Re: [RTG-DIR] Rtgdir early review of draft-ietf-idr-sr-policy-safi-00
Ketan Talaulikar <ketant.ietf@gmail.com> Mon, 04 March 2024 11:50 UTC
Return-Path: <ketant.ietf@gmail.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 751F0C15155A; Mon, 4 Mar 2024 03:50:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LblvWhm5CI9M; Mon, 4 Mar 2024 03:49:59 -0800 (PST)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B43EC151553; Mon, 4 Mar 2024 03:49:59 -0800 (PST)
Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-a450615d1c4so209814366b.0; Mon, 04 Mar 2024 03:49:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709552997; x=1710157797; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uGWQlioJ2n9YpOLRS2AKKeYl+Z8xHo8s9Q3UdLbKimc=; b=TaxACQUuTrn1g7zmjNWJTGVqK4206qrx3pmi1EemFViz/orvEalELZaVmAR6vZvudj Py9TTmJKmcsVDACK5aNCWH0eWTcPWKP7iA9DHOta521V51+HcqP845gqPTt2Vxz+c/9f kM6wOwJD+yI8k/k99sKfbiDnVcc0GRz1w+kLaLT/iTxnqHgpMTvaO2sVBnEkc5IY4w7f rVi5zhZ+W3qYze8Kcl0kqP8A1FsY3NitH3M/D9Pbhq6Bt8PMxjyOddp1KergQ+eKRB8o rTTXfALbtYswgnCzdaFgC+P+x+5YdgnlrcACbu0EkF+dRSljeGKksc1ZI8tOzQeLXT4+ 3REw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709552997; x=1710157797; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uGWQlioJ2n9YpOLRS2AKKeYl+Z8xHo8s9Q3UdLbKimc=; b=THXs8M+wB2rGEjLElh/jbW5UPTbKHtQypS6c44sjk78oIgsmIGlTXTJfL87W6ZeHLC LopyUZc7AvkCWZZhX28vGF0nuwSHTl4rzBiXCdHvvWi9OX4MuDMpZhQfBhEoYoeZCLDN ElgzdpajMTEUJegtrLyk8NFy+J4yhz6UqMVgOs/2QgBdEtEPUO/ytyNZhcfA/Xz5rwHF nudzFrlygaw2rlCkYXwEg3CdJe9C1Es0VyjTn4EZG79Wev/iwgIKvEths8mTi0Njbzpz rY5WZ7+DKRYCiGfKy0pWI1L+AX5X+n2sy5w4k83eyt4PBnMrov6amnbGhO9lExKKU4pD 5i1Q==
X-Forwarded-Encrypted: i=1; AJvYcCUv/IpD+RGcwurM+dgvUcJuCfjVvUYKWAzkNc7GDAizZpAyerXTN2l06PqDGIlA/+IbdVR0iajI8xTgtkX0cSrfcaurmk+XlyBDnEO5c4SEqU5nuLOT96jLF8lOjA2JdIAKgnwSUZsQBw==
X-Gm-Message-State: AOJu0YyLHnY4rwlVvK+BKevaJ3i7cPlkxXhvyAyfO32WTpF+E+9WtdL3 fcxiMchBU0TR19+FJasd1XR8A58ZXMbmNCqWP2NU9wLNg4fsDH/P+PjwJdxcMZbt2KtYMd/GVFV nRVCSxk3DS9i5pAr4lf77d2diGSVDWtMQOwU=
X-Google-Smtp-Source: AGHT+IEH0Z3yMmRJNQsk/N+oVBrej0DjMwDPGzA3AuklCSIxu65Ka7d7CnlNu/U5c3cQWIxNpp3eJRQaW0ynIJAS8Z0=
X-Received: by 2002:a17:906:2dc7:b0:a44:1db8:d37a with SMTP id h7-20020a1709062dc700b00a441db8d37amr7505660eji.32.1709552997103; Mon, 04 Mar 2024 03:49:57 -0800 (PST)
MIME-Version: 1.0
References: <170926285323.21559.2544259526462856240@ietfa.amsl.com> <CAH6gdPztdv-pXF1KyfJyYuWHX4ivpXG5UDDr1+H+oC3vBgmB+Q@mail.gmail.com>
In-Reply-To: <CAH6gdPztdv-pXF1KyfJyYuWHX4ivpXG5UDDr1+H+oC3vBgmB+Q@mail.gmail.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Mon, 04 Mar 2024 17:19:44 +0530
Message-ID: <CAH6gdPxpTDbkUr67JLb+aOw9yE1m=EZQ286jmAfsRs+YqHT2oA@mail.gmail.com>
To: Zhaohui Zhang <zzhang@juniper.net>
Cc: rtg-dir@ietf.org, draft-ietf-idr-sr-policy-safi.all@ietf.org, idr@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001dfd6b0612d45316"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/0NtYL2BshwzJiS5uTCDUYxec0OM>
Subject: Re: [RTG-DIR] Rtgdir early review of draft-ietf-idr-sr-policy-safi-00
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 11:50:01 -0000
Hi Jeffrey/All, An update has been posted with changes as discussed below: https://datatracker.ietf.org/doc/html/draft-ietf-idr-sr-policy-safi-01 Thanks, Ketan On Fri, Mar 1, 2024 at 7:43 PM Ketan Talaulikar <ketant.ietf@gmail.com> wrote: > Hi Jeffrey, > > Thanks for your review and please check inline below for responses. I > would post and update with the changes discussed below before the upcoming > cut-off. > > > On Fri, Mar 1, 2024 at 8:44 AM Zhaohui Zhang via Datatracker < > noreply@ietf.org> wrote: > >> Reviewer: Zhaohui Zhang >> Review result: Has Issues >> >> Abstract >> >> A Segment Routing (SR) Policy is an ordered list of segments (i.e., >> instructions) that represent a source-routed policy. An SR Policy >> consists of one or more candidate paths, each consisting of one or >> more segment lists. A headend may be provisioned with candidate >> paths for an SR Policy via several different