Re: [Rift] Ipv4 and ipv6 cooperating in rift

Bruno Rijsman <brunorijsman@gmail.com> Fri, 12 July 2019 13:39 UTC

Return-Path: <brunorijsman@gmail.com>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 015521200CD for <rift@ietfa.amsl.com>; Fri, 12 Jul 2019 06:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptLcG7oI5C8f for <rift@ietfa.amsl.com>; Fri, 12 Jul 2019 06:39:55 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99498120026 for <rift@ietf.org>; Fri, 12 Jul 2019 06:39:54 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id v15so9250581eds.9 for <rift@ietf.org>; Fri, 12 Jul 2019 06:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=JaLtHFmIGxmE28TSl5sCsVvBmdK4ZgM6kJy6Gl7nnbQ=; b=s5pRYPjO78enZ+6VqBOd/nHhLptbTdJnaOvv0dJcdafZnAyu9SiCxAGlEuPc6+XfXe iNDAkcJEoS3j5FvChlJ+4nza7yARqCqCm4Fv4oVmwvYGiYXdiEV+LwTmjhkT1PFEbXVN /sxlHP+FUIeeQRMPNzdPTkhQzHoc1O2menbVF0mtDNjrXXhsdKgw3Sq9iOOC6Tv9B2zm iwHt3ifKf+4MzEw961wA0xfO/422pVJhtv6iIy8Xr8ZM77T/ViSEyuiLVv3+giQ5/ocr Xc0hn6BKgxSRTh///kM553S7b8LdSC+IsVIvxsRi7qwUd8+ivyaADpP2o6MW0C/5fz2T If9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=JaLtHFmIGxmE28TSl5sCsVvBmdK4ZgM6kJy6Gl7nnbQ=; b=tigGYqTzU5HXN8nrl25fz4D/AAPtEbHA6gICjB0+IVXhIIqdsaj2sffAeExqp0NSJv oK3IgdqTniZ+U20l6zTTH6fundZOiJnGaNSAoPXZYtGUr0IsX/qf9bdvb7//fJOnBjGs uHIIRa5PnTPYYKn1z6sgK7p/OPtb7x0DIQitJQkcM137wQ3zu16NVA67/SdPjBWKwwzb Dfwy1xPPykSymEzHLx6SbyCqTsJnHSPDZ0GnOFmJCLXApsjukEzmtyquv8TajLtzy+eA QCKfJ9nxghaT28PBFGfDOLv5XQs6B408geBEvLAdfgR1Er1tMJCZ9BjKkCWkbBeiyLWz IKRg==
X-Gm-Message-State: APjAAAW8CtfHkr6TVLizy5iIoJ6Cu/pBTVzDPTzhYngvG4d3gp62vFE6 0Ng9hZYbo6MtUz4CGxAZ/Mw=
X-Google-Smtp-Source: APXvYqztK/JuzdR1gjcLx/i5pehdJ2JlmGtmk9Kbx6c/i1/my2qgOt1rVip/RTJpHPK7PUcBRqMLEQ==
X-Received: by 2002:a17:906:2b47:: with SMTP id b7mr8190776ejg.117.1562938792885; Fri, 12 Jul 2019 06:39:52 -0700 (PDT)
Received: from [192.168.1.19] (35-5-201-31.ftth.glasoperator.nl. [31.201.5.35]) by smtp.gmail.com with ESMTPSA id x11sm1848067eju.26.2019.07.12.06.39.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jul 2019 06:39:52 -0700 (PDT)
From: Bruno Rijsman <brunorijsman@gmail.com>
Message-Id: <A3E1D157-A1C8-4A7B-B80C-5AA2EBEB038B@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9E6FD321-4084-4951-9BC4-75A07794C672"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Fri, 12 Jul 2019 15:39:48 +0200
In-Reply-To: <201907111733344496218@zte.com.cn>
Cc: Antoni Przygienda <prz@juniper.net>, rift@ietf.org
To: xu.benchong@zte.com.cn
References: <201907111139404022772@zte.com.cn, MWHPR05MB327920CEE377FDB606FD3D35ACF30@MWHPR05MB3279.namprd05.prod.outlook.com> <201907111733344496218@zte.com.cn>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/LETuZGU6purFh3aej7qgTvDJWBg>
Subject: Re: [Rift] Ipv4 and ipv6 cooperating in rift
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 13:39:59 -0000

Hello Benchong,

Thank you!

