IETF Logo Mail Archive

Re: [spring] [Mapping Server] Conflict Resolution

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Sun, 19 March 2017 15:22 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 754721294D0 for <spring@ietfa.amsl.com>; Sun, 19 Mar 2017 08:22:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7DHAzfSOKr_O for <spring@ietfa.amsl.com>; Sun, 19 Mar 2017 08:22:20 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45EBA1294CF for <spring@ietf.org>; Sun, 19 Mar 2017 08:22:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=114318; q=dns/txt; s=iport; t=1489936940; x=1491146540; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=9XDmoain5LxZaa4Qhr9LD/T0B1H+B59BW5BCex8q/fc=; b=hIzNr9jJ9a9QTty3pKzb6I9fIZbi+fJWXrZm39OsAAaN1BmVGAz6jmd9 9JfRrMbXoGwjh2vowpOyWZtX6YaLyihQhgETTIV4FqdeBcWkMmJCnhjb1 3mVorSwM4Y/Le6BjYMjCXKFtIBO75l2klhMsc+8EGsmneBtjKPi47k0Tp k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CIAgCyoc5Y/4gNJK1dGQEBAQEBAQEBAQEBBwEBAQEBgm45KmGBCgeDW4oPkVmCWoU4jTGCDi6FdAIaKII/PxgBAgEBAQEBAQFrKIUVAQEBAQMaCQofHw4QAgEIEQICAQEhAQYDAgICHwQNFAkIAgQOBQgWiUoDEAUOsmOCJoQPgxkNgwkBAQEBAQEBAQEBAQEBAQEBAQEBAQEdhk6DZoEJglGBZgEBBSQJH4JQgl8FlgSGDzoBhniDKINwhCmCBIUog1aGMopkJgeIRgEPEDhYLFgVhRgdgWN1AYdODRcHgQOBDQEBAQ
X-IronPort-AV: E=Sophos;i="5.36,189,1486425600"; d="scan'208,217";a="220095032"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Mar 2017 15:22:18 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v2JFMIZ8015589 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 19 Mar 2017 15:22:18 GMT
Received: from xch-aln-001.cisco.com (173.36.7.11) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sun, 19 Mar 2017 10:22:17 -0500
Received: from xch-aln-001.cisco.com ([173.36.7.11]) by XCH-ALN-001.cisco.com ([173.36.7.11]) with mapi id 15.00.1210.000; Sun, 19 Mar 2017 10:22:17 -0500
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: tech_kals Kals <tech.kals@gmail.com>
CC: "spring@ietf.org" <spring@ietf.org>, "Peter Psenak (ppsenak)" <ppsenak@cisco.com>, "Stefano Previdi (sprevidi)" <sprevidi@cisco.com>, "martin@infobox.sk" <martin@infobox.sk>
Thread-Topic: [Mapping Server] Conflict Resolution
Thread-Index: AQHSnsVBWNzGjxwjFUOLSVXC0/gmBqGYnB/ggABlvgCAAQUI0IACBogAgAA6YaA=
Date: Sun, 19 Mar 2017 15:22:17 +0000
Message-ID: <95c5e3c770b44905ad5b9526a2b2501d@XCH-ALN-001.cisco.com>
References: <CAHWErLdy5RgdWQKOXp1PrbB6T_ANObznCSXvdQ0nkbBgukD5cQ@mail.gmail.com> <e0950e57a2a24bd99d78908be0d49a5d@XCH-ALN-001.cisco.com> <CAHWErLeBaMPDPJst0MpQfBXQqE3PW2pwGG_f6A539o1dv9gDYw@mail.gmail.com> <aaf69434308545a5b2566645cc2e4e47@XCH-ALN-001.cisco.com> <CAHWErLdvQoPjxuhwmVH9SzFKdET7L2yH9JFJz8_dRx2gEeEHew@mail.gmail.com>
In-Reply-To: <CAHWErLdvQoPjxuhwmVH9SzFKdET7L2yH9JFJz8_dRx2gEeEHew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.83.223]
Content-Type: multipart/alternative; boundary="_000_95c5e3c770b44905ad5b9526a2b2501dXCHALN001ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/K8h3UukzC7WNR9FQH1nSy5qquSc>
Subject: Re: [spring] [Mapping Server] Conflict Resolution
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 15:22:24 -0000

Kals –

Inline…look for “Les2”

From: tech_kals Kals [mailto:tech.kals@gmail.com]
Sent: Saturday, March 18, 2017 11:40 PM
To: Les Ginsberg (ginsberg)
Cc: spring@ietf.org; Peter Psenak (ppsenak); Stefano Previdi (sprevidi); martin.pilka@pantheon.tech
Subject: Re: [Mapping Server] Conflict Resolution

Hi Les,

Thank you so much for your clarification.