mechanisms, e.g., CLI, >> NETCONF, PCEP, or BGP. >> >> "an ordered list of segments" or "ordered lists of segments" or >> "ordered lists of ordered segments? >> > > KT> This sentence is taken from the Introduction section of RFC9256. > > >> I assume each candidate path can have at least one "ordered list of >> segments". >> > > KT> Yes > > >> >> This document introduces a BGP subsequent address family (SAFI) for >> IPv4 and IPv6 address families. In UPDATE messages of those AFI/ >> SAFIs, the NLRI identifies an SR Policy Candidate Path while the >> attributes encode the segment lists and other details of that SR >> Policy Candidate Path. >> >> Does a candidate path include the endpoint and color information? >> > > KT> Yes > > >> >> While for simplicity we may write that BGP advertises an SR Policy, >> it has to be understood that BGP advertises a candidate path of an SR >> policy and that this SR Policy might have several other candidate >> paths provided via BGP (via an NLRI with a different distinguisher as >> defined in Section 2.1), PCEP, NETCONF, or local policy >> configuration. >> >> Typically, a controller defines the set of policies and advertises >> them to policy headend routers (typically ingress routers). These >> policy advertisements use the BGP extensions defined in this >> document. The policy advertisement is, in most but not all cases, >> tailored for a specific policy headend. In this case, the >> advertisement may be sent on a BGP session to that headend and not >> propagated any further. >> >> "in most cases" and "in this case" - are they the same? >> > > KT> Updated as follows: > > The policy advertisement is, in most but not all cases, tailored for a > specific policy headend; such an advertisement may be sent on a BGP session > to that headend and not propagated any further. > > > >> >> Alternatively, a router (i.e., a BGP egress router) advertises SR >> Policies representing paths to itself. In this case, it is possible >> to send the policy to each headend over a BGP session to that >> headend, without requiring any further propagation of the policy. >> >> What's the difference from the previous one? There is no difference >> whether it is sent from an egress router or a controller should not >> matter, >> right? >> > > KT> This is simply a description of the various ways in which this > signaling can be done. The previous one is from controller to router and > other is router to other routers. > > >> >> An SR Policy intended only for the receiver will, in most cases, not >> traverse any Route Reflector (RR, [RFC4456]). >> >> Is the above paragraph correct/needed. I suppose in most cases >> they will traverse RR after all - whether it is from a controller or >> an egress PE. >> > > KT> It is needed. RR is not required and not used in many deployments that > I know of. It is a direct peering from controller to router. > > >> >> In some situations, it is undesirable for a controller or BGP egress >> router to have a BGP session to each policy headend. In these >> situations, BGP Route Reflectors may be used to propagate the >> advertisements. In certain other deployments, it may be necessary >> for the advertisement to propagate through a sequence of one or more >> ASes within an SR Domain (refer to Section 7 for the associated >> security considerations). To make this possible, an attribute needs >> to be attached to the advertisement that enables a BGP speaker to >> determine whether it is intended to be a headend for the advertised >> policy. This is done by attaching one or more Route Target Extended >> Communities to the advertisement [RFC4360]. >> >> How is further propagation prevented after the headend is reached? >> > > KT> This is covered in section 4.2.3 > > >> >> The BGP extensions for the advertisement of SR Policies include >> following components: >> >> The BGP extensions is for the advertisement of SR Policy >> Candidate Paths not SR Policies themselves, right? >> > > KT> Yes. > > >> >> * One