IETF Logo Mail Archive

Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)

Tarek Saad <tsaad.net@gmail.com> Sun, 30 August 2020 00:36 UTC

Return-Path: <tsaad.net@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3A603A1245 for <spring@ietfa.amsl.com>; Sat, 29 Aug 2020 17:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXRasl7maOlq for <spring@ietfa.amsl.com>; Sat, 29 Aug 2020 17:36:56 -0700 (PDT)
Received: from mail-il1-x144.google.com (mail-il1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BE3E3A0E49 for <spring@ietf.org>; Sat, 29 Aug 2020 17:36:56 -0700 (PDT)
Received: by mail-il1-x144.google.com with SMTP id k4so3726291ilr.12 for <spring@ietf.org>; Sat, 29 Aug 2020 17:36:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:thread-topic:thread-index:date:message-id :references:accept-language:content-language :content-transfer-encoding:mime-version; bh=HFmUy37RBJOOL/5EDhwL4SjbgsOdcJm1aMphWXfWqs0=; b=ZTON9IV/KuZNI1sHrDGrJ157rhvre0OZU/U3tDq0huxbS0c0oGDZUxzlaw/woWTPZa czseYBRRb1XaLtljbXKVVf4oLQcKuRLj4YKihCPXXIzujA14PbvMl8ahWbYr0XvK6N/J xR0U/Y1RQP0SC+Yw8NDj9QbGFv4XOsKIbKinv5AXfqN4KCiXSTVrGrgO3rhuiTDCi6gw YauRQw0Bn5F1kX+Kt3L5yDblgtHJi8NssPyltfYI408k9iFJvzuGLJ4eHw7ifuoh0vmz q8zUXDU4NwmhtZKDO4sYxo/lyFoseZnjcnZgst0KVQAZqM1mxKEy8fI2s1UTLraN3fL7 /sFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:thread-topic:thread-index:date :message-id:references:accept-language:content-language :content-transfer-encoding:mime-version; bh=HFmUy37RBJOOL/5EDhwL4SjbgsOdcJm1aMphWXfWqs0=; b=tKzEpKj5M2YK7BQRh/rJ5vicKUZYNbgX98skAiiVVFHixeO1lCDcw+L98k//sUXPR8 +QevpEu6DRaz+bmXXm7r2yRqcYP/6Z+u0iW/SO2nLWmH8h5lhQRqk72KXYc1rrQCz3iC NE/PcIiuaxY/6aSkvHXwTOXCzU3Rysqlor2pp4yZVEuddKuHFA13Z3FfEG2Xq0XqHiUj teo54IuD/GbLhq9KL9v93zzqjfFocAxE7XtnqB9BsPqL3kKAsrJgmTvI8mTpcGDey8J1 J1Qo9AioUyteh+3j7xn52NsE0w6hKhA8yjjBXk64pmDxibk6aCcu8OrjeIQfUnrdRFYW K2hA==
X-Gm-Message-State: AOAM530mbnm771pnxFlR6FxZ+sz+Gd7CXAWZIf1Rps3t1u5KJs0V5v2d Mi51u28RpznRH43DI+7pqPMOXOQKv0ic0Q==
X-Google-Smtp-Source: ABdhPJwfhZ6KemlKHtPLQh49Fykd2K5JL6JyTnxw+P/Dai7uIru+ffNak9k0XIpe/zqYPIV6b9gdsg==
X-Received: by 2002:a92:48da:: with SMTP id j87mr4530097ilg.78.1598747815274; Sat, 29 Aug 2020 17:36:55 -0700 (PDT)
Received: from DM5PR1901MB2150.namprd19.prod.outlook.com ([2603:1036:4:9e::5]) by smtp.gmail.com with ESMTPSA id k11sm1888571iof.40.2020.08.29.17.36.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Aug 2020 17:36:54 -0700 (PDT)
From: Tarek Saad <tsaad.net@gmail.com>
To: Martin Horneffer <maho@lab.dtag.de>, "spring@ietf.org" <spring@ietf.org>
Thread-Topic: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
Thread-Index: AQHWfF3DcbuQKOn2b0uhrpd6J56vXQ==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Sun, 30 Aug 2020 00:36:52 +0000
Message-ID: <DM5PR1901MB21503856C598C1BCC0B931B3FC500@DM5PR1901MB2150.namprd19.prod.outlook.com>
References: <15389fb7-d7d5-2f28-2869-4ee9fb84fccb@lab.dtag.de> <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/_fzg-dU5lNBHbIp9ZpMGC1BtIU4>
Subject: Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Aug 2020 00:36:58 -0000

Hi Martin,

See inline for some comments.

