IETF Logo Mail Archive

Re: [spring] Draft for Node protection of intermediate nodes in SR Paths

Alexander Vainshtein <Alexander.Vainshtein@ecitele.com> Sat, 23 November 2019 11:15 UTC

Return-Path: <Alexander.Vainshtein@ecitele.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC81120817; Sat, 23 Nov 2019 03:15:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.101
X-Spam-Level:
X-Spam-Status: No, score=-1.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, PDS_BTC_ID=0.499, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=ecitele.com header.b=NTgElqyT; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=eci365.onmicrosoft.com header.b=sIE1J0U+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdDyBx5w3Ik1; Sat, 23 Nov 2019 03:15:36 -0800 (PST)
Received: from mail1.bemta26.messagelabs.com (mail1.bemta26.messagelabs.com [85.158.142.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30B80120251; Sat, 23 Nov 2019 03:15:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ecitele.com; s=eciselector10072019; t=1574507732; i=@ecitele.com; bh=Z8i2Lgr1SUGyF9D/xedJqB3+W4WkHfs3Rb+mKnS4Cw4=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=NTgElqyTS6cU8teYhVcDG3opVUERcb587xMVy18gPpyj4hZOah6NLKrTaiCVc0G5S 6XQ+jav6NFSwO/Rq6zn4FyggnIaVD/nIX9Fx/fZvHscLArKEvPK8TamRB3Jsvoxout ROD93kGUewMMYW+V3Mew8A1X2AzbtAOVlgshdgLY=
Received: from [85.158.142.101] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-6.bemta.az-a.eu-central-1.aws.symcld.net id 22/E5-16685-3D419DD5; Sat, 23 Nov 2019 11:15:31 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpnl+JIrShJLcpLzFFi42IRetuzUfeSyM1 Ygw3XdS2aFjYxW3z+s43R4sKb38wWE5ZNZ7U4fuE3owOrx4llV1g9liz5yeSxe+MCpgDmKNbM vKT8igTWjMfdExkL9jYyVtxaHtfAuLagi5GLg1FgKbPEsz+vWSGcYywSy3e+YoZwNjNKnDg+i R3EYRFYyyxxfN9JIIeTQ0ign0miY28YSEJI4D6jxMttWxhBEmwCthKbVt9lA7FFBOIkWi/MB2 tgFiiSeDp7AliNsECQxNq/Z6FqgiU2rLnFAmE7SRx+9o4JxGYRUJX41nKGGcTmFYiVeL57NTP Esl1MErfetgI1cHBwAg1q+SIOUsMoICbx/dQaJohd4hK3nswHsyUEBCSW7DnPDGGLSrx8/I8V oj5J4v7ThYwQcUWJTyv2sULYshKX5nczgoyXEFCW2PIiFiLsK/HiyjOoci2JznsLocZLSSw8/ 4Udws6RaNyyjQXCVpM4O7Edaq2MxOFVs6F6j7BJrFqdDgnDZIkTcz6zTGDUn4Xk6llAm5kF8i RunEqaBfa8oMTJmU9YIEp0JBbs/sQGYWtLLFv4mhnGPnPgMROy+AJG9lWMFklFmekZJbmJmTm 6hgYGuoaGxroGumaWeolVuol6qaW6yal5JUWJQEm9xPJiveLK3OScFL281JJNjMD0llLI4LqD cfant3qHGCU5mJREeZ9tvB4rxJeUn1KZkVicEV9UmpNafIhRhoNDSYL3tPDNWCHBotT01Iq0z BxgqoVJS3DwKInw6gLTrRBvcUFibnFmOkTqFGMgx4SXcxcxc+w8Og9IHp6+AEi++7kYSH5ctQ RIfgeTm+cuXcQsxJKXn5cqJc7LBDJIAGRQRmke3BpY/rjEKCslzMvIwMAgxFOQWpSbWYIq/4p RnINRSZjXG2QKT2ZeCdw1r4AOZQI69MeiayCHliQipKQamDj+vmR5nsU2206h59qUs7ucjnTl 5XvIrFHhSLzU1COj3lim8vxww4P+Y37fzggFu4VO9NmjzvuibFe5j9/UCNXP3YycBYtDDimfX DMt1lHkGpuk7eFlXRPUjDw/hlW1vT7PflaaQ+Mr38SbvD6ablmXPdqC7nY31HUVXOjb4Hukxe /x8u7qF60p2r3HguKbVrb2ND2x+NC87cbWt1uuR6pumurToH7J6otj0J3YIzM6Y6p0b0UaB7y Ojmt0l1I/9fNgbuu0xT3HrpxVKak45aF1dwPPxs4+D61e3o0vHruGvnPqPflv67euoqZtSQF+ 183fMRvr/T4zmeNrPFPxhl2597p+8Z+dcfjNBtYPSizFGYmGWsxFxYkAK9ToapoEAAA=
