Re: [spring] WG Last Call for draft-ietf-spring-conflict-resolution

["Les Ginsberg (ginsberg)" <ginsberg@cisco.com>]

Shraddha -

All the rules defined in the draft are based on advertised values - which means if two nodes have the same database and use the same set of rules they will reach the same decision as regards conflict resolution.
You cannot improve upon this by introducing a new rule based upon a value (protocol administrative distance) which is neither guaranteed to be the same on all nodes nor advertised. The only thing this accomplishes is to introduce the potential for  further inconsistency.

If we cannot agree on this, then all the rest of the details discussed below do not matter.

There is an important point - which the draft does explicitly state in Section 3.7:

"In order to obtain consistent active entries all nodes in a network
   MUST have the same mapping entry database."

The productive part of this thread is to highlight the ways in which database inconsistency can occur. This cannot be completely eliminated, but we can minimize this in a number of ways:

1)Reemphasize that a SID is a property of the prefix - NOT the protocol which advertises it

This is fundamental to the SR architecture and is consistent with the way SIDs are used in the forwarding plane. And it will eliminate the possibility that two intra-area protocols use different SIDs for the same prefix.

2)Reduce the proliferation of "inactive" intra-area SIDs to other areas.

While this is desirable, as Bruno noted in his recent reply, there is danger for oscillation if not done carefully. I am still thinking about how to correctly specify this.

3)Perhaps the draft would benefit from some additional discussion of the ways in which inconsistent databases can occur and what consequences they have.
(Bruno - I think this is what you are suggesting in your reply).

I will also look into this.

   Les



From: Shraddha Hegde [mailto:shraddha@juniper.net]
Sent: Monday, July 31, 2017 10:27 AM
To: Les Ginsberg (ginsberg); spring@ietf.org
Subject: RE: [spring] WG Last Call for draft-ietf-spring-conflict-resolution

Les,

When the protocol preference is different across different nodes OSPF and ISIS do not guarantee that there would not be traffic loops/drops.
The misconfigurations can cause traffic loops when the different protocols are active on different nodes even without SR so I don't see a point
In bringing up such a case for comparison.

Lets keep the solution to the problem aside for a moment. Do you agree that the draft  algorithm in current form has potential issues
When database is not consistent across all nodes? Do you think this is a problem we should try to solve?

Pls see inline for details...

Rgds
Shraddha


From: Les Ginsberg (ginsberg) [mailto:ginsberg@cisco.com]
Sent: Saturday, July 29, 2017 3:48 AM
To: Shraddha Hegde <shraddha@juniper.net<mailto:shraddha@juniper.net>>; spring@ietf.org<mailto:spring@ietf.org>
Subject: RE: [spring] WG Last Call for draft-ietf-spring-conflict-resolution

Shraddha -

Protocol preference (commonly known as admin distance) is a locally configured value which is not advertised. Therefore there is no way for one node to know what preference another node has assigned to different protocols. If admin distance is used as part of the conflict resolution algorithm there is therefore no way to guarantee consistency on different nodes.  I have pointed this out previously - you have not acknowledged this.

Let's use your example below  - transitioning a network from OSPF to IS-IS - to show how using admin distance in the conflict resolution algorithm results in inconsistency.

Consider the following simple network:

A---B---C---D

Node A originates the prefix 1.1.1.1/32.
The network is using OSPF and OSPF is advertising SID 100 for 1.1.1.1. All nodes use SID 100 in their forwarding planes.

The customer wants to transition to IS-IS, and so starts configuring IS-IS on each node, but makes sure that initially  the admin distance assigned to IS-IS is greater than (less preferred) than that of OSPF.
In configuring IS-IS the customer makes a mistake and assigns SID 200 to 1.1.1.1.  (This presumes a protocol centric model for configuring SIDs - which I do not recommend - but let's ignore that for now.)

The customer is now ready to switch the network to IS-IS and starts to do so by changing the admin distance of IS-IS on Node D to be more preferred.
Using your proposal, Node D would now choose SID 200 as the Active SID for prefix 1.1.1.1.
But on Node C, OSPF is still the more preferred protocol, so on Node C SID 100 is being used for 1.1.1.1.
<Shraddha> As I pointed out different protocol being active on different nodes should be operator's responsibility and is not addressed
                       Even when SR is not enabled.

