Re: Protecting SR policy midpoints (draft-bashandy-rtgwg-segment-routing-ti-lfa)
Robert Raszuk <robert@raszuk.net> Tue, 28 November 2017 17:17 UTC
Return-Path: <rraszuk@gmail.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 111DF128BB6 for <rtgwg@ietfa.amsl.com>; Tue, 28 Nov 2017 09:17:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.398
X-Spam-Level:
X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZyQuz0VlDjXS for <rtgwg@ietfa.amsl.com>; Tue, 28 Nov 2017 09:17:46 -0800 (PST)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94559126DED for <rtgwg@ietf.org>; Tue, 28 Nov 2017 09:17:45 -0800 (PST)
Received: by mail-wm0-x22f.google.com with SMTP id 9so1004953wme.4 for <rtgwg@ietf.org>; Tue, 28 Nov 2017 09:17:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=uUayLxQMz/8gxh/IMQTjif1hQxLr1n5B0uSO6aN5nKw=; b=hTV4N0LQxl58/zEOqNKwhdL4fl4R3U8Iwyl0rxw7Nb/YX11t+oz+vUp38QTwzyEJfU aENZPZI/MCCtPgfQkXrCOex3kGB6YcPE5AYSs9DmQ/NIJelugwZowprJiKPJ2Lfd7UOl CzZ0f1XgIovySk12zEQBV8F816bd4vECEIheM3BrPDxb2x1HESMiO9wPNPAR+UwNRieF hRWUzjUmEhQxnVUeqNuFSlAVmFwxQbCv2tnPUsnuSkw+58mXBhNJ6fonWtKxKMQJq4Bd 3QvW7BcjKDmnn4ucdyGMMxY5otoTBpuW3S8vvo94lO5TPn3xBpbnp9Ef8EdE49YnBQz8 NIsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=uUayLxQMz/8gxh/IMQTjif1hQxLr1n5B0uSO6aN5nKw=; b=TyEYXVXuuKTY7qeR0oaUKtRUzVlagGjBaGrzm5P2k6mVE5X2SLGE5gvqePqJW1I8El taQPQtt7zYFLNZ4Pb1C1hMODzUB2Qbjw2pgz/s40TjMO+7zzw2rlDBIdlmFG1gjz3TyZ 3K0rNboS0+kXB4gdkK7NFLT4yCCgBhhH6VkC7/bPpCfkI71FcRBHvvTsXfjZtbhqnP/B EbQHXqi4Mk7yV6iLv11KPtjml1cadWjrRUZK03+VQR1CrJw27sV7VRB+tFhTxE4X/Hw8 IhokE6bdQdSSlXwNfnhhis7/3719xIZx86qnH33b3psJ+QLHNQUnrocNTNSm7TzfZLU8 ZMtg==
X-Gm-Message-State: AJaThX5vbJEaqbs4Q5oDnSrgfJXTEVFP220Aaup9khCPQd8044GBdy/9 JcTP+qgVXBFFBoBEBD7x+YZmNkTvkhxEolzwHuw=
X-Google-Smtp-Source: AGs4zMa9cy4M5jA81lPMTfjMpjmgtCaNmfVhE5pS1B68SwFZ6SVhuiJjqZdMOATEDwDYrjK/BkWRHExuwRqkbGG7k04=
X-Received: by 10.28.5.201 with SMTP id 192mr291238wmf.142.1511889463924; Tue, 28 Nov 2017 09:17:43 -0800 (PST)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.28.54.217 with HTTP; Tue, 28 Nov 2017 09:17:43 -0800 (PST)
In-Reply-To: <5A1D95A9.9090507@cisco.com>
References: <CAKz0y8wLYjkSO486w5WpSuDYV3Cjvgkv6887o9-Ky9o_ViWMrQ@mail.gmail.com> <210606893.1211556.1511362363266@mail.yahoo.com> <CAKz0y8xeYnqOjLxADVwndtOp8QQaPeQBiAO2TtnCi6pYfebONA@mail.gmail.com> <5A1D50E5.7030302@cisco.com> <CA+b+ER=saccjdB6+aKp+gObe97P7UWOtKTd3GT1eXb9vG8ewag@mail.gmail.com> <5A1D95A9.9090507@cisco.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 28 Nov 2017 18:17:43 +0100
X-Google-Sender-Auth: LhozulBFO6sL975x8ioeRcEH90U
Message-ID: <CA+b+ERmStce0=K29VVGcxJWT1R=tBc5QrsuVu3BSgsJB51jg4A@mail.gmail.com>
Subject: Re: Protecting SR policy midpoints (draft-bashandy-rtgwg-segment-routing-ti-lfa)
To: "Ahmed Bashandy (bashandy)" <bashandy@cisco.com>
Cc: Muthu Arul Mozhi Perumal <muthu.arul@gmail.com>, "sasha@axerra.com" <sasha@axerra.com>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143816e6fdf25055f0e32ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/f7h6I75kmR7U3MqDvyoq3seq69Y>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 17:17:49 -0000
