Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
Martin Horneffer <maho@lab.dtag.de> Fri, 04 September 2020 15:01 UTC
Return-Path: <maho@lab.dtag.de>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D263A0C85 for <spring@ietfa.amsl.com>; Fri, 4 Sep 2020 08:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.634
X-Spam-Level:
X-Spam-Status: No, score=-2.634 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.948, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=lab.dtag.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6EkEhP5OMc4k for <spring@ietfa.amsl.com>; Fri, 4 Sep 2020 08:01:11 -0700 (PDT)
Received: from OldBailey.lab.dtag.de (OldBailey.lab.DTAG.DE [194.25.1.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F4903A0C84 for <spring@ietf.org>; Fri, 4 Sep 2020 08:01:11 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id B263ECB83E; Fri, 4 Sep 2020 17:01:05 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lab.dtag.de; s=dkim; t=1599231665; h=from:subject:date:message-id:to:cc:mime-version:content-type: in-reply-to:references; bh=k0pSdPqaEF/n5bCOuwRPcyLPQo7aTxw82cJbIfT1xJ4=; b=nwTPiCsK3O+UzlWfoy1bklCzYAukcelYQSf+zBDTy1t6Yt7UTwppBpEDpaoGKL+tQxmKA+ 2PlV093zne8nJMMBkPT7WSWVVtlHVxGtyHBV3J9Lgq9EI5o4HqOEbDTzZOcfgc1nTEHQ2n VYT9C9loCJ1g/bbnr5tD7FivnOuk7kmbLPSh/YDvhdWKuZGqzIrw9AV8U+ZgqjGdOIukg0 jVowQBBdU/+8mTWSzFtIxivLD438eDbAUKkK6RKBFfiwC73xZCLUdyt4pLYv5rTh34DMmy vcfNZOxcz+3Wz0vtkT498nIIqameb3Y+hkV0wVjL+9f/CxTwz6sGIiWXaBXQRw==
To: Gyan Mishra <hayabusagsm@gmail.com>, Tarek Saad <tsaad.net@gmail.com>
Cc: "spring@ietf.org" <spring@ietf.org>
References: <15389fb7-d7d5-2f28-2869-4ee9fb84fccb@lab.dtag.de> <52be9fc3-0764-93ec-9dca-64291f2f62ab@lab.dtag.de> <DM5PR1901MB21503856C598C1BCC0B931B3FC500@DM5PR1901MB2150.namprd19.prod.outlook.com> <CABNhwV2CpMmaiCN9wKMc9pK2dL+W=KwBUvpb4saz9GXDNLzJ=Q@mail.gmail.com>
From: Martin Horneffer <maho@lab.dtag.de>
Message-ID: <5f07d1ae-cdc3-7b8b-4bf7-6e7ba97a7669@lab.dtag.de>
Date: Fri, 04 Sep 2020 17:01:05 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <CABNhwV2CpMmaiCN9wKMc9pK2dL+W=KwBUvpb4saz9GXDNLzJ=Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------AE57A0A3C279A0A851E5140C"
X-Last-TLS-Session-Version: TLSv1.3
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/vAy1W2xqZ2AepLK4-fNk-UzdWJo>
Subject: Re: [spring] to drop or to forward unlabelled (Re: Question on RFC8660)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2020 15:01:15 -0000
Hi Gyan, we had this kind of issue since the rise of LDP and the invention of the BGP free core. In a larger network, every now and then. Some years later the notions of setting up targeted LDP sessions solved some part of the issue. Some more years later, IGP-LDP synchronization indeed solved a big part of the issue in a more elegant way. Yet they don't cover all possible failure cases. Best regards, Martin Am 30.08.20 um 16:21 schrieb Gyan Mishra: > > Hi Martin > > That is a very common scenario that occurs where one path where LDP > neighbor has lost its label binding for FEC destinations. > > Most providers don’t label all prefixes and only label interesting > traffic meaning FEC destination which is the egress endpoint loopback > iBGP peers for an LSP. > > So their is an ACL that is used for label allocation, label > advertisement and label accept policy to created the label binding LIB > and and Label forwarding table LFIB. > > So the LSP is built from ingress PE to egress PE and the label mapping > along the path occurs downstream unsolicited in the opposite direction > of the LSP via label mapping message from the egress PE that the LSP > is being built to - to the ingress PE from the downstream node to the > upstream node. > > Most operators have a BGP free and PIM free core and usually don’t > dual stack the core and the concept of softwire mesh framework RFC > 5565 so 6to4 softwire would be v6 edge over a v4 core or v4 edge over > a v6 core. > > So with the BGP free core all PE are BGP route reflector clients and > have a peer to RRs that sit in the P core. > > The P core is BGP free so only runs an IGP ISIS PE OSPF. This point > is critical and that is that since the core is BGP free it can not > perform L3 forwarding so all packets must be L2.5 label switched via > topmost label either LDP or RSVP or