Re: [Rift] Ipv4 and ipv6 cooperating in rift

Antoni Przygienda <prz@juniper.net> Wed, 10 July 2019 15:05 UTC

Return-Path: <prz@juniper.net>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 639E0120355 for <rift@ietfa.amsl.com>; Wed, 10 Jul 2019 08:05:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAYJ3vIvia3n for <rift@ietfa.amsl.com>; Wed, 10 Jul 2019 08:05:02 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C241E1203BE for <rift@ietf.org>; Wed, 10 Jul 2019 08:05:01 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6AF508I030609; Wed, 10 Jul 2019 08:05:00 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=1oToY0VC9HEhYPUpz2CkZkxqYNBwraKVUaNwS9TpMuI=; b=MouC01wxZt7CMEHIgRmsQBXdp4hzzN7GyeUnR47uqOEzWJAnlGnUKLhUAQUCMls4O3k1 pdqF0KCTTJL+nkT+baCIG4QqI7WMe9KsMFovHMo5B3iWivCf+cm1XKy8WzvCY4WEOYZq kPOHCOSikH3/4YAqv2PfKIEJ7mVbswtrmcUmy2Inu9fjCh8NLF9Wr/whb+oDyJU7k53Y itFtQ3F1S25vxmcy0H0fE6Sgv445Kx30Uocmw7BXviTMVoIO6NrzLGMGZ28mcaTv07+X yiIVsam83/6Q7nTkaR/cOwB2jvhIk2y98TpebMg+vwNZJgl166RRVtP6viinZ+Mb4a7y hA==
Received: from nam03-co1-obe.outbound.protection.outlook.com (mail-co1nam03lp2051.outbound.protection.outlook.com [104.47.40.51]) by mx0b-00273201.pphosted.com with ESMTP id 2tng51r83b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 10 Jul 2019 08:04:59 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VE3GJxSFfRnaajHClhiQRzbUcJVOMHOR6b+kYXCuhLsLHAjhrkMHdKznE5WPNDdK4nMh0VpY0Gz2BOGvj1a/KMnstHC/nyZzeMuwpYJ3IIqfqsmzC7QdP7rCJXOhcHTsqOeOtrYR7453+Q5/lMsadbXcsWarTKyqMEPbkKD+cfKa/XQYc29AnnxgK0EUnutSvYvHaelBK48Q8L7pFTxprLvPDIKkXhLVf0RhtL1dJfrlFcHruJtXdbhf+veNOdLgWs5XJdX0t477GM4uhxPgVR2xvdOYNz7JhaG+H9nepJmkQAYXU0fZj1s/uTEBORYp8eukOiCcbeAuxBZVLZ80wQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1oToY0VC9HEhYPUpz2CkZkxqYNBwraKVUaNwS9TpMuI=; b=aanqx4FEftonOjuDn3jljV0doXF0Niiu3eVAz+I8l4C5s6Gsj6phvgEuP2HpBDjNJZuE0i4p0DX6AVpR0kQEQFmfTJOgGusv1vfVeAcrGxQphY13GxvmNyYgCBoyBtgbysONdQDXbOTWbZubxQqkBBgF3vsPMWSmNsDg6MZTbGq6UPSrU2hxzA+8JwDlzSySr3VgGJppuWDkjwzRSaOJ13zvqLiHuqNcg4Ori+smKpijGvkR06l3amrDeyIQgcjyncn+NjgxMH6/JoNT3TIvzL31Q21AcN1bY1TBY8wJ6gJHaNUUhm5YmHBgF+dMTRb4olJiDlkuolaBbEdt+Z2uxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=juniper.net;dmarc=pass action=none header.from=juniper.net;dkim=pass header.d=juniper.net;arc=none
Received: from MWHPR05MB3279.namprd05.prod.outlook.com (10.173.229.20) by MWHPR05MB2877.namprd05.prod.outlook.com (10.168.245.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.6; Wed, 10 Jul 2019 15:04:40 +0000
Received: from MWHPR05MB3279.namprd05.prod.outlook.com ([fe80::37:4711:1630:3ff0]) by MWHPR05MB3279.namprd05.prod.outlook.com ([fe80::37:4711:1630:3ff0%10]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 15:04:40 +0000
From: Antoni Przygienda <prz@juniper.net>
To: "xu.benchong@zte.com.cn" <xu.benchong@zte.com.cn>
CC: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>, "EXT-zhang.zheng@zte.com.cn" <zhang.zheng@zte.com.cn>, "rift@ietf.org" <rift@ietf.org>
Thread-Topic: Re:[Rift] Ipv4 and ipv6 cooperating in rift
Thread-Index: AQHVNlA8JouTnZSDOEiJbO/Xu4kdL6bCabZDgAEkTwCAAFAl8A==
Date: Wed, 10 Jul 2019 15:04:40 +0000
Message-ID: <MWHPR05MB3279B78E6D9AECB771D2497FACF00@MWHPR05MB3279.namprd05.prod.outlook.com>
References: 201907092008143097563@zte.com.cn, MWHPR05MB3279E72D3736A834BB036C9CACF10@MWHPR05MB3279.namprd05.prod.outlook.com, <201907101656125835263@zte.com.cn>
In-Reply-To: <201907101656125835263@zte.com.cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [108.228.12.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bc91a3c9-811c-4b76-ff87-08d70547ef16
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:MWHPR05MB2877;
x-ms-traffictypediagnostic: MWHPR05MB2877:
x-ld-processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
x-microsoft-antispam-prvs: <MWHPR05MB28772B13433C953A68F5DAE9ACF00@MWHPR05MB2877.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0094E3478A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(136003)(39860400002)(396003)(346002)(376002)(366004)(199004)(189003)(66066001)(53936002)(186003)(6916009)(105004)(7736002)(99286004)(2351001)(256004)(71190400001)(7696005)(6246003)(4326008)(25786009)(54906003)(14444005)(81156014)(8936002)(14454004)(19627405001)(102836004)(52536014)(316002)(86362001)(5660300002)(26005)(81166006)(8676002)(5640700003)(11346002)(54896002)(76116006)(6506007)(53546011)(2906002)(74316002)(2501003)(66446008)(66556008)(6436002)(9686003)(76176011)(3846002)(486006)(68736007)(71200400001)(55016002)(476003)(33656002)(446003)(229853002)(6116002)(478600001)(66476007)(64756008)(66946007); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR05MB2877; H:MWHPR05MB3279.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Jwt+75N8it6wOxdqlt638GUmSHSeTxg6Cbkhol4v7Wu2qmkcNfK9BsJli41lBpHVQmaz2XTGWt1+/TFSd19eASW1vvrYf5PBXUYxXVH25JHkohFdwo07j9HrPgNbIJYc2heeZqsTQjAQ3SfyDdvb7kSZ1GDWT2loyx9d3y+hIVeV9ewceAIpB4E27bpxSMlIsdQbhpJTwgbhyBZ5wo6DAeGvpPijrWHkoXjjGqPVgSs4DEQxjnxlHBeRGylKMawo08BV4uhib22sSYEqI+Zhu0vKMSJozm5uXod4EKlwjGk8ptdHBWs5Bpo9lbxzPWvJa5jYf779r6ET+IHGvXw1ml1h5jsokmpWdx1DyoL5JQyWaaZZEGMbs4kQ3fYcEB6eR/bf0cx2C/jmgCyGTNtiLLZZTpf9asQX/3cHVPuLKK4=
Content-Type: multipart/alternative; boundary="_000_MWHPR05MB3279B78E6D9AECB771D2497FACF00MWHPR05MB3279namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: bc91a3c9-811c-4b76-ff87-08d70547ef16
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 15:04:40.7253 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: prz@juniper.net
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB2877
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-10_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907100172
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/4ZCv7w2sFySV6iKtFw1JzOmAPKU>
Subject: Re: [Rift] Ipv4 and ipv6 cooperating in rift
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 15:05:11 -0000

