IETF Logo Mail Archive

Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)

Gyan Mishra <hayabusagsm@gmail.com> Sun, 30 August 2020 14:23 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C37C43A03FC for <spring@ietfa.amsl.com>; Sun, 30 Aug 2020 07:23:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.294
X-Spam-Level:
X-Spam-Status: No, score=-1.294 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nud4fZvNCHIw for <spring@ietfa.amsl.com>; Sun, 30 Aug 2020 07:23:10 -0700 (PDT)
Received: from mail-vk1-xa32.google.com (unknown [IPv6:2607:f8b0:4864:20::a32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17F8E3A0406 for <spring@ietf.org>; Sun, 30 Aug 2020 07:21:40 -0700 (PDT)
Received: by mail-vk1-xa32.google.com with SMTP id i20so780316vkk.2 for <spring@ietf.org>; Sun, 30 Aug 2020 07:21:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WGeKMEk3LROpza7yzSmBv3XuWCaYCxT9Vgw/64ptaGs=; b=khpYCuj8g5XFkWahU6QvnnXIYkMT8sjJlpykWk9lC546EhCQe8MrsUiS0z7iqOf3mZ /dQeg+SyHRo3PZmXYzWQnaFJ5GCnBVCKZDIym9n+jf/PvHHgRY0Kuusjuee4yxUisO1d FasiZaE4yDEuMJkIaG5A4TX10sVyJDu+UuLolKs9SbaZldfYUvDnV5wXz1nGSRnqZOmU r7awSJe+nUMuVfKLhpfG0KincW7iankO6bRILj231YCIRCwC89/t7xjBvxUx2Sn/hBwd 2TtGdwSCdF/6+DPOqaKHQNgONyoMW4+fvaSWx22ew7jwrEkopDI0kY05iLra00QYdWeY sSKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WGeKMEk3LROpza7yzSmBv3XuWCaYCxT9Vgw/64ptaGs=; b=ENrWZfCEYjrrZSr9CtkLIGzAKcUnoPrr+XfByu5wIYT5d7QCSrNn7pTJlaOx9Qduzz md/WVKMY1x48u2CAuWy1iVYZxy2Iea3anIwXIkXZiqfsVxkskveEH79YbopnXTCIXalv SWBt36WnnQfvRmCXvLuX+FWXIAkjgt8gxwQTb1kDdG1NdZNlC9Zzc+d3Kq5ysfZJ/dlh Elbtb/6wif9QW2HKFSFHXbp4SBh7vP6ObIKEFshcymmkTTo7a4qczj4bVmZ7Rt7w/XsM oVauPLbrB4H4MedRMCscIu0LCDKZVGLRJ0iCOB/olyPa9C8z9mPxbWGZOisAj+nkil/1 9Fzg==
X-Gm-Message-State: AOAM530AIpI3iQacpiv2nEZE73Bjvn0vicqGwR5FUnXFPKDG51ZI7SpE qITBnLj+joB4YM/1ye7P8Lmd2Ae1PhCtNHgYyJY=
X-Google-Smtp-Source: ABdhPJxFPeR7U52SttADmo+JnjGG1JNYtPeDquWHlTnX1uPWEG3cVRNo6ecPzQMxFzI2QpsfY3ljuap1j9JBNO85A7s=
X-Received: by 2002:a1f:a402:: with SMTP id n2mr3633937vke.77.1598797284760; Sun, 30 Aug 2020 07:21:24 -0700 (PDT)
MIME-Version: 1.0
References: <15389fb7-d7d5-2f28-2869-4ee9fb84fccb@lab.dtag.de> <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de> <DM5PR1901MB21503856C598C1BCC0B931B3FC500@DM5PR1901MB2150.namprd19.prod.outlook.com>
In-Reply-To: <DM5PR1901MB21503856C598C1BCC0B931B3FC500@DM5PR1901MB2150.namprd19.prod.outlook.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Sun, 30 Aug 2020 10:21:13 -0400
Message-ID: <CABNhwV2CpMmaiCN9wKMc9pK2dL+W=KwBUvpb4saz9GXDNLzJ=Q@mail.gmail.com>
To: Tarek Saad <tsaad.net@gmail.com>
Cc: Martin Horneffer <maho@lab.dtag.de>, "spring@ietf.org" <spring@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000039e9ba05ae190064"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/6SbC3muqRxGXS1TcKb9O7JwvYYU>
Subject: Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Aug 2020 14:23:21 -0000

Hi Martin

That is a very common scenario that occurs where one path where LDP
neighbor has lost its label binding for FEC destinations.

