IETF Logo Mail Archive

Re: [Pppext] [rbridge] TRILL, IS-IS, and System ID

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Wed, 01 June 2011 18:24 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: pppext@ietfa.amsl.com
Delivered-To: pppext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A776130025; Wed, 1 Jun 2011 11:24:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.266
X-Spam-Level:
X-Spam-Status: No, score=-9.266 tagged_above=-999 required=5 tests=[AWL=1.333, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7av1eyU4dstS; Wed, 1 Jun 2011 11:24:21 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by ietfa.amsl.com (Postfix) with ESMTP id 64A8513004B; Wed, 1 Jun 2011 11:23:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=ginsberg@cisco.com; l=10995; q=dns/txt; s=iport; t=1306952637; x=1308162237; h=mime-version:subject:date:message-id:in-reply-to: references:from:to:cc; bh=pjXD1g8SAPNXWpxDVdTvo1oNvt+54vXiK4Cpv61LDd8=; b=Xtj5sqp6wCgTrKGUUIR23m87l5Hg8PWSmnzXNNjsjE9rh2V3VlmFRGtS j9cwZlrd8ndy7D7OHgv9+LdJt6urcdwP1ZHmtVomVph/LDndzxi8vrL47 29udcTA0WMd3uWIF6oBgIFrpSLfT68k+MHl8A3xj9cw3TEOjp187syMLS Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhIBAPmC5k2rRDoI/2dsb2JhbABTl1eOVnepRZ1IhiAEhmWOPIQjhlw
X-IronPort-AV: E=Sophos;i="4.65,304,1304294400"; d="scan'208";a="328019178"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by sj-iport-3.cisco.com with ESMTP; 01 Jun 2011 18:23:57 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p51INomw011097; Wed, 1 Jun 2011 18:23:56 GMT
Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 1 Jun 2011 11:23:56 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CC2089.111AA182"
Date: Wed, 01 Jun 2011 11:23:54 -0700
Message-ID: <AE36820147909644AD2A7CA014B1FB520E6E80F6@xmb-sjc-222.amer.cisco.com>
In-Reply-To: <4DE670BD.9010508@gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rbridge] [Pppext] TRILL, IS-IS, and System ID
Thread-Index: AcwgfczwVIZCYA9ARuCfQxZuQsYOAQACuMRA
References: <4DE51FC3.2070301@workingcode.com><BANLkTikrJ217TLvKz61mCBcacgQUs317MA@mail.gmail.com><4DE63C68.9070102@gmail.com> <4DE6528B.7070501@workingcode.com><4DE659C1.2050306@cisco.com> <4DE65FD8.1090702@workingcode.com> <AE36820147909644AD2A7CA014B1FB520E6E7FE1@xmb-sjc-222.amer.cisco.com> <4DE670BD.9010508@gmail.com>
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: William Allen Simpson <william.allen.simpson@gmail.com>
X-OriginalArrivalTime: 01 Jun 2011 18:23:56.0241 (UTC) FILETIME=[11754C10:01CC2089]
Cc: PPP Extensions <pppext@ietf.org>, rbridge@postel.org, isis mailing list <isis-wg@ietf.org>, "Stewart Bryant (stbryant)" <stbryant@cisco.com>
Subject: Re: [Pppext] [rbridge] TRILL, IS-IS, and System ID
X-BeenThere: pppext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PPP Extensions <pppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pppext>, <mailto:pppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pppext>
List-Post: <mailto:pppext@ietf.org>
List-Help: <mailto:pppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pppext>, <mailto:pppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2011 18:24:22 -0000

William -

I am attaching Mike Shand's post of 4/26 to the isis-wg. Perhaps you
never saw this if you are not a WG member.

