IETF Logo Mail Archive

Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec

Vishnu Pavan Beeram <vishnupavan@gmail.com> Fri, 10 January 2020 05:44 UTC

Return-Path: <vishnupavan@gmail.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF11120169; Thu, 9 Jan 2020 21:44:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UliP12kPElYf; Thu, 9 Jan 2020 21:44:53 -0800 (PST)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90ACC1200B3; Thu, 9 Jan 2020 21:44:53 -0800 (PST)
Received: by mail-pf1-x42e.google.com with SMTP id w62so574556pfw.8; Thu, 09 Jan 2020 21:44:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T6Q94kiyCznIGSWYoczO4di3YhIPpZWEeHJqUBdYg1o=; b=phe+Q2wA4csn281coxCZvp3Rkc/yS3mTW0PvRFkj1ok6/xIB0vDoaEpK2pYIkUh52l DKM1JIOqegQHxf+Ti09pFQtLkB7qEQBRyc3+OhJOyYg1uM3VjJO5YvUduNhcpIBFo+9J u2XDFjPSfewhjP/TPDAEUmoO7vCwNvc7bBjb1pGtL9xdsghOugXzkP/bNyFCKOihZXrE RQcMNZsqhn2I9JRgp/Z/Pd6+z7dOP32cPbdUzfRwbLMdRQrFOi4KmR+juuhBBXp+WgC9 FDCLe6XCh0+wWixa/UpluONCHMjy0P9I7Hksmi/CEXtJByMH3Zrfy3MdP041Lb9RSNd6 LZeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T6Q94kiyCznIGSWYoczO4di3YhIPpZWEeHJqUBdYg1o=; b=WnzrKcDu378n7/5vQAqqDJeFZqLHXPL1WotWq8IP84dC7uRuQdOPw/OuqCISLvbPQd Rm34ih9OXYaH0XbyGwhFx9/Fj0eXimirtOc6aF9Fpi3e1RUVoqtpYECMXLmkooJUvV9m +GLsA2Eq9ro3esyVgblwQZAC1puGICMu98LGq21pTw7YL8FWCACs9cv4FZhHdXFuN4tG nV69q0fy4E+TNcdG0YK6YGZirTavY7TkqTgvkZDf/zrDRlTs2Dg8xdkRNIF9p4edxJlI mOPDwJDdf/wqf7EF7U6xDofRc1kGBSKZ/BQLvKKPm+K/8L9SK6urJwxxKqZOFrEdkB9O LHpw==
X-Gm-Message-State: APjAAAXvjnUErDQfFd88eiHV++S37G/x9UB2nTTvsU+CNAAv4HaqE3PB DXksZV8t5LvMb4qBRHPsTT0o8ffEzgMp9YFx71F2xWY6jM0=
X-Google-Smtp-Source: APXvYqzghTdYKAiRVkbgTi4QZ3BBgH+aXKoeXe0/f1TKu+UZ5TM7QQPmU3vVtDRaTg2733c1fli1MJNG1sHfnr5Skao=
X-Received: by 2002:aa7:9296:: with SMTP id j22mr1951382pfa.201.1578635093014; Thu, 09 Jan 2020 21:44:53 -0800 (PST)
MIME-Version: 1.0
References: <002101d5c415$6e064680$4a12d380$@olddog.co.uk>
In-Reply-To: <002101d5c415$6e064680$4a12d380$@olddog.co.uk>
From: Vishnu Pavan Beeram <vishnupavan@gmail.com>
Date: Thu, 09 Jan 2020 23:44:41 -0600
Message-ID: <CA+YzgTtOoGr=hnvhfs_kg83KCNGK7NRhS=TMBSFAzEqWPFaPQQ@mail.gmail.com>
To: Adrian Farrel <adrian@olddog.co.uk>
Cc: pce@ietf.org, draft-ietf-pce-pcep-flowspec@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f2fe9c059bc29f82"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/ZG-gR1BSSauzdqUyrEXRyYcN_eo>
Subject: Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 05:44:56 -0000

Adrian, Hi!



Much Thanks for starting this thread! There are multiple implementations
that support user-triggered installation/uninstallation of
destination-IPv4/IPv6 prefixes bound to a TE Path (installation of routes
subject to longest prefix match based forwarding) and it is important to
have this behavior covered in PCEP.