RE> Is it possible to generate a valid v6 rib table as long as v4 address of the inteface is valid? 

My code needs an IPv6 address on the interface (which is allowed to be a link-local address) to install routes with an IPv6 destination prefix into the IPv6 RIB, because those routes currently need an IPv6 next-hop in my implementation.

And my code needs an IPv4 address on the interface to install routes with IPv4 prefixes into the IPv4 RIB, because those routes currently need an IPv4 next-hop in my implementation.

My code currently does not support installing routes with an IPv4 destination prefix into the IPv4 RIB with an IPv6 next-hop or vice versa, even on some hardware platforms that is technically feasible, albeit not very common. 

On some platforms you can install an IPv4 route with an IPv6 next-hop and the platform will resolve the IPv6 next-hop to an Ethernet MAC address which is then used to install the IPv4 route into the hardware (again - my code currently does not support this).

My code does support flooding IPv4 prefixes in a TIE packet which is carried in an IPv6 packet.  And vice versa, it also supports flooding IPv6 prefixes in aTIE packet which is carried in an IPv4 packet.

My code will always send both IPv4 and IPv6 LIEs on all adjacencies. Note that there is only one instance of the LIE finite state machine, not two (this is tricky corner of the protocol).

But for TIE flooding my code will send TIE/TIDE/TIRE packets either IPv4 or IPv6 on any given adjacency, depending on which LIEs it has seen from the neighbor. If it has seen both IPv4 and IPv6 LIEs from the neighbor, it will prefer IPv4.

RE> Can it support ipv4 and ipv6 double stack?

Yes, RIFT-Python can run on a dual-stack system that runs both IPv4 and IPv6. It can also run on an IPv4-only system as well as on an IPv6-only system.

As mentioned above, LIE packets will always be sent using IPv4 *and* IPv6, whereas flooding (TIDE/TIRE/TIE packets) will be sent *either* using IPv4 *or* IPv6, but either way the TIE packets will cary *both* IPv4 *and* IPv6 prefixes.

