IETF Logo Mail Archive

Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Fri, 28 August 2020 18:31 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DED633A0114 for <spring@ietfa.amsl.com>; Fri, 28 Aug 2020 11:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Nk2HC0oV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=T/TV1dZF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ux6mASkSkJjV for <spring@ietfa.amsl.com>; Fri, 28 Aug 2020 11:31:11 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8DEC3A0112 for <spring@ietf.org>; Fri, 28 Aug 2020 11:31:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6184; q=dns/txt; s=iport; t=1598639470; x=1599849070; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=dRrsZIDXtI09kknXOBldIfkn7gcRJXeOkVySRp67tTg=; b=Nk2HC0oVEQ5qu4R825pe6CznIB6KEPn1sYQpKoMAWVd6ODIkzGqi+ygY 5cy1aek4jHq6vdUCwkTv6jj0oLxdQPg4Z66UFE+FLBBrSnHNfbVPLmLX3 uztZUlfCAfeJFHQekZqq2StaNYdTmlQ8uFOl1HcWyaMHDjOWsVJ3Ufuxq k=;
IronPort-PHdr: 9a23:Bia+yxeBPRhM56Dc74m9bCzslGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaQDdff4vgCh/bfvObsVD9I7ZWAtSUEd5pBH18AhN4NlgMtSMiCFQXgLfHsYiB7eaYKVFJs83yhd0QAHsH4ag7Wq3f04SIbFVPzOFk9KuH8AIWHicOx2qi78IHSZAMdgj27bPtyIRy6oB+XuNMRhN5pK706zV3CpX4bdg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BnIQD4TElf/4oNJK1fHAEBATwBAQQEAQECAQEHAQEVgUyBPAIBAQEBDikoB3BYLyyEOINGA410mHGCUwNVCwEBAQwBARgLCgIEAQGECEQCF4IyAiQ4EwIDAQELAQEFAQEBAgEGBG2FXAyFcgEBAQEDAQEQEREMAQEsDAsEAgEGAg4DBAEBAwImAgICJQsVCAgCBAESCBqDBYJLAy4BDpZLkGgCgTmIYXaBMoMBAQEFhTQYghADBoEOKAIBAQEBAQGCa4JXS0OGTxuBQT+BEUOCTT6BBIFYAQGBYYMVM4Itj36DGKJFgQgKgmSaUYMHnUOSTYFtmTuEKAIEAgQFAg4BAQWBayOBV3AVO4JpUBcCDY4rF4ECAQmCQoUUhUJ0NwIGAQkBAQMJfIkiLYIXAQE
X-IronPort-AV: E=Sophos;i="5.76,364,1592870400"; d="scan'208";a="548165999"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Aug 2020 18:31:09 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 07SIV9Et011767 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 28 Aug 2020 18:31:09 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 28 Aug 2020 13:31:09 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 28 Aug 2020 14:31:08 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 28 Aug 2020 14:31:08 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lRAiEElWHYK9dimcdp4Ag1jqZsy4NXY18kfs9g+YP96xEucCqtmQj6/DSounPu2fj+p5fiWUgHDsrCLQ404dubNQ0vSHIFbqdXAwG3IwlKGfoBJ1hLqIBc+YvkNUX63oRPA9/9vPyMSbXXGTH+ACjrg/gNHmUcTitvFkjJJiXZfHrgjzhzBOy32nDJkWzJawr3nTBmL57qMgfNAblA9Kwggn0hTgRycnuhigJuN8aDi6xqrLzEpZflJgFDCG6/wSd6HTyVzNAgPEYgFrc43j+UimnVOPMRnPypC5eFUcYcGJVDBRpxddOfnC5dt+j93gyVYBNa6tjeCSGkwRxir+Rw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dRrsZIDXtI09kknXOBldIfkn7gcRJXeOkVySRp67tTg=; b=jSF/zF89/Uo42Qn7AxFsBOTdSMvboyz7V389N0DcO1rrSrl9pfpr18vG8OFG9vdcHhQbhb6dogFzf3dCtrKxDqM6FxzWVnxTELj9inW7xl36sh6APlhSMwpwl7T07ICFBMs4I5F3RpMDrJdtEtOELkH2YfMucn6EEIkGnGghKAIt5N9uCyU4OvoqtvRpOYoFVuUkTRZMjRYRBTgujvwd4IPlV8xl2LDEPAB6z8EDk6ZoiaaKjMkOOc0r8zDOkOyCMlrfqxqb34dWbs8kS92sJHvmBxYRvhTaVUPuv5ysGzXAOTuLn2TCU5y88sxIbukpa6cm3Cx2eYId6TXqzXX1Bg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dRrsZIDXtI09kknXOBldIfkn7gcRJXeOkVySRp67tTg=; b=T/TV1dZF0PqQ9kBScP+x1L14VTQ/ZVlbhC5l+o0bwkfOD/559Xrc+psCiuULUcSkvdH/A15V8KbkePKE5A5E+5nmldOFTaO5fua9+drY1802Qlh6N85syjitwBRo5uTt+1l/DK2JxEyl/hbJ8DX6UwWIUFg76cHDqccKGUMimgk=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB3205.namprd11.prod.outlook.com (2603:10b6:a03:1e::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.19; Fri, 28 Aug 2020 18:31:08 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e857:a3fb:11ad:faff]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e857:a3fb:11ad:faff%2]) with mapi id 15.20.3326.023; Fri, 28 Aug 2020 18:31:08 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Martin Horneffer <maho@lab.dtag.de>, "spring@ietf.org" <spring@ietf.org>