SR-TE. > > So now that we have established the core construct let’s dig into the > problem with the label mapping being broken on a node along a path. > > So with LDPv4 or LDPv6 or SR-MPLS we have a concept called “ldp-IGP” > synchronization. SR-MPLS uses IGP sync for SR sid labels as well > since SR is reusing the MPLS data plane. > > So on all MPLS core enabled interfaces on both PE and P LDP sync is > enabled. > > So the goal of ldp-IGP sync is to prevent black hole of packets on > MPLS interfaces cause by MPLS LDP failure and so how it works is the > IGP prefix that needs to build a label binding for FEC destination for > label swapping to occurs in the core so the IGP must not come up and > forward traffic along the path until MPLS is up or traffic will be > “black holed” and dropped. So how this is accomplished is the IGP > sets the prefix metric to maximum 65535 for ospf and ISIS wide metric > does the same so the path now cannot be utilized until ldp comes up > and the label binding message is received via downstream unsolicited > to create outgoing label for the LFIB entry. Once LDP is up and the > LFIB entry outing label is populated the IGP prefix is “unset” so now > is set to its normal IGP metric and traffic can now flow over the path. > > For LDP troubleshooting first you have to see if discovery link LDP is > up on the interface and then have to check if both Ldp adjacencent > nodes have a route in rib for each other’s LDP router id for the ldp > neighbor to come UP and label mapping message to be sent. As you > mentioned if their is summarization for FEC which results in a loop > the binding does not get built for the FEC resulting in unlabeled FECs > in the LFIB. > > Hope that explanation helps. > > > Kind Regards > > Gyan > > On Sat, Aug 29, 2020 at 8:37 PM Tarek Saad <tsaad.net@gmail.com > <mailto:tsaad.net@gmail.com>> wrote: > > Hi Martin, > > > > See inline for some comments. > > > > On 8/27/20, 6:35 AM, "spring on behalf of Martin Horneffer" > <spring-bounces@ietf.org <mailto:spring-bounces@ietf.org> on > behalf of maho@lab.dtag.de <mailto:maho@lab.dtag.de>> wrote: > > > > Hello everyone, > > > > may I come back the the question below? Or rather let me > update it a little: > > > > In case an SR-MPLS path is broken, should a node rather drop > the packet, > > or forward it? > > > > This can happen whenever the IGP points to a certain next hop, > but that > > neither supplies a valid SID, nor allows LDP-stitching for > whatever > > reason. For PUSH as well as for CONTINUE. > > > > We have been using MPLS transport and a BGP free core since > about two > > decades now, using LDP. In the analog case, LDP creates > "unlabelled" > > entries in the LFIB, does the equivalent of a POP operation > and forwards > > the packet to the next-hop as chosen by the IGP. > > > > This behavior obviously breaks any traffic that relies on a > service > > label, but it can protect some traffic. > > In our case a huge percentage of all traffic still is public > IPv4. This > > needs MPLS only for a transport label, be it LDP or SR-MPLS. > If this > > traffic gets forwarded unlabelled, it follows an IGP default > route to a > > central device, where it is 1) redirected to the correct > destination and > > 2) counted in a way that operators can quickly see whether and > where > > this kind of failure occurs at some point in the network. > > > > [TS]: The SR Path may be composed of multiple SIDs (i.e. label > stack) -- where the top SID destination is not the SR Path > endpoint.. I sense from "gets forwarded unlabelled " as you will > discard the full label stack (?) and forward the packet unlabeled > to the central device? Or are you encapsulating the remaining MPLS > packet over IP and IP routing packet to the central device to be > inspected? In either case, I expect somehow the packet to be > ultimately delivered to the original SR Path endpoint/egress? > > > > After more operational experience and several internal > discussions we > > agreed that we want packets to be forwarded unlabelled rather > than > > dropped. Anyone to share, or oppose this position? > > [TS]: again, I'm not clear on when you say "forward unlabelled" - > do you mean packets will follow the top SID's the IP IGP route? Or > are you peaking into the