or more IPv4 address format route target extended community >> ([RFC4360]) attached to the SR Policy advertisement and that >> indicates the intended headend of such an SR Policy advertisement. >> >> and IPv6? s/format/specific/? >> > > KT> Fixed. Use of IPv6 specific RT is not specified in this document. > > >> >> The SR Policy SAFI route updates use the Tunnel Encapsulation >> Attribute to signal an SR Policy - i.e., a tunnel itself. Its usage >> >> An SR Policy Candidate Path, not an SR Policy? >> > > KT> We have the following text in the introduction: > > While for simplicity we may write that BGP advertises an SR Policy, it has > to be understood that BGP advertises a candidate path of an SR policy and > ... > > >> >> Good to see "a tunnel itself" mentioned here :-) >> I've always thought the "SR Policy" is a convoluted term for tunnel :-) >> >> of this attribute is hence very different from [RFC9012] where this >> attribute is associated with a BGP route update (e.g., for Internet >> or VPN routes) to specify the tunnel which is used for forwarding >> traffic for that route. This document does not update or change the >> usage of the Tunnel Encapsulation Attribute as specified in [RFC9012] >> for existing AFI/SAFIs as specified in that document. The details of >> processing of the Tunnel Encapsulation Attribute for the SR Policy >> SAFI are specified in Section 2.2 and Section 2.3. >> >> >> Good to see the difference is pointed out here. I've always thought >> Tunnel Encapsulation Attribute (TEA) is shoehorned here but >> I guess it is too late to change that. >> >> >> The Color Extended Community (as defined in [RFC9012]) is used to >> steer traffic into an SR Policy, as described in section 8.8 of >> [RFC9256]. The Section 3 of this document updates [RFC9012] with >> modifications to the format of the Flags field of the Color Extended >> Community by using the two leftmost bits of that field. >> >> * Policy Color: 4-octet value identifying (with the endpoint) the >> policy. The color is used to match the color of the destination >> prefixes to steer traffic into the SR Policy as specified in >> section 8 of [RFC9256]. >> >> * Endpoint: value identifies the endpoint of a policy. The Endpoint >> may represent a single node or a set of nodes (e.g., an anycast >> address). The Endpoint is an IPv4 (4-octet) address or an IPv6 >> (16-octet) address according to the AFI of the NLRI. The address >> can be either a unicast or an unspecified address (0.0.0.0 for >> IPv4, :: for IPv6) as specified in section 2.1 of [RFC9256]. >> >> Can you call it out as "null endpoint" that was used later? >> > > KT> Will do. > > >> >> It is important to note that any BGP speaker receiving a BGP message >> with an SR Policy NLRI, will process it only if the NLRI is among the >> >> There are a lot of "processing" before it is deemed "among the bet paths", >> right? Do you mean the "SRPM" will process it only if the NLRI is among >> the best paths? >> > > KT> Yes and Yes. > > >> >> best paths as per the BGP best-path selection algorithm. In other >> words, this document leverages the existing BGP propagation and best- >> path selection rules. Details of the procedures are described in >> Section 4. >> >> SR Policy SAFI NLRI: <Distinguisher, Policy-Color, Endpoint> >> Attributes: >> Tunnel Encapsulation Attribute (23) >> Tunnel Type: SR Policy (15) >> Binding SID >> SRv6 Binding SID >> Preference >> Priority >> Policy Name >> >> Policy name seems to be a property for policy not the candidate path. >> What if the names do not match among different candidate paths of the same >> policy? >> > > KT> Please refer to RFC9256 Sec 2.1 > > >> Policy Candidate Path Name >> Explicit NULL Label Policy (ENLP) >> Segment List >> Weight >> Segment >> Segment >> ... >> ... >> >> Figure 2: SR Policy Encoding >> >> 2.3. Applicability of Tunnel Encapsulation Attribute Sub-TLVs >> >> The Tunnel Egress Endpoint and Color sub-TLVs, as defined