Re: WGLC for draft-rtgwg-mrt-frr-architecture

[Stewart Bryant <stewart.bryant@gmail.com>]

Hi Anil

Please see inline.

Note that here we are just discussion some of the points raised.

- Stewart

On 06/12/2015 04:38, Anil Kumar S N (VRP Network BL) wrote:
>
> Hi Bryant,
>
> Please find my observation on your comments  in line.
>
> Thanks & Regards
>
> Anil S N
>
> “Be liberal in what you accept, and conservative in what you send” - 
> Jon Postel
>
> *From:*rtgwg [mailto:rtgwg-bounces@ietf.org] *On Behalf Of *Stewart Bryant
> *Sent:* 04 December 2015 02:22
> *To:* draft-rtgwg-mrt-frr-architecture@ietf.org 
> <mailto:draft-rtgwg-mrt-frr-architecture@ietf.org>; rtgwg@ietf.org 
> <mailto:rtgwg@ietf.org>; Alvaro Retana
> *Subject:* WGLC for draft-rtgwg-mrt-frr-architecture
>
> Resend due to problem sending to the document alias
> Hi,
> I am sorry that this review is late, but a number of personal matters
> needed priority. Hopefully you can accept it still.
> Firstly my high order bit, and I suspect I will be in the rough on this.
> I am not convinced that this is the best solution that we can produce to
> this problem, and I am concerned about the operational issues that
> result from the non-intuitive repair paths when compared to other
> methods. I am also concerned about our ability to get a solution as
> complicated as this right first time in all of the corner cases.
> Thus I think that rather than recommend this to the industry
> as a standard, we should issue it as informational and see how it works
> out at scale.
> ===========
>   1.  Introduction
>     This document gives a complete solution for IP/LDP fast-reroute
>     [RFC5714].  MRT-FRR creates two alternate trees separate from the
>     primary next-hop forwarding used during stable operation.  These two
>     trees are maximally diverse from each other, providing link and node
>     protection for 100% of paths and failures as long as the failure does
>     not cut the network into multiple pieces.
> SB> I am concerned that this is an overstatement.
> SB> Firstly you cannot handle multiple concurrent failures in
> SB> even simple pathological cases. If the network is two
> SB> connected and you have both a red and blue failure
> SB> that you need to traverse, you (say) commit to the red
> SB> the you will fail at blue transition, even though the network is
> SB> is still connected at the link level.
> [Anil >>] I don’t think once packet moved into red path will fall back 
> to blue path in case of red path failure.
> No other FRR technologies can handle simultaneous multiple failure 
> without loops[Loop may or may not occur which is unknown].
> MRT is one of the FRR technologies which provide alternate path which 
> tries to move away from failure point to reach the destination.
> I feel we can count on the positive advantage of MRT.
SB> I do not think that is correct.

SB> Methods that construct a repair to the next-hop (link) or 
next-next-hop (node)
SB> and refuse to repair a repair can cope with some types of multiple 
failure.
SB> For example a repair based on not-via or strict source-routing can deal
SB> with concatenated repairs. They get tricky when the second failure 
is in the
SB> repair path. Mike Shand and I looked at this but I cannot remember 
what the
SB> outcome was. However to a limited extent I think that even that might be
SB> feasible.

SB> I think that what is important here is that you specify the degree 
of completeness
SB> which is single-link, cluster of links with a single common node and 
node
SB> failure.

SB> The root cause of this constraint is the use of a pair of trees with 
a single root.
SB> This contrasts with SR and NV which have a tree rooted at every PLR and
SB> reset the repair constraint once the packet has left the repair domain.

SB> As to your point about moving away from the failure, NV certainly 
does this
SB> and with SR it depends on whether you set the repair target as the far
SB> side of the failure or Q space.