destination IP (public IPv4) of packet > encapsulated in MPLS to determine how to forward it? > > > > Regards, > > Tarek > > > > Best regards, Martin > > > > > > Am 31.01.20 um 16:50 schrieb Martin Horneffer: > > > Hello everyone, > > > > > > again it seems the interesting questions only show up when > applying > > > something to the live network... > > > > > > We ran into something that poses a question related to > RFC8660: What > > > is the exact meaning of section 2.10.1, "Forwarding for PUSH > and > > > CONTINUE of Global SIDs", when the chosen neighbor doesn't > provide a > > > valid MPLS path? > > > > > > The relevant sections reads: > > > > > > - Else, if there are other usable next hops, use them > to forward > > > the incoming packet. The method by which the > router "R0" > > > decides on the possibility of using other next hops > is beyond > > > the scope of this document. For example, the MCC > on "R0" may > > > chose the send an IPv4 packet without pushing any > label to > > > another next hop. > > > > > > Does the part "send an IPv4 packet without pushing any > label" apply to > > > PUSH and CONTINUE, or just to PUSH? > > > Does R0 have to validate that neighbor N can correctly > process to > > > packet? Or can it forward the packet regardless? > > > > > > The reason for asking is that we are now seeing issues > similar to ones > > > we had when starting with LDP based MPLS about two decades ago: > > > traffic being black holed even though a path to the destination > > > exists, because the MPLS path is interrupted somewhere in > the middle. > > > > > > With LDP we know the case of LFIBentries called > "unlabelled". While > > > this does break connectivity for many kinds of service, e.g. > those > > > relying on an additional service labels, it still works for > plain > > > IP(v4) traffic. In our cases, this works perfectly fine for all > > > internal routing and control traffic. And even for IPv4 > traffic that > > > gets collected by a central router that injects a default route. > > > > > > However, depending on the exact interpretation of the above > paragraph, > > > an implementor might feel obliged to chose the next paragraph: > > > > > > - Otherwise, drop the packet. > > > > > > Which is, at least in our case, very unfortunate... > > > > > > Any advice or opinion appreciated! > > > > > > > > > Best regards, Martin > > > > > > > > > > > > > > > _______________________________________________ > > > spring mailing list > > > spring@ietf.org <mailto:spring@ietf.org> > > > https://www.ietf.org/mailman/listinfo/spring > > > > _______________________________________________ > > spring mailing list > > spring@ietf.org <mailto:spring@ietf.org> > > https://www.ietf.org/mailman/listinfo/spring > > _______________________________________________ > > spring mailing list > > spring@ietf.org <mailto:spring@ietf.org> > > https://www.ietf.org/mailman/listinfo/spring > > -- > > <http://www.verizon.com/> > > *Gyan Mishra* > > /Network Solutions A//rchitect / > > /M 301 502-1347 > 13101 Columbia Pike > /Silver Spring, MD > >
- [spring] Question on RFC8660 Martin Horneffer
- [spring] to drop or to forward unlabelled (Re: Qu… Martin Horneffer
- Re: [spring] to drop or to forward unlabelled (Re… Ketan Talaulikar (ketant)
- Re: [spring] to drop or to forward unlabelled (Re… Robert Raszuk
- Re: [spring] to drop or to forward unlabelled (Re… peng.shaofu
- Re: [spring] to drop or to forward unlabelled (Re… Martin Horneffer
- Re: [spring] to drop or to forward unlabelled (Re… Martin Horneffer
- Re: [spring] to drop or to forward unlabelled (Re… Jakob Heitz (jheitz)
- Re: [spring] to drop or to forward unlabelled (Re… Tarek Saad
- Re: [spring] to drop or to forward unlabelled (Re… Gyan Mishra
- Re: [spring] to drop or to forward unlabelled (Re… Martin Horneffer
- Re: [spring] to drop or to forward unlabelled (Re… Martin Horneffer
- Re: [spring] to drop or to forward unlabelled (Re… Martin Horneffer
- Re: [spring] to drop or to forward unlabelled (Re… bruno.decraene
- Re: [spring] to drop or to forward unlabelled (Re… Gyan Mishra
- Re: [spring] to drop or to forward unlabelled (Re… Jeff Tantsura
- Re: [spring] to drop or to forward unlabelled (Re… Gyan Mishra
- Re: [spring] to drop or to forward unlabelled (Re… Martin Horneffer