Thread-Topic: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
Thread-Index: AQHWfF3Pqlu9eBrlr0q+WATlLptSIalN2AtA
Date: Fri, 28 Aug 2020 18:31:08 +0000
Message-ID: <BYAPR11MB32071AB6795171533E30E387C0520@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <15389fb7-d7d5-2f28-2869-4ee9fb84fccb@lab.dtag.de> <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de>
In-Reply-To: <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: lab.dtag.de; dkim=none (message not signed) header.d=none;lab.dtag.de; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:934:5c1d:b9a:bda8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ad053236-8913-45e7-77d4-08d84b8087f4
x-ms-traffictypediagnostic: BYAPR11MB3205:
x-microsoft-antispam-prvs: <BYAPR11MB3205BD05732A63875FD48DDFC0520@BYAPR11MB3205.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OiFlvPwLxE0cGRH81hKOfCK1TF3xd9c0JxIqRY/Orv13cIfks1jsz7E/8Mzy/qmzZxDi8voBIu6FDpz5cIAaZUW638jAuCMDPke9580vwEts5Z9aNH6Sxrea6NNC0IX8r1izdmcUjAoETCO0wNPf1kzLqgdApEw0Sy+Ds3QrBq6OJLhhwfuTeihcqV5MRYsy01tfSXnnjuv7ptICUL2AjgeOwHDa6yC0LqOiiuDymI1Hz7PY3fR29ajIiOWJ+mAGwx1HKjVD8pP+NaFrckyjPycgSROjDD5Eu/OJhBCZOHlIt1rMkE61diHK3upMMPx2PuNW+lnkXO+enBJQuRuJclriM5PG7HbINNSu1r2+R5ghBAklEPSimMRpzozLD84YAZYmSGzyWQwABlVg5NWK4g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(376002)(136003)(39860400002)(366004)(53546011)(86362001)(6506007)(966005)(2906002)(9686003)(33656002)(55016002)(478600001)(64756008)(71200400001)(8676002)(5660300002)(7696005)(66556008)(110136005)(76116006)(66946007)(83380400001)(52536014)(8936002)(66446008)(66574015)(316002)(186003)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: sE/M9YaIhZiRTHp/8nEKz+U0I3cG58AmtmrLQR89VrEf05QK581TWnGoNUr+oLQlBl5C1o59gQRBP3Q9uVAy8+HyuntO3SvsfbtsYgzMD0Rt7Vgu2s6i7KN5DMz2rvJGTLnHwuX/uTsoXnJ3K0jkvh8RT/RFP4Lvz8fzR3UlczG9Z6L/XG4jLCVZXnYD0IULAukEc7N2wQKyF3m6BbwzOBnMQg/7bJCkiaLYrMir9NNLFHvjNlCrAUFzjeQLaykqirB5FB9lt78VksCZlTkavT37tDj6T9kq42H8WXy3ZHa2oR3+uH8Uuq5sPp5EqKqhNHV8MOOY0SObqPkwZT1RK9jsodfb8EzeYKshdN6CHz9lDu6DdCSUnK2nbNwM/TxcYaoRX02bm//3Ua3FRl5p7uwfkliQ/O1zJP9cQ/toTZhiUykkDISN8Mg3i2lZ/K5LUm08jlJBwkk2hkq+ElddnmxnvXVKtETOd9ntlhCYt1pU8qb/cDnxC2GNZStZfOM3X1jypoVf6rgmLtz0GQ9HOYG+Qh6SU0a9uEN8US+pgGSFCYmlzWvM/34WCaW73Rn67O5so0Mfda7/nrybfA31hmZ0onmHv6HgE1M2jq5X7N97yP1TxTSLBJwiwlD5MxBJ5AP8t27mcrsJkjCdrsh0rhrZIWGJXrmfMYGwjsEnXLWM+Fotvhn5CdxA/eAc6jImbn0SItfng1XPrNFMnhy9Ig==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ad053236-8913-45e7-77d4-08d84b8087f4
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2020 18:31:08.0538 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UO8aEVD3DllZcyv+86RV1ayT91g0NQad98lWaVmOlm4ixygPpF0bIBKwzb2mQKOzsFrNLiQdOT0KTUJcxBGg0g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3205
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/sV0xA3UDt0wrJnXkUZ9OFXb2giI>
Subject: Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2020 18:31:13 -0000