SB> The root cause of the loops in Q space is that you may not have used
SB> a sufficiently limited estimate of Q space. However if you require 
that the
SB> packet get to the next-next hop it is always safe to release it into a
SB> network that had previously converged.
> SB> The text should start with the invariants and assumptions to
> SB> correctly scope the claims in the introduction.
> SB> I think you have to say where the trees are routed since only
> SB> two mean you need a root, and you need to note that this is
> SB> different from the underlying IGP in which there is a tree
> SB> per node.
>                   Summary Comparison of IP/LDP FRR Methods
>     +---------+-------------+-------------+-----------------------------+
>     |  Method |   Coverage  |  Alternate  |    Computation (in SPFs)    |
>     |         |             |   Looping?  |                             |
>     +---------+-------------+-------------+-----------------------------+
>     | MRT-FRR |     100%    |     None    |         less than 3         |
>     |         |  Link/Node  |             |                             |
>     |         |             |             |                             |
>     |   LFA   |   Partial   |   Possible  |         per neighbor        |
>     |         |  Link/Node  |             |                             |
>     |         |             |             |                             |
>     |  Remote |   Partial   |   Possible  |    per neighbor (link) or   |
>     |   LFA   |  Link/Node  |             |  neighbor's neighbor (node) |
>     |         |             |             |                             |
>     | Not-Via |     100%    |     None    |      per link and node      |
>     |         |  Link/Node  |             |                             |
>     |         |             |             |                             |
>     |  TI-LFA |     100%    |   Possible  |    per neighbor (link) or   |
>     |         |  Link/Node  |             |  neighbor's neighbor (node) |
>     +---------+-------------+-------------+-----------------------------+
> SB> I really wonder how important the computational complexity is
> SB> given that we are moving to an SDN world where these calculations
> SB> can be offloaded?
> [Anil >>] JIts not wrong to claim MRT consumes much less computation 
> compared to other FRR technologies.
> Be it SDN controlled or distributed.

SB> ... but it is important to consider the importance of the 
computation constraint.
SB> In SDN you potentially have a lot more compute power available than you
SB> have in the small processor/memory systems. You also have the potential
SB> (due to massive storage) to maintain a history of common network states
SB> and thus have the configuration of the post-failure or post-repair 
states
SB> on file.

SB> You also need to consider how long it takes to do loop-free 
reconvergence
SB> to see whether the new state repair time calculation is a factor or not.
SB> For example, if you could do 50 SPF/sec it would take 10s to run one
SB> per node on a 500 node network. So then you get to the question of
SB> whether the LF strategy can be executed, and its completion notifed
SB> in 10s? If not, then the SPF computation time is not a factor.
>   
> SB>
> SB> I think that it is fair to note that the other method use the
> SB> existing routing protocol and calculate alternate paths using
> SB> the methods of that routing protocol. Whereas with MRT you
> SB> really have a new routing protocol with all of the associated
> SB> operations overhead.
> [Anil >>] As you stated in previous comment, Moving to SDN world 
> overhead can be offloaded J
> But I don’t feel there is much overhead compared to R-LFA or TI-LFA
SB> You miss my point. With MRT you have the complexity and
SB> operation characteristics of a new routing protocol to take into
SB> account. That is also the case for some of the other FRR methods
SB> but by no means all of them.