Hey Benchong, that's an over-interpretation, the spec is looser than that but as far I saw sufficient. Section 5.2.2.

a) Specification does not prohibit RIFT from using _any_ valid IPv6 address on the interface to send IPv6 LIEs. The receiver is supposed to pick up that source address and use it as destination when sending LIEs over v6 and/or TIEs with the receving interface as gateway. Specification does NOT spell out what happens e.g. on mismatched IP subnets on both sides and so on, situation here is similar to ISIS and different scenarios such as unnumbered links and so on
b) If you want the "laziest" possible implementation then in fact yes, you can fall back on

"

   All RIFT routers MUST support IPv4 forwarding and MAY support IPv6
   forwarding.  A three way adjacency over IPv6 addresses implies
   support for IPv4 forwarding.

"

which makes v4ov6 forwarding inherent part of RIFT. That assumes however that receiving neighbor does support V6 (which the spec does NOT mandate) and nothing will happen if it doesn't. Therefore all RIFT implementation I saw so far send both v4 and v6 which allows the neighbor to only receive v4 and forward using v4 gateways if it doesn't support V6. In case both v4 and v6 AFs are established, it is up to the implementation which/how it resolves the gateways and there are many interesting advanced issues such as mixture of spines with v4 and v6 nexthops and how to form ECMP amongst them that the spec does obviously not address since it's all very implementation and silicon specific.