X-Env-Sender: Alexander.Vainshtein@ecitele.com
X-Msg-Ref: server-12.tower-226.messagelabs.com!1574507727!610671!1
X-Originating-IP: [18.237.140.177]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.44.22; banners=ecitele.com,-,-
X-VirusChecked: Checked
Received: (qmail 10965 invoked from network); 23 Nov 2019 11:15:29 -0000
Received: from p01b.mail.dlp.protect.symantec.com (HELO mail.ds.dlp.protect.symantec.com) (18.237.140.177) by server-12.tower-226.messagelabs.com with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 23 Nov 2019 11:15:29 -0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MwIu7zTCYnuB/rOBbqwy01ZJHrxZG0famM6m2SCUbF9O2cTX2lWpcq0B5VN/AHg/133fLzJG9FOq+pk8h2dDaRwl1kCIl1F9kevij+AfJ6EsgszDoPV6+O4nusVCtZqVGED+4rtIGqSG+l48NhKqXUHiP6Bd5OYroJsWxVz9ZS8R0M9y2kT/AxU+jRB+uPLMmk/JVnFT661WZAv1MFGMos32GNGnvN+T4b+9LyNP0VdB16Z/6UmdWODP4rDrk9n/apg22xdcT8T0FPo4P40ZspEcKoMV5IDLfRAJ0jU+Yb4WjHXqhb6MZczqO/JyYRHXGpiBYci7Z9UO3D75/scrfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C1WOTXXomoleD4s4NVzkndLoAF3WfKZa8c0LcyjRLn8=; b=mQN5/CBbkqRMRbmrBDoJ+3VnF9KMYl+F8vsKYRX+Ax4RCWFgC2zOIZSRPt7zEhQ8nwxzG8LlBpTmF1KPnIvILpChQu+B+IWDSBoKsX/t5nqVZEqEQjH2KHNbLMB5/2Dfhy/MOU+nLmXPR4qZjsOKHi6y0mVRT34cSfB7dxTtwxeTqsI5JZMBsq8TMJoJM2A1hkMsGjevV352NoMARxL3cOhlvqbezyp8OjRHzW/RRFO8MjWvQrXWH65ypaa8NVqmgextARsCdv9++COhejG89f+OFEcP5g7rr/Y21MGqzgKgjxdZeBEKb/6T32DinO3A4ceErk4biwpnyfgkGsv+Gg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ecitele.com; dmarc=pass action=none header.from=ecitele.com; dkim=pass header.d=ecitele.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ECI365.onmicrosoft.com; s=selector2-ECI365-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C1WOTXXomoleD4s4NVzkndLoAF3WfKZa8c0LcyjRLn8=; b=sIE1J0U+sy9mgvp7eOs+OkiQWiK3w8WarB6zI1LVWH8jVY6yCpJ4fZV3G1lhsTNlqUnKCbmh5s2e/O391PCmhJAhUP5F0n0o+UDxUJfKPaVOpDjI2nLNShpwihk7hrIthUks/buNjf6OJgQiI+gyDFP4IIOCbF7ly2bUcdnX6UQ=
Received: from VI1PR03MB3839.eurprd03.prod.outlook.com (20.177.54.23) by VI1PR03MB4752.eurprd03.prod.outlook.com (20.177.49.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.21; Sat, 23 Nov 2019 11:15:24 +0000
Received: from VI1PR03MB3839.eurprd03.prod.outlook.com ([fe80::7121:a122:386d:fcd4]) by VI1PR03MB3839.eurprd03.prod.outlook.com ([fe80::7121:a122:386d:fcd4%5]) with mapi id 15.20.2474.022; Sat, 23 Nov 2019 11:15:24 +0000
From: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>
To: Robert Raszuk <robert@raszuk.net>, Shraddha Hegde <shraddha=40juniper.net@dmarc.ietf.org>
CC: "spring@ietf.org" <spring@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Subject: Re: [spring] Draft for Node protection of intermediate nodes in SR Paths