I have one more question here...

1) the newly incoming entry would do conflict resolution validation with all existing entries and will be programmed only if it doesn't have any conflict with any entries or if it wins in conflict resolution with all of them?

In this case, the entry will be programmed only if it wins over all entries, even if it fails with any one of the entry, it would not be added. But, the entry which fails to win with the new entry also would exists in the database. It would have not got removed.

Is my understanding right ?

2) Or when new entry X do conflict resolution validation with each entry and assume, all entries are having a conflict resolution with this new entry and the new entry wins over all entries. So, in this case, all of them gets removed; only new entry would be added.

[Les2:] When an entry arrives has no bearing on the application of the preference rule. Conceptually (I am not talking about actual implementation details) when the database changes (new entry added, existing entry modified or deleted) the algorithm must be re-executed on the complete contents of the database – not just on the changed entries..

3) In cisco routers, I observed the below behavior.

[Les2:] There currently is no standard. Individual vendors have implemented whatever seemed best to them at the time. When there is WG agreement on a standard behavior then it should be expected that implementations will be modified to conform to the standard.

    Whenever there is any conflict (prefix/SID) with entries, the entry which wins if it has lower system-id ( system-id is in the context of ISIS protocol) though it has higher prefix/SID values. i.e. it seems, "system-ID" is treated as "preference value".
Why system-ID is being treated as preference value ?  Can you please clarify ?


Coming back to our discussion, I thinks, there is a conflict with all 3 entries in all 3 scenarios.

Please see my reply inline with <KALS>

Regards,
_tech.kals_


On Sat, Mar 18, 2017 at 11:19 AM, Les Ginsberg (ginsberg) <ginsberg@cisco.com<mailto:ginsberg@cisco.com>> wrote:
Kals –

Please look closely at how to determine if there is a conflict.
From Section 3:

     Prf - Preference Value (See Section 3.1)
       Pi - Initial prefix
       Pe - End prefix
       L  - Prefix length
       Lx - Maximum prefix length (32 for IPv4, 128 for IPv6)
       Si - Initial SID value
       Se - End SID value
       R  - Range value (See Note 1)
       T  - Topology
       A  - Algorithm

       A Mapping Entry is then the tuple: (Prf, Src, Pi/L, Si, R, T, A)
       Pe = (Pi + ((R-1) << (Lx-L))
       Se = Si + (R-1)

And Section 3.2.1

  Given two mapping entries:

   (Prf, P1/L1, S1, R1, T1, A1) and
   (Prf, P2/L2, S2, R2, T2, A2)

   where P1 <= P2

   a prefix conflict exists if all of the following are true:

   1)(T1 == T2) && (A1 == A2)
   2)P1 <= P2
   3)The prefixes are in the same address family.
   2)L1 == L2
   3)(P1e >= P2) && ((S1 + (P2 - P1)) != S2)

The preference rule as defined in the latest version of the draft (02):

1.  Higher preference value wins
   2.  Smaller range wins
   3.  IPv6 entry wins over IPv4 entry
   4.  Longer prefix length wins
   5.  Smaller algorithm wins
   6.  Smaller starting address (considered as an unsigned integer
       value) wins
   7.  Smaller starting SID wins
   8.  If topology IDs are NOT identical both entries MUST be ignored

Comments inline

From: tech_kals Kals [mailto:tech.kals@gmail.com<mailto:tech.kals@gmail.com>]
Sent: Friday, March 17, 2017 1:09 AM
To: Les Ginsberg (ginsberg)
Cc: spring@ietf.org<mailto:spring@ietf.org>; Peter Psenak (ppsenak); Stefano Previdi (sprevidi); martin.pilka@pantheon.tech<mailto:martin.pilka@pantheon.tech>
Subject: Re: [Mapping Server] Conflict Resolution

Hi Les,

 Sorry, I have not included my mapping entries in the previous mail. Please see the example here below.