in >> [RFC9012], may also be present in the SR Policy encodings. >> >> Why do we say the above given the following paragraph? They seem to >> be contractive. >> > > KT> There is no contradiction. We don't want the attribute to be > considered malformed due to the presence of those sub-TLVs. > > >> >> The Tunnel Egress Endpoint and Color Sub-TLVs of the Tunnel >> Encapsulation Attribute are not used for SR Policy encodings and >> therefore their value is irrelevant in the context of the SR Policy >> SAFI NLRI. If present, the Tunnel Egress Endpoint sub-TLV and the >> Color sub-TLV MUST be ignored by the BGP speaker and MAY be removed >> from the Tunnel Encapsulation Attribute during propagation. >> >> Similarly, any other sub-TLVs (including those defined in [RFC9012]) >> whose applicability is not specifically defined for the SR Policy >> SAFI MUST be ignored by the BGP speaker and MAY be removed from the >> Tunnel Encapsulation Attribute during propagation. >> >> Why don't we say any those sub-TLVs not defined in this document must not >> be present and must be ignored? >> > > KT> This text has been worked out with the shepherd, unless there is > something not correct, I am inclined to leave it as-is at this stage. > > >> >> Preference, Binding SID, SRv6 Binding SID, Segment-List, Priority, >> Policy Name, Policy Candidate Path Name, and Explicit NULL Label >> Policy are all optional sub-TLVs introduced for the BGP Tunnel >> Encapsulation Attribute [RFC9012] being defined in this section. >> >> Should the segment-list be mandatory? >> What does it mean if the segment-list is empty? >> > > KT> Without a SL or an empty SL, the SRPM would not be able to instantiate > the CP in the forwarding. However, that is for the SRPM to decide. We do > not bring that sort of validation into BGP. > > >> >> When the Binding SID sub-TLV is used to signal an SRv6 SID, the >> choice of its SRv6 Endpoint Behavior [RFC8986] to be instantiated is >> left to the headend node. It is RECOMMENDED that the SRv6 Binding >> SID sub-TLV defined in Section 2.4.3, that enables the specification >> of the SRv6 Endpoint Behavior, be used for signaling of an SRv6 >> Binding SID for an SR Policy candidate path. >> >> Is there a choice here? Shouldn't the behavior be that traffic with that >> Binding SID is steered into this policy? >> > > KT> What is meant by SRv6 Endpoint behavior is specified in RFC8986 - > e.g., End.B6.Encaps, End.B6.Encaps.Red, and others could be defined in the > future. > > >> The whole paragraph is hard to parse. >> >> * Binding SID: If the length is 2, then no Binding SID is present. >> If the length is 6 then the Binding SID is encoded in 4 octets >> using the format below. Traffic Class (TC), S, and TTL (Total of >> 12 bits) are RESERVED and MUST be set to zero and MUST be ignored. >> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | Label | TC |S| TTL | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> Figure 6: Binding SID Label Encoding >> >> If the length is 18 then the Binding SID contains a 16-octet SRv6 >> SID. >> >> Why do we need the a 16-octet Binding SID since we have the following >> "SRv6 Binding SID Sub-TLV"? >> > > KT> This is historical and kept for backward compatibility with older > implementations. > > >> >> 2.4.3. SRv6 Binding SID Sub-TLV >> >> The SRv6 Binding SID sub-TLV is optional. More than one SRv6 Binding >> SID sub-TLVs MAY be signaled in the same SR Policy encoding to >> indicate one or more SRv6 SIDs, each with potentially different SRv6 >> Endpoint Behaviors to be instantiated. >> >> Why would there be more than one signaled, and why would there be >> different >> endpoing behaviors? Isn't the behavior simply "steer into the SR policy"? >> > > KT> Please see response to previous comment. > > >> >> - S-Flag: This flag encodes the "Specified-BSID-only" behavior. >> It is used by SRPM as described in section 6.2.3 in [RFC9256]. >> >> I have trouble understanding this "Specified-BSID-only" behavior. >> > > KT> Please