                       Whereas, it is important to make sure during migration when only a few nodes have ISIS enabled, it does not impact OSPF.
                        The draft algorithm does not gracefully handle this and makes migrations much more painful by affecting the running network
                         Due to misconfigs in the new protocol.

As soon as the admin distance change is made on Node D, the label associated with SID 200 will be programmed in forwarding to send traffic addressed to 1.1.1.1 via Node C.
But in Node C's forwarding plane SID 100 is being used, so when the packet arrives at Node C it will get dropped.

Contrast that with the behavior  when using algorithm currently defined in the draft. In the presence of the two conflicting advertisements:

(192, 1.1.1.1/32, 100, 1, 0, 0)
(192, 1.1.1.1/32, 200, 1, 0, 0)

SID 100 will be declared the winner (Rule #7: Lower SID wins)
This will be true regardless of which protocol is the "best" at any moment in time on any node. So even when IS-IS becomes the winning protocol on Node D the forwarding plane continues to use SID 100 on all nodes. Therefore, forwarding is not compromised when transitioning from one protocol to another.
<Shraddha> You have chosen a situation that is favoring the algorithm in the draft.
                       Consider
                         (192, 1.1.1.1/32, 200, 1, 0, 0)  >>>>>>>>>>>>OSPF
                         (192, 1.1.1.1/32, 100, 1, 0, 0)  >>>>>>>>>>>>ISIS
                       Consider when the customer has configured ISIS on only a few nodes. On some nodes ISIS advertisement wins and uses 100 to forward but
                       Gets dropped on next node as ISIS isn't running .


Of course, a far better strategy is to make SID configuration independent of the protocol. Then when introducing a new protocol both protocols would obtain and advertise the same SID value for the same prefix and the problem state described above would simply never occur.

<Shraddha> There are so many nuances to migration. One protocol doesn't behave same as the other simply because these are two different implementations and would have some different behaviors. It is always a best practice to keep the new protocol getting configured separate from the existing protocol, bring up the new protocol , verify all is well and then switchover to new protocol on all nodes. In this regard some may prefer keeping the SIDs advertised in two protocols separate and so its important to address the case when different SIDs are advertised in the protocol.

HTH clarify why your suggestion is not viable.

   Les



From: Shraddha Hegde [mailto:shraddha@juniper.net]
Sent: Thursday, July 27, 2017 8:31 PM
To: Les Ginsberg (ginsberg); spring@ietf.org<mailto:spring@ietf.org>
Subject: RE: [spring] WG Last Call for draft-ietf-spring-conflict-resolution

Thanks for the response.

   It is important  to keep the network functioning correctly in case of transitioning from
   one protocol to the other.

   Let us assume a case of OSPF SR network transitioning to ISIS SR network.
   Most typical transitioning technique is ships in the night where both protocols will be
   enabled in the network with OSPF having better preference and the issue in ISIS routing do
   not affect the traffic. Once the ISIS deployment is complete, the traffic will be switched
   to ISIS by changing preference.

   In case of OSPF-SR transitioning to ISIS SR, because of the conflict resolution
   rules that the conflicts are protocol independent, it is possible that config mistakes in ISIS
   will bring down the routes in OSPF. The ISIS topology and OSPF topology is not expected to be congruent
   during transition,
   so the conflicts seen on each node combining the two views will not be similar.
   This has potential to cause routing loops/ traffic drops in the network.

   I suggest to add the protocol-preference as one of the parameters in the preference algorithm
   with this being on the top of the list.
   The resultant conflict resolution will be consistent on ISIS topology and OSPF topology
  and is the best suited model for ships in the night transitions.

Pls see inline for other responses.

Rgds
Shraddha


From: Les Ginsberg (ginsberg) [mailto:ginsberg@cisco.com]
Sent: Tuesday, July 25, 2017 1:57 AM
To: Shraddha Hegde <shraddha@juniper.net<mailto:shraddha@juniper.net>>; spring@ietf.org<mailto:spring@ietf.org>
Subject: RE: [spring] WG Last Call for draft-ietf-spring-conflict-resolution


Shraddha -



Thanx for the comments - responses inline.