I’m listing 3 options that were considered for addressing this item:

   1. Add a new sub-section to Section 8 of <draft-ietf-pce-pcep-flowspec>
   stating that an implementation receiving a FLOWSPEC object that carries
   only destination IPv4/IPv6 TLVs may choose to not install any data-plane
   filters and instead install routes that are subject to longest prefix match
   (LPM) based forwarding. With this option, the controller has no say in how
   the network element processes these destination IPV4/IPv6 TLVs.
   2. Introduce a new flag in the FLOWSPEC object to explicitly indicate
   that routes subject to LPM based forwarding MUST be installed. When this
   flag is set, the FLOWSPEC object MUST carry only destination IPv4/IPv6 TLVs.
   3. Do not use the FLOWSPEC object at all for this; Use the
   TE-PATH-BINDING TLV (introduced by draft-ietf-pce-binding-label-sid)
   instead. This requires the addition of a couple of new Binding Types (BT)
   to indicate destination-IPV4 and destination-IPv6 bindings. This also
   requires us to add the ability to encode multiple Path Bindings (list)
   in the same message and the ability to remove specific Path Bindings in a
   given message.



Based on some offline conversations with interested parties, there is a
strong need to have an explicit indication for this type of behavior (avoid
ambiguity with respect to filtering) -- so that makes Option 1 undesirable.
There is also a requirement to carry a mix of install and uninstall
destination prefixes associated with a path in the same message. The way
the FLOWSPEC object is currently defined (the R flag is specified per
FLOWSPEC object and not per TLV; parity with BGP), you would need one
object to carry the install prefixes and one more to carry the uninstall
prefixes. Given all this, there is some consensus among interested parties
to implement this behavior using the TE-PATH-BINDING TLV. Note that this
also means that draft-ietf-pce-pcep-flowspec can proceed as is.



@WG -- Any thoughts?



Regards,

-Pavan

On Sun, Jan 5, 2020 at 4:14 PM Adrian Farrel <adrian@olddog.co.uk> wrote:

> Hi WG,
>
> I received a couple of private emails about draft-ietf-pce-pcep-flowspec.
>
> Since they were private, I will try to be circumspect about who they were
> from.
>
> The sender asked to have a flag attached to a flow specification that
> indicates that it can be installed as a static route and thus not subject
> to
> a firewall rule so the longest prefix matching can be performed to
> manipulate route resolution for an LSP.
>
> The request also said that traditionally flow-specifications result in
> firewall rules and those rules operate on packets before longest prefix
> match. We want to install static routes, the equivalent of installing a
> prefix for an LSP and if we treat a flowspec as a static route we can mess
> things up like rule ordering and so on.
>
> The sender suggested that there are currently some draft(s) regarding this
> behavior for BGP flowspec as well, but was not able to point me at them.
>
> I asked for some clarifications and got back:
>
> "What BGP-FS does is install data-plane filters.  We handle that by
> installing RIB entries (that's what BGP carries) into a RIB. Those entries
> are transformed into firewall filters.  What I am asking for is not
> currently supported by BGP-flowspec.
>
> "What I am asking for is an indication that a flow-specification NOT be
> transformed into a data-plane filter.  In other words, installed as a
> normal
> route where the route is subject to longest prefix match based forwarding.
> If you consider how we had to implement the multicast support for PCEP
> flowspec, it is quite similar.  So, in my mind, the 'flag' is an indicator
> to do LPM for a destination.  Presence of the flag also means that no other
> fields can be present in the flowspec, e.g. source address or dest/src L4
> ports, etc."
>
> In my view, it should not be too hard to add a flag to the PCEP flow
> specification.
>
> But a couple of questions for the working group and my co-authors:
> - Does anyone else have interest in this work?
> - Can anyone else identify the related BGP work?
> - Does anyone want to suggest text for this?
> - Is this something we should leave as a future extension that can be
> proposed if/when someone cares about it?
>
> I suspect that the default position is "do nothing" and ask Julien to move
> the draft forward, so if you care please speak up.
>
> Thanks,
> Adrian
>
> _______________________________________________
> Pce mailing list
> Pce@ietf.org
> https://www.ietf.org/mailman/listinfo/pce
>

v2.23.0 | Report a Bug | By Email