check the reference provided and if the RFC9526 is not clear, > perhaps there could be a discussion about it on the SPRING WG mailer? > > >> >> >> - I-Flag: This flag encodes the "Drop Upon Invalid" behavior. It >> is used by SRPM as described in section 8.2 in [RFC9256]. >> >> I also have trouble understanding this "Drop Upon Invalid" behavior. >> I read rfc9256 but still can't put the two together. >> > > KT> We cannot define the generic SR Policy aspects in this document since > the scope is BGP signaling. Perhaps there could be a separate thread on the > SPRING WG mailer so your concerns are understood and that WG can look at > how to clarify them? > > >> >> 2.4.4.2. Segment Sub-TLVs >> >> >> The Segment sub-TLVs are optional and MAY appear multiple times in >> the Segment List sub-TLV. >> >> Why are they optional? What is the use case of an empty segment list? >> > > KT> Please see the response to the previous comment. > > >> >> 2.4.4.2.2. Segment Type B >> >> The Type B Segment Sub-TLV encodes a single SRv6 SID. The format is >> as follows: >> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | Type | Length | Flags | RESERVED | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> // SRv6 SID (16 octets) // >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> // SRv6 Endpoint Behavior and SID Structure (optional) // >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> * Flags: 1 octet of flags as defined in Section 2.4.4.2.3. >> >> * SRv6 SID: 16 octets of IPv6 address. >> >> * SRv6 Endpoint Behavior and SID Structure: Optional, as defined in >> Section 2.4.4.2.4. >> >> When this is part of a segment list, what is the significance of the >> Flags and >> SRv6 Endpoint Behavior and SID Structure? >> > > KT> Please refer to sections 2.4.4.2.3 and 2.4.4.2.4 - will elaborate on > your further comments on those sections. > > >> >> The TLV 2 defined for the advertisement of Segment Type B in the >> earlier versions of this document has been deprecated to avoid >> backward compatibility issues. >> >> Why would deprecating them avoid backward compatibility issues? >> If there are implementations/deployments based on earlier versions, >> deprecating them won't help. >> If there are no implementations/deployments based on earlier versions, >> there is no backward compatiblity issue. > > >> Perhaps just remove "to avoid ..."? >> > > KT> The WG was polled in this matter. While there were no implementations > from "known" vendors represented at the IETF, we cannot rule out something > being out there. > > >> >> 2.4.4.2.3. Segment Flags >> >> The Segment Types sub-TLVs described above may contain the following >> flags in the "Flags" field defined in Section 6.8: >> >> 0 1 2 3 4 5 6 7 >> +-+-+-+-+-+-+-+-+ >> |V| |B| | >> +-+-+-+-+-+-+-+-+ >> >> Figure 22: Segment Flags >> >> where: >> >> V-Flag: This flag, when set, is used by SRPM for "SID >> verification" as described in Section 5.1 of [RFC9256]. >> >> I have trouble understanding the V-Flag. How is the headend supposed to >> verify >> the BSID or any segment in the segment list? >> > > KT> Please refer to section 5.1 of the RFC9256. > > >> >> 2.4.4.2.4. SRv6 SID Endpoint Behavior and Structure >> >> The Segment Types sub-TLVs described above MAY contain the SRv6 >> Endpoint Behavior and SID Structure [RFC8986] encoding as described >> below: >> >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | Endpoint Behavior | Reserved | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | LB Length | LN Length | Fun. Length | Arg. Length | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> Figure 23: SRv6 SID Endpoint Behavior and Structure >> >> where: >> >> Endpoint Behavior: 2 octets. It carries the SRv6 Endpoint >> Behavior code point for this SRv6 SID as defined in section 9.2 of >> [RFC8986]. When set with the value 0xFFFF (i.e., Opaque), the >> choice of SRv6 Endpoint Behavior is left to the headend. >> >> Reserved: 2 octets of reserved