Re: [Teas] [mpls] Comments to draft-ietf-teas-rsvp-egress-protection

Huaimo Chen <huaimo.chen@huawei.com> Wed, 16 December 2015 19:39 UTC

Return-Path: <huaimo.chen@huawei.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A54501A8957; Wed, 16 Dec 2015 11:39:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABidPeTd9WOW; Wed, 16 Dec 2015 11:39:32 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA03A1A8953; Wed, 16 Dec 2015 11:39:26 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml403-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CFN88651; Wed, 16 Dec 2015 19:39:23 +0000 (GMT)
Received: from SJCEML702-CHM.china.huawei.com (10.218.25.35) by lhreml403-hub.china.huawei.com (10.201.5.217) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 16 Dec 2015 19:39:20 +0000
Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.81]) by SJCEML702-CHM.china.huawei.com ([169.254.4.118]) with mapi id 14.03.0235.001; Wed, 16 Dec 2015 11:39:13 -0800
From: Huaimo Chen <huaimo.chen@huawei.com>
To: Gregory Mirsky <gregory.mirsky@ericsson.com>, "draft-ietf-teas-rsvp-egress-protection@tools.ietf.org" <draft-ietf-teas-rsvp-egress-protection@tools.ietf.org>, "teas-chairs@ietf.org" <teas-chairs@ietf.org>, "teas@ietf.org" <teas@ietf.org>
Thread-Topic: [mpls] Comments to draft-ietf-teas-rsvp-egress-protection
Thread-Index: AdB055+jr3+smJ3uSuiCZj3/NJvp6ABbWMEwLaU6DoAC01Ez0A==
Date: Wed, 16 Dec 2015 19:39:13 +0000
Message-ID: <5316A0AB3C851246A7CA5758973207D44E4BF43F@SJCEML701-CHM.china.huawei.com>
References: <7347100B5761DC41A166AC17F22DF1121B948D85@eusaamb103.ericsson.se> <5316A0AB3C851246A7CA5758973207D44E37F079@SJCEML701-CHM.china.huawei.com> <7347100B5761DC41A166AC17F22DF1122194CF4D@eusaamb103.ericsson.se>
In-Reply-To: <7347100B5761DC41A166AC17F22DF1122194CF4D@eusaamb103.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.212.245.4]
Content-Type: multipart/alternative; boundary="_000_5316A0AB3C851246A7CA5758973207D44E4BF43FSJCEML701CHMchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.5671BDEC.00DD, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.81, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 78969ca1155697374f738bcf5f69e4c6
Archived-At: <http://mailarchive.ietf.org/arch/msg/teas/b7ROKE5jmDHH4_57bzpnDZsIMNs>
Cc: "mpls@ietf.org" <mpls@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Subject: Re: [Teas] [mpls] Comments to draft-ietf-teas-rsvp-egress-protection
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2015 19:39:36 -0000

Hi Greg,

See my answers/explanations inline below.

Best Regards,
Huaimo
From: Gregory Mirsky [mailto:gregory.mirsky@ericsson.com]
Sent: Tuesday, December 01, 2015 9:12 PM
To: Huaimo Chen; draft-ietf-teas-rsvp-egress-protection@tools.ietf.org; teas-chairs@ietf.org; teas@ietf.org
Cc: mpls@ietf.org; rtg-bfd@ietf.org
Subject: RE: [mpls] Comments to draft-ietf-teas-rsvp-egress-protection

Hi Huaimo, et. al,
apologies for such very late response. I’ve read the -02 version and below you’ll find my notes to changes I’ve found. My responses to our discussion are in-line and tagged GIM>>.
Notes to -02 version:

*        section 5.1 states
   A backup egress SHOULD be configured on the ingress of an LSP to
   protect a primary egress of the LSP.
Are there scenario when this SHOULD NOT be done, when the backup egress(es) are not configured?
And if this is such strong requirement, then the same is applicable to the next sentence that currently reads as “…optional egress backup descriptor list for protecting egresses of the LSP”. I think that the descriptor list SHOULD be included in the Path message by the ingress.

Huaimo: Yes. See the paragraph below in the draft.
The PLR (upstream node of the primary egress) extracts the backup
egress from the respective EGRESS_BACKUP object in the egress backup
descriptor list. If no matching EGRESS_BACKUP object is found or the
list is empty, the PLR may apply a local policy to determine the
backup egress and add an EGRESS_BACKUP object with the backup egress
and primary egress into a Path message to the primary egress.


*        section 5.2 states:
   If the transit node is the upstream node of a primary egress to be
   protected, it determines the backup egress, obtains a path for the
   backup LSP and sets up the backup LSP along the path.
Which, in my view, contradicts with the statement in section 5.1 that backup egress(es) SHOULD be configured at LSP ingress.