> -----Original Message-----

> From: spring [mailto:spring-bounces@ietf.org] On Behalf Of Shraddha Hegde

> Sent: Thursday, July 20, 2017 11:44 PM

> To: spring@ietf.org<mailto:spring@ietf.org>

> Subject: Re: [spring] WG Last Call for draft-ietf-spring-conflict-resolution

>

> SPRING WG,

>

> Conflict resolution is an important problem to solve and it is important to

> Standardize this draft.

>

> I generally support the draft but have a few major comments which I hope

> the authors will work on.

>

>

>  1.Conflict resolution and forwarding

>

>             Section 3.4 has the statement

>             "Active Entries in the database may be used in forwarding."

>

>              This is a very loose statement which does not enforce

> implementations to program the forwarding plane

>             with the active database entries.

>             This does not ensure traffic drops are minimized.

>

[Les:] Conflict resolution is only determining which entries are eligible to be used in forwarding. This does not mean that all "active" entries will be used . The most obvious example (but not the only possible one) of this is an SRMS entry that is associated with a prefix which is not actually reachable. So the language in the draft is intentional and is correct.

<Shraddha> The language in the draft is ambiguous and it does not help achieve consistent forwarding behavior across implementations.

                      Prefixes that are not reachable may not be used in forwarding which is acceptable but the draft does not mandate that the reachable prefixes which are active

                    MUST be programmed. Normative language is necessary in the draft w.r.t using active entries in forwarding.





>             The Forwarding plane programming aspects are completely missing in

> the document.

>             A separate section is needed which describes the different aspects

> of programming the forwarding plane.



[Les:] This is NOT in scope for this draft. If you want a description of how SR MPLS forwarding works please see draft-ietf-spring-segment-routing-mpls.



<Shraddha> The point I am bringing up here is not how SR MPLS forwarding works. It is w.r.t to programming the forwarding plane when there is a conflict.



The abstract section has below statement



"In cases where the

   information advertised by a given protocol instance is either

   internally inconsistent or conflicts with advertisements from another

   protocol instance a means of achieving consistent forwarding behavior

   in the network is required."



If the draft is not going to address the forwarding plane detail w.r.t conflicting entries it is definitely not meeting the

The objective described above.



Take an example of a conflict

(192, 192.0.2.1/32, 200, 1, 0, 0)

   (192, 192.0.2.222/32, 200, 1, 0, 0)

   SID 200 has been assigned to 192.0.2.1/32 by the

   first advertisement.

   The second advertisement assigns SID 200 to 192.0.2.222/32.



In this case after applying the preference rules

(192, 192.0.2.1/32, 200, 1, 0, 0)

 Becomes active entry.



As per the text in the draft," it may be used in forwarding" so some implementations

May choose to program forwarding plane and some may not which does not give a consistent forwarding behavior

Across implementations.









>

> 2.  Protocol independent resolution and impact on network migrations

>              In case of network migration from one protocol to other for ex: OSPF-

> SR to ISIS-SR,

>              it is useful to associate protocol preferences on a local node to the SID

> advertisement

>             and feed into the conflict resolution. This would make sure the

> conflicts will always

>             have a winner which is an advertisement from protocol with

> preferred admin-distance.

>

>             There is need for introducing another preference value specific to

> protocol preference

>             and make it the top rule in the preference rule hierarchy.

>

[Les:] "admin distance" is a locally defined preference which is not advertised. It is therefore not possible to include it as a parameter in an algorithm which requires a consistent answer on all nodes throughout the network.


<Shraddha>  In migration cases, topologies across two different protocols are not congruent causing inconsistent behavior.

                       Using admin-distance as an input parameter keeps the conflict resolution with-in the protocol and guarantees

                      Consistent behavior across all the nodes corresponding to that protocol.



                     The drafts tries to address this scenario partially between IGP and BGP by suggesting preference values. But that does not solve the

Problem between two different IGPs.





>             This would also solve the issue of MT-ID numbers being different in

> different protocols

>             as the SIDs would be compared within a protocol advertisement.



[Les:] I do not understand what relationship you see between "protocol preference" and "MT-ID".