— Bruno


> On Jul 11, 2019, at 11:33 AM, xu.benchong@zte.com.cn wrote:
> 
> Hi, Bruno
> 
> I read part of your RIFT code, thank you for your great job!
> 
> When sending LIE messages, as long as there is a v4 address, v4 will be used first, so we will get v4 next hop.
> 
> ----------
> 
> 
>     def action_start_flooding(self):
> 
> 	……
> 
>        # For sending flooding packets, use whatever IPv4 or IPv6 address we see first for the
> 
>         # neighbor, preferring the IPv4 address if we know both.
> 
>         if self.neighbor.ipv4_address is not None:
> 
>             self.rx_info("Start IPv4 flooding: send to address %s port %d",
> 
>                          self.neighbor.ipv4_address, tx_flood_port)
> 
>             self._flood_tx_ipv4_socket = self.create_socket_ipv4_tx_ucast(
> 
>                 remote_address=self.neighbor.ipv4_address,
> 
>                 port=tx_flood_port)
> 
>         else:
> 
>             assert self.neighbor.ipv6_address is not None
> 
>             scoped_ipv6_address = self.neighbor.ipv6_address
> 
>             if "%" not in self.neighbor.ipv6_address:
> 
>                 scoped_ipv6_address += "%" + self.physical_interface_name
> 
>             self.rx_info("Start IPv6 flooding: send to address %s port %d",
> 
>                          scoped_ipv6_address, tx_flood_port)
> 
>             self._flood_tx_ipv6_socket = self.create_socket_ipv6_tx_ucast(
> 
>                 remote_address=scoped_ipv6_address,
> 
>                 port=tx_flood_port)
> 
> SPF calculation will calculate the nexthop of v4 and v6 at the same time.
> 
> -----------------
> 
>     def set_spf_predecessor(self, destination, nbr_tie_element, predecessor_system_id,
> 
>                             spf_direction):
> 
>         destination.add_predecessor(predecessor_system_id)
> 
>         if (nbr_tie_element is not None) and (predecessor_system_id == self.system_id):
> 
>             for link_id_pair in nbr_tie_element.link_ids:
> 
>                 nhop = self.interface_id_to_ipv4_next_hop(link_id_pair.local_id)
> 
>                 if nhop:
> 
>                     destination.add_ipv4_next_hop(nhop)
> 
>                 nhop = self.interface_id_to_ipv6_next_hop(link_id_pair.local_id)
> 
>                 if nhop:
> 
>                     destination.add_ipv6_next_hop(nhop)
> 
>         else:
> 
>             dest_table = self._spf_destinations[spf_direction]
> 
>             destination.inherit_next_hops(dest_table[predecessor_system_id])
> 
> The RIB table only selects the same AF nexthop
> 
> --------------
> 
>     def spf_install_routes_in_rib(self, spf_direction):
> 
>         ……
> 
>                 prefix = dest_key
> 
>                 if prefix.ipv4prefix is not None:
> 
>                     next_hops = dest.ipv4_next_hops
> 
>                     route_table = self._ipv4_rib
> 
>                 else:
> 
>                     assert prefix.ipv6prefix is not None
> 
>                     next_hops = dest.ipv6_next_hops
> 
>                     route_table = self._ipv6_rib
> 
>                 if next_hops:
> 
>                     rte = route.Route(prefix, owner, next_hops)
> 
>                     route_table.put_route(rte)
> 
> Is it possible to generate a valid v6 rib table as long as v4 address of the inteface is valid? Can it support ipv4 and ipv6 double stack?
> 
> Thanks!
> 
> Benchong
> 
> 
> 
> 原始邮件
> 发件人:AntoniPrzygienda <prz@juniper.net>
> 收件人:徐本崇10065053;
> 抄送人:Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>;张征00007940;rift@ietf.org <rift@ietf.org>rg>;
> 日 期 :2019年07月11日 11:52
> 主 题 :Re: Re:[Rift] Ipv4 and ipv6 cooperating in rift
> Benchong, what you seem to talk about is originating packets and it's the source that decides whether it sends v4 or v6 and the IP fabric with RIFT just forwards the packet, it cannot change in the middle the IP address family in which the packet is carried  obviously so there is no decision to be made which IP AF is used, only which GW needs to be installed on the route nexthop. But yes, an implementaton can choose to forward v4 packets using the MAC address of a v6 gateway, a highly desirable behavior since  with that, the fabric can be completely global address free without any config (just ND) and do v4 fine.  
> 
> yes, an implementation may choose to prefer v4 GW for v4 packets and v6 GW for v6 packets but normally it's the same MAC unless the deployment is very strange @ which point knobs to control that may be necessary, something which is implementation specific. 
