RE: Is TI-LFA compatible with the default SR algorithm?

Alexander Vainshtein <Alexander.Vainshtein@ecitele.com> Thu, 14 June 2018 12:46 UTC

Return-Path: <Alexander.Vainshtein@ecitele.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05D78131147; Thu, 14 Jun 2018 05:46:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.574
X-Spam-Level:
X-Spam-Status: No, score=-2.574 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.795, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=eci365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OBsNQ_SR4JHg; Thu, 14 Jun 2018 05:46:09 -0700 (PDT)
Received: from mail1.bemta25.messagelabs.com (mail1.bemta25.messagelabs.com [195.245.230.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0202F13113B; Thu, 14 Jun 2018 05:46:07 -0700 (PDT)
Received: from [46.226.52.199] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-1.bemta.az-b.eu-west-1.aws.symcld.net id E6/32-26453-D83622B5; Thu, 14 Jun 2018 12:46:05 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTeUgUURzHezOzs5M4Na6avyxLtwOsZnHNaiv KIiijpCKiSMNmdXI31lF21loLwkoCj4UKu+zQxKxNo6gMI2trO5WsJZDSsBKt1IK2oMNMaWaf dswfj8/7fX/H9z3eMKTuFx3JiE6HaJcEm54OohJif0zmXen6lLi6gTBTUU83bfpS0k2ZfB/7S dNDXz8yfb3ZoTE1vREW0UnXy9q1SVVVfURSwbtGejW5UWOVzNnOzRrLi8JzRM7JYsLZ/L6Wzk f5flSEghiKqyTh5K0yUt3ouEMENHjcCG86EZTvrVSUkQzNLYDLNe20ymHcEtj34IlWZZI7QUK hd4PKodwi+NnqonDOYjji8hGY50Hvwd1IZYqbAjUd1YEcltsMNXsuaPCwlwhavnsDBSO5fQjq 21aojLgx8L2plsDDIqCtqzzAwHFQ1fCUxBwOPZ2DGswxcPTVCS3mKHhWXhw4DXDXCCjqvzJUb ISHbo9SzCg8Ca52b8KYDId7OJzejOBRu28ofQYcb/TT2I8ZXr89jXA8G+6+3jPkYSfUN7+hME +A864OCjfykHCh4d1Qo/FQ6nlBYsFPw0DxGWo/4sv+ORxmCXqL2qiywC2FQOOxLgrHZ0DFjS8 05ulQffoDOcyPb3cS/8YrkPY8mmO2WzMtjizBauONcXG80RjPG+ea+PiZBmEHbzaIufx2UXbw RoOwXTbIeVnptgyDJDouI+XdjVC+enTDl+5FYxlCH85Gt8Sk6EaZszPyLIJsSbPn2kTZi8Yzj B7YCrM+RRdiFzNF5xarTXm8wzIwwfowtk6VWTlHyJKtmVhqQomM91NpCck8Caxev7oOtnpcpI 6SsiUxMoKtVMs4tcySK/1pOvxTPENRkaEsUmzqgnNEe5bV8b/eiyIYpA9lC9UuwVbJ8Wd2r2K LUGzdvx+t2nIIf6XIfBQiEQaxNLpz98LEs7tWzicSU2sL/DPTnhNdWveyazvCXQmjHc5jCetv nfq4ddvnZeu9QbFLZ/W4P6+uG7eq4GvJhNmp71eFsKkri2P75eWb6EuPfxTcyW8ZMfGlOT5t6 oEmtq8w41stFTPf3TpdE3pv3ZpK9tsDUbu0bm3U7WnC1uSLekq2CMZppF0WfgO+4of8DwQAAA ==
X-Env-Sender: Alexander.Vainshtein@ecitele.com
X-Msg-Ref: server-15.tower-287.messagelabs.com!1528980361!2554193!1
X-Originating-IP: [52.41.248.36]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=ecitele.com,-,-
X-VirusChecked: Checked
Received: (qmail 10221 invoked from network); 14 Jun 2018 12:46:04 -0000
Received: from us-west-2a.mta.dlp.protect.symantec.com (HELO EUR01-HE1-obe.outbound.protection.outlook.com) (52.41.248.36) by server-15.tower-287.messagelabs.com with AES256-SHA256 encrypted SMTP; 14 Jun 2018 12:46:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ECI365.onmicrosoft.com; s=selector1-ecitele-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Wns7/dmsUu7Vd4l9RpSiPEYYFDHaw2H/WzeT5L9TP8s=; b=UFR5RwOW+f4N9rC/taks1mxEJEAMYM2ChLznEIcymsZ6I0xafLswesqjqwpodYhZBU2XEyJerO9lLbJwToGxhADjCRbbaYjuVbyxlCY0pk5bW6RAuCectCQ2cyyvfyrFEm9BoGDrU7UIYaQy+1RMBGpi2w6ahhk71MHTGR1zBJo=
Received: from DB5PR0301MB1909.eurprd03.prod.outlook.com (10.167.226.155) by DB5PR0301MB1910.eurprd03.prod.outlook.com (10.167.226.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.863.14; Thu, 14 Jun 2018 12:45:59 +0000
Received: from DB5PR0301MB1909.eurprd03.prod.outlook.com ([fe80::d461:c56e:7404:d5b1]) by DB5PR0301MB1909.eurprd03.prod.outlook.com ([fe80::d461:c56e:7404:d5b1%6]) with mapi id 15.20.0863.016; Thu, 14 Jun 2018 12:45:59 +0000
From: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>
To: "stephane.litkowski@orange.com" <stephane.litkowski@orange.com>
