Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec
"Adrian Farrel" <adrian@olddog.co.uk> Fri, 10 January 2020 16:33 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D4FF1209DB; Fri, 10 Jan 2020 08:33:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.586
X-Spam-Level:
X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjiTmBZ-IAtq; Fri, 10 Jan 2020 08:33:13 -0800 (PST)
Received: from mta7.iomartmail.com (mta7.iomartmail.com [62.128.193.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E9E91209CE; Fri, 10 Jan 2020 08:33:00 -0800 (PST)
Received: from vs3.iomartmail.com (vs3.iomartmail.com [10.12.10.124]) by mta7.iomartmail.com (8.14.4/8.14.4) with ESMTP id 00AGWwmv016124; Fri, 10 Jan 2020 16:32:58 GMT
Received: from vs3.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 48DEB2203A; Fri, 10 Jan 2020 16:32:58 +0000 (GMT)
Received: from asmtp2.iomartmail.com (unknown [10.12.10.249]) by vs3.iomartmail.com (Postfix) with ESMTPS id 3377622032; Fri, 10 Jan 2020 16:32:58 +0000 (GMT)
Received: from LAPTOPK7AS653V (089144208052.atnat0017.highway.a1.net [89.144.208.52]) (authenticated bits=0) by asmtp2.iomartmail.com (8.14.4/8.14.4) with ESMTP id 00AGWtsD028561 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 10 Jan 2020 16:32:56 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Vishnu Pavan Beeram' <vishnupavan@gmail.com>
Cc: pce@ietf.org, draft-ietf-pce-pcep-flowspec@ietf.org
References: <002101d5c415$6e064680$4a12d380$@olddog.co.uk> <CA+YzgTtOoGr=hnvhfs_kg83KCNGK7NRhS=TMBSFAzEqWPFaPQQ@mail.gmail.com>
In-Reply-To: <CA+YzgTtOoGr=hnvhfs_kg83KCNGK7NRhS=TMBSFAzEqWPFaPQQ@mail.gmail.com>
Date: Fri, 10 Jan 2020 16:32:55 -0000
Organization: Old Dog Consulting
Message-ID: <07c501d5c7d3$9d4f3b60$d7edb220$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_07C6_01D5C7D3.9D4F3B60"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJY0TFaFNXT/jcA8ggyNpSwKvBeoQD+i/k3ptYKWOA=
Content-Language: en-gb
X-Originating-IP: 89.144.208.52
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-25160.000
X-TM-AS-Result: No--17.844-10.0-31-10
X-imss-scan-details: No--17.844-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-25160.000
X-TMASE-Result: 10--17.843700-10.000000
X-TMASE-MatchedRID: 8HTFlOrbAtHxIbpQ8BhdbPVY7U3NX8JgmdndBk1gfyUgUEQTkIWiYq5F Is0KOiYR1Ds81CnrrZqvPAgCvd8b3Mbti5uHJhWfaDCzqDR7DPZaEfFgComdj5l8NETW6pKChYy Lm4ZGzrAMacvE6nqaqQ0KXEcctWDiwZjSXh6GjENLIfps09VJ21dEEmf6TRVBe1OjQ/WyxP6+5F Xa6NpZFMP6JzL63XJ9MXt1vAJFtORLkmJ/TrWyFeXSonB/2H+n+40IoIcVeCJ0rxNYA09+9meGL C9y2ysxpRTsHf1XRjuCdtCXWtHb0/kXSVjp4F0alVHM/F6YkvQ7GNv1BBu35BbozYDXkvVAC2pl MZg3Ot63hwfBkESOXwTewsadbQ+BL/tBTZzO5Q0JAo02KJh2MUjCi9tfhPjQMfASU90zrfBKpIq nO60UFu3hquIdvexs+col1/2+awUsO+kVEfVuQkCMurlkHtfbaPUJ2CQlYPIbgRSVO5fKg8OLWo D10UcckOt2Qii5Or18R1MEbzsBld3aQrftNh+szLo88rvlvYH3+mUqDWUKyFfy7lflgn0UMH1xx 17eFtQoitr6966ULmWtWR8YZtYCeTTsfSq5KdlM0MpnLn+G9PXuWpt5ue19qVMUMZkw+EKBq3pc jNMg+oh3vOK4dONPjVwOiEQlwVNEN0BS8uv90SjX0ag3hagY2LlbtF/6zpC7evdmt3903SMIN1X fvZowaFoY6W5MePuGZb2PgWYjg6upWT4MmSM6HOx1Vder/0tptPVF4L9RM6+WgCcaviqG8+cZJy dmGCneM08+zCv3/qWzJU31bw8B/lVmsZMIkb+eAiCmPx4NwGmRqNBHmBveGtkvK5L7RXGw7M6dy uYKg4VH0dq7wY7u6BetiFDnDZI9zmoVuy5+Ae/miyQPByfq/lVfe46NY6DlGpuOVYCZnA==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/llaQEuqQyWkrdJ1LT55blyP1teg>
Subject: Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 16:33:16 -0000
Thanks Pavan, It’s good to have this documented clearly. Personally, I am amused/confused that *how* packets are intercepted for classification (via a routing entry or via a data plane filter) is important to the specification of this protocol. That is, the protocol says “packets that match this flowspec MUST be placed on this LSP/path”. How an implementation chooses to achieve that is, IMHO, not material to the on-the-wire behaviour. That is, the packets will come in and will be placed on the path, and the protocol instructions to achieve it do not need to tell anyone how to achieve it. This is probably closest to your option 1. That is, an implementation may choose to implement this however it wants. It would be wrong, also IMHO, to imply that an implementation must install a data plane filter to handle PCEP flowspecs. That depends (of course) on how you define a data plane filter. As to draft-ietf-pce-binding-label-sid, I fear I detect mission creep. What was originally a simple association of a binding SID to a PCEP message now also has an element of flowspec built in. I wonder whether that document shouldn’t refer to draft-ietf-pce-flowspec if it wants to describe what traffic to associate with a path. Like you, I would like to hear more from the working group. Cheers, Adrian From: Vishnu Pavan Beeram <vishnupavan@gmail.com> Sent: 10 January 2020 05:45 To: Adrian Farrel <adrian@olddog.co.uk> Cc: pce@ietf.org; draft-ietf-pce-pcep-flowspec@ietf.org Subject: Re: [Pce] A discussion point for draft-ietf-pce-pcep-flowspec Adrian, Hi! Much Thanks for starting this thread! There are multiple implementations that support user-triggered installation/uninstallation