--- tony
________________________________
From: xu.benchong@zte.com.cn <xu.benchong@zte.com.cn>
Sent: Wednesday, July 10, 2019 1:56 AM
To: Antoni Przygienda
Cc: Jeffrey (Zhaohui) Zhang; EXT-zhang.zheng@zte.com.cn; rift@ietf.org
Subject: Re:[Rift] Ipv4 and ipv6 cooperating in rift



Tony, thank you for your reply

Can it be understood that after the ND is enabled, the v6 address needs to be used to build neighbor? In this case, the rift packet of the v4 header is not allowed to be sent and received, and both v4 and v6 routes have a v6 GW.



原始邮件
发件人:AntoniPrzygienda <prz@juniper.net>
收件人:徐本崇10065053;Jeffrey (Zhaohui)Zhang <zzhang@juniper.net>;张征00007940;rift@ietf.org <rift@ietf.org>rg>;
日 期 :2019年07月10日 00:09
主 题 :Re: [Rift] Ipv4 and ipv6 cooperating in rift
Hey Benchong, cc:'ing list, good questions obviously that pop out on implementation


  1.  sending LIE only with v4 will not give you a v6 address to send to (since the LIE source address gives the gateway for the AF, that's why we send LIE per AF) so you won't have a v6 GW address to send TIEs to ;-)

  2.  yes, every interface is independent. Observe that v6 support implies v4 as the spec says (since you can FW v4 without a v4 GW if you have a v6 gateway). However, if one side sends v6 only and the other side only v4 they'll never go 3-way since they won't  be able to receive. We just added a sentence to the spec saying that if you don't send an AF LIE you MUST NOT receive the same AF LIE since we found that loose end in Bruno's implementation when testing security envelopes.  It will be in -07


<t>All RIFT routers MUST support IPv4 forwarding and MAY support IPv6
    forwarding. A three way adjacency over IPv6 addresses implies support
    for IPv4 forwarding. A node that does not process received IPv6 LIEs
    MUST NOT originate IPv6 LIEs.
    </t>


  1.  IPv6/IPv4 prefix can be mixed in Prefix TIEs. Prefix TIEs do NOT care which interface/AF they are sent over.

  2.  how you build forwarding table and which gateways you use is implemenation dependent but yes, you got the flavor. though your assumption of "Ipv6 destination with ipv4 nexthop" is optimistic. every silicon does v4 so v6 can imply v4, implying v4 fwd'ing  allows v6 forwarding fails on good amount of silicon. But again, those are all implementation knobs, spec only says "v6 implies v4" which means "you better fwd. v4 over v6 nexthops if you see v6 LIEs only"

Observe that node TIEs are _not_ carrying the supported AFs on each interface since I think it would lead to undesirable attempts to deploy (some links can do v6) topologies which defeat the purpose of ZTP/simplicity of RIFT. v6 implies v4, if someone  wants to fwd' v6 over a fabric where certain links are v4 computations get really weird and operationally such a thing is probably a nightmare anyway. And getting v6 working is trivial, just flip on ND and you're in business (at least control plane wise ;-)

The spec is noit giving implementation advice, it just specifies behavior. In case of doubt looks @ Bruno';s open source. Bruno implemented the whole LIE without ever talking to me and it interop'ed day one without problems.

When you're ready with your implementation to interop, Bruno's code has nice framework you can plug in against open source & Juniper implementation easily

--- tony
________________________________
From: xu.benchong@zte.com.cn <xu.benchong@zte.com.cn>
Sent: Tuesday, July 9, 2019 5:08 AM
To: Antoni Przygienda; Jeffrey (Zhaohui) Zhang; EXT-zhang.zheng@zte.com.cn
Subject: [Rift] Ipv4 and ipv6 cooperating in rift

Hi

I have some questions about ipv4 and ipv6 cooperating in rift.

Ip head of the rift packet can be V4 or V6, and the prefix in TIE also suport V4 or v6.

Can it support the following situations:


1、A rift interface which send LIE with ipv4 head receiving LIE with IPv6 head;

A rift interface which send LIE with ipv6 head receiving LIE with IPv4 head;

Can they build 3-Way neighbor?


2、Some interfaces in a rift instance send ipv4 head packets, and others in the same instance send ipv6 head packets;


3、Ipv4 head TIE packet fill ipv6 prefix;

   Ipv6 head TIE packet fill ipv4 prefix;(RIFT-06 5.2.2: All RIFT routers MUST support IPv4 forwarding and MAY support IPv6

   forwarding.  A three way adjacency over IPv6 addresses implies

   support for IPv4 forwarding.)


4、In rib table of the rift:

   Ipv4 destination with ipv6 nexthop;

   Ipv6 destination with ipv4 nexthop;

   Ipv4 destination with both ipv4 nexthop and ipv6 nexthop;

   Ipv6 destination with both ipv4 nexthop and ipv6 nexthop;



5、The ip head type(v4 or v6) can be configured in rift interface or instance.


It will be better if there are clear instructions in rift protocol.


Thanks!

Benchong