IETF Logo Mail Archive

Re: [Softwires] softwires-encaps-safi

Yakov Rekhter <yakov@juniper.net> Mon, 05 May 2008 22:43 UTC

Return-Path: <softwires-bounces@ietf.org>
X-Original-To: softwires-archive@megatron.ietf.org
Delivered-To: ietfarch-softwires-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B7FAB3A682F; Mon, 5 May 2008 15:43:46 -0700 (PDT)
X-Original-To: softwires@core3.amsl.com
Delivered-To: softwires@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D21D3A682F for <softwires@core3.amsl.com>; Mon, 5 May 2008 15:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7JaWHhNYUsFm for <softwires@core3.amsl.com>; Mon, 5 May 2008 15:43:44 -0700 (PDT)
Received: from exprod7og112.obsmtp.com (exprod7og112.obsmtp.com [64.18.2.177]) by core3.amsl.com (Postfix) with ESMTP id 0A9AD3A67EC for <softwires@ietf.org>; Mon, 5 May 2008 15:43:33 -0700 (PDT)
Received: from source ([66.129.224.36]) by exprod7ob112.postini.com ([64.18.6.12]) with SMTP; Mon, 05 May 2008 15:43:30 PDT
Received: from magenta.juniper.net ([172.17.27.123]) by emailsmtp55.jnpr.net with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 May 2008 15:35:09 -0700
Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id m45MZ9x12922; Mon, 5 May 2008 15:35:09 -0700 (PDT) (envelope-from yakov@juniper.net)
Message-Id: <200805052235.m45MZ9x12922@magenta.juniper.net>
To: David Ward <dward@cisco.com>
In-Reply-To: Your message of "Mon, 05 May 2008 15:34:31 CDT." <89F15385-FDFE-4973-A8B2-A2F358655DFE@cisco.com>
MIME-Version: 1.0
Content-ID: <81136.1210026908.1@juniper.net>
Date: Mon, 05 May 2008 15:35:09 -0700
From: Yakov Rekhter <yakov@juniper.net>
X-OriginalArrivalTime: 05 May 2008 22:35:09.0579 (UTC) FILETIME=[4662A5B0:01C8AF00]
Cc: "Francois Le Faucheur IMAP <flefauch@cisco.com>" <flefauch@cisco.com>, Alain Durand <Alain_Durand@cable.comcast.com>, Jari Arkko <jari.arkko@piuha.net>, softwires@ietf.org, "John G. Scudder <jgs@juniper.net>" <jgs@juniper.net>, jianping <jianping@cernet.edu.cn>, "Russ White <riw@cisco.com>" <riw@cisco.com>
Subject: Re: [Softwires] softwires-encaps-safi
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/softwires>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: softwires-bounces@ietf.org
Errors-To: softwires-bounces@ietf.org

Dave,

> All -
> 	We'd like to LC the suite of mesh related documents at one time  
> since they are all dependent on each other:
> 
>        draft-ietf-softwire-mesh-framework-04.txt
>        draft-ietf-softwire-v4nlri-v6nh-01.txt
>        draft-ietf-softwire-encaps-safi-00.txt
>        draft-ietf-softwire-encaps-ipsec-01.txt
> 
> 
> For this last call, if you have comments or nits please have the  
> subject line include the draft title. For example Subject: softwire- 
> encaps-safi (as appropriate) so that your email clearly specifies  
> which draft you are commenting on. Given that everyone is so familiar  
> w/ the set of specifications and the delta to this rev is rather  
> small, we are going to have a 2.5 week Last Call period. It will end  
> May 23, 2008.

I think that one area of the document needs further clarification.

The following covers the discussion I had a while ago with the
authors.

From 4.3:

   Additionally, the Encapsulation SAFI UPDATE message can contain a
   community or extended-community as a way to color the corresponding
   tunnel TLV(s).  The same community or extended community can then be
   attached to the UPDATE messages that contain payload prefixes. This
   way, the BGP speaker can express the fact that it expects the packets
   corresponding to these payload prefixes to be received with a
   particular tunnel encapsulation header.

With this in mind consider a scenario where a PE receives an
encaps-safi update for a tunnel destined to address A1, and this
update is "colored" with a particular community C. The PE also
receives an VPN-IPv4 update that carries the same community C, but
its next hop is not A1, but A2.

What should the PE do when resolving the next hop towards VPN-IPv4
routes ?

One could argue that if the nexthop address in a VPN-IPv4 update
does not match any of the addresses from an encaps-safi update, the
nexthop can not get resolved. In other words, this should be treated
as a misconfig -- i.e.  there is no way to reach that nexthop using
a tunnel encap (unless there is some local config forcing to use
an encap).

However, this argument is incorrect, as just because the nexthop
address in the VPN-IPv4 update does not match any of the addresses
from an encap-safi update does not really mean that "the next hop
can not get resolved".  In other words, just because there is no
way to reach the nexthop using the tunnel carried in the encap-safi,
does not mean that there is no way to that nexthop.

Another alternative could be as follows:

1. Next hop resolution is done as usual, with no regard to color.
 
2. If  the next hop corresponds to  two encaps-safis, one red  and one blue,
then:

    - if the destination address matches a red prefix, use the red encaps
 
    - if the destination address matches a blue prefix, use the blue encaps
 
    - if the  destination prefix  is not colored,  and there is  no uncolored
      encaps-safi,  then  we have  a  config error  and  the  packet will  be
      dropped.

In this alternative the last item seems incorrect - it should be up to 
the ingress PE to decide whether to forward or to drop (it is a matter 
of policy).

Moreover, there is a case that is not covered by the above. Namely,
where the Next Hop does not match any of the addresses from the
encap-safi updates.  In this case one can not say that the next hop
can not get resolved; it can not get resolved *only* via available
encap-safi. 

With all this in mind perhaps the spec should say that if after the next
hop resolution, the next hop does not have any encaps info, or does
not have encaps info that matches the color of the prefix, then
disposition of the packet is a matter of policy on the ingress PE.

Of course, the next question to ask is what is the default policy
that every vendor SHOULD support. Here is a strawman proposal for
such default policy:

1. Perform the usual procedures for finding the next hop, call it N.
 
2. If no next hop is found, drop the packet and exit.

3. If the policy is that there must be a color-matching encaps-safi, then
 
    a. If there is none, remove from consideration all routes whose next hop
       is N, and go to 1.
 
    b. If there is a color-matching encaps-safi, tunnel the packet according-
       ly and exit.

4. If the  policy  is  that there  does  not need  to  be a  color-matching
   encaps-safi, then do whatever the policy says.

Yakov.
_______________________________________________
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires

v2.23.0 | Report a Bug | By Email