> ============
>   1.1.  Importance of 100% Coverage
>     Fast-reroute is based upon the single failure assumption - that the
>     time between single failures is long enough for a network to
>     reconverge and start forwarding on the new shortest paths.  That does
>     not imply that the network will only experience one failure or
>     change.
> SB> The above needs to be much earlier to qualify "complete"
> ===========
>   
> 4.  Maximally Redundant Trees (MRT)
> SB> Please remind me is there one red topology or one per failure.
> SB> There is just one - correct  - so it would be useful to
> SB> explain what happens in a number of instances of failure.
> [Anil >>] Each devices will maintain three forwarding tables, one for 
> default SPF calculated topology and other two for RED and BLUE topologies.
> Default forwarding table would have backup path on red or blue 
> forwarding table based on alternate selection.
> On failure if Blue is selected as alternate path, packet will switch 
> to Blue forwarding table.
> Packet stays in blue path till it reaches the destination
> If any failure is detected on blue path, packet will be dropped till 
> SPF convergence.
SB> This needs to be highlighted, together with the mechanism that you 
will use
SB> to abandon the LF reconvergence.
> ============
> 5.  Maximally Redundant Trees (MRT) and Fast-Reroute
>     When there is a link or node failure affecting, but not partitioning,
> SB> that should be "a single link or single node"
> [Anil >>] In case of MRT there is Cut-Vertex and Cut-Link, When these 
> vertex or link fails then network is partitioned
> Otherwise there exists a path to reach destination, the same would 
> have been selected by MRT
SB> Strictly it is partitioned in the chosen MRT topology. I think it can
SB> be unpartitioned in base or the other MRT topology, it is just that
SB> they are not available to you.
> ============
> 6.  Unicast Forwarding with MRT Fast-Reroute
>     As mentioned before, MRT FRR needs multi-topology forwarding.
>     Unfortunately, neither IP nor LDP provides extra bits for a packet to
>     indicate its topology.  Once the MRTs are computed, the two sets of
>     MRTs can be used as two additional forwarding topologies.  The same
>     considerations apply for forwarding along the MRTs as for handling
>     multiple topologies.
> SB> It would be good to explain how you solve the problem mentioned
> SB> in the previous para. Maybe a forward ref to a later section?
> =============
> 6.1.1.1.  Topology-scoped FEC encoded using a single label (Option 1A)
>     [RFC7307] provides a mechanism to distribute FEC-Label bindings
>     scoped to a given MPLS topology (represented by MPLS MT-ID).  To use
>     multi-topology LDP to create MRT forwarding topologies, we associate
>     two MPLS MT-IDs with the MRT-Red and MRT-Blue forwarding topologies,
>     in addition to the default shortest path forwarding topology with MT-
>     ID=0.
> SB> Presumably you could MRT a topology other than default?
> SB> To be clear - you need 3 * the number of delivery labels in the
> SB> network, and in some cases these labels identify prefix or a
> SB> VPN exit point.
> SB> This is a lot more labels than some of the competing schemes
> SB> and so I think we really need a label table size comparison
> SB> in the comparison section earlier in the document.
> [Anil >>] Yes MRT needs multiple tables only then packet can be guided 
> to take disjoint path to destination.
> The devices with higher forwarding entry capacity can choose to use MRT.
> In case of TI-LFA label stack size is a constraint, for older devices 
> with limited label stack capacity that would be a serious restriction.
> So point is it’s a tradeoff
SB> Indeed, it is a tradeoff, but I don't think you set out the full 
tradeoff
SB> earlier in the text, and it is by no means clear that MRT is always
SB> the best trade-off.