That's good addition to the draft. My comment is addressed. Thx, R. On Tue, Nov 28, 2017 at 5:58 PM, Ahmed Bashandy (bashandy) < bashandy@cisco.com> wrote: > Thanks for the the feedback > > The node "S" knows the SRGB and the adj-SIDs of the neighboring node "F". > Hence if the new top label is not within these two sets, then the node "S" > will always be able to know that the node that failed is NOT a midpoint but > rather an egress point failure > > I will add a statement in the document to explain how a node can determine > that a failure is a midpoint failure. I will also add a statement to > indicate that if the node determines that the failure is not a midpoint > failure then it may apply other protection techniques that are beyond the > scope of this document or simply drop the packet and wait for normal > protocol conversion. > > Ahmed > > > On 11/28/2017 6:38 AM, Robert Raszuk wrote: > > Hi Ahmed, > > > - In a link-state envirnoment, node "S" knows the SRGB of node "F" as > well as all adjacency SIDs of node "F" > > What you say is all true, but the way I read the question of this thread > seems to be what happens in the cases where node S has no clue of the new > top label. Say it was controller imposed EPE label or worse it is a VPN > label. > > > In the former EPE case the packet could still be "rescued" by picking into > IP header. After all EPE is just an optimization. > > However in the latter case where we are carrying L2 or L3 VPNs packet > header after the label stack may not help or may be even a security issue > if node S would start to make routing decision in global RIB based on > customer's space. > > So I think the point to document is what is the expected behavior of S > node in case of new top label is unknown. It is ok to say drop it, but I > think it needs to be clearly stated. > > Best, > Robert > > > On Tue, Nov 28, 2017 at 1:04 PM, Ahmed Bashandy (bashandy) < > bashandy@cisco.com> wrote: > >> Hi, >> >> The behavior described in section 5.3 is clear: >> - The top label of incoming packet to node "S" is either a prefix SID >> owned by node "F" or an adjacency SID for (S,F) >> - If the link from node "S" to node "F" is up, then the normal behavior >> for node "S" is to apply penultimate hop popping (PHP). HEnce node "S" >> *pops* the top label and sends the packet to node "F" >> - But if the link (S,F) is down and "S" is configured to do node >> protection, then node "S" will still pop the top label. This will promote >> the label right underneath the incoming label to become the *top* label. >> Hence there is no need to peek into the label stack >> - In a link-state envirnoment, node "S" knows the SRGB of node "F" as >> well as all adjacency SIDs of node "F". Hence it can now compare the new >> top label against the SRGB or the list of adj-SIDs of the node "F" >> - If the new top label is within the SRGB of node "F" or an adj-SID of >> node "F", then node "S" applies the behavior described in section 5.3.1 or >> section 5.3.2, respectively >> >> The bottom line is that there is no need for any peeking into the label >> stack. Just inspect the new top label >> >> Thanks >> >> Ahmed >> >> >> On 11/23/2017 5:04 AM, Muthu Arul Mozhi Perumal wrote: >> >> My understanding is that draft wants to provide a solution for the >> problem where the active segment is a prefix/adjacency segment of the >> neighbor and the neighbor fails. A solution to this is possible only at a >> node that is enforcing the SR policy (consisting of the segment list). For >> a transit node, its data plane would have to peek into the label stack and >> determine the type of the segment/label following the active segment and >> act accordingly, which is not inline with the SR architecture which >> requires SR to work 'as is' on traditional MPLS data plane >> >> Muthu >> >> On Wed, Nov 22, 2017 at 8:22 PM, Alexander Vainshtein < >> vinesasha@yahoo.com> wrote: >> >>> Muthu and all, >>> I do not see how the draft in quesrion us related to "SR Policy". >>> >>> From my