It all hinges on "useable next hops". If the connected next hop
(a bgp next hop may not be connected) has a correct route for the
packet, then it is useable.

One more consideration: With the BGP free core, external devices
cannot send packets to your internal routers. Once you allow to
forward packets without a labelled route, you need to make sure that
this protection remains.

Regards,
Jakob.

-----Original Message-----
From: spring <spring-bounces@ietf.org> On Behalf Of Martin Horneffer
Sent: Thursday, August 27, 2020 3:35 AM
To: spring@ietf.org
Subject: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)

Hello everyone,

may I come back the the question below? Or rather let me update it a little:

In case an SR-MPLS path is broken, should a node rather drop the packet, 
or forward it?
This can happen whenever the IGP points to a certain next hop, but that 
neither supplies a valid SID, nor allows LDP-stitching for whatever 
reason. For PUSH as well as for CONTINUE.

We have been using MPLS transport and a BGP free core since about two 
decades now, using LDP. In the analog case, LDP creates "unlabelled" 
entries in the LFIB, does the equivalent of a POP operation and forwards 
the packet to the next-hop as chosen by the IGP.

This behavior obviously breaks any traffic that relies on a service 
label, but it can protect some traffic.
In our case a huge percentage of all traffic still is public IPv4. This 
needs MPLS only for a transport label, be it LDP or SR-MPLS. If this 
traffic gets forwarded unlabelled, it follows an IGP default route to a 
central device, where it is 1) redirected to the correct destination and 
2) counted in a way that operators can quickly see whether and where 
this kind of failure occurs at some point in the network.

After more operational experience and several internal discussions we 
agreed that we want packets to be forwarded unlabelled rather than 
dropped. Anyone to share, or oppose this position?

Best regards, Martin


Am 31.01.20 um 16:50 schrieb Martin Horneffer:
> Hello everyone,
>
> again it seems the interesting questions only show up when applying 
> something to the live network...
>
> We ran into something that poses a question related to RFC8660: What 
> is the exact meaning of section 2.10.1, "Forwarding for PUSH and 
> CONTINUE of Global SIDs", when the chosen neighbor doesn't provide a 
> valid MPLS path?
>
> The relevant sections reads:
>
>       -  Else, if there are other usable next hops, use them to forward
>          the incoming packet.  The method by which the router "R0"
>          decides on the possibility of using other next hops is beyond
>          the scope of this document.  For example, the MCC on "R0" may
>          chose the send an IPv4 packet without pushing any label to
>          another next hop.
>
> Does the part "send an IPv4 packet without pushing any label" apply to 
> PUSH and CONTINUE, or just to PUSH?
> Does R0 have to validate that neighbor N can correctly process to 
> packet? Or can it forward the packet regardless?
>
> The reason for asking is that we are now seeing issues similar to ones 
> we had when starting with LDP based MPLS about two decades ago: 
> traffic being black holed even though a path to the destination 
> exists, because the MPLS path is interrupted somewhere in the middle.
>
> With LDP we know the case of LFIBentries called "unlabelled". While 
> this does break connectivity for many kinds of service, e.g. those 
> relying on an additional service labels, it still works for plain 
> IP(v4) traffic. In our cases, this works perfectly fine for all 
> internal routing and control traffic. And even for IPv4 traffic that 
> gets collected by a central router that injects a default route.
>
> However, depending on the exact interpretation of the above paragraph, 
> an implementor might feel obliged to chose the next paragraph:
>
>       -  Otherwise, drop the packet.
>
> Which is, at least in our case, very unfortunate...
>
> Any advice or opinion appreciated!
>
>
> Best regards, Martin
>
>
>
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring

_______________________________________________
spring mailing list
spring@ietf.org
https://www.ietf.org/mailman/listinfo/spring

v2.23.0 | Report a Bug | By Email