> 
> So RIFT just floods the TIEs on any AF with prefixes of all AFs, the computation computes the route with directly attached next-hop which has to resolve to MAC in any AF really and then packet can be forwarded ... 
> 
> implement it and play with it, we have @ least 2 implementations already that work fine doing that ... 
> 
> Yes, the closest analogy is v4 in BGP with v6 nexthops if you really want to think that way but RIFT is much simpler since the nhop is always directly connected and we don't talk about anything like v4ov6 or v6ov4 tunneling and so on ... 
> 
> makes sense? 
> 
> --- tony 
> 
> 
> From: xu.benchong@zte.com.cn <xu.benchong@zte.com.cn>
> Sent: Wednesday, July 10, 2019 8:39 PM
> To: Antoni Przygienda
> Cc: Jeffrey (Zhaohui) Zhang; EXT-zhang.zheng@zte.com.cn; rift@ietf.org
> Subject: Re:[Rift] Ipv4 and ipv6 cooperating in rift  
> Hi tony
> 
> Thanks for your explanation, and I have already understood your opinion on v4v6 forwarding.
> 
> The difference between RIFT and other routing protocols is the consistency of packets AF and routes AF. Isis is in L2 encapsulation that solves different address families through multiple topologies. Ospf and rip are strictly distinguished in v4v6. Rift  is actually closer to BGP.
> 
> When the interface has both v4 and v6 addresses (or ND enabled), the protocol uses v4 or v6 or v4v6 address encapsulation. It will be better if protocol gave the recommended behavior. Otherwise, different people will give different solutions, which will  cause protocol conformance problem. 
> 
> The options we can choose are:
> 
> a) ND enable v6 first:
> 
> If v6 address valid AND ND enable:
> 
>      V6 packet
> 
> Else if v4 address valid:
> 
>      V4 packet
> 
> b) v4 first
> 
> If v4 address valid:
> 
>      V4 packet
> 
> Else if v6 address valid(AND ND enable):
> 
>      V6 packet
> 
> c) coexistence of v4v6
> 
> If v4 address valid:
> 
>      V4 packet
> 
> If v6 address valid(AND ND enable):
> 
>      V6 packet
> 
> Confused on both the sending and receiving sides.
> 
> c) will further have a GW selection problem, preferring to choose the nexthop of the same address family with the prefix, or v4 first.
> 
> I'd like the protocol recommends a default behavior and may provides a control method in yang.
> 
> Thanks!
> 
> Benchong
> 
> 
> 
> 原始邮件
> 发件人:AntoniPrzygienda <prz@juniper.net>
> 收件人:徐本崇10065053;
> 抄送人:Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>;张征00007940;rift@ietf.org  <rift@ietf.org>rg>;
> 日 期 :2019年07月10日 23:12
> 主 题 :Re: Re:[Rift] Ipv4 and ipv6 cooperating in rift
> Hey Benchong, that's an over-interpretation, the spec is looser than that but as far I saw sufficient. Section 5.2.2. 
> 
> a) Specification does not prohibit RIFT from using _any_ valid IPv6 address on the interface to send IPv6 LIEs. The receiver is supposed to pick up that source address and use it as destination when sending LIEs over v6 and/or TIEs with the receving interface   as gateway. Specification does NOT spell out what happens e.g. on mismatched IP subnets on both sides and so on, situation here is similar to ISIS and different scenarios such as unnumbered links and so on
> b) If you want the "laziest" possible implementation then in fact yes, you can fall back on 
> 
> "
>    All RIFT routers MUST support IPv4 forwarding and MAY support IPv6    forwarding.  A three way adjacency over IPv6 addresses implies    support for IPv4 forwarding.
> "
> 
> which makes v4ov6 forwarding inherent part of RIFT. That assumes however that receiving neighbor does support V6 (which the spec does NOT mandate) and nothing will happen if it doesn't. Therefore all RIFT implementation I saw so far send both v4 and v6 which   allows the neighbor to only receive v4 and forward using v4 gateways if it doesn't support V6. In case both v4 and v6 AFs are established, it is up to the implementation which/how it resolves the gateways and there are many interesting advanced issues such   as mixture of spines with v4 and v6 nexthops and how to form ECMP amongst them that the spec does obviously not address since it's all very implementation and silicon specific. 
> 
> --- tony 
> From: xu.benchong@zte.com.cn <xu.benchong@zte.com.cn>
> Sent: Wednesday, July 10, 2019 1:56 AM
> To: Antoni Przygienda
> Cc: Jeffrey (Zhaohui) Zhang; EXT-zhang.zheng@zte.com.cn; rift@ietf.org
> Subject: Re:[Rift] Ipv4 and ipv6 cooperating in rift  
> 
> 
> Tony, thank you for your reply
> 
