Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec
Vishnu Pavan Beeram <vishnupavan@gmail.com> Mon, 13 January 2020 12:23 UTC
Return-Path: <vishnupavan@gmail.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 902E21200F6; Mon, 13 Jan 2020 04:23:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWgqwvyKh0Hf; Mon, 13 Jan 2020 04:23:07 -0800 (PST)
Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D458A1200F3; Mon, 13 Jan 2020 04:23:07 -0800 (PST)
Received: by mail-pg1-x531.google.com with SMTP id 6so4656510pgk.0; Mon, 13 Jan 2020 04:23:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z1QwNRtLY6fmEOFh7mfQ2xyMzzzqrN3L32EYgu7uRq0=; b=rRDFH6tWFzOeNOcC52EgXnSKyrql9JZzJap4G1/LpKRBdJeSqtbVMhSOZannfuWRr3 /AqtogonPClj5MRlEJLcHVN/lUI7CzhjH30mwXn5/8IElN1oBbCGmecMaiUnNT4NRvLS H2UsPx032RCk8PjvgDD1LgotQorG5fJxPFrCRtKLIV+hPgy88WKuhP4wifarOrtVx0OH IkIff914vHlujld1QmuMZeLPlHzTNyj/1JRTctmITbPZ05qmN4ro0Njkwfv1TsXcKXFK hV5wo7hqLRhtl1/dToi70rCQF10zfU2QopN1/QxVq24d/MOSVMQjISV6DCeCJ8TmJWzo dGBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z1QwNRtLY6fmEOFh7mfQ2xyMzzzqrN3L32EYgu7uRq0=; b=PqYiJv6GCZewBZfu7kiDTKApPjosovUMbDfuWBR6VFUjiM37/hrlDnV7Gtn9sLpM9G U0maD0dHbBtI91n/TpmdrChf25WLl2HvN3PnH+aEw92YivtpL8Mp8RwcMPIpjqzLKeuK csVWmDvyUEukrx52bpH82AFKyVlkqsF8ExImPcrc/jF/ZYmvSuvAJXiqzFW371oRcwWS P/xmQQ8jZhHRlGdJtS4KYkQ+KpWtShw1eOzM2q+jQDvY4OVNXb4dBloLkqZaQS78pIse 5WlCuWHzuX2FCGOmqjUJKMYiVUJ43d00UKwCgAAU4QYS3AN7PIl+HzFhnqM5k8V1aPPu 29Jg==
X-Gm-Message-State: APjAAAVCopMqLOPmwj5IgRH1COiOHpNUsjF3QhgLRsBf86glCgJV3J4e cy+6zNkq3Nqj9fCIySn0HcTTWJnSigGwOdcuk8GTJqKl
X-Google-Smtp-Source: APXvYqxeAHPxhfAfF0VcPZSshwjrPqMRR4EnLNrJF+lbeSa8/zXBWFa70JzByvjGTs00MJW+52j++sIcpjvrJ3T7fBY=
X-Received: by 2002:a63:fb05:: with SMTP id o5mr20729660pgh.355.1578918187288; Mon, 13 Jan 2020 04:23:07 -0800 (PST)
MIME-Version: 1.0
References: <002101d5c415$6e064680$4a12d380$@olddog.co.uk> <CA+YzgTtOoGr=hnvhfs_kg83KCNGK7NRhS=TMBSFAzEqWPFaPQQ@mail.gmail.com> <07c501d5c7d3$9d4f3b60$d7edb220$@olddog.co.uk>
In-Reply-To: <07c501d5c7d3$9d4f3b60$d7edb220$@olddog.co.uk>
From: Vishnu Pavan Beeram <vishnupavan@gmail.com>
Date: Mon, 13 Jan 2020 06:22:56 -0600
Message-ID: <CA+YzgTs4FaovVDb-qJoMtc-sOGKEXOOVHrvSm2Z533p2SK5QCA@mail.gmail.com>
To: Adrian Farrel <adrian@olddog.co.uk>
Cc: pce@ietf.org, draft-ietf-pce-pcep-flowspec@ietf.org
Content-Type: multipart/alternative; boundary="000000000000aecd46059c0489c8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/a3hAtQrkfqsl3a1eVA2Gg4OwFIQ>
Subject: Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2020 12:23:11 -0000
Adrian, Hi! Please see inline.. Regards, -Pavan On Fri, Jan 10, 2020 at 10:32 AM Adrian Farrel <adrian@olddog.co.uk> wrote: > Thanks Pavan, > > It’s good to have this documented clearly. > > > > Personally, I am amused/confused that **how** packets are intercepted for > classification (via a routing entry or via a data plane filter) is > important to the specification of this protocol. That is, the protocol says > “packets that match this flowspec MUST be placed on this LSP/path”. How an > implementation chooses to achieve that is, IMHO, not material to the > on-the-wire behaviour. That is, the packets will come in and will be placed > on the path, and the protocol instructions to achieve it do not need to > tell anyone how to achieve it. > > > > This is probably closest to your option 1. That is, an implementation may > choose to implement this however it wants. > > > > It would be wrong, also IMHO, to imply that an implementation must install > a data plane filter to handle PCEP flowspecs. That depends (of course) on > how you define a data plane filter. > Existing (network element) implementations have config knobs that distinguish between adding a filter rule to steer traffic onto the path of a tunnel and installing a resolver route (LPM based forwarding). And like with most TE-Tunnel/TE-Policy specific config knobs, there seems to be a strong desire to let the Controller push/control these knobs. That is where my options 2 and 3 come in. > > As to draft-ietf-pce-binding-label-sid, I fear I detect mission creep. > What was originally a simple association of a binding SID to a PCEP message > now also has an element of flowspec built in. I wonder whether that > document shouldn’t refer to draft-ietf-pce-flowspec if it wants to describe > what traffic to associate with a path. > I'm not sure about mission creep, but the association of a binding type to a path does (already) describe the type of traffic steered onto the path. It results in the installation of a keyed entry in the forwarding plane with the action of steering the packets matching this entry to the selected path of the policy. Given the precedent, adding a couple of new binding types for destination prefixes seems appropriate. > > Like you, I would like to hear more from the working group. > Yeah, looking forward to see some opinions come in on this. > > > Cheers, > > Adrian > > > > *From:* Vishnu Pavan Beeram <vishnupavan@gmail.com> > *Sent:* 10 January 2020 05:45 > *To:* Adrian Farrel <adrian@olddog.co.uk> > *Cc:* pce@ietf.org; draft-ietf-pce-pcep-flowspec@ietf.org > *Subject:* Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec > > > > Adrian, Hi! > > > > Much Thanks for starting this thread! There