   Les


> -----Original Message-----
> From: William Allen Simpson [mailto:william.allen.simpson@gmail.com]
> Sent: Wednesday, June 01, 2011 10:03 AM
> To: Les Ginsberg (ginsberg)
> Cc: James Carlson; Stewart Bryant (stbryant); PPP Extensions; Donald
> Eastlake; rbridge@postel.org
> Subject: Re: [rbridge] [Pppext] TRILL, IS-IS, and System ID
> 
> On 6/1/11 12:32 PM, Les Ginsberg (ginsberg) wrote:
> > (Please include isis-wg on this thread.)
> >
> No.  It bounces, and ends up in my spam folder.  There's some kind of
> moderator for non-members.
> 
> 
> > I have a BIG PROBLEM with references to
> >
> >    [8] W. Simpson, "Generation of Unique IS-IS System Identifiers,"
> >         (draft-simpson-isis-ppp-unique), work in progress, March
2011
> >
> > This has been publicly reviewed and noted (and I think quite
> correctly
> > so) as being seriously flawed. So even a passing suggestion that
this
> > might be a reasonable alternative for someone seems at best very
> > premature.
> >
> This is *NOT* true!  You have been aware of the draft for months, and
> had every opportunity to review.  The only comments you've sent me are
> neither textual nor protocol relevant.  Your comments were:
> 
> 
> On 4/25/11 1:39 PM, Les Ginsberg (ginsberg) wrote:
> # Is there a reason why the author is averse to bringing the draft to
> the
> # WG?
> #
> # Is there a reason why the WG chairs/ADs are not "encouraging" the
> author
> # to bring the draft to the WG?
> 
> 
> On 4/25/11 4:31 PM, Les Ginsberg (ginsberg) wrote:
> # I am not aware that you EVER sent this to IS-IS WG for comments. I
am
> # aware that it was discussed on the TRILL list and the TRILL folks -
> # quite correctly - said this had nothing to do w TRILL. I don't
follow
> # the PPP WG - but I could easily imagine that they would have said
the
> # same thing. As you propose a change in behavior for IS-IS
> # implementations which is visible on the wire:
> #
> # <snip>
> # After detecting a conflicting System Identifier in a neighbor, or
> #     receiving 3 or more IS-IS Hellos and failing to resolve
> participation
> #     in an area within 10 seconds, an implementation conforming with
> this
> #     specification MUST generate a replacement System Identifier
using
> one
> #     of the techniques specified above.
> # <end snip>
> #
> # it seems a bit obvious that the IS-IS WG would be an appropriate
> place
> # to pursue the work.
> #
> # As to the need for speed in publishing this, I would point out that
> the
> # IS-IS protocol has been successfully deployed for 20 years and this
> # issue has not been a show stopper. That is not to say that your
> proposal
> # may not have merit - but any suggestion that this is a precondition
> for
> # publishing other IS-IS related drafts is flawed in my opinion.
> #
> # I encourage you to submit the draft to the IS-IS WG.
> #
> Five (5) months ago, that might have been helpful, but the work has
> been
> completed and ready for publication for some time.  There is no need
to
> "pursue the work" in ISIS, since that implies there is more work.  I'm
> not interested in unpaid make-work projects.
> 
> There is no need to "submit" to ISIS.  There are no oaths of fealty
> involved.  I've included (and acknowledged) all the useful comments
> received from ISIS WG members.
--- Begin Message --- 
I have some comments on this draft.

    If a duplicated MAC is used as a System Identifier within an IS-IS
    area, this leads to the condition colloquially called "LSR War".
    Currently, IS-IS has no method to detect or resolve such conflicts.

It is something of an exaggeration to say that IS-IS has NO method to
detect this situation. It will result in the affected systems persistently
increasing the sequence numbers of their LSPs, in an attempt to assert
their own LSPs over the duplicates. Most implementations will detect this
condition and raise appropriate system warning messages. Admittedly,
the consequences, while this persists, are quite serious.

    After detecting a conflicting System Identifier in a neighbor, or
    receiving 3 or more IS-IS Hellos and failing to resolve participation
    in an area within 10 seconds, an implementation conforming with this
    specification MUST generate a replacement System Identifier using one
    of the techniques specified above.

I don't understand this paragraph. It talks about detecting the conflicting
system IDs in the neighbor using ISHs. But the problem arises across an entire
flooding domain (a single level 1 area or the level 2 domain). It is possible,
and indeed probable that the offending system IDs are not adjacent, but will
still cause the same level of disruption.

I also don't understand what is meant by "failing to resolve participation in
an area within 10 seconds". Surely this doesn't mean a simple mismatch of area
address, or any other reason for failing to bring up an L1 adjacency. I'm guessing
the author means receiving a hello with the same system ID as itself? But this can
occur benignly when a system has multiple interfaces onto the same LAN ( either
deliberately or by some bridging misconfiguration), and it is indeed hearing its own
hellos.

So this seems to make no sense at all, and clearly wouldn't work.

For it to work, it would have to be based on receiving an LSP which somehow indicated
the conflict. But receiving your own LSPs (with your own system ID) is a normal
occurrence, especially when rejoining a domain after a crash etc. So a means needs to
be provided to distinguish the common benign case, from a genuine  doppelganger.

Other that using some other "more unique" id to distinguish really different
system (which just punts the problem), it seems that some variant of the
normal detection method (i.e. detecting a persitent sequence number increment), is
the only viable alternative. Yet this draft says nothing about such a mechanism.

Whatever method were chosen, it would have to be proof against false positives, since
accidentally invoking a changed system ID would seem to make the cure worse than the disease.

Indeed, there seems to be a danger that bringing up a new system with an incorrectly
assigned system ID (the usual case is accidentally joining a test network to
the production network) would cause the existing (and previously stable) system to change
its ID.

Note that gratuitously changing a system ID can affect things other that the
operation of IS-IS itself. For example the system ID is often used as the
key in the hash function for preventing polarisation in hop by hop forwarding ECMP
paths, so changing the system ID is likely to affect traffic patterns adversely.


This whole thing needs to be MUCH, more carefully thought out, if indeed a solution
is to be attempted.

	Mike





On 25/04/2011 18:25, Stewart Bryant wrote:
> ISIS WG
>
> It seems likely that draft-simpson-isis-ppp-unique-00 will
> be submitted as an experimental submission on the
> independent stream.
>
> Please look out for it.
>
> If you have any views on this document please make them known.
>
> - Stewart
> _______________________________________________
> Isis-wg mailing list
> Isis-wg@ietf.org
> https://www.ietf.org/mailman/listinfo/isis-wg
>
_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www.ietf.org/mailman/listinfo/isis-wg
--- End Message ---

v2.23.0 | Report a Bug | By Email