Re: [trill] 答复: Explaining three options for upgrading to FGL (fine-grained-labeling)

Radia Perlman <radiaperlman@gmail.com> Tue, 29 January 2013 10:59 UTC

Return-Path: <radiaperlman@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D998021F86FD for <trill@ietfa.amsl.com>; Tue, 29 Jan 2013 02:59:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.05
X-Spam-Level:
X-Spam-Status: No, score=0.05 tagged_above=-999 required=5 tests=[AWL=-3.647, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_ENC_GB2312=1.345]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d+gUGXNUBKLh for <trill@ietfa.amsl.com>; Tue, 29 Jan 2013 02:59:12 -0800 (PST)
Received: from mail-lb0-f178.google.com (mail-lb0-f178.google.com [209.85.217.178]) by ietfa.amsl.com (Postfix) with ESMTP id 7B08621F86F8 for <trill@ietf.org>; Tue, 29 Jan 2013 02:59:11 -0800 (PST)
Received: by mail-lb0-f178.google.com with SMTP id n1so533051lba.23 for <trill@ietf.org>; Tue, 29 Jan 2013 02:59:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=TS9eR/N6o43wrpkSg9DPJvhR34dH4uUhMRnIrqHUFpE=; b=Rjq/ygUftv+0m/aLwkRe80vd288YmhHKRFFb0+ws7n1q6PvJrsmFjmdEKhK+cjaJP7 rrAm0bmuhtU6UtN4Du5BlB9B17NLA3dXPSEuquRTTgnWWLkkY4xOxF+bbHl8yYs83j61 HkO0An5RozcpZEBAsxFBo7pPM9AcjnxWvNgUTG/A/knglSznwKaYkzkxIjOJlMwZ+8mh O9fa86q18gpXYGAm0XayPNWBM7U+Lh1H79ML2eVCSWGPEuIfnzw+Tfsaig2eatrKSdbu nUwAUK84rih2IbrH9ojISC/E6+E7qXov0ftPA/WpFpVihjw7TmeseV8BO5jE0nrZvfG1 m4Mw==
MIME-Version: 1.0
X-Received: by 10.112.50.109 with SMTP id b13mr322683lbo.8.1359457150285; Tue, 29 Jan 2013 02:59:10 -0800 (PST)
Received: by 10.112.64.17 with HTTP; Tue, 29 Jan 2013 02:59:10 -0800 (PST)
In-Reply-To: <DD5FC8DE455C3348B94340C0AB5517334F651415@nkgeml501-mbs.china.huawei.com>
References: <CAFOuuo67iBR2JkDtwPFCkrKHs3Fp4U_L1jkmNz5sfht6y05YMw@mail.gmail.com> <DD5FC8DE455C3348B94340C0AB5517334F651415@nkgeml501-mbs.china.huawei.com>
Date: Tue, 29 Jan 2013 02:59:10 -0800
Message-ID: <CAFOuuo597npOuDLT1di-0V+Q1Fh7nYvKD3jHG3bbZPB81hc=Tw@mail.gmail.com>
From: Radia Perlman <radiaperlman@gmail.com>
To: Haoweiguo <haoweiguo@huawei.com>
Content-Type: multipart/alternative; boundary=f46d0401fbc987b7aa04d46b4826
Cc: "trill@ietf.org" <trill@ietf.org>
Subject: Re: [trill] =?gb2312?b?tPC4tDogIEV4cGxhaW5pbmcgdGhyZWUgb3B0aW9ucyBm?= =?gb2312?b?b3IgdXBncmFkaW5nIHRvIEZHTCAoZmluZS1ncmFpbmVkLWxhYmVs?= =?gb2312?b?aW5nKQ==?=
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trill>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2013 10:59:13 -0000

Hi Weiguo,

 If we knew that it was already safe to transit FGL frames through VL
nodes, that would be great.  We could basically just start sending FGL
frames, not worry about ostrasizing VL RBridges, not worry about
calculating two forwarding databases.