Thread-Topic: [spring] Draft for Node protection of intermediate nodes in SR Paths
Thread-Index: AQHVoRZrVSAXH6RCc0yN7BSQBwB5daeYdILlgAAdWICAAAdUGQ==
Date: Sat, 23 Nov 2019 11:15:23 +0000
Message-ID: <VI1PR03MB383986D0D2E66226BFDEDF839D480@VI1PR03MB3839.eurprd03.prod.outlook.com>
References: <BYAPR05MB394365C9E4719913BEC0809CD5490@BYAPR05MB3943.namprd05.prod.outlook.com> <CAOj+MMFOueodpR-06AN47aND6_9WJAwPaXMTaP-0nzd0HCVzKA@mail.gmail.com> <AM0PR03MB382893DAFDE830D24EE7FAD49D480@AM0PR03MB3828.eurprd03.prod.outlook.com>, <CAOj+MMFzrMBTbQbRXrnN0HTNm=uH+HF_LGggVZ3WUtAzGQSNgQ@mail.gmail.com>
In-Reply-To: <CAOj+MMFzrMBTbQbRXrnN0HTNm=uH+HF_LGggVZ3WUtAzGQSNgQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [79.176.80.188]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: c48172e9-d6de-4e36-8420-08d770066faa
x-ms-traffictypediagnostic: VI1PR03MB4752:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <VI1PR03MB47520213069FC8D620BFF62B9D480@VI1PR03MB4752.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3968;
x-forefront-prvs: 0230B09AC4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(136003)(39850400004)(366004)(396003)(199004)(189003)(54094003)(14454004)(2906002)(517774005)(86362001)(6436002)(45080400002)(440504004)(25786009)(6246003)(74316002)(66556008)(6116002)(64756008)(66946007)(966005)(478600001)(91956017)(76116006)(7736002)(11346002)(4326008)(52536014)(446003)(66446008)(3846002)(186003)(66476007)(81156014)(81166006)(606006)(229853002)(8676002)(8936002)(7696005)(76176011)(33656002)(99286004)(26005)(256004)(14444005)(66066001)(102836004)(316002)(54906003)(55016002)(54896002)(6306002)(110136005)(236005)(71200400001)(561944003)(9686003)(71190400001)(53546011)(66574012)(6506007)(5660300002)(5070765005); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR03MB4752; H:VI1PR03MB3839.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ecitele.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR03MB383986D0D2E66226BFDEDF839D480VI1PR03MB3839eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ecitele.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c48172e9-d6de-4e36-8420-08d770066faa
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2019 11:15:23.9396 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2c514a61-08de-4519-b4c0-921fef62c42a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: T+HVLd8+phdctjt1JrptiStybEQwLluEWt9y9JTRb3Qmzlcm354uPUAeFoiNAYleDsJWSplAbp3JGL1zYOiKOQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB4752
X-CFilter-Loop: Reflected
X-DetectorID-Processed: d8d3a2b3-1594-4c39-92fb-b8312fe65a8a
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/1B3c31aDYbOWIww74i1FPmDg87g>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Nov 2019 11:15:38 -0000