MT-ID values are scoped by  the protocol which uses them. For example, OSPFv2 supports a 7 bit MT-ID while IS-IS supports a 12 bit MT-ID. It is therefore possible for non-matching MTIDs to be used by different protocols when advertising routes for the same physical topology. This is why the draft's use of "topology" is not as MTID but rather as a locally scoped identifier. From Section 3:



" Note: Topology is a locally scoped identifier assigned by each

   router.  Although it may have an association with Multitopology

   Identifiers (MTID) advertised by routing protocols it is NOT

   equivalent to these identifiers.  MTIDs are scoped by a given routing

   protocol.  MTID ranges are protocol specific and there may be

   standardized protocol specific MTID assignments for topologies of a

   specific type (e.g., an AFI specific topology).  As mapping entries

   can be sourced from multiple protocols it is not possible to use a

   network scoped identifier for a topology when storing mapping entries

   in the local database."



Topology is then used to detect different scopes for a mapping entry - which may result in a SID conflict if the same SID is used in different topologies, but it cannot be used as a tiebreaker since its value is local and any preference (e.g., higher value wins)  is not guaranteed to result in consistent answers on all nodes in the network. Which is why we have Section 3.3 Rule #8:



   "8.  If topology IDs are NOT identical both entries MUST be ignored"

<Shraddha> Lets keep this discussion on-hold until we decide on the protocol preference and migration issues.



>

> 3. In case of hierarchical IGP networks with multiple ISIS Levels or OSPF areas,

> It's possible that the

>      conflicts are not visible in entire domain but are visible only on the border

> router as the border routers

>      have the database of both domains.

>     The conflict resolution preference Rules should be enhanced to include the

> Level information in the preference rule.

>     A new parameter called sub-domain should be defined.

>

>                             One could propose using existing SRMS preference values

> and assigning prefixes with preference values

>             based on levels they are advertised in. This introduces more complex

> configuration requirements on the

>             network. The objective of this draft is to achieve consistent

> behaviours in case of misconfigurations and

>             introducing more configurations as a solution does not help.

>

>

>                             Based on the Advertisement originated in ISIS Level or OSPF

> area below values are defined.

>

>                             Level 1 , non-zero OSPF area =1

>                             Level 2, OSPF Area 0 = 2

>                             Non IGPs set subdomain = 0

>

>                                                             Preference algorithm is changed as

>

>     1. Higher protocol preference wins



[Les:] I have explained above why protocol preference cannot be used.



>    2. smaller sub-domain wins

>     3. Higher srms preference value wins

>     4. Smaller range wins

>     5.IPv6 entry wins over IPv4 entry

>     6.Longer prefix length wins

>     7.Smaller starting address (considered as an unsigned integer

>        value) wins

>     8.Smaller algorithm wins

>     9. Smaller topology Id wins >>>>>>>>>>..Moved above SID comparison.

> since the all these rules are applied

>                                                     within protocol it's safe to compare topology IDs

[Les:] No - it isn't - as explained above.

>     10. Smaller starting SID wins

>

[Les:] SIDs are assigned either by the node(s) originating the prefix reachability advertisement or by SRMS advertisements. The latter are level/area agnostic - and even you are agreeing that we should not change that.

There is then no reason for the SID to be altered as it is advertised into different areas.  Which leads us to the conclusion that SIDs are not level/area specific.



If your concern is that border routers who may have more entries in their SID database than intra-area routers may come to a different conclusion as regards conflicts - I agree with you - but I do not believe your proposal resolves the problem.

Consider the following simple topology:



A1-----A2------B2-----B1



All nodes run IS-IS.

A1 is a Level-1 router in Area A. It advertises: 1.1.1.1/32 SID 100

A2 is a Level-1-2 router in Area A



B1 is a Level-1 router in Area B. It advertises: 2.2.2.2/32 SID 100

B2 is a Level-1-2 router in Area B



If Level 1 routes are leaked into Level 2 but NOT down into Level 1, we have the following SID databases on the four routers:



A1


1.1.1.1/32 100


A2


1.1.1.1/32 100

2.2.2.2/32 100


B1


2.2.2.2/32 100


B2


1.1.1.1/32 100

2.2.2.2/32 100






Here are the active entries on each node comparing the two algorithms



Node


Draft Algorithm


Shraddha Algorithm


A1


1.1.1.1/32 100


1.1.1.1/32 100


A2


1.1.1.1/32 100


1.1.1.1/32 100


B1


2.2.2.2/32 100


2.2.2.2/32 100


B2


1.1.1.1/32 100


2.2.2.2/32 100




There is a tradeoff here between being able to forward some inter-area traffic entering the network via the L2 sub-domain but impacting some intra-area traffic  vs being able to forward all intra-area traffic but no inter-area traffic.