SB> Also you need to make it clear how large the tables are.
> =============
> 6.1.1.2.  Topology and FEC encoded using a two label stack (Option 1B)
>     With this forwarding mechanism, a two label stack is used to encode
>     the topology and the FEC of the packet.  The top label (topology-id
>     label) identifies the MRT forwarding topology, while the second label
>     (FEC label) identifies the FEC.  The top label would be a new FEC
>     type with two values corresponding to MRT Red and Blue topologies.
>     When an MRT transit router receives a packet with a topology-id
>     label, the router pops the top label and uses that it to guide the
>     next-hop selection in combination with the next label in the stack
>     (the FEC label).  The router then swaps the FEC label, using the FEC-
>     label bindings learned through normal LDP mechanisms.  The router
>     then pushes the topology-id label for the next-hop.
>     As with Option 1A, this forwarding mechanism also has the useful
>     property that the FEC associated with the packet is maintained in the
>     labels at each hop along the MRT.
>     This forwarding mechanism has minimal usage of additional labels,
>     memory and LDP communication.  It does increase the size of packets
>     and the complexity of the required label operations and look-ups.
>     This forwarding option is consistent with context-specific label
>     spaces, as described in [RFC 5331].  However, the precise LDP
>     behavior required to support this option for MRT has not been
>     specified.
> SB> So I wonder if this should be normative text given that the underlying
> SB> control plane behavior is currently unknown?
> SB> You should comment on the impact on forwarding moving from
> SB> a one to a two label action at every hop along the repair path.
> SB> This is not an issue that the competing approaches have and so
> SB> should feature in the comparison section.
> [Anil >>] I agree to move to comparison section.
> ============
> 6.1.2.  MRT IP tunnels (Options 2A and 2B)
>     IP tunneling can also be used as an MRT transit forwarding mechanism.
>     Each router supporting this MRT transit forwarding mechanism
>     announces two additional loopback addresses and their associated MRT
>     color.  Those addresses are used as destination addresses for MRT-
>     blue and MRT-red IP tunnels respectively.  The special loopback
>     addresses allow the transit nodes to identify the traffic as being
>     forwarded along either the MRT-blue or MRT-red topology to reach the
>     tunnel destination.  Announcements of these two additional loopback
>     addresses per router with their MRT color requires IGP extensions,
>     which have not been defined.
> SB> So help me understand here. How do you do this with just two
> SB> loopback addresses. If I have red to a, red to b etc how
> SB> do I distinguish them. Presumably you have to do this by
> SB> looking inside the tunnel to find the payload. Unlike MPLS
> SB> this is a much larger departure from the standard forwarding
> SB> process isn't it? Again this needs to go in the comparision.
> [Anil >>] I agree to move to comparison section.
>     Either IPv4 (option 2A) or IPv6 (option 2B) can be used as the
>     tunneling mechanism.
>     Note that the two forwarding mechanisms using LDP Label options do
>     not require additional loopbacks per router, as is required by the IP
>     tunneling mechanism.  This is because LDP labels are used on a hop-
>     by-hop basis to identify MRT-blue and MRT-red forwarding topologies.
> 6.2.  Forwarding LDP Unicast Traffic over MRT Paths
>     In the previous section, we examined several options for providing
>     MRT transit forwarding functionality, which is independent of the
>     type of traffic being carried.  We now look at the MRT ingress
>     functionality, which will depend on the type of traffic being carried
>     (IP or LDP).  We start by considering LDP traffic.
>     We also simplify the initial discussion by assuming that the network
>     consists of a single IGP area, and that all routers in the network
>     participate in MRT.  Other deployment scenarios that require MRT
>     egress functionality are considered later in this document.
>     In principle, it is possible to carry LDP traffic in MRT IP tunnels.
>     However, for LDP traffic, it is very desirable to avoid tunneling.
>     Tunneling LDP traffic to a remote node requires knowledge of remote
>     FEC-label bindings so that the LDP traffic can continue to be
>     forwarded properly when it leaves the tunnel.  This requires targeted
>     LDP sessions which can add management complexity.
> SB> I have been thinking a lot about this problem just recently
> SB> whilst gardening, and you could take page from the SR playbook and use the
> SB> known offset approach. I guess that is a big change, but
> SB> I think we might be able to use it to avoid the longstanding distribution
> SB> issue - i.e. convert the problem to offset math.
>     The two MRT LDP
>     Label forwarding mechanisms have the useful property that the FEC
>     associated with the packet is maintained in the labels at each hop
> Atlas, et al.            Expires April 17, 2016                [Page 14]
