Re: IETF OSPF YANG and BFD Configuration

Greg Mirsky <gregimirsky@gmail.com> Tue, 20 June 2017 19:48 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3069F131622; Tue, 20 Jun 2017 12:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6l0ezlLtaJGz; Tue, 20 Jun 2017 12:48:53 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B3DC131618; Tue, 20 Jun 2017 12:48:53 -0700 (PDT)
Received: by mail-oi0-x234.google.com with SMTP id p66so45724643oia.0; Tue, 20 Jun 2017 12:48:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bwQXcW3n7/8caX6sZl7O6C7zxk6sBqUMn0pQN+ShzqY=; b=Ri1tuDwg9Hsjahg/+MVVwSUU8Ki6bZQZdjs8P3FzqYIhLWgP6zcVxyHVO/FisHoq3f kWZMn6laTwFvTlp4aCVvQufOs9ywwbdz7StTV+papVMKfJbC7KN3dt2DrHpOf5U39zie xqBLqmjtca+G+U8ubhhM4ALssNcBzZeIFeYi8LI6EJAiPoENqZNy8IXKkesX9YGK65wA s5m8rgOm4js/53ztst2uH20aVNFjzt6i0jqZxNGiGEWxyYEER0NyoUHmYnh9eXRrJaKi s3NPplhBUiNOvUOFmlFGQylkB43DqDJbUzVZGaXojfd29n1FCDTsExeLE0s0eVNi2Qw3 FESw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bwQXcW3n7/8caX6sZl7O6C7zxk6sBqUMn0pQN+ShzqY=; b=sXqMqoqQwhowxh7HWPI8tlY9yPb9HrV+QUwwfGDA35ju/14+waU50kaiP6Of9aDv4+ CBJMwkVZJK6Hy1JxzwlxICbDpB0yRHU61oDGNpp212tJz9BKMrWoaPfZdDcxpzzTzie7 dPfg4IzaNPefNLJpcbkq76FZCxalZhpPIAfXn/wML/sBNxsmIdf8K8ACrvmOUBAnolNP eA1XiivdBF9EYD+71jSrH3cgXl93RCXVrVXSyJ+KvwrtkkNL1FIy7aSnpp434le2lC0w Bnz+/eXex1P0cKzTl2f1CxcWE8JIdRRWqL9r0DxlEY2s5OG8Xd3ypkG9CabgTfkOsR9U KwdQ==
X-Gm-Message-State: AKS2vOy1XLrUCwNHwuLnw4w2bkqLz4g9ZjR5/f3v4msn7ajAA5s+qZx1 llvZ8f0nYSpfG4iYV2IFkvdiCX2I/g==
X-Received: by 10.202.206.23 with SMTP id e23mr17277666oig.168.1497988132314; Tue, 20 Jun 2017 12:48:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.37.105 with HTTP; Tue, 20 Jun 2017 12:48:51 -0700 (PDT)
In-Reply-To: <20170620190009.GA2289@pfrc.org>
References: <D5436DE8.AF5B7%acee@cisco.com> <38DEB571-2918-4464-B18A-71B24221772F@gmail.com> <47325462-2430-4197-AA8D-D3FEF74A834D@gmail.com> <D5438DD9.298FE6%rrahman@cisco.com> <20170619185715.GB22146@pfrc.org> <CA+RyBmWdd4bZ5j=9_HtB6ihuO2Bqgf13Yad68hnVL=hgOEBd+A@mail.gmail.com> <20170620190009.GA2289@pfrc.org>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 20 Jun 2017 14:48:51 -0500
Message-ID: <CA+RyBmVMg0O=i8Nr_0ZMbeJRDdhPZYbxbGoscA2TysJHew4u_Q@mail.gmail.com>
Subject: Re: IETF OSPF YANG and BFD Configuration
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: "Reshad Rahman (rrahman)" <rrahman@cisco.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, "Acee Lindem (acee)" <acee@cisco.com>, Jeffrey Haas <jhaas@juniper.net>, OSPF WG List <ospf@ietf.org>, "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>, "draft-ietf-bfd-yang@ietf.org" <draft-ietf-bfd-yang@ietf.org>, "draft-ietf-ospf-yang@ietf.org" <draft-ietf-ospf-yang@ietf.org>
Content-Type: multipart/alternative; boundary="001a113ac7248124980552698abe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/mb-G7KR0liIVbWOs8Te21_2D0eY>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 19:48:56 -0000