Not clear which strategy is "better" - but it is clear that neither strategy eliminates all issues. Given that the same SID database will NOT exist on all routers in multi-area deployments some risk exists and cannot be totally eliminated.



I do agree that we should try to minimize the use of conflicting SIDs for inter-area traffic. What is lacking in the draft is a statement that conflicting SIDs should not be leaked out of an area. I will work on a statement in the draft to make that point clear.



<Shraddha> Not leaking the conflicting SIDs makes sense. But Even if the conflicting SIDs are not leaked across boundaries, there is still a possibility that inter-area/intra-area traffic gets misforwarded at the area boundary. This issue can cause potential security risks as the traffic can get delivered to unintended node.The best option is to ignore both conflicting entries when they belong to different area/level



     1. Higher protocol preference wins

    2. If the entries belong to different sub-domains ignore both entries

     3. Higher srms preference value wins

     4. Smaller range wins

     5.IPv6 entry wins over IPv4 entry

     6.Longer prefix length wins

     7.Smaller starting address (considered as an unsigned integer

        value) wins

     8.Smaller algorithm wins

     9. Smaller topology Id

    10. Smaller starting SID wins







Thanx for bringing this issue up.



    Les



>

>

> Rgds

> Shraddha

>

> -----Original Message-----

> From: Martin Horneffer [mailto:maho@nic.dtag.de]

> Sent: Friday, July 14, 2017 8:22 PM

> To: spring@ietf.org<mailto:spring@ietf.org>

> Subject: Re: [spring] WG Last Call for draft-ietf-spring-conflict-resolution

>

> Strong support from me, too.

>

>  From an operator's point of view this is really needed.

>

> Best regards, Martin

>

>

> Am 10.07.17 um 14:58 schrieb Martin Vigoureux:

> >

> > WG,

> >

> > We are half-way through the WG Last Call and I am very surprised to

> > only see a single answer to it.

> >

> > I am not sure I'll move this forward with only silence as support.

> >

> > -m

> >

> > Le 29/06/2017 à 15:28, Martin Vigoureux a écrit :

> >> Hello Working Group,

> >>

> >> This email starts a Working Group Last Call on

> >> draft-ietf-spring-conflict-resolution-04 [1] which is considered

> >> mature and ready for a final working group review.

> >>

> >> ¤ Please read this document if you haven't read the most recent

> >> version yet, and send your comments to the list, no later than *21st

> >> of July*.

> >> Note that this is *not only* a call for comments on the document; it

> >> is also a call for support (or not) to publish this document as a

> >> Proposed Standard RFC.

> >>

> >> ¤ *Coincidentally*, we are also polling for knowledge of any IPR that

> >> applies to draft-ietf-spring-conflict-resolution, to ensure that IPR

> >> has been disclosed in compliance with IETF IPR rules (see RFCs 3979,

> >> 4879,

> >> 3669 and 5378 for more details).

> >>

> >> If you are listed as an Author or Contributor of

> >> draft-ietf-spring-conflict-resolution-04 please respond to this email

> >> and indicate whether or not you are aware of any relevant IPR.

> >>

> >> Note that, as of today, no IPR has been disclosed against this

> >> document or its earlier versions.

> >>

> >> Thank you,

> >> Martin

> >>

> >> [1]

> >> https://datatracker.ietf.org/doc/draft-ietf-spring-conflict-resolutio

> >> n/

> >>

> >> _______________________________________________

> >> spring mailing list

> >> spring@ietf.org<mailto:spring@ietf.org>

> >> https://www.ietf.org/mailman/listinfo/spring

> >>

> >

> > _______________________________________________

> > spring mailing list

> > spring@ietf.org<mailto:spring@ietf.org>

> > https://www.ietf.org/mailman/listinfo/spring

> >

>

>

> _______________________________________________

> spring mailing list

> spring@ietf.org<mailto:spring@ietf.org>

> https://www.ietf.org/mailman/listinfo/spring