bits. This field MUST be set to >> zero on transmission and MUST be ignored on receipt. >> >> Locator Block Length: 1 octet. SRv6 SID Locator Block length in >> bits. >> >> Locator Node Length: 1 octet. SRv6 SID Locator Node length in >> bits. >> >> Function Length: 1 octet. SRv6 SID Function length in bits. >> >> Argument Length: 1 octet. SRv6 SID Arguments length in bits. >> >> How is this different from the "SRv6 SID Structure Sub-Sub-TLV" in >> RFC9252? >> Why not reuse that one? >> > > KT> There is no need for transposition related fields here and this is a > different TLV space anyway. > > >> >> 2.4.5. Explicit NULL Label Policy Sub-TLV >> >> To steer an unlabeled IP packet into an SR policy, it is necessary to >> create a label stack for that packet, and push one or more labels >> onto that stack. >> >> Do you mean SR-mpls policy? >> Perhaps remove ", and push one or more labels onto that stack"? >> Perhaps changes "Explicit NULL Label Policy" to >> "Explicit NULL Label Behavior"? The word "policy" here gets tangled >> with "SR Policy". >> > > KT> This is related to SR Policy with the SR-MPLS data plane. > > >> >> 4.2.1. Validation of an SR Policy NLRI >> >> When a BGP speaker receives an SR Policy NLRI from a neighbor it MUST >> first perform validation based on the following rules in addition to >> the validation described in Section 5: >> >> * The SR Policy NLRI MUST include a distinguisher, color, and >> endpoint field which implies that the length of the NLRI MUST be >> either 12 or 24 octets (depending on the address family of the >> endpoint). >> >> * The SR Policy update MUST have either the NO_ADVERTISE community >> or at least one route target extended community in IPv4-address >> format or both. If a router supporting this specification >> receives an SR Policy update with no route target extended >> communities and no NO_ADVERTISE community, the update MUST be >> considered as malformed. >> >> What about IPv6-address specific RT? >> > > KT> It is not defined for use in this document. > > >> >> 4.2.2. Eligibility for Local Use of an SR Policy NLRI >> >> If one or more route targets are present and none matches the local >> BGP Identifier, then, while the SR Policy NLRI is valid, it is not >> usable on the receiver node. >> >> Does the route target have to match the local BGP identifier? >> > > KT> Yes > > >> As long as the receiver is configured with a local RT that matches one >> of the advertised RTs, it should be fine, right? That is how VPN RT >> works and I suppose the same can be used here. >> > > KT> The semantics are different here. > > >> >> When should the BGP update stops being propagated if RT is used? >> Never? or should a matching RT be removed by each matching receiver >> and then the propagation stops when there is no RT left? >> > > KT> Yes, it can do that using local configuration. See the next paragraph. > > >> >> By default, a BGP node receiving an SR Policy NLRI SHOULD NOT remove >> route target extended community before propagation. An >> implementation MAY provide support for configuration to filter and/or >> remove route target extended community before propagation. >> >> Isn't the above applicable to any AFI/SAFI? Why do we need to specify >> that? >> > > KT> It goes with the previous paragraph - hence required to clarify. > > >> >> 5. Error Handling and Fault Management >> >> A BGP Speaker MUST perform the following syntactic validation of the >> SR Policy NLRI to determine if it is malformed. This includes the >> validation of the length of each NLRI and the total length of the >> MP_REACH_NLRI and MP_UNREACH_NLRI attributes. It also includes the >> validation of the consistency of the NLRI length with the AFI and the >> endpoint address as specified in Section 2.1. >> >> When the error determined allows for the router to skip the malformed >> NLRI(s) and continue the processing of the rest of the update >> message, then it MUST handle such malformed NLRIs as 'Treat-as- >> withdraw'. In