> Internet-Draft        MRT Unicast FRR Architecture          October 2015
>     along the MRT, as long as an MRT to the originator of the FEC is
>     used.  The MRT IP tunneling mechanism does not have this useful
>     property.  Therefore, this document only considers the two MRT LDP
>     Label forwarding mechanisms for protecting LDP traffic with MRT fast-
>     reroute.
> SB> I do not understand the preceding text
>   ===========
> 6.2.3.  Other considerations for forwarding LDP traffic using MRT LDP
>          Labels
>     Note that forwarding LDP traffic using MRT LDP Labels requires that
>     an MRT to the originator of the FEC be used.  For example, one might
>     find it desirable to have the PLR use an MRT to reach the primary
>     next-next-hop for the FEC, and then continue forwarding the LDP
>     packet along the shortest path tree from the primary next-next-hop.
> SB> Does this mean that the packet looses it's MRT marking at this point?
> SB> If so can't this result in a multi-failure repair loops?
> =============
> 6.3.  Forwarding IP Unicast Traffic over MRT Paths
>     For IP traffic, there is no currently practical alternative except
>     tunneling to gain the bits needed to indicate the MRT-Blue or MRT-Red
>     forwarding topology.
> SB> Well isn't there a possible solution based on IPv6 options?
>     The choice of tunnel egress MAY be flexible
>     since any router closer to the destination than the next-hop can
>     work.
> SB> Again isn't  there an SRLG or other multiple failure issue with this?
> ==========
> 6.3.1.2.  Tunneling IP traffic using MRT LDP Labels (Option 1B)
>     The MRT LDP Label option 1B forwarding mechanism encodes the topology
>     and the FEC using a two label stack as described in Section 6.1.1.2.
>     When a PLR receives an IP packet that needs to be forwarded on the
>     Red MRT to a particular tunnel endpoint, the PLR pushes two labels on
>     the IP packet.  The first (inner) label is the normal LDP label
>     learned from the next-hop on the Red MRT, associated with a FEC
>     originated by the tunnel endpoint.  The second (outer) label is the
>     topology-identification label associated with the Red MRT.
>     For completeness, we note here a potential optimization.  In order to
>     tunnel an IP packet over an MRT to the destination of the IP packet
>     (as opposed to an arbitrary tunnel endpoint), then we could just push
>     a topology-identification label directly onto the packet.  An MRT
>     transit router would need to pop the topology-id label, do an IP
>     route lookup in the context of that topology-id , and push the
>     topology-id label.
> SB> What are you optimizing - certainly not the forwarding cycles.
> =============
> 12.2.  MRT Recalculation
>     When a failure event happens, traffic is put by the PLRs onto the MRT
>     topologies.  After that, each router recomputes its shortest path
>     tree (SPT) and moves traffic over to that.  Only after all the PLRs
>     have switched to using their SPTs and traffic has drained from the
>     MRT topologies should each router install the recomputed MRTs into
>     the FIBs.
>     At each router, therefore, the sequence is as follows:
>     1.  Receive failure notification
>     2.  Recompute SPT
>     3.  Install new SPT
>     4.  If the network was stable before the failure occured, wait a
>         configured (or advertised) period for all routers to be using
>         their SPTs and traffic to drain from the MRTs.
> Atlas, et al.            Expires April 17, 2016                [Page 34]
> Internet-Draft        MRT Unicast FRR Architecture          October 2015
>     5.  Recompute MRTs
>     6.  Install new MRTs.
>     While the recomputed MRTs are not installed in the FIB, protection
>     coverage is lowered.  Therefore, it is important to recalculate the
>     MRTs and install them quickly.
> SB> that is one way of doing it, anothey way is to have n MRTs running
> SB> ships in the night as each failure occurs and clean up later. I think
> SB> that this makes the migration timing less critical. I an not
> SB> sure whether you don't need some approach like "new labels" to make
> SB> this unconditionally safe.
>   ===========
> 15.  IANA Considerations
>     Please create an MRT Profile registry for the MRT Profile TLV.  The
>     range is 0 to 255.  The default MRT Profile has value 0.  Values
>     1-200 are by Standards Action.  Values 201-220 are for
>     experimentation.  Values 221-255 are for vendor private use.
> SB> I am suprised that this is not in a protocol documnet rather than the
> SB> architecture since you have no data structures or encodings in here.
> 16.  Security Considerations
>     This architecture is not currently believed to introduce new security
>     concerns.
> SB> I suppose you could express this in terms of the parameters being
> SB> carried in the existing routing and thus you inherit their security
> SB> mechanisms, and that the topology boundary is set by their boundary
> SB> and thus you inherit their security and privacy characteristics.
> SB> I am supprised that the draft does not say anything about the
> SB> management of this new approach to FRR and the OAM that you will
> SB> need to test it.
> ===========