Re: [EXTERNAL] Re: Can a BFD session change its source port to facilitate auto recovery

Jeff Tantsura <jefftant.ietf@gmail.com> Fri, 24 March 2023 08:48 UTC

Return-Path: <jefftant.ietf@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B550FC151544 for <rtg-bfd@ietfa.amsl.com>; Fri, 24 Mar 2023 01:48:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.205
X-Spam-Level:
X-Spam-Status: No, score=-1.205 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8e-twtF-O7U for <rtg-bfd@ietfa.amsl.com>; Fri, 24 Mar 2023 01:48:51 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70DC4C14CE55 for <rtg-bfd@ietf.org>; Fri, 24 Mar 2023 01:48:51 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id eg48so4808311edb.13 for <rtg-bfd@ietf.org>; Fri, 24 Mar 2023 01:48:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679647730; x=1682239730; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=MKTMCjq/5MMhg4Sprw0jE+FQOtSrJrRR6IEdY8tiOEQ=; b=hpjQqPR4QAexAsckU2HS31xB2SaSXVM+RpMUAQxo8yir/BgWGKbfn3HfqNBe1QDNL9 G2BWHAkcdyTFc/ZAayISHLM7bKXNdlc9dvVUsWjkC4zAc3hD6qQlu1DEnsFoOqg2PjAx 2md4YSoxRYEegYTQHbwwyyLTfjgatzpDAENZDJw5DaK6AbNuQ3ue9loaN7njB885Vae5 9lZNI8XfUXM32WZx1xliwMelBwPaSzXmmizT30i2werO7fCeXKnjlac4L3jBTO/NdD2S gbICSt/Q7YMYzdg5tokerySxWMW5qnR2/w+A9Z70ZDdN3Ds5ffyPC/byh6bSGerucQ4A l/nA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679647730; x=1682239730; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MKTMCjq/5MMhg4Sprw0jE+FQOtSrJrRR6IEdY8tiOEQ=; b=eozopE9XneVKo3DdozZROO7e/08EaHDAGp7et2AjLKv/qL0QSHeuJAEl2Of5rjSsTj 060TXSX1Lz0gtOTI0CALs04iJaGo48CTPYv992dNMx3TyKIsnK75pabbFo5PA0lXlROv Z5QC7YofmTdptQ+FxeLie21Z6mcK9IaH4ssqVhytVUWvnRhu8i1p45qUnD3XGugIxWm9 b2QrU1OCUP6/aKEud2HOFnM7ji8SIEbzhF8yTLkMohx1fkb+84nzrx9tzRKK/3wjBifx 52lEfWlkv9L1827RlblBWiOyY2a/zV7gJ4fDF8gao3Yd/+RRo1cFthl6voR+HPIXv1pK 4gdA==
X-Gm-Message-State: AO0yUKV7G3mprv6D3y6en0UJm/aQ7tMSnnQj8J57Mav8lyubjIKi78N9 iAzeojyzFea6HC8ozd8/ed4=
X-Google-Smtp-Source: AK7set/gsANgEPAxQN+MnD/a74vAiMkt5LrarrK+ORp+Nko1MQorpuiMGrVS/J2yWf49VoeenVyMGg==
X-Received: by 2002:a17:906:9b8f:b0:8af:22b4:99d2 with SMTP id dd15-20020a1709069b8f00b008af22b499d2mr10531266ejc.5.1679647729696; Fri, 24 Mar 2023 01:48:49 -0700 (PDT)
Received: from smtpclient.apple (93-172-172-90.bb.netvision.net.il. [93.172.172.90]) by smtp.gmail.com with ESMTPSA id r29-20020a50d69d000000b004c2158e87e6sm10205586edi.97.2023.03.24.01.48.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 24 Mar 2023 01:48:49 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-9F8EEBFD-CF95-40ED-8F09-87BB0C19AA1B"
Content-Transfer-Encoding: 7bit
From: Jeff Tantsura <jefftant.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Subject: Re: [EXTERNAL] Re: Can a BFD session change its source port to facilitate auto recovery
Date: Fri, 24 Mar 2023 11:48:38 +0300
Message-Id: <35A7640A-D0B9-4CBF-98EF-18256EBEE3EC@gmail.com>
References: <202303241426070747451@zte.com.cn>
Cc: absrivas@gmail.com, Alexander.Vainshtein@rbbn.com, rtg-bfd@ietf.org
In-Reply-To: <202303241426070747451@zte.com.cn>
To: xiao.min2@zte.com.cn
X-Mailer: iPhone Mail (20D67)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/mGKYHWLHLIu5-WCTf9GNPSU25-M>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2023 08:48:53 -0000

That’s not going to fly, number of ECMP paths in today’s networks could be anywhere between 2 and 500+, how many of these would you exercise, how would you know that you have covered all of them?
The role of MH BFD is to verify reachability between 2 non directly connected IP end-points, not to monitor every path available.
As a viable solution, run SH BFD on each link/LAG, MH BFD end2end and make sure your timers are aligned and not interact with each other in funny ways.