Hi Jeff,
thank you for the great summary of the discussion, helps me to catch the
wave.
I'm skeptical that there's realistic scenario where two BFD systems will be
requested to run multiple BFD single-hop session between them over the same
interfaces (logical or physical). I believe that we should try to make
models future proof but to the level that is reasonable, practical.
Approach "if we can think of it, then we need to support it" may not be the
one.
RE: RFC 5881. I've referred to the following:
... any BFD packet from the remote machine with a zero value of Your
Discriminator MUST be associated with the session bound to the remote
system, interface, and protocol.
Unless we add out-band bootstrapping of BFD sessions like with LSP Ping, I
don't see how received BFD control packet with zero value in Your
Discriminator may be bound to not just any one of several protocols that
are trying to run BFD session on the same interface to the same remote
system but to the right one, the one that corresponds to the protocol on
whose behalf remote BFD peer sent the control packet. Hence my question Do
we have implementation(s) that use this and are asking for BFD data model
to accommodate them? Or we are just doing interesting intellectual exercise?

Regards,
Greg

On Tue, Jun 20, 2017 at 2:00 PM, Jeffrey Haas <jhaas@pfrc.org>; wrote:

> Greg,
>
> On Tue, Jun 20, 2017 at 12:55:58PM -0500, Greg Mirsky wrote:
> > Hi Jeff,
> > I'd like to hear from others who are familiar with implementations of BFD
> > that supports per protocol single-hop BFD multi-sessions between the same
> > pair of BFD systems. RFC 5881 does allow per protocol single-hop sessions
> > on the same interface, logical or physical, between the same pair of
> > systems. But it is not clear, in my opinion, how BFD does demultiplexing
> if
> > Your Discriminator == 0 per protocol (RFC 5881, section 3, last sentence)
> > if systems use the same IP addresses. And hence the question, Even though
> > it is allowed to have BFD single-hop sessions per application/protocol on
> > the same interface between the same pair of systems, is this real,
> > practical requirement?
> > Or am I missing the point completely?
>
> Correct, 5881 procedures do not currently permit this.
> As I mentioned, we've had prior discussions about this being potentially
> problematic for clients that may have differing timing requirements.
>
> Part of the point of this exercise is to provide necessary future-proofing
> against the need to re-issue the Yang modules if such a mechanism is
> developed.  (Somewhat analogous to the instructions to the design team that
> MPLS-TP was out of scope for the module, but that its structure shouldn't
> prevent its implementation in the future.)
>
> Thus far, two points have sprung from the discussion that are likely
> actionable:
> - The single-hop configuration in the current BFD module isn't suitable for
>   use by the IGPs.  Some form of wildcard of templating behavior is
>   necessary.
> - Multiple clients that might desire to configure a session with different
>   parameters are unable to do so today.  This precludes some
> implementations
>   that permit such configuration, potentially at protocol scope.  It also
>   doesn't fit the future-proofing thought.
>
>
> -- Jeff
>
> >
> > Regards,
> > Greg
> >
> > On Mon, Jun 19, 2017 at 1:57 PM, Jeffrey Haas <jhaas@pfrc.org>; wrote:
> >
> > > [Long delayed response.]
> > >
> > > Reshad picked up the key points: Some things may make sense in the
> > > per-client (protocol) users of BFD, some things perhaps do not.  And
> some
> > > come down to questions for timer granularity.
> > >
> > > The OSPF and ISIS models both make use of BFD simply by providing a
> boolean
> > > that says "I'm using BFD or not".
> > >
> > > Where we run into some issues are the cases highlighted: when the
> sessions
> > > don't share common properties, how should the protocol pick what BFD
> > > session
> > > to use?
> > >
> > > The current BFD yang model only permits a single IP single-hop session
> > > to be configured.  (Key is interface/dst-ip)  This means that if
> different
> > > parameters *were* desired, the BFD model won't permit it today.
> However,
> > > BFD sessions for many protocols tend not to be configured, but may
> spring
> > > forth from protocol state, such as IGP adjacencies.  Thus, it's not
> > > "configured" - it's solely operational state.  However, the BFD yang
> model
> > > doesn't really make good provision for that as an "on".
> > >
> > > Where all endpoint state is known a priori, config state makes better
> > > sense.
> > >
> > > To pick the example of Juniper's configuration, if OSPF and eBGP were
> using
> > > BFD, both can choose differing timers.  This represents two pieces of
> > > configuration state for the same endpoints.  Additionally, only one BFD