CC: Stewart Bryant <stewart.bryant@gmail.com>, Michael Gorokhovsky <Michael.Gorokhovsky@ecitele.com>, "draft-ietf-spring-segment-routing.authors@ietf.org" <draft-ietf-spring-segment-routing.authors@ietf.org>, "spring@ietf.org" <spring@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>, "draft-bashandy-rtgwg-segment-routing-ti-lfa.authors@ietf.org" <draft-bashandy-rtgwg-segment-routing-ti-lfa.authors@ietf.org>
Subject: RE: Is TI-LFA compatible with the default SR algorithm?
Thread-Topic: Is TI-LFA compatible with the default SR algorithm?
Thread-Index: AdQDJQBEzlZGSBhRThelBw/PgQXs7AAqTYjAAAIxaIA=
Date: Thu, 14 Jun 2018 12:45:59 +0000
Message-ID: <DB5PR0301MB190902EA5E6978D5FF16D0879D7D0@DB5PR0301MB1909.eurprd03.prod.outlook.com>
References: <DB5PR0301MB1909F44C6E7D9311B0FDA0C99D7E0@DB5PR0301MB1909.eurprd03.prod.outlook.com> <1113_1528973791_5B2249DF_1113_378_1_9E32478DFA9976438E7A22F69B08FF924B1C4116@OPEXCLILMA4.corporate.adroot.infra.ftgroup>
In-Reply-To: <1113_1528973791_5B2249DF_1113_378_1_9E32478DFA9976438E7A22F69B08FF924B1C4116@OPEXCLILMA4.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.234.241.1]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR0301MB1910; 7:x8PyEdT7j301Y6keAiuSvvq1JeljKlOrHuL8rwOhs7DLN7V2fKKJ0yVi5qURyQQxjpFeY9trQxWaDJfBB8PCyi7JTsZTV1XkHf1VY9HhioWI9Ym0Tyh2XZJzD0e6ibNKB678A3KJuJlCtHh78Ku+UMdgurlmYg0hq4CA/eLNAfxxTMKjKQsIsNVnQTt+Ydl1l52LJ868dXXxkzHTVPLIh6OQyuXRYiuJ7tWLI3QO4j3A9TLPp5T4DDt3PYhDBcb4
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 55108f81-9459-4654-997e-08d5d1f4c7be
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DB5PR0301MB1910;
x-ms-traffictypediagnostic: DB5PR0301MB1910:
x-microsoft-antispam-prvs: <DB5PR0301MB19102CE9C138806EE1ECA2529D7D0@DB5PR0301MB1910.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(85827821059158)(18271650672692)(21748063052155)(279101305709854);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:DB5PR0301MB1910; BCL:0; PCL:0; RULEID:; SRVR:DB5PR0301MB1910;
x-forefront-prvs: 0703B549E4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(346002)(39860400002)(39380400002)(396003)(252514010)(189003)(199004)(53754006)(51874003)(54906003)(478600001)(74316002)(76176011)(14454004)(2351001)(7736002)(3280700002)(3660700001)(11346002)(476003)(446003)(486006)(2906002)(7696005)(97736004)(5640700003)(186003)(59450400001)(72206003)(229853002)(2900100001)(6436002)(26005)(99286004)(25786009)(5630700001)(55016002)(81166006)(316002)(606006)(33656002)(790700001)(6116002)(54896002)(5660300001)(3846002)(68736007)(102836004)(236005)(53546011)(4326008)(6916009)(8936002)(5890100001)(5250100002)(105586002)(2501003)(106356001)(6506007)(66066001)(8676002)(81156014)(6306002)(39060400002)(9686003)(53936002)(86362001)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5PR0301MB1910; H:DB5PR0301MB1909.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ecitele.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: k7hCcccctMORs4vJuLqAwcCSIiGs7LwFROZd2Gl2O37fkQPcnWo7CU18vVG1HkqSScCgcLmCY8OGheM7pLPnyN8FZ6SP/WG0N5NUiNdLLOjLhgqglod2Wnlpu5Oqh2hEbf3UdBUUn+IbsZZ6Oxz2H1aS/wZw53Uz9REC/9Ko6bpaEFicsWRC6XxPwUIgkbG1
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DB5PR0301MB190902EA5E6978D5FF16D0879D7D0DB5PR0301MB1909_"
MIME-Version: 1.0
X-OriginatorOrg: ecitele.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 55108f81-9459-4654-997e-08d5d1f4c7be
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2018 12:45:59.5305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2c514a61-08de-4519-b4c0-921fef62c42a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR0301MB1910
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/YFSIBGsTXZ8o4-ulBq3revFEYfE>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2018 12:46:14 -0000