Robert,
Lots of thanks for a prompt response.

I respectfully disagree with your statement that BFD implementation  is usually offloaded to the HW of the ingress line card.  I do not think this can wor for MH BFD sessions because the ingress and egress line cards are not known in advance and change with the routing changes
A good  multi-hop BFD implementation should be ready to overcome this. There are many ways to achieve that. A naive implementation that runs in SW of the control card is also possible of course. And they would sensd and receive packets

My 2c.
Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: Robert Raszuk <robert@raszuk.net>
Sent: Saturday, November 23, 2019, 12:37
To: Alexander Vainshtein; Shraddha Hegde
Cc: spring@ietf.org; rtgwg@ietf.org; rtg-bfd@ietf.org
Subject: Re: [spring] Draft for Node protection of intermediate nodes in SR Paths

Hi Sasha,

On the surface your suggestion may look cool - but if you zoom in - I do not think it will work in practice.

See - one of the biggest value of BFD is its offload to line card's hardware. And in most cases it is ingress line card to the box. So if you instruct such hardware to respond to SID address loopback you still did not gain much in terms of detection router's fabric failures, remote LC failure or control plane issues which could soon result in box failure. The catalogue of router failures is of course much more colorful.

If you ask BFD to be responded by RP/RE it no longer has the BFD advantage.

IMHO the best way to detect node failure is actually to send the probes *across* the node under test to its peers.

The way I would think of establishing such m-hop sessions would be fully automated with one knob per IGP adj. ex: "bfd detect-node-failure [max N]" where local BFD subsystem would create N sessions to IGP peers of the node we are to protect. LSDB has those peers so no new protocol extension is needed, perhaps even no new IETF draft is required :). N would be the limit of such sessions in case the node under protection has say 10s of peers. Default could be perhaps even 1.

Thx,
Robert.


On Sat, Nov 23, 2019 at 10:00 AM Alexander Vainshtein <Alexander.Vainshtein@ecitele.com<mailto:Alexander.Vainshtein@ecitele.com>> wrote:
Shraddha, Robert and all,
Regarding Robert's question:
I wonder if multi-hop IP BFD session with addresses used as /32 (or /128) prefixes serving as Nose SIDs of R8 and R7 respectively could be used as such a trigger by R7? Such a session would not respond to link failures, and I find it problematic to imagine a scenario when it would be kept UP in the case of a real node failure.

Of course such a session would have to be slow enough not to react to link failures. But it still couks be much faster than IGP conversion IMHO.

My 2c,
Sasha

Such


Get Outlook for Android<https://clicktime.symantec.com/3CfVQPtBYBAPbHUSngEVNQD6H2?u=https%3A%2F%2Faka.ms%2Fghei36>

________________________________
From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> on behalf of Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Sent: Friday, November 22, 2019, 11:22
To: Shraddha Hegde
Cc: spring@ietf.org<mailto:spring@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: Re: [spring] Draft for Node protection of intermediate nodes in SR Paths

Hi Shraddha,

I have one question to the document.

As you know the critical element for the effective protection of any scheme is the failure detection. On that your draft seems to have just one little paragraph:


   Note that R7 activates the node-protecting backup path when it
   detects that the link to R8 has failed.  R7 does not know that node
   R8 has actually failed.  However, the node-protecting backup path is
   computed assuming that the failure of the link to R8 implies that R8
   has failed.

Well IMO this is not enough. Specifically there can be a lot of types of node failure when link is still up. Moreover there can be even running BFD across the link just fine when say fabric failure occurs at R8.

While this is not solely issue with this draft, it is our common IETF failure to provide correct means of detecting end to end path or fragments of path failures (I am specifically not calling them segment here :).

For example I propose that to effectively detect R8 failure as node failure which is the topic of your proposal a mechanism is clearly defined and includes bi-dir data plane probes send between R7-R9, R3-R7, R4-R7, R4-R9, R3-R9

Many thx,
Robert.


On Fri, Nov 22, 2019 at 4:38 AM Shraddha Hegde <shraddha=40juniper.net@dmarc.ietf..org<mailto:40juniper.net@dmarc.ietf.org>> wrote:
WG,

This is the draft I pointed out that talks about solutions for providing node-protection.
It covers Anycast case as well as keeping forwarding plane longer.
https://tools.ietf.org/html/draft-hegde-spring-node-protection-for-sr-te-paths-05<https://clicktime.symantec.com/375SW6TBGPi2mN7V9YeVWGg6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-hegde-spring-node-protection-for-sr-te-paths-05>

Review and comments solicited.

Rgds
Shraddha

_______________________________________________
rtgwg mailing list
rtgwg@ietf.org<mailto:rtgwg@ietf.org>
https://www.ietf.org/mailman/listinfo/rtgwg<https://clicktime.symantec.com/35M9j5zHTaSYRwVh5RP6xcB6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Frtgwg>


___________________________________________________________________________

This e-mail message is intended for the recipient only and contains information which is 
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this 
transmission in error, please inform us by e-mail, phone or fax, and then delete the original 
and all copies thereof.
___________________________________________________________________________

v2.23.0 | Report a Bug | By Email