other cases, where the error in the NLRI encoding >> results in the inability to process the BGP update message (e.g. >> length related encoding errors), then the router SHOULD handle such >> malformed NLRIs as 'AFI/SAFI disable' when other AFI/SAFI besides SR >> Policy are being advertised over the same session. Alternately, the >> router MUST perform 'session reset' when the session is only being >> used for SR Policy or when it 'AFI/SAFI disable' action is not >> possible. >> >> Is the above generic BGP handling? >> > > KT> Yes, per RFC7606 this needs to be defined for new SAFIs. > > >> >> The validation of the TLVs/sub-TLVs introduced in this document and >> defined in their respective sub-sections of Section 2.4 MUST be >> performed to determine if they are malformed or invalid. The >> validation of the Tunnel Encapsulation Attribute itself and the other >> TLVs/sub-TLVs specified in Section 13 of [RFC9012] MUST be done as >> described in that document. In case of any error detected, either at >> the attribute or its TLV/sub-TLV level, the "treat-as-withdraw" >> strategy MUST be applied. This is because an SR Policy update >> without a valid Tunnel Encapsulation Attribute (comprising of all >> valid TLVs/sub-TLVs) is not usable. >> >> The above says the validation of those in Section 2.4 may lead to >> "treat-as-withdraw" - I assume this is BGP handling. Does that not >> conflict with the following paragraph? >> > > KT> No, it does not. There is a line between what validation is done by > BGP and what is done by SRPM. > > >> >> The validation of the individual fields of the TLVs/sub-TLVs defined >> in Section 2.4 are beyond the scope of BGP as they are handled by the >> SRPM as described in the individual TLV/sub-TLV sub-sections. A BGP >> implementation MUST NOT perform semantic verification of such fields >> nor consider the SR Policy update to be invalid or not usable based >> on such validation. >> >> 6. IANA Considerations >> >> This document uses code point allocations from the following existing >> registries: >> >> * Subsequent Address Family Identifiers (SAFI) Parameters registry >> >> * BGP Tunnel Encapsulation Attribute Tunnel Types registry under the >> BGP Tunnel Encapsulation registry >> >> * BGP Tunnel Encapsulation Attribute sub-TLVs registry under the BGP >> Tunnel Encapsulation registry >> >> * Color Extended Community Flags registry under the BGP Tunnel >> Encapsulation registry >> >> Do we need to mention the above for the already allocated code points? >> if yes, should we mention the value as well? >> Actually I see 6.1~6.4 below - so the above is not needed at all. >> > > KT> This is just giving an overview. > > >> >> This document also requests the creation of the following new >> registries: >> >> * SR Policy Segment List Sub-TLVs under the BGP Tunnel Encapsulation >> registry >> >> * SR Policy Binding SID Flags under the BGP Tunnel Encapsulation >> registry >> >> * SR Policy SRv6 Binding SID Flags under the BGP Tunnel >> Encapsulation registry >> >> * SR Policy Segment Flags under the BGP Tunnel Encapsulation >> registry >> >> * Color Extended Community Color-Only Types registry under the BGP >> Tunnel Encapsulation registry >> >> Similarly, we probably don't need the above. Just a nit. >> > > KT> Just an overview. I would leave it to IANA as they process this > document during publication on whether they want to keep it or drop it. > > Thanks, > Ketan > >
- [RTG-DIR] Rtgdir early review of draft-ietf-idr-s… Zhaohui Zhang via Datatracker
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-i… Ketan Talaulikar
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-i… Ketan Talaulikar
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-i… Jeffrey (Zhaohui) Zhang
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-i… Ketan Talaulikar
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-i… Ketan Talaulikar
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-i… Ketan Talaulikar