IETF Logo Mail Archive

Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)

Robert Raszuk <robert@raszuk.net> Thu, 27 August 2020 12:45 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 321B93A0CCD for <spring@ietfa.amsl.com>; Thu, 27 Aug 2020 05:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzq34ZJEMzKz for <spring@ietfa.amsl.com>; Thu, 27 Aug 2020 05:45:51 -0700 (PDT)
Received: from mail-ej1-x642.google.com (mail-ej1-x642.google.com [IPv6:2a00:1450:4864:20::642]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B64213A0CB4 for <spring@ietf.org>; Thu, 27 Aug 2020 05:45:50 -0700 (PDT)
Received: by mail-ej1-x642.google.com with SMTP id si26so7425585ejb.12 for <spring@ietf.org>; Thu, 27 Aug 2020 05:45:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/e6/AqEVXGIQqspcsC0b8wFnLpL20iX+xJPWOxlVlHQ=; b=OEjgYNMYuKSEz2gkRaqh5H/mGXmBwUa1UDfdenQPIlMwrZn3O9zCrKcbWQTiDsu/yz BvHNqmwHy86RgZUoaFwMdeMyTd1Edd8peXMAXgfstnar0pC6MkT0kR+gRHjbdaTImJrt F/GnxvPIl7wuOaXwOJWb0PcN2gHtMJ13Ug6Le0Vqxd+L47pvaTSzeqLFL/8fAqP63bYA ach67IHn8ZWSHkJ11bGMsCtJdqufYHGBP4LdqAlETrRqoXikAupPQ4WI2PAiyrDwEvYe gq1Yhx2iqhR1iDt0MxhLxq7/7MwvwB4mC2HRJdox+v1e5p//kkgPBybXt54WW5ZB7USF cyWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/e6/AqEVXGIQqspcsC0b8wFnLpL20iX+xJPWOxlVlHQ=; b=XCaMY8nMEzELm/Xtm44Xogj8bJTCW3MyGl+srDnMjZfFRaym2wbQRtjHOBg/BMHS0O 8xLWn4CU22DSgHd1zw1taFjNimBzFZ3wrQ3fbPvcwVsDZ2NvDuy69yflp18cSL49xhwR E7QZ0Cdj7aONR5YvYUyhG69X3wefGKzsxHOf1OF42NvWqc9QQD4iG6pKY9h+ME8rxMh3 CTvQkeiETNwIVTQ/DzJDMg0UwBy3PmhskqzMAm1DT3UAKx/FpgVvNZF0i5ixAmuMVhyS zpRS0anP+Sw4tkrPDcBb7uTZ+vzpg1T2+Opz/qooS5CyzfxMHR+hUMcwXI6iWT6aH27E AaoA==
X-Gm-Message-State: AOAM531sDQ6swh/G9WbmtJvh0gKgHgyJ2wyzVrywyaInn3pBLFdfTuww zA3uDxVcE+DsSzobJAPh3Pg1folMR3XSrtAX0jOxBd2XwPJNlg==
X-Google-Smtp-Source: ABdhPJwzrjrfZEG0wGO/3rqXnPlnbbgG6wYGmXjkEsLMH02U+H3oxYW5HcWWyxNpCZSQfpKIRj1zlt4dM/ckM5jUQQ8=
X-Received: by 2002:a17:906:22d6:: with SMTP id q22mr12895361eja.242.1598532348984; Thu, 27 Aug 2020 05:45:48 -0700 (PDT)
MIME-Version: 1.0
References: <15389fb7-d7d5-2f28-2869-4ee9fb84fccb@lab.dtag.de> <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de>
In-Reply-To: <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 27 Aug 2020 14:45:39 +0200
Message-ID: <CAOj+MMHZZR9OK7HbOG9mfOVLZBK351_7Ftf8VaTr8Yj8qi+NNA@mail.gmail.com>
To: Martin Horneffer <maho@lab.dtag.de>
Cc: SPRING WG <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d2d79405addb50b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/PV-8GjkCOSgsv04V3gLlJLEyEBY>
Subject: Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 12:45:53 -0000

Martin,

> it follows an IGP default route to a central device,

So putting aside that such default must point domian wide to the same
address (could be anycast if you are careful) once this "central device"
receives a packet and does a BGP full table lookup it will again try to
encapsulate it in MPLS towards exit.