 I am working with the RFC which doesn't support Preference Value, so please ignore it. And, my mapping entries would looks like.
Topology will be a single topology, not a Multi-topology and algorithm would be SPF not CSPF.

 Please read my entry the below order:  <Prefix-start/ prefix-len,  starting SID,  range>
 E1 and E2 already configured Active entries. X is the newly incoming entry.


Scenario 1:   (Entries are conflicting with prefix)
                         Entry E1:      <10.1.10.0/24<http://10.1.10.0/24>, 300, 22>
                         Entry E2:      <10.1.1.0/24<http://10.1.1.0/24>,   150, 5>

[Les:] E1 expands to (10.1.10.0/24<http://10.1.10.0/24> through 10.1.31.0/24<http://10.1.31.0/24>) using SIDs 300-321
E2 expands to (10.1.1.0/24<http://10.1.1.0/24> through 10.1.5.0/24<http://10.1.5.0/24>) using SIDs 150 -154

There is no conflict – both entries are used.

                         incoming entry is X:
                         Entry X:        <10.1.2.0/24<http://10.1.2.0/24>,  200, 20>

[Les:] X expands to (10.1.2.0/24<http://10.1.2.0/24> – 10.1.21.0/24<http://10.1.21.0/24>) using SIDs 200-219.
There is a prefix conflict with E1.
Preference rule #2 (smaller range) is applied – but the answer one gets depends on the order in which the entries are processed – a point which I discussed in my presentation at IETF 96. See Slides 17-20 in
https://www.ietf.org/proceedings/97/slides/slides-97-spring-1_ietf97_draft-ietf-spring-conflict-resolution-02-00.pptx

So, if we examine entries in range order (smallest to highest) we find:
E2 has no conflict w X nor with E1.

<KALS>

There is a conflict between X and E2 also.

[Les2:] You are correct – my error.
So, processing entries in range order (smallest to highest)

E2 has a conflict with X. X is ignored.
E2 has no conflict with E1.
E1 and E2 are used – X is ignored.

Apologies for the confusion.


E2 expands to (10.1.1.0/24<http://10.1.1.0/24> through 10.1.5.0/24<http://10.1.5.0/24>) using SIDs 150 -154
X expands to (10.1.2.0/24<http://10.1.2.0/24> – 10.1.21.0/24<http://10.1.21.0/24>) using SIDs 200-219.

Prefix 10.1.2.0 to 10.1.5.0 are conflicting between entry-X and entry-E2.
Will E2 win as they have lower range ?

So, only E2 will exist in this case.
E1 will be removed due to conflict with X and X would be removed due to conflict with E2.

Assume, if I have some more entries in the table say E3 to E100, they will not be participating in the conflict resolution validation as X is lost to E2 itself. Isn't it ?

Is there any criteria that all entries such as E1, E2 and so on should be in sorted order ? Otherwise, performing validation with all mapping entries will be difficult if they have not been sorted. Isnt it ?

Could you please let me know whether am I right ?


X has a conflict with E1 – E1 is ignored.
E2 and X are used.

           Step1: Conflict would be validated between E1 and X.

           Step2: Conflict would be validated between E2 and X.

          # what are the entries would be active and what will become inactive/excluded entry ?



Scenario 2:   (Entries are conflicting with SID)
                         Entry E1:      <10.1.10.0/24<http://10.1.10.0/24>, 300, 22>
                         Entry E2:      <7.1.1.0/24<http://7.1.1.0/24>,     280, 10>

[Les:] Again, there is no conflict, both entries are used.

                         incoming entry is X:
                         Entry X:        <3.1.1.0/24<http://3.1.1.0/24>,   285, 20>

[Les:] There is no prefix conflict but there is a SID conflict.
E1 300 – 321
E2 280 – 289
X 285 – 304

Again applying Preference Rule #2 (smallest range wins)
E2 wins over X – X is ignored
E2 has no conflict with E1 – both entries are used.
So E1 and E2 are used and X is ignored.


<KALS>

So, X will be added only if it is not having any conflict with all existing entries.

X will not be validated with other entries once it loses to someone ? Am i rght ?