Stephane,

The default algorithm for Prefix-SIDs is defined in Section 3.1.1 of the Segment Routing Architecture<https://tools.ietf.org/html/draft-ietf-spring-segment-routing-15> draft as following (the important text is highlighted):
   o  "Shortest Path": this algorithm is the default behavior.  The
      packet is forwarded along the well-known ECMP-aware SPF algorithm
      employed by the IGPs.  However it is explicitly allowed for a
      midpoint to implement another forwarding based on local policy.

Consider now the following scenario:


1.       The PLR node P uses a simple primary next hop N to reach a destination prefix D.

a.       IP FRR (as defined in RFC 5286<https://tools.ietf.org/html/rfc5286>) is enabled in this node, and it identifies the neighbor L of P  as a local loop-free alternative for reaching D if the link P-->N fails.

b.       In addition, P computes its post-convergence path to D after failure of link P-->N, and decides that L is its primary NH in the post-convergence topology.

c.       According to Section 4.1 of the TI-LFA draft, P decides that:

                                                               i.      N is the repair node for reaching D when the link P-->N fails

                                                             ii.      The egress interface to use is the link P-->L

                                                           iii.      The repair segment list is empty

2.       Now suppose that L is configured with a local policy that overrides its SPF computation and sets its primary NH for reaching D to P

a.       Since this is a local policy (say, implemented using policy-based routing), it remains unknown to P

b.       This policy will not result in any routing loop (at least in some scenarios) as long as the link P-->N is OK

c.       Activation of this policy in L is conditional (how this can be done is not really important at the moment) so that when the link P-->N fails, this policy would be deactivated

d.       However, when this link fails, the combination of the repair path selected by P and the local policy configured in L will result in a routing loop that would exist until  IGP converges again.

Please note that RFC 5286 explicitly states that it is only applicable to intra-domain routing only with OSPF or IS-IS as IGP.
It does not mention the possibility of local policies overriding shortest path routing provided by these protocols.