of destination-IPv4/IPv6 prefixes bound to a TE Path (installation of routes subject to longest prefix match based forwarding) and it is important to have this behavior covered in PCEP. I’m listing 3 options that were considered for addressing this item: 1. Add a new sub-section to Section 8 of <draft-ietf-pce-pcep-flowspec> stating that an implementation receiving a FLOWSPEC object that carries only destination IPv4/IPv6 TLVs may choose to not install any data-plane filters and instead install routes that are subject to longest prefix match (LPM) based forwarding. With this option, the controller has no say in how the network element processes these destination IPV4/IPv6 TLVs. 2. Introduce a new flag in the FLOWSPEC object to explicitly indicate that routes subject to LPM based forwarding MUST be installed. When this flag is set, the FLOWSPEC object MUST carry only destination IPv4/IPv6 TLVs. 3. Do not use the FLOWSPEC object at all for this; Use the TE-PATH-BINDING TLV (introduced by draft-ietf-pce-binding-label-sid) instead. This requires the addition of a couple of new Binding Types (BT) to indicate destination-IPV4 and destination-IPv6 bindings. This also requires us to add the ability to encode multiple Path Bindings (list) in the same message and the ability to remove specific Path Bindings in a given message. Based on some offline conversations with interested parties, there is a strong need to have an explicit indication for this type of behavior (avoid ambiguity with respect to filtering) -- so that makes Option 1 undesirable. There is also a requirement to carry a mix of install and uninstall destination prefixes associated with a path in the same message. The way the FLOWSPEC object is currently defined (the R flag is specified per FLOWSPEC object and not per TLV; parity with BGP), you would need one object to carry the install prefixes and one more to carry the uninstall prefixes. Given all this, there is some consensus among interested parties to implement this behavior using the TE-PATH-BINDING TLV. Note that this also means that draft-ietf-pce-pcep-flowspec can proceed as is. @WG -- Any thoughts? Regards, -Pavan On Sun, Jan 5, 2020 at 4:14 PM Adrian Farrel <adrian@olddog.co.uk <mailto:adrian@olddog.co.uk> > wrote: Hi WG, I received a couple of private emails about draft-ietf-pce-pcep-flowspec. Since they were private, I will try to be circumspect about who they were from. The sender asked to have a flag attached to a flow specification that indicates that it can be installed as a static route and thus not subject to a firewall rule so the longest prefix matching can be performed to manipulate route resolution for an LSP. The request also said that traditionally flow-specifications result in firewall rules and those rules operate on packets before longest prefix match. We want to install static routes, the equivalent of installing a prefix for an LSP and if we treat a flowspec as a static route we can mess things up like rule ordering and so on. The sender suggested that there are currently some draft(s) regarding this behavior for BGP flowspec as well, but was not able to point me at them. I asked for some clarifications and got back: "What BGP-FS does is install data-plane filters. We handle that by installing RIB entries (that's what BGP carries) into a RIB. Those entries are transformed into firewall filters. What I am asking for is not currently supported by BGP-flowspec. "What I am asking for is an indication that a flow-specification NOT be transformed into a data-plane filter. In other words, installed as a normal route where the route is subject to longest prefix match based forwarding. If you consider how we had to implement the multicast support for PCEP flowspec, it is quite similar. So, in my mind, the 'flag' is an indicator to do LPM for a destination. Presence of the flag also means that no other fields can be present in the flowspec, e.g. source address or dest/src L4 ports, etc." In my view, it should not be too hard to add a flag to the PCEP flow specification. But a couple of questions for the working group and my co-authors: - Does anyone else have interest in this work? - Can anyone else identify the related BGP work? - Does anyone want to suggest text for this? - Is this something we should leave as a future extension that can be proposed if/when someone cares about it? I suspect that the default position is "do nothing" and ask Julien to move the draft forward, so if you care please speak up. Thanks, Adrian _______________________________________________ Pce mailing list Pce@ietf.org <mailto:Pce@ietf.org> https://www.ietf.org/mailman/listinfo/pce
- [Pce] A discussion point for draft-ietf-pce-pcep-… Adrian Farrel
- Re: [Pce] A discussion point for draft-ietf-pce-p… Vishnu Pavan Beeram
- Re: [Pce] A discussion point for draft-ietf-pce-p… Adrian Farrel
- Re: [Pce] A discussion point for draft-ietf-pce-p… Vishnu Pavan Beeram
- Re: [Pce] A discussion point for draft-ietf-pce-p… Adrian Farrel