> Can it be understood that after the ND is enabled, the v6 address needs to be used to build neighbor? In this case, the rift packet of the v4 header is not allowed to be sent and received, and both v4 and v6 routes have a v6 GW.
> 
> 
> 
> 
> 
> 原始邮件
> 发件人:AntoniPrzygienda <prz@juniper.net>
> 收件人:徐本崇10065053;Jeffrey (Zhaohui)Zhang <zzhang@juniper.net>;张征00007940;rift@ietf.org   <rift@ietf.org>rg>;
> 日 期 :2019年07月10日 00:09
> 主 题 :Re: [Rift] Ipv4 and ipv6 cooperating in rift
> Hey Benchong, cc:'ing list, good questions obviously that pop out on implementation   
> 
> sending LIE only with v4 will not give you a v6 address to send to (since the LIE source address gives the gateway for the AF, that's why we send LIE per AF) so you won't have a v6 GW address to send TIEs to ;-)
> 
> yes, every interface is independent. Observe that v6 support implies v4 as the spec says (since you can FW v4 without a v4 GW if you have a v6 gateway). However, if one side sends v6 only and the other side only v4 they'll never go 3-way since they won't    be able to receive. We just added a sentence to the spec saying that if you don't send an AF LIE you MUST NOT receive the same AF LIE since we found that loose end in Bruno's implementation when testing security envelopes.  It will be in -07
> 
> 
> <t>All RIFT routers MUST support IPv4 forwarding and MAY support IPv6
>     forwarding. A three way adjacency over IPv6 addresses implies support
>     for IPv4 forwarding. A node that does not process received IPv6 LIEs
>     MUST NOT originate IPv6 LIEs.
>     </t>
> 
> IPv6/IPv4 prefix can be mixed in Prefix TIEs. Prefix TIEs do NOT care which interface/AF they are sent over. 
> 
> how you build forwarding table and which gateways you use is implemenation dependent but yes, you got the flavor. though your assumption of "Ipv6 destination with ipv4 nexthop" is optimistic. every silicon does v4 so v6 can imply v4, implying v4 fwd'ing    allows v6 forwarding fails on good amount of silicon. But again, those are all implementation knobs, spec only says "v6 implies v4" which means "you better fwd. v4 over v6 nexthops if you see v6 LIEs only"
> 
> Observe that node TIEs are _not_ carrying the supported AFs on each interface since I think it would lead to undesirable attempts to deploy (some links can do v6) topologies which defeat the purpose of ZTP/simplicity of RIFT. v6 implies v4, if someone    wants to fwd' v6 over a fabric where certain links are v4 computations get really weird and operationally such a thing is probably a nightmare anyway. And getting v6 working is trivial, just flip on ND and you're in business (at least control plane wise  ;-)
> 
> The spec is noit giving implementation advice, it just specifies behavior. In case of doubt looks @ Bruno';s open source. Bruno implemented the whole LIE without ever talking to me and it interop'ed day one without problems. 
> 
> When you're ready with your implementation to interop, Bruno's code has nice framework you can plug in against open source & Juniper implementation easily 
> 
> --- tony 
> From: xu.benchong@zte.com.cn <xu.benchong@zte.com.cn>
> Sent: Tuesday, July 9, 2019 5:08 AM
> To: Antoni Przygienda; Jeffrey (Zhaohui) Zhang; EXT-zhang.zheng@zte.com.cn
> Subject: [Rift] Ipv4 and ipv6 cooperating in rift  
> Hi
> I have some questions about ipv4 and ipv6 cooperating in rift.
> Ip head of the rift packet can be V4 or V6, and the prefix in TIE also suport V4 or v6. 
> Can it support the following situations:
> 
> 1、A rift interface which send LIE with ipv4 head receiving LIE with IPv6 head;
> A rift interface which send LIE with ipv6 head receiving LIE with IPv4 head;
> Can they build 3-Way neighbor?
> 
> 2、Some interfaces in a rift instance send ipv4 head packets, and others in the same instance send ipv6 head packets;
> 
> 3、Ipv4 head TIE packet fill ipv6 prefix;
>    Ipv6 head TIE packet fill ipv4 prefix;(RIFT-06 5.2.2: All RIFT routers MUST support IPv4 forwarding and MAY support IPv6
>    forwarding.  A three way adjacency over IPv6 addresses implies
>    support for IPv4 forwarding.)
> 
> 4、In rib table of the rift:
>    Ipv4 destination with ipv6 nexthop;
>    Ipv6 destination with ipv4 nexthop; 
>    Ipv4 destination with both ipv4 nexthop and ipv6 nexthop;
>    Ipv6 destination with both ipv4 nexthop and ipv6 nexthop;
>    
> 5、The ip head type(v4 or v6) can be configured in rift interface or instance.
> 
> It will be better if there are clear instructions in rift protocol.
> 
> Thanks!
> Benchong
> 
> 
> 
> 
> 
> 
> 
>