What will happen if,

  - the new entry wins with some entries and
  - losing to some ?

[Les2:] We apply the comparison based on the order of the preference rules. Once an entry loses it is no longer a candidate for comparison using any of the lower priority preference rule.

   Les


           Step1: Conflict would be validated between E1 and X.

           Step2: Conflict would be validated between E2 and X.

          # what are the entries would be active and what will become inactive/excluded entry ?


Scenario 3:    (Entries are conflicting with prefix and SID)

                         Entry E1:      <10.1.10.0/24<http://10.1.10.0/24>, 300, 22>
                         Entry E2:      <5.1.1.0/24<http://5.1.1.0/24>,     190, 15>

[Les:] Again, no conflict – both entries are used.

                         incoming entry is X:
                         Entry X:        <10.1.1.0/24<http://10.1.1.0/24>,  200, 20>

[Les:] X has a prefix conflict with E1 – because it has smaller range X is the winner and E1 is ignored.
X has a SID conflict with E2. E2 has smaller range so X is ignored.
Only E2 is used.
Note that we evaluate  prefix conflicts before sid conflicts. Different results might ensue if we did sid conflicts before prefix conflicts (though not in this example)

The subtleties of ordering in achieving interoperability have not yet been incorporated into the draft – in part because there is still discussion about what policy should be used (Ignore, Quarantine, Ignore Overlap Only). If the WG were to select Ignore as the policy then ordering would not matter.

HTH

   Les

           Step1: Conflict would be validated between E1 and X.

           Step2: Conflict would be validated between E2 and X.

          # what are the entries would be active and what will become inactive/excluded entry ?


Regards,
__tech.kals__


On Fri, Mar 17, 2017 at 12:41 PM, Les Ginsberg (ginsberg) <ginsberg@cisco.com<mailto:ginsberg@cisco.com>> wrote:
It is not possible to answer your query because the way you have presented your entries (X, E1, E2, E3) does not tell us what conflicts you have.
Do you have two SIDs assigned to the same prefix? (Prefix conflict)
Do you have the same SID assigned to two different prefixes? (SID conflict)

This matters – see Section 3.3.6 of the draft for an example as to why.

Please present your example in the form defined in Section 3:

       Prf - Preference Value (See Section 3.1)
       Pi - Initial prefix
       Pe - End prefix
       L  - Prefix length
       Lx - Maximum prefix length (32 for IPv4, 128 for IPv6)
       Si - Initial SID value
       Se - End SID value
       R  - Range value (See Note 1)
       T  - Topology
       A  - Algorithm

       A Mapping Entry is then the tuple: (Prf, Src, Pi/L, Si, R, T, A)

Thanx.

   Les


From: tech_kals Kals [mailto:tech.kals@gmail.com<mailto:tech.kals@gmail.com>]
Sent: Thursday, March 16, 2017 7:22 PM
To: spring@ietf.org<mailto:spring@ietf.org>; Les Ginsberg (ginsberg); Peter Psenak (ppsenak); Stefano Previdi (sprevidi); martin.pilka@pantheon.tech<mailto:martin.pilka@pantheon.tech>
Subject: [Mapping Server] Conflict Resolution

Hi Experts,

  Could you please explain me what would be the expected behavior in the following scenario in Quarantine approach.

  Mapping entries E1, E2, E3 are Active entries.

  In case, if incoming new entry say X which has conflict with E1, E2 and E3.

  Assume, X is better than E1 but not better than E2.  ( E1 < X < E2)

  1] X is better than E1 so E1 will become excluded entry and X will become an active entry

  2] Now, X is compared with E2. E2 is better than X. So, X will become excluded entry and E2 is an active entry as it was.

So, X and E1 will become "excluded entry".

I couldn't find any info as shown above in the RFC. Can you please clarify ?


My doubts:
1) Will the entry become active only if it wins with all entries which are conflicted with this ?
2) When doing conflict resolution with other entries, it can win with some entries and can lose to some? What could be the behavior ?
     - This is the case which I explained above.
     - In this case, X can become active by winning to E1 and lose E2 which leads X and E1 to become inactive/excluded entry.


can you please clarify ?


Regards,
__tech.kals__

v2.23.0 | Report a Bug | By Email