains off and gives the behavior as it exists today.
>>>>> Rgds
>>>>> Shraddha
>>>>> -----Original Message-----
>>>>> From: Peter Psenak []
>>>>> Sent: Monday, December 29, 2014 2:26 PM
>>>>> To: Shraddha Hegde;
>>>>> Cc:;
>>>>> Subject: Re: [Isis-wg] Mail regarding
>>>>> draft-ietf-ospf-segment-routing-extensions
>>>>> Shraddha,
>>>>> I do not see how an originator of the node-sid can mandate a
>>>>>protection for the prefix on other routers. What if there is no
>>>>>backup available on a certain node along the path?
>>>>> The parallel with the B-flag in adj-sids is not right - in case of
>>>>>adj-sid the originator has the knowledge about the local adjacency
>>>>>protection and as such can signal it it it's LSA.
>>>>> thanks,
>>>>> Peter
>>>>> On 12/29/14 09:47 , Shraddha Hegde wrote:
>>>>>> Peter,
>>>>>> Pls see inline.
>>>>>> Rgds
>>>>>> Shraddha
>>>>>> -----Original Message-----
>>>>>> From: Peter Psenak []
>>>>>> Sent: Monday, December 29, 2014 2:02 PM
>>>>>> To: Shraddha Hegde;
>>>>>> Cc:;
>>>>>> Subject: Re: [Isis-wg] Mail regarding
>>>>>> draft-ietf-ospf-segment-routing-extensions
>>>>>> Shraddha,
>>>>>> I do not see how an originator can set any flag regarding the
>>>>>>protection of the locally attached prefix.
>>>>>> <Shraddha> The originator advertises 2 node-sids. One with p flag
>>>>>>set and the other without the p-flag set.
>>>>>>     It's all the routers on the path towards such prefix that need
>>>>>>to deal with the protection.
>>>>>> <Shraddha> The receiving nodes will download protected path for
>>>>>>the node-sid with p-flag set and download Unprotected path for the
>>>>>>node-sid with p-flag unset.
>>>>>> Signaling anything from the originator seems useless.
>>>>>> <Shraddha>  For node-sids it's the others who need to build the
>>>>>>forwarding plane but it's only the originator who can signal which of
>>>>>>                            Sid need to be built with protection
>>>>>>and which not. Other routers on the path cannot signal this
>>>>>> With this you have two paths for the node. One is protected and
>>>>>>the other is unprotected. This meets the requirement of having an
>>>>>>un-protected path.
>>>>>> It's very much in parallel to B-flag in adj-sids. It is similar to
>>>>>>advertising multiple adj-sids one with B-flag on and other with
>>>>>>b-flag off , to get protected and unprotected Adj-sids.
>>>>>> thanks,
>>>>>> Peter
>>>>>> On 12/29/14 09:26 , Shraddha Hegde wrote:
>>>>>>> Yes.You are right.
>>>>>>> Lets say a prefix sid has a flag "p flag". If this is on it means
>>>>>>>build a path and provide protection.
>>>>>>> If this is off it means build a path with no protection.
>>>>>>> The receivers of the prefix-sid will build forwarding plane based
>>>>>>>on this flag.
>>>>>>> The applications building the paths will either use prefix-sids
>>>>>>>with p flag on or off based on the need of the service.
>>>>>>> Rgds
>>>>>>> Shraddha
>>>>>>> -----Original Message-----
>>>>>>> From: Peter Psenak []
>>>>>>> Sent: Monday, December 29, 2014 1:49 PM
>>>>>>> To: Shraddha Hegde;
>>>>>>> Cc:;
>>>>>>> Subject: Re: [Isis-wg] Mail regarding
>>>>>>> draft-ietf-ospf-segment-routing-extensions
>>>>>>> Shraddha,
>>>>>>> the problem is that the node that is advertising the node-sid can
>>>>>>>not advertise any data regarding the protection of such prefix,
>>>>>>>because the prefix is locally attached.
>>>>>>> thanks,
>>>>>>> Peter
>>>>>>> On 12/29/14 09:15 , Shraddha Hegde wrote:
>>>>>>>> Peter,
>>>>>>>> If there is a service which has to use un-protected path and
>>>>>>>>while  building such a path if the node-sids Need to be used (one
>>>>>>>>reason  could be label stack compression) , then there has to be
>>>>>>>>unprotected node-sid that this service can make use of.
>>>>>>>> Prefix -sids could also be used to represent different service
>>>>>>>>endpoints which makes it even more relevant to have A means of
>>>>>>>>representing  unprotected paths.
>>>>>>>> Would be good to hear from others on this, especially operators.
>>>>>>>> Rgds
>>>>>>>> Shraddha
>>>>>>>> -----Original Message-----
>>>>>>>> From: Peter Psenak []
>>>>>>>> Sent: Monday, December 29, 2014 1:35 PM
>>>>>>>> To: Shraddha Hegde;
>>>>>>>> Cc:;
>>>>>>>> Subject: Re: [Isis-wg] Mail regarding
>>>>>>>> draft-ietf-ospf-segment-routing-extensions
>>>>>>>> Shraddha,
>>>>>>>> node-SID is advertised by the router for the prefix that is
>>>>>>>>directly attached to it. Protection for such local prefix does
>>>>>>>>not mean much.
>>>>>>>> thanks,
>>>>>>>> Peter
>>>>>>>> On 12/24/14 11:57 , Shraddha Hegde wrote:
>>>>>>>>> Authors,
>>>>>>>>> We have a "backup flag" in adjacency sid to indicate whether
>>>>>>>>> the label is protected or not.
>>>>>>>>> Similarly. I think we need a flag in prefix-sid as well to
>>>>>>>>> indicate whether the node-sid is to be protected or not.
>>>>>>>>> Any thoughts on this?
>>>>>>>>> Rgds
>>>>>>>>> Shraddha
>>>>>>>>> _______________________________________________
>>>>>>>>> Isis-wg mailing list
>>>>>>>> .
>>>>>>> .
>>>>>> .
>>>>> .
>>>> _______________________________________________
>>>> OSPF mailing list
>>>> .
>>>OSPF mailing list