What if the path is again via a device which breaks LDP LSP or SR path and
the packet will again go back to central device creating a very nice loop ?

Sure central device could give up on MPLS all together and IP encap to
egress via your BGP free core - but you are not mentioning that.

Bottom line if you would not have BGP free core (or Internet route free
core) I would say sure good idea to continue. But since you do I think this
is a lot of hidden traps number of networks may fall into by doing it. So
at least it should not be a default behaviour.

Thx,
R.





On Thu, Aug 27, 2020 at 12:35 PM Martin Horneffer <maho@lab.dtag.de> wrote:

> Hello everyone,
>
> may I come back the the question below? Or rather let me update it a
> little:
>
> In case an SR-MPLS path is broken, should a node rather drop the packet,
> or forward it?
> This can happen whenever the IGP points to a certain next hop, but that
> neither supplies a valid SID, nor allows LDP-stitching for whatever
> reason. For PUSH as well as for CONTINUE.
>
> We have been using MPLS transport and a BGP free core since about two
> decades now, using LDP. In the analog case, LDP creates "unlabelled"
> entries in the LFIB, does the equivalent of a POP operation and forwards
> the packet to the next-hop as chosen by the IGP.
>
> This behavior obviously breaks any traffic that relies on a service
> label, but it can protect some traffic.
> In our case a huge percentage of all traffic still is public IPv4. This
> needs MPLS only for a transport label, be it LDP or SR-MPLS. If this
> traffic gets forwarded unlabelled, it follows an IGP default route to a
> central device, where it is 1) redirected to the correct destination and
> 2) counted in a way that operators can quickly see whether and where
> this kind of failure occurs at some point in the network.
>
> After more operational experience and several internal discussions we
> agreed that we want packets to be forwarded unlabelled rather than
> dropped. Anyone to share, or oppose this position?
>
> Best regards, Martin
>
>
> Am 31.01.20 um 16:50 schrieb Martin Horneffer:
> > Hello everyone,
> >
> > again it seems the interesting questions only show up when applying
> > something to the live network...
> >
> > We ran into something that poses a question related to RFC8660: What
> > is the exact meaning of section 2.10.1, "Forwarding for PUSH and
> > CONTINUE of Global SIDs", when the chosen neighbor doesn't provide a
> > valid MPLS path?
> >
> > The relevant sections reads:
> >
> >       -  Else, if there are other usable next hops, use them to forward
> >          the incoming packet.  The method by which the router "R0"
> >          decides on the possibility of using other next hops is beyond
> >          the scope of this document.  For example, the MCC on "R0" may
> >          chose the send an IPv4 packet without pushing any label to
> >          another next hop.
> >
> > Does the part "send an IPv4 packet without pushing any label" apply to
> > PUSH and CONTINUE, or just to PUSH?
> > Does R0 have to validate that neighbor N can correctly process to
> > packet? Or can it forward the packet regardless?
> >
> > The reason for asking is that we are now seeing issues similar to ones
> > we had when starting with LDP based MPLS about two decades ago:
> > traffic being black holed even though a path to the destination
> > exists, because the MPLS path is interrupted somewhere in the middle.
> >
> > With LDP we know the case of LFIBentries called "unlabelled". While
> > this does break connectivity for many kinds of service, e.g. those
> > relying on an additional service labels, it still works for plain
> > IP(v4) traffic. In our cases, this works perfectly fine for all
> > internal routing and control traffic. And even for IPv4 traffic that
> > gets collected by a central router that injects a default route.
> >
> > However, depending on the exact interpretation of the above paragraph,
> > an implementor might feel obliged to chose the next paragraph:
> >
> >       -  Otherwise, drop the packet.
> >
> > Which is, at least in our case, very unfortunate...
> >
> > Any advice or opinion appreciated!
> >
> >
> > Best regards, Martin
> >
> >
> >
> >
> > _______________________________________________
> > spring mailing list
> > spring@ietf.org
> > https://www.ietf.org/mailman/listinfo/spring
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>

v2.23.0 | Report a Bug | By Email