Huaimo: It seems that this is not contradicts with the statement in section 5.1 that backup egress(es) SHOULD be configured at LSP ingress.  Just in the paragraph below the one you mentioned, it gives the details.
“The PLR (upstream node of the primary egress) extracts the backup
egress from the respective EGRESS_BACKUP object in the egress backup
descriptor list. If no matching EGRESS_BACKUP object is found or the
list is empty, the PLR may apply a local policy to determine the
backup egress and add an EGRESS_BACKUP object with the backup egress
and primary egress into a Path message to the primary egress.”




                Regards,
                                Greg

From: Huaimo Chen [mailto:huaimo.chen@huawei.com]
Sent: Monday, April 13, 2015 8:19 PM
To: Gregory Mirsky; draft-ietf-teas-rsvp-egress-protection@tools.ietf.org; teas-chairs@ietf.org; teas@ietf.org
Cc: mpls@ietf.org; rtg-bfd@ietf.org
Subject: RE: [mpls] Comments to draft-ietf-teas-rsvp-egress-protection

Hi Greg,

Thanks for your comments.
My answers/explanations are inline below.

Best Regards,
Huaimo
From: mpls [mailto:mpls-bounces@ietf.org] On Behalf Of Gregory Mirsky
Sent: Monday, April 13, 2015 2:58 PM
To: draft-ietf-teas-rsvp-egress-protection@tools.ietf.org<mailto:draft-ietf-teas-rsvp-egress-protection@tools.ietf.org>; teas-chairs@ietf.org<mailto:teas-chairs@ietf.org>; teas@ietf.org<mailto:teas@ietf.org>
Cc: mpls@ietf.org<mailto:mpls@ietf.org>; rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>
Subject: [mpls] Comments to draft-ietf-teas-rsvp-egress-protection

Dear Editors,
please kindly consider my comments to the current version of this work:

*        Introduction

o   The third paragraph mentions that an end-to-end protection may be slower to detect failure and perform switchover then an arbitrary local protection method. I believe that that is not the case and, as been demonstrated by deployments of G.8031, G.8032 and RFC 6378 end-to-end provides sub-50 msec switchover and G.8013/Y.1731 and RFC 5884 failure detection is 10 msec.
[Huaimo] It seems that the statement in the paragraph is true.  For a global protection (or an end-to-end protection), it may take more time since the time includes the propagation time and processing time. The propagation time may depend on the size of the network. In general, the bigger the network, the longer the propagation delay. The processing time may comprise the related processing time on every node along the path from the egress node to a node interesting the failure and doing switchover.
GIM>> I think that distance, whether in number of intermediate hops or miles, does not affect guaranteed defect detection time when continuity check protocol being used. In that case detection time depends only on definition of Loss of Continuity defect for the given protocol. For example, in CFM it is period of time between 3.25 and 3.5 CCM intervals when no CCM received from remote MEP. BFD is little different and DetectMultiplier can be negotiated between end points of the given BFD session. But regardless of these differences, using CFM or BFD enables detection of LoC defect within 10 ms regardless of the distance between end-points.

o   The last in Section 1.1 suggests that node R3 may detect failure of the node L1 through monitoring BFD session between two nodes. Firstly, if this is multi-hop BFD session over IP network, then there’s no guarantee that its path is co-routed with the LSP segment R1-L3. Secondly, if it is assumed that RFC 5884 may be used, I have to remind, that RFC 5884 operates between LSP end points and R1 is not end point. Thus, Sub-Path Maintenance Entity (SPME) co-routed with the segment R1-L3 MUST be established.
[Huaimo] It seems that R3 is the upstream node of L1 and there is no multi-hop BFD session between R3 and L1.
This current version of the document focuses on extending the protection of RFC 4090 from a transit node to an egress node. It seems that it is better to have another document for others if needed.
GIM>> I couldn’t find in the document statement that the PLR R3 MUST be upstream to the egress. If this is the requirement, then it must be explicitly stated as, in my view, it is restrictive and limits number of networks where proposed method can be used.

*        Section 5.2

o   The third paragraph assumes that if a PLR cannot establish LSP to any listed LSR in the EGRESS_BACKUP object it SHOULD select it locally and record it in the EGRESS_BACKUP object. I believe that that implies that a PLR, i.e. any LSR in the MPLS domain is aware of all services, i.e. CEs, as that is required when selecting backup egress. That is serious security concern and must be properly addressed in Security Considerations section of the draft.
[Huaimo] This paragraph says that the upstream node of the primary egress knows/determines that  there is not any backup egress given for the primary egress. In this case, the upstream node selects a backup egress according to a local policy. The upstream node may not need to be aware of any services or CEs.
GIM>> As commented above to section 5.2, this contradicts statement made in section 5.1 that backup egress(es) SHOULD be configured at LSP ingress.


Regards,
                Greg