are multiple implementations > that support user-triggered installation/uninstallation of > destination-IPv4/IPv6 prefixes bound to a TE Path (installation of routes > subject to longest prefix match based forwarding) and it is important to > have this behavior covered in PCEP. > > > > I’m listing 3 options that were considered for addressing this item: > > 1. Add a new sub-section to Section 8 of > <draft-ietf-pce-pcep-flowspec> stating that an implementation receiving a > FLOWSPEC object that carries only destination IPv4/IPv6 TLVs may choose to > not install any data-plane filters and instead install routes that are > subject to longest prefix match (LPM) based forwarding. With this option, > the controller has no say in how the network element processes these > destination IPV4/IPv6 TLVs. > 2. Introduce a new flag in the FLOWSPEC object to explicitly indicate > that routes subject to LPM based forwarding MUST be installed. When this > flag is set, the FLOWSPEC object MUST carry only destination IPv4/IPv6 TLVs. > 3. Do not use the FLOWSPEC object at all for this; Use the > TE-PATH-BINDING TLV (introduced by draft-ietf-pce-binding-label-sid) > instead. This requires the addition of a couple of new Binding Types (BT) > to indicate destination-IPV4 and destination-IPv6 bindings. This also > requires us to add the ability to encode multiple Path Bindings (list) > in the same message and the ability to remove specific Path Bindings in a > given message. > > > > Based on some offline conversations with interested parties, there is a > strong need to have an explicit indication for this type of behavior (avoid > ambiguity with respect to filtering) -- so that makes Option 1 undesirable. > There is also a requirement to carry a mix of install and uninstall > destination prefixes associated with a path in the same message. The way > the FLOWSPEC object is currently defined (the R flag is specified per > FLOWSPEC object and not per TLV; parity with BGP), you would need one > object to carry the install prefixes and one more to carry the uninstall > prefixes. Given all this, there is some consensus among interested parties > to implement this behavior using the TE-PATH-BINDING TLV. Note that this > also means that draft-ietf-pce-pcep-flowspec can proceed as is. > > > > @WG -- Any thoughts? > > > > Regards, > > -Pavan > > > > On Sun, Jan 5, 2020 at 4:14 PM Adrian Farrel <adrian@olddog.co.uk> wrote: > > Hi WG, > > I received a couple of private emails about draft-ietf-pce-pcep-flowspec. > > Since they were private, I will try to be circumspect about who they were > from. > > The sender asked to have a flag attached to a flow specification that > indicates that it can be installed as a static route and thus not subject > to > a firewall rule so the longest prefix matching can be performed to > manipulate route resolution for an LSP. > > The request also said that traditionally flow-specifications result in > firewall rules and those rules operate on packets before longest prefix > match. We want to install static routes, the equivalent of installing a > prefix for an LSP and if we treat a flowspec as a static route we can mess > things up like rule ordering and so on. > > The sender suggested that there are currently some draft(s) regarding this > behavior for BGP flowspec as well, but was not able to point me at them. > > I asked for some clarifications and got back: > > "What BGP-FS does is install data-plane filters. We handle that by > installing RIB entries (that's what BGP carries) into a RIB. Those entries > are transformed into firewall filters. What I am asking for is not > currently supported by BGP-flowspec. > > "What I am asking for is an indication that a flow-specification NOT be > transformed into a data-plane filter. In other words, installed as a > normal > route where the route is subject to longest prefix match based forwarding. > If you consider how we had to implement the multicast support for PCEP > flowspec, it is quite similar. So, in my mind, the 'flag' is an indicator > to do LPM for a destination. Presence of the flag also means that no other > fields can be present in the flowspec, e.g. source address or dest/src L4 > ports, etc." > > In my view, it should not be too hard to add a flag to the PCEP flow > specification. > > But a couple of questions for the working group and my co-authors: > - Does anyone else have interest in this work? > - Can anyone else identify the related BGP work? > - Does anyone want to suggest text for this? > - Is this something we should leave as a future extension that can be > proposed if/when someone cares about it? > > I suspect that the default position is "do nothing" and ask Julien to move > the draft forward, so if you care please speak up. > > Thanks, > Adrian > > _______________________________________________ > Pce mailing list > Pce@ietf.org > https://www.ietf.org/mailman/listinfo/pce > >
- [Pce] A discussion point for draft-ietf-pce-pcep-… Adrian Farrel
- Re: [Pce] A discussion point for draft-ietf-pce-p… Vishnu Pavan Beeram
- Re: [Pce] A discussion point for draft-ietf-pce-p… Adrian Farrel
- Re: [Pce] A discussion point for draft-ietf-pce-p… Vishnu Pavan Beeram
- Re: [Pce] A discussion point for draft-ietf-pce-p… Adrian Farrel