> > > session is formed using the most aggressive timers.
> > >
> > > I partially point out the situation of multiple timers since there have
> > > been
> > > prior list discussions on the situation where clients have different
> timing
> > > requirements.  I don't think we handle this operationally in the BFD
> > > protocol in the cleanest fashion right now - the session will go to
> Down
> > > when the aggressive timers fail and there's no clean way to
> renegotiate to
> > > the less aggressive timers.
> > >
> > > -- Jeff
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Fri, May 19, 2017 at 02:31:38AM +0000, Reshad Rahman (rrahman)
> wrote:
> > > > We started off with the intent of having BFD parameters in the
> > > applications/protocols which make use of BFD. For timer/multiplier
> this is
> > > pretty straight-forward, although the discussion of what to do when
> not all
> > > applications have the same BFD parameters for the same session (e.g. Go
> > > with most aggressive etc). Then we started looking at authentication
> > > parameters and having BFD authentication parms in OSPF/ISIS etc is not
> > > intuitive. And what do we do if applications have different BFD
> > > authentication parms. We concluded that the BFD authentication parms
> were
> > > better off in BFD. And once we did that, the timer/multiplier
> followed....
> > > >
> > > > I may not recall all the details/discussons, but I do recall that we
> > > went back and forth on this and it took some time to make the decision.
> > > >
> > > > Regards,
> > > > Reshad (as individual contributor).
> > > >
> > > > From: Mahesh Jethanandani <mjethanandani@gmail.com<mailto:
> > > mjethanandani@gmail.com>>;
> > > > Date: Thursday, May 18, 2017 at 5:34 PM
> > > > To: "Acee Lindem (acee)" <acee@cisco.com<mailto:acee@cisco.com>>
> > > > Cc: Jeffrey Haas <jhaas@juniper.net<mailto:jhaas@juniper.net>>,
> OSPF WG
> > > List <ospf@ietf.org<mailto:ospf@ietf.org>>, "
> draft-ietf-bfd-yang@ietf.org<;
> > > mailto:draft-ietf-bfd-yang@ietf.org>" <draft-ietf-bfd-yang@ietf.org<;
> > > mailto:draft-ietf-bfd-yang@ietf.org>>, "draft-ietf-ospf-yang@ietf.org
> > > <mailto:draft-ietf-ospf-yang@ietf.org>" <draft-ietf-ospf-yang@ietf.org
> > > <mailto:draft-ietf-ospf-yang@ietf.org>>, "rtg-bfd@ietf.org<mailto:rtg-
> > > bfd@ietf.org>"; <rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>>
> > > > Subject: Re: IETF OSPF YANG and BFD Configuration
> > > > Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>>
> > > > Resent-To: <vero.zheng@huawei.com<mailto:vero.zheng@huawei.com>>,
> > > Reshad <rrahman@cisco.com<mailto:rrahman@cisco.com>>, <
> > > mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>>, <
> > > santosh.pallagatti@gmail.com<mailto:santosh.pallagatti@gmail.com>>, <
> > > gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>>
> > > > Resent-Date: Thursday, May 18, 2017 at 5:40 PM
> > > >
> > > > Resending with correct BFD WG address.
> > > >
> > > > On May 18, 2017, at 2:33 PM, Mahesh Jethanandani <
> > > mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>> wrote:
> > > >
> > > > Agree with Acee's assessment. After much debate, we decided that we
> > > should leave BFD parameter configuration in the BFD model itself, and
> have
> > > any IGP protocol reference the BFD instance in BFD itself. This makes
> sense
> > > specially if multiple protocols fate-share the BFD session.
> > > >
> > > > Cheers.
> > > >
> > > > On May 18, 2017, at 12:27 PM, Acee Lindem (acee) <acee@cisco.com
> <mailto:
> > > acee@cisco.com>>; wrote:
> > > >
> > > > Hi Jeff,
> > > >
> > > > At the OSPF WG Meeting in Chicago, you suggested that we may want to
> > > provide configuration of BFD parameters within the OSPF model
> > > (ietf-ospf.yang). We originally did have this configuration. However,
> after
> > > much discussion and coordination with the BFD YANG design team, we
> agreed
> > > to leave the BFD session parameters in BFD and only enable BFD within
> the
> > > OSPF and IS-IS models.
> > > >
> > > > We did discuss the fact that vendors (notably Cisco IOS-XR and
> Juniper
> > > JUNOS) do allow configuration within the IGPs. However, the consensus
> was
> > > to leave the BFD configuration in the BFD model. The heuristics to
> > > determine what parameters to use when the same BFD endpoint was
> configured
> > > with different parameters in different protocols were proprietary and
> > > somewhat of a hack.
> > > >
> > > > I may have not remembered all the details so I'd encourage others to
> > > chime in.
> > > >
> > > > Thanks,
> > > > Acee
> > > >
> > > > Mahesh Jethanandani
> > > > mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>
> > > >
> > > >
> > > >
> > > >
> > > > Mahesh Jethanandani
> > > > mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>
> > > >
> > > >
> > > >
> > >
>