Cheers,
Jeff

On Mar 24, 2023, at 09:26, xiao.min2@zte.com.cn wrote:



Hi Abhinav,


When I come across your problem, the first idea coming into my mind is not trying to change the source port for a BFD session, but to run multiple BFD sessions between the two peers, using each BFD session to monitor a respective ECMP path, and then the application would not be declared in failure unless all the BFD sessions go down.


Best Regards,

Xiao Min

Original
From: AbhinavSrivastava <absrivas@gmail.com>
To: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com>;
Date: 2023年03月23日 22:27
Subject: Re: [EXTERNAL] Re: Can a BFD session change its source port to facilitate auto recovery
Agree that deletion and recreation (possibly automatically) by associated protocol is a good alternative, instead of inbuilt BFD recovery. 

Thanks
Abhinav

On Thu, 23 Mar, 2023, 3:08 am Alexander Vainshtein, <Alexander.Vainshtein@rbbn.com> wrote:

Abhinav, Jeff and all,

FWIW I concur with Jeff.

 

In my experience, MH IP BFD sessions are typically used to monitor peering between iBGP neighbors, and when the MH IP BFD session goes down, BGP treats this as if its session has gone – and deletes the MH IP BFD session in question.

 

I.e., fast recovery of such a session will not happen until BGP would not re-create it.

 

Regards,

Sasha

 

From: Rtg-bfd <rtg-bfd-bounces@ietf.org> On Behalf Of Jeff Tantsura
Sent: Thursday, March 23, 2023 8:27 AM
To: Abhinav Srivastava <absrivas@gmail.com>
Cc: rtg-bfd@ietf.org
Subject: [EXTERNAL] Re: Can a BFD session change its source port to facilitate auto recovery

 

Abhinav,

 

Let’s clarify a couple of points.

What you are trying to do is to change entropy to change local hashing outcome, however for hashing to even be relevant there has to he either ECMP or LAG in the path to the destination otherwise shortest path will be he used regardless, so statistically, some of the flows between a given pair of end points (5 tuple) will be traversing the (partially)broken link, would you really like BFD to “pretend“ that everything is just fine?

Moreover, by far, in case of congestion  - most applications won’t change their ports but have their TX rate reduced.

There’s work done by Tom Herbert for IPv6/TCP (kernel patch upstreamed a few years ago)  - had beeb presented in RTGWG pre-Covid, that on RTO changes flow label value (that some might or might not include in hashing), which is strongly not recommended to be used outside of a tightly controlled homogenous  environment (think within DC).

Outside of what BFD spec tells us (don’t), the above should provide enough motivation not to do this.

Cheers,

Jeff



On Mar 23, 2023, at 05:44, Abhinav Srivastava <absrivas@gmail.com> wrote:



Multi-hop BFD would be the mechanism that detects the failure on the path it happens to be using for the session. I wasn't thinking of another mechanism.  Detection timer expiry would be the trigger for recovery which could be augmented with few other possible criteria like how long session hasn't been able to come back up or prolonged flapping. 

 

Thanks

Abhinav

 

On Wed, 22 Mar, 2023, 3:05 pm Greg Mirsky, <gregimirsky@gmail.com> wrote:

Hi Abhinav,

thank you for presenting an interesting scenario for a discussion. I have several questions to better understand it:

·       How the network failure that triggers the recovery process is detected?

·       If the failure detection mechanism is not multi-hop BFD, what is the relationship between the detection intervals of heat mechanism and the multi-hop BFD session?

Regards,

Greg

 

On Wed, Mar 22, 2023 at 4:36 PM Abhinav Srivastava <absrivas@gmail.com> wrote:

Hi all,

 

I needed clarification around whether source port can be changed for a BFD session in case of multi hop BFD.   The ability to change BFD source port when BFD session goes down helps BFD session to recover if its stuck on a network path where there is some intermittent but significant packet loss.

 

In such cases, normally without BFD, end to end application traffic would eventually settle down on a good path as applications typically change source port after experiencing disconnection or failures.  But if BFD is being used to monitor some part of a path which is experiencing significant but not 100% packet loss, it will start causing next hop list of associated static route or the associated BGP sessions to start flapping forever, as BFD packets would be stuck to that partial lossy path forever (until BFD session is deleted and recreated by admin action).  This may also hinder the typical application recovery strategy of changing source port on failure.

 

Ability to dynamically change BFD source port can help BFD recover in such cases.  Is this something that is allowed as per RFC?  The RFC5881, section 4 (for single hop) case states that –

“The source port MUST be in the range 49152 through 65535. The same UDP source port number MUST be used for all BFD Control packets associated with a particular session”

 

Thanks

Abhinav


Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.