IETF Logo Mail Archive

Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)

Martin Horneffer <maho@lab.dtag.de> Fri, 28 August 2020 10:10 UTC

Return-Path: <maho@lab.dtag.de>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B663A0853 for <spring@ietfa.amsl.com>; Fri, 28 Aug 2020 03:10:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.644
X-Spam-Level:
X-Spam-Status: No, score=-2.644 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.948, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=lab.dtag.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K41Qd8IhS4wY for <spring@ietfa.amsl.com>; Fri, 28 Aug 2020 03:10:37 -0700 (PDT)
Received: from OldBailey.lab.dtag.de (OldBailey.lab.DTAG.DE [194.25.1.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D1B33A08CC for <spring@ietf.org>; Fri, 28 Aug 2020 03:10:36 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id D5380CB7B0; Fri, 28 Aug 2020 12:10:28 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lab.dtag.de; s=dkim; t=1598609429; h=from:subject:date:message-id:to:cc:mime-version:content-type: in-reply-to:references; bh=Cka/Ksn7vlK3I0mkSFygm37J44qBJkeglkv8YvokJrU=; b=TVAWGoyuhRP1v99HrAVBoCwC8ItWiU+PJpGcWzW7giFKBEK2wsbiuUp/HctyHskPMGpgLq eXNeCihMwhZmRq0XphLf7iMLpBEj1/JaCGGnlMjDLKeOrjM2Cwav3aSFIdEG2OoFY8QF/m q/ZJvYIGT1asH8KGkoeQ3TIhyERiCwXVRElPZN2FHnaVdwf0Y4Cd0jNonIIMPK2gGxbrmY aDg3/JrMXFe5wwxRDleIbcudGQqf6JtY0QrpjyuiGeYJzvEIsv/UFEtr8qpx5t6n+M2qgG F+8QzJHf7mTMYMv2Htf2RG/guPu+E7dr3Cg2VyPA5V+QjXmvf8TFctKin6YLZw==
To: Robert Raszuk <robert@raszuk.net>
Cc: SPRING WG <spring@ietf.org>
References: <15389fb7-d7d5-2f28-2869-4ee9fb84fccb@lab.dtag.de> <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de> <CAOj+MMHZZR9OK7HbOG9mfOVLZBK351_7Ftf8VaTr8Yj8qi+NNA@mail.gmail.com>
From: Martin Horneffer <maho@lab.dtag.de>
Message-ID: <13e512a0-44e6-7fe8-d44d-54c3c4136d16@lab.dtag.de>
Date: Fri, 28 Aug 2020 12:10:28 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <CAOj+MMHZZR9OK7HbOG9mfOVLZBK351_7Ftf8VaTr8Yj8qi+NNA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------9E9303A289B834A51E55492C"
X-Last-TLS-Session-Version: TLSv1.3
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/Mi0cD3s3MIVXAhy1aW5Lnc5DZoY>
Subject: Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2020 10:10:40 -0000

Hi Robert,

the setup I sketched does not cover double failures nor 100 % of all 
topological cases for forwarding.
And in fact, forwarding the traffic is not the main purpose. The main 
purpose it to DETECT the failure in a useful way.

For the same reason we would sure not want to add yet another 
encapsulation technology.

But, of course, if the behavior (drop or forward unlabelled) would be 
configurable, that would be perfectly ok from my point of view.