Does this explanation help?
Regards,
Sasha

Office: +972-39266302
Cell:      +972-549266302
Email:   Alexander.Vainshtein@ecitele.com

From: stephane.litkowski@orange.com [mailto:stephane.litkowski@orange.com]
Sent: Thursday, June 14, 2018 1:57 PM
To: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>om>; draft-bashandy-rtgwg-segment-routing-ti-lfa.authors@ietf.org
Cc: Stewart Bryant <stewart.bryant@gmail.com>om>; Michael Gorokhovsky <Michael.Gorokhovsky@ecitele.com>om>; draft-ietf-spring-segment-routing.authors@ietf.org; spring@ietf.org; rtgwg@ietf.org
Subject: RE: Is TI-LFA compatible with the default SR algorithm?

Hi Sasha,

Could you elaborate on :" I strongly suspect that it is not so, and that these mechanisms are only compatible with the Strict-SPF. (Actually, I can provide an example that confirms this suspicion.)" ?

Thanks,


From: spring [mailto:spring-bounces@ietf.org] On Behalf Of Alexander Vainshtein
Sent: Wednesday, June 13, 2018 17:00
To: draft-bashandy-rtgwg-segment-routing-ti-lfa.authors@ietf.org<mailto:draft-bashandy-rtgwg-segment-routing-ti-lfa.authors@ietf.org>
Cc: Stewart Bryant; Michael Gorokhovsky; draft-ietf-spring-segment-routing.authors@ietf.org<mailto:draft-ietf-spring-segment-routing.authors@ietf.org>; spring@ietf.org<mailto:spring@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: [spring] Is TI-LFA compatible with the default SR algorithm?

Hi all,
I have looked up Section 3.1.1 "Prefix-SID Algorithm" of the Segment Routing Architecture<https://tools.ietf.org/html/draft-ietf-spring-segment-routing-15> draft (already In the RFC Editor queue) and found there the following statement (the relevant part is highlighted):

This document defines two algorithms:

   o  "Shortest Path": this algorithm is the default behavior.  The
      packet is forwarded along the well-known ECMP-aware SPF algorithm
      employed by the IGPs.  However it is explicitly allowed for a
      midpoint to implement another forwarding based on local policy.
      The "Shortest Path" algorithm is in fact the default and current
      behavior of most of the networks where local policies may override
      the SPF decision.

   o  "Strict Shortest Path (Strict-SPF)": This algorithm mandates that
      the packet is forwarded according to ECMP-aware SPF algorithm and
      instructs any router in the path to ignore any possible local
      policy overriding the SPF decision.  The SID advertised with
      Strict-SPF algorithm ensures that the path the packet is going to
      take is the expected, and not altered, SPF path.  Note that Fast
      Reroute (FRR) [RFC5714<https://tools.ietf.org/html/rfc5714>] mechanisms are still compliant with the
      Strict Shortest Path.  In other words, a packet received with a
      Strict-SPF SID may be rerouted through a FRR mechanism.

At the same time, the TI-LFA draft<https://tools.ietf..org/html/draft-bashandy-rtgwg-segment-routing-ti-lfa-04> discusses protection of active Prefix-SIDs (e.g., in Section 3 that discusses P-Space and Q-space) but, to the best of my understanding, does not mention algorithms that form the context of these SIDs.

My question to the authors of the TI-LFA draft is:

Are the mechanisms defined in the draft (and examples discussed in Section 4) applicable to Prefix-SIDs associated with the default forwarding algorithm as defined in the Segment Routing Architecture draft?

I strongly suspect that it is not so, and that these mechanisms are only compatible with the Strict-SPF. (Actually, I can provide an example that confirms this suspicion.)

Do I miss something substantial here?

Regards, and lots of thanks in advance,
Sasha

Office: +972-39266302
Cell:      +972-549266302
Email:   Alexander.Vainshtein@ecitele.com<mailto:Alexander.Vainshtein@ecitele.com>


___________________________________________________________________________

This e-mail message is intended for the recipient only and contains information which is
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this
transmission in error, please inform us by e-mail, phone or fax, and then delete the original
and all copies thereof.
___________________________________________________________________________

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

___________________________________________________________________________

This e-mail message is intended for the recipient only and contains information which is 
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this 
transmission in error, please inform us by e-mail, phone or fax, and then delete the original 
and all copies thereof.
___________________________________________________________________________