On 8/27/20, 6:35 AM, "spring on behalf of Martin Horneffer" <spring-bounces@ietf.org on behalf of maho@lab.dtag.de> wrote:

    Hello everyone,

    may I come back the the question below? Or rather let me update it a little:

    In case an SR-MPLS path is broken, should a node rather drop the packet, 
    or forward it?

    This can happen whenever the IGP points to a certain next hop, but that 
    neither supplies a valid SID, nor allows LDP-stitching for whatever 
    reason. For PUSH as well as for CONTINUE.

    We have been using MPLS transport and a BGP free core since about two 
    decades now, using LDP. In the analog case, LDP creates "unlabelled" 
    entries in the LFIB, does the equivalent of a POP operation and forwards 
    the packet to the next-hop as chosen by the IGP.

    This behavior obviously breaks any traffic that relies on a service 
    label, but it can protect some traffic.
    In our case a huge percentage of all traffic still is public IPv4. This 
    needs MPLS only for a transport label, be it LDP or SR-MPLS. If this 
    traffic gets forwarded unlabelled, it follows an IGP default route to a 
    central device, where it is 1) redirected to the correct destination and 
    2) counted in a way that operators can quickly see whether and where 
    this kind of failure occurs at some point in the network.

[TS]: The SR Path may be composed of multiple SIDs (i.e. label stack) -- where the top SID destination is not the SR Path endpoint.. I sense from "gets forwarded unlabelled " as you will discard the full label stack (?) and forward the packet unlabeled to the central device? Or are you encapsulating the remaining MPLS packet over IP and IP routing packet to the central device to be inspected? In either case, I expect somehow the packet to be ultimately delivered to the original SR Path endpoint/egress?

    After more operational experience and several internal discussions we 
    agreed that we want packets to be forwarded unlabelled rather than 
    dropped. Anyone to share, or oppose this position?
[TS]: again, I'm not clear on when you say "forward unlabelled" - do you mean packets will follow the top SID's the IP IGP route? Or are you peaking into the destination IP (public IPv4) of packet encapsulated in MPLS to determine how to forward it?

Regards,
Tarek

    Best regards, Martin


    Am 31.01.20 um 16:50 schrieb Martin Horneffer:
    > Hello everyone,
    >
    > again it seems the interesting questions only show up when applying 
    > something to the live network...
    >
    > We ran into something that poses a question related to RFC8660: What 
    > is the exact meaning of section 2.10.1, "Forwarding for PUSH and 
    > CONTINUE of Global SIDs", when the chosen neighbor doesn't provide a 
    > valid MPLS path?
    >
    > The relevant sections reads:
    >
    >       -  Else, if there are other usable next hops, use them to forward
    >          the incoming packet.  The method by which the router "R0"
    >          decides on the possibility of using other next hops is beyond
    >          the scope of this document.  For example, the MCC on "R0" may
    >          chose the send an IPv4 packet without pushing any label to
    >          another next hop.
    >
    > Does the part "send an IPv4 packet without pushing any label" apply to 
    > PUSH and CONTINUE, or just to PUSH?
    > Does R0 have to validate that neighbor N can correctly process to 
    > packet? Or can it forward the packet regardless?
    >
    > The reason for asking is that we are now seeing issues similar to ones 
    > we had when starting with LDP based MPLS about two decades ago: 
    > traffic being black holed even though a path to the destination 
    > exists, because the MPLS path is interrupted somewhere in the middle.
    >
    > With LDP we know the case of LFIBentries called "unlabelled". While 
    > this does break connectivity for many kinds of service, e.g. those 
    > relying on an additional service labels, it still works for plain 
    > IP(v4) traffic. In our cases, this works perfectly fine for all 
    > internal routing and control traffic. And even for IPv4 traffic that 
    > gets collected by a central router that injects a default route.
    >
    > However, depending on the exact interpretation of the above paragraph, 
    > an implementor might feel obliged to chose the next paragraph:
    >
    >       -  Otherwise, drop the packet.
    >
    > Which is, at least in our case, very unfortunate...
    >
    > Any advice or opinion appreciated!
    >
    >
    > Best regards, Martin
    >
    >
    >
    >
    > _______________________________________________
    > spring mailing list
    > spring@ietf.org
    > https://www.ietf.org/mailman/listinfo/spring

    _______________________________________________
    spring mailing list
    spring@ietf.org
    https://www.ietf.org/mailman/listinfo/spring

v2.23.0 | Report a Bug | By Email