Best regards, Martin


Am 27.08.20 um 14:45 schrieb Robert Raszuk:
> Martin,
>
> > it follows an IGP default route to a central device,
>
> So putting aside that such default must point domian wide to the same 
> address (could be anycast if you are careful) once this "central 
> device" receives a packet and does a BGP full table lookup it will 
> again try to encapsulate it in MPLS towards exit.
>
> What if the path is again via a device which breaks LDP LSP or SR 
> path and the packet will again go back to central device creating a 
> very nice loop ?
>
> Sure central device could give up on MPLS all together and IP encap to 
> egress via your BGP free core - but you are not mentioning that.
>
> Bottom line if you would not have BGP free core (or Internet route 
> free core) I would say sure good idea to continue. But since you do I 
> think this is a lot of hidden traps number of networks may fall into 
> by doing it. So at least it should not be a default behaviour.
>
> Thx,
> R.
>
>
>
>
>
> On Thu, Aug 27, 2020 at 12:35 PM Martin Horneffer <maho@lab.dtag.de 
> <mailto:maho@lab..dtag.de>> wrote:
>
>     Hello everyone,
>
>     may I come back the the question below? Or rather let me update it
>     a little:
>
>     In case an SR-MPLS path is broken, should a node rather drop the
>     packet,
>     or forward it?
>     This can happen whenever the IGP points to a certain next hop, but
>     that
>     neither supplies a valid SID, nor allows LDP-stitching for whatever
>     reason. For PUSH as well as for CONTINUE.
>
>     We have been using MPLS transport and a BGP free core since about two
>     decades now, using LDP. In the analog case, LDP creates "unlabelled"
>     entries in the LFIB, does the equivalent of a POP operation and
>     forwards
>     the packet to the next-hop as chosen by the IGP.
>
>     This behavior obviously breaks any traffic that relies on a service
>     label, but it can protect some traffic.
>     In our case a huge percentage of all traffic still is public IPv4.
>     This
>     needs MPLS only for a transport label, be it LDP or SR-MPLS. If this
>     traffic gets forwarded unlabelled, it follows an IGP default route
>     to a
>     central device, where it is 1) redirected to the correct
>     destination and
>     2) counted in a way that operators can quickly see whether and where
>     this kind of failure occurs at some point in the network.
>
>     After more operational experience and several internal discussions we
>     agreed that we want packets to be forwarded unlabelled rather than
>     dropped. Anyone to share, or oppose this position?
>
>     Best regards, Martin
>
>
>     Am 31.01.20 um 16:50 schrieb Martin Horneffer:
>     > Hello everyone,
>     >
>     > again it seems the interesting questions only show up when applying
>     > something to the live network...
>     >
>     > We ran into something that poses a question related to RFC8660:
>     What
>     > is the exact meaning of section 2.10.1, "Forwarding for PUSH and
>     > CONTINUE of Global SIDs", when the chosen neighbor doesn't
>     provide a
>     > valid MPLS path?
>     >
>     > The relevant sections reads:
>     >
>     >       -  Else, if there are other usable next hops, use them to
>     forward
>     >          the incoming packet.  The method by which the router "R0"
>     >          decides on the possibility of using other next hops is
>     beyond
>     >          the scope of this document.  For example, the MCC on
>     "R0" may
>     >          chose the send an IPv4 packet without pushing any label to
>     >          another next hop.
>     >
>     > Does the part "send an IPv4 packet without pushing any label"
>     apply to
>     > PUSH and CONTINUE, or just to PUSH?
>     > Does R0 have to validate that neighbor N can correctly process to
>     > packet? Or can it forward the packet regardless?
>     >
>     > The reason for asking is that we are now seeing issues similar
>     to ones
>     > we had when starting with LDP based MPLS about two decades ago:
>     > traffic being black holed even though a path to the destination
>     > exists, because the MPLS path is interrupted somewhere in the
>     middle.
>     >
>     > With LDP we know the case of LFIBentries called "unlabelled"..
>     While
>     > this does break connectivity for many kinds of service, e.g. those
>     > relying on an additional service labels, it still works for plain
>     > IP(v4) traffic. In our cases, this works perfectly fine for all
>     > internal routing and control traffic. And even for IPv4 traffic
>     that
>     > gets collected by a central router that injects a default route.
>     >
>     > However, depending on the exact interpretation of the above
>     paragraph,
>     > an implementor might feel obliged to chose the next paragraph:
>     >
>     >       -  Otherwise, drop the packet.
>     >
>     > Which is, at least in our case, very unfortunate...
>     >
>     > Any advice or opinion appreciated!
>     >
>     >
>     > Best regards, Martin
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > spring mailing list
>     > spring@ietf.org <mailto:spring@ietf.org>
>     > https://www.ietf.org/mailman/listinfo/spring
>
>     _______________________________________________
>     spring mailing list
>     spring@ietf.org <mailto:spring@ietf.org>
>     https://www.ietf.org/mailman/listinfo/spring
>
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring

v2.23.0 | Report a Bug | By Email