Most providers don’t label all prefixes and only label interesting traffic
meaning FEC destination which is the egress endpoint loopback iBGP peers
for an LSP.

So their is an ACL that is used for label allocation, label advertisement
and label accept policy to created the label binding LIB and and Label
forwarding table LFIB.

So the LSP is built from ingress PE to egress PE and the label mapping
along the path occurs downstream unsolicited in the opposite direction of
the LSP via label mapping message from the egress PE that the LSP is being
built to - to the ingress PE from the downstream node to the upstream node.

Most operators have a BGP free and PIM free core and usually don’t dual
stack the core and the concept of softwire mesh framework RFC 5565 so 6to4
softwire would be v6 edge over a v4 core or v4 edge over a v6 core.

So with the BGP free core all PE are BGP route reflector clients and have a
peer to RRs that sit in the P core.

The P core is BGP free so only runs an IGP ISIS PE OSPF.  This point is
critical and that is that since the core is BGP free it can not perform L3
forwarding so all packets must be L2.5 label switched via topmost label
either LDP or RSVP or SR-TE.

So now that we have established the core construct let’s dig into the
problem with the label mapping being broken on a node along a path.

So with LDPv4 or LDPv6 or SR-MPLS we have a concept called “ldp-IGP”
synchronization.  SR-MPLS uses IGP sync for SR sid labels as well since SR
is reusing the MPLS data plane.

So on all MPLS core enabled interfaces on both PE and P LDP sync is
enabled.

So the goal of ldp-IGP sync is to prevent black hole of packets on MPLS
interfaces cause by MPLS LDP failure and so how it works is the IGP prefix
that needs to build a label binding for FEC destination for label swapping
to occurs in the core so the IGP must not come up and forward traffic along
the path until MPLS is up or traffic will be “black holed” and dropped.  So
how this is accomplished is the IGP sets the prefix metric to maximum 65535
for ospf and ISIS wide metric does the same so the path now cannot be
utilized until ldp comes up and the label binding message is received via
downstream unsolicited to create outgoing label for the LFIB entry.  Once
LDP is up and the LFIB entry outing label is populated the IGP prefix is
“unset” so now is set to its normal IGP metric and traffic can now flow
over the path.

For LDP troubleshooting first you have to see if discovery link LDP is up
on the interface and then have to check if both Ldp adjacencent nodes have
a route in rib for each other’s LDP router id for the ldp neighbor to come
UP and label mapping message to be sent.  As you mentioned if their is
summarization for FEC which results in a loop the binding does not get
built for the FEC resulting in unlabeled FECs in the LFIB.

Hope that explanation helps.


Kind Regards

Gyan

On Sat, Aug 29, 2020 at 8:37 PM Tarek Saad <tsaad.net@gmail.com> wrote:

> Hi Martin,
>
>
>
> See inline for some comments.
>
>
>
> On 8/27/20, 6:35 AM, "spring on behalf of Martin Horneffer" <
> spring-bounces@ietf.org on behalf of maho@lab.dtag.de> wrote:
>
>
>
>     Hello everyone,
>
>
>
>     may I come back the the question below? Or rather let me update it a
> little:
>
>
>
>     In case an SR-MPLS path is broken, should a node rather drop the
> packet,
>
>     or forward it?
>
>
>
>     This can happen whenever the IGP points to a certain next hop, but
> that
>
>     neither supplies a valid SID, nor allows LDP-stitching for whatever
>
>     reason. For PUSH as well as for CONTINUE.
>
>
>
>     We have been using MPLS transport and a BGP free core since about two
>
>     decades now, using LDP. In the analog case, LDP creates "unlabelled"
>
>     entries in the LFIB, does the equivalent of a POP operation and
> forwards
>
>     the packet to the next-hop as chosen by the IGP.
>
>
>
>     This behavior obviously breaks any traffic that relies on a service
>
>     label, but it can protect some traffic.
>
>     In our case a huge percentage of all traffic still is public IPv4.
> This
>
>     needs MPLS only for a transport label, be it LDP or SR-MPLS. If this
>
>     traffic gets forwarded unlabelled, it follows an IGP default route to
> a
>
>     central device, where it is 1) redirected to the correct destination
> and
>
>     2) counted in a way that operators can quickly see whether and where
>
>     this kind of failure occurs at some point in the network.
>
>
>
> [TS]: The SR Path may be composed of multiple SIDs (i.e. label stack) --
> where the top SID destination is not the SR Path endpoint.. I sense from
> "gets forwarded unlabelled " as you will discard the full label stack (?)
> and forward the packet unlabeled to the central device? Or are you
> encapsulating the remaining MPLS packet over IP and IP routing packet to
> the central device to be inspected? In either case, I expect somehow the
> packet to be ultimately delivered to the original SR Path endpoint/egress?
>
>
>
>     After more operational experience and several internal discussions we
>
>     agreed that we want packets to be forwarded unlabelled rather than
>
>     dropped. Anyone to share, or oppose this position?
>
> [TS]: again, I'm not clear on when you say "forward unlabelled" - do you
> mean packets will follow the top SID's the IP IGP route? Or are you peaking
> into the destination IP (public IPv4) of packet encapsulated in MPLS to
> determine how to forward it?
>
>
>
> Regards,
>
> Tarek
>
>
>
>     Best regards, Martin
>
>
>
>
>
>     Am 31.01.20 um 16:50 schrieb Martin Horneffer:
>
>     > Hello everyone,
>
>     >
>
>     > again it seems the interesting questions only show up when applying
>
>     > something to the live network...
>
>     >
>
>     > We ran into something that poses a question related to RFC8660: What
>
>     > is the exact meaning of section 2.10.1, "Forwarding for PUSH and
>
>     > CONTINUE of Global SIDs", when the chosen neighbor doesn't provide a
>
>     > valid MPLS path?
>
>     >
>
>     > The relevant sections reads:
>
>     >
>
>     >       -  Else, if there are other usable next hops, use them to
> forward
>
>     >          the incoming packet.  The method by which the router "R0"
>
>     >          decides on the possibility of using other next hops is
> beyond
>
>     >          the scope of this document.  For example, the MCC on "R0"
> may
>
>     >          chose the send an IPv4 packet without pushing any label to
>
>     >          another next hop.
>
>     >
>
>     > Does the part "send an IPv4 packet without pushing any label" apply
> to
>
>     > PUSH and CONTINUE, or just to PUSH?
>
>     > Does R0 have to validate that neighbor N can correctly process to
>
>     > packet? Or can it forward the packet regardless?
>
>     >
>
>     > The reason for asking is that we are now seeing issues similar to
> ones
>
>     > we had when starting with LDP based MPLS about two decades ago:
>
>     > traffic being black holed even though a path to the destination
>
>     > exists, because the MPLS path is interrupted somewhere in the middle.
>
>     >
>
>     > With LDP we know the case of LFIBentries called "unlabelled". While
>
>     > this does break connectivity for many kinds of service, e.g. those
>
>     > relying on an additional service labels, it still works for plain
>
>     > IP(v4) traffic. In our cases, this works perfectly fine for all
>
>     > internal routing and control traffic. And even for IPv4 traffic that
>
>     > gets collected by a central router that injects a default route.
>
>     >
>
>     > However, depending on the exact interpretation of the above
> paragraph,
>
>     > an implementor might feel obliged to chose the next paragraph:
>
>     >
>
>     >       -  Otherwise, drop the packet.
>
>     >
>
>     > Which is, at least in our case, very unfortunate...
>
>     >
>
>     > Any advice or opinion appreciated!
>
>     >
>
>     >
>
>     > Best regards, Martin
>
>     >
>
>     >
>
>     >
>
>     >
>
>     > _______________________________________________
>
>     > spring mailing list
>
>     > spring@ietf.org
>
>     > https://www.ietf.org/mailman/listinfo/spring
>
>
>
>     _______________________________________________
>
>     spring mailing list
>
>     spring@ietf.org
>
>     https://www.ietf.org/mailman/listinfo/spring
>
> _______________________________________________
>
> spring mailing list
>
> spring@ietf.org
>
> https://www.ietf.org/mailman/listinfo/spring
>
> --

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *



*M 301 502-134713101 Columbia Pike *Silver Spring, MD

v2.23.0 | Report a Bug | By Email