POV its scope is a SR LSP comprised of multiple Node SIDs within >>> a single IGP domain, and it provides local fast protection against failure >>> of a node that terminates one of the segments comprising this LSP. >>> Pritection action is performed by the penultimate node. >>> >>> My 2c. >>> >>> Sent from Yahoo Mail on Android >>> <https://overview.mail.yahoo.com/mobile/?.src=Android> >>> >>> On Wed, Nov 22, 2017 at 3:27, Muthu Arul Mozhi Perumal >>> <muthu.arul@gmail.com> wrote: >>> Section 5.3 of draft-bashandy-rtgwg-segment-routing-ti-lfa describes >>> protecting SR policy midpoints against node failure for the case where the >>> active segment is the prefix or adjacency segment of a neighbor. >>> >>> I believe the steps described in the procedure is applicable only for a >>> node steering packets into the SR policy. This could be an ingress PE >>> steering IP packets into a SR-TE tunnel or an intermediate node steering >>> labeled packets received with a BSID into a SR-TE tunnel identified by that >>> BSID. >>> >>> A transit node that has no idea about the SR policy itself is not >>> expected to perform the procedure described in that section. >>> >>> Is my understanding correct? >>> >>> Regards, >>> Muthu >>> _______________________________________________ >>> rtgwg mailing list >>> rtgwg@ietf.org >>> https://www.ietf.org/mailman/listinfo/rtgwg >>> >>> >> >> >> _______________________________________________ >> rtgwg mailing listrtgwg@ietf.orghttps://www.ietf.org/mailman/listinfo/rtgwg >> >> >> >> _______________________________________________ >> rtgwg mailing list >> rtgwg@ietf.org >> https://www.ietf.org/mailman/listinfo/rtgwg >> >> > >
- Protecting SR policy midpoints (draft-bashandy-rt… Muthu Arul Mozhi Perumal
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein
- Re: Protecting SR policy midpoints (draft-bashand… Muthu Arul Mozhi Perumal
- RE: Protecting SR policy midpoints (draft-bashand… Huzhibo
- Re: Protecting SR policy midpoints (draft-bashand… Stewart Bryant
- Re: Protecting SR policy midpoints (draft-bashand… Muthu Arul Mozhi Perumal
- Re: Protecting SR policy midpoints (draft-bashand… Ahmed Bashandy (bashandy)
- Re: Protecting SR policy midpoints (draft-bashand… Ahmed Bashandy (bashandy)
- Re: Protecting SR policy midpoints (draft-bashand… Robert Raszuk
- Re: Protecting SR policy midpoints (draft-bashand… Stewart Bryant
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein
- Re: Protecting SR policy midpoints (draft-bashand… Muthu Arul Mozhi Perumal
- Re: Protecting SR policy midpoints (draft-bashand… Ahmed Bashandy (bashandy)
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein
- Re: Protecting SR policy midpoints (draft-bashand… Ahmed Bashandy (bashandy)
- Re: Protecting SR policy midpoints (draft-bashand… Ahmed Bashandy (bashandy)
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein
- Re: Protecting SR policy midpoints (draft-bashand… Robert Raszuk
- Re: Protecting SR policy midpoints (draft-bashand… Ahmed Bashandy (bashandy)
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein
- Re: Protecting SR policy midpoints (draft-bashand… Stewart Bryant
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein
- RE: Protecting SR policy midpoints (draft-bashand… Sikhivahan Gundu
- Re: Protecting SR policy midpoints (draft-bashand… Ahmed Bashandy (bashandy)
- Re: Protecting SR policy midpoints (draft-bashand… Muthu Arul Mozhi Perumal
- Re: Protecting SR policy midpoints (draft-bashand… Muthu Arul Mozhi Perumal
- Re: Protecting SR policy midpoints (draft-bashand… Alexander Vainshtein