 But,  I was assuming that there were implementations of VL that might do
bad things if they saw an FGL packet.  For instance, for unicast, they
might drop the packet, or they might decapsulate it onto a link that should
not receive packets for that FGL.  For multicast, they might falsely filter
the packet.  If that assumption is true, then the safe thing is to avoid VL
RBridges for FGL packets, which means calculating paths that do not include
VL RBridges.
.
Thanks,

Radia



On Mon, Jan 28, 2013 at 10:59 PM, Haoweiguo <haoweiguo@huawei.com> wrote:

>  Hi Radia,
>
> In option3:
>
> why FGL switches calculate unicast paths to FGL edge guys that avoid any
> VL guys, and calculate at least one FGL-friendly multicast tree that also
> avoids any VL guys? If two FGL switches can only transmit data through VL
> switch, the method will disconnect data channel between FGL switches. I
> think VL switch is safe as transit node to tranmit unicast FGL data packet.
>
> thanks
>
> weiguo
>
> ------------------------------
>
>  *发件人:* Radia Perlman [radiaperlman@gmail.com]
> *发送时间:* 2013年1月26日 3:00
> *到:* trill@ietf.org
> *主题:* [trill] Explaining three options for upgrading to FGL
> (fine-grained-labeling)
>
>   I'm going to summarize three options for phasing-in FGL, and explain
> the tradeoffs, to help people have informed opinions about the implications
> of the three approaches.  There are infinite variations, of course, but as
> I said, I'll describe three main ones.
>
>  Option 1:  Original draft, no changes.  There are two types of RBridges.
> The first type is "VL" which only understands VLAN tags, and have unknown
> and possibly dangerous behavior when they receive an FGL-labeled packet.
> (e.g., decapsulate a packet onto a link where it is not allowed, or
> mistakenly prune a multicast so it does not reach everywhere it should).
> The second type is "FGL".  FGL guys need to do two things: 1) understand
> FGL tags and do the right thing with them, and 2) ostrasize VL
> guys...meaning that an FGL guy refuses to form an adjacency with a VL guy.
>  This option is very simple for implementers of FGL, but the implication is
> that you have to upgrade your entire campus to FGL at once.  There is no
> coexistence.
>
>  Option 2: Two types of RBridges, but the 2nd type is different from
> option 1.  VL guys of course are the same as in option 1...they cannot be
> trusted with FGL frames. The second type I will call "FGL-safe". An
> FGL-safe RBridge must advertise in its LSP that it is FGL-safe, and it must
> not "do anything bad" with FGL frames, meaning that it is allowed to ignore
> pruning of FGL (or even VL frames) entirely...it just can't falsely drop
> FGL frames.  And it must not decapsulate an FGL frame onto a link for which
> that FGL frame doesn't belong. In this option, all RBridges must be
> upgraded to FGL-safe, but it need not happen instantaneously...it's fine to
> mix FGL-safe RBridges with VL RBridges...it's just not safe to inject FGL
> frames yet.  Once all the RBridges have been upgraded to be FGL-safe, then
> edge RBridges can start announcing they are connected to an FGL link, and
> can start injecting FGL packets.  It is considered a misconfiguration if
> you start injecting FGL frames before all the RBridges are upgraded to
> FGL-safe, so an additional chore for an FGL-safe RBridge R1 is to examine
> LSPs, and if any RBridge claims to be attached to an FGL link, then R1 must
> ostrasize any VL neighbors.  (don't start ostrasizing VL guys until it is
> necessary because of actually starting to use FGL frames, in other words).
> This option is more work for the upgraded RBridges than option 1, and there
> still isn't good coexistence with VL guys long-term (as option 3 will), but
> it does allow upgrading RBridges one by one in a working campus without
> causing disruption.
>
>  Option 3: Two types of RBridges.  VL, of course, is the same as in
> options 1 and 2.  This option makes FGL guys do more work, but allows
> maximal long term coexistence of VL and FGL guys. In this option, FGL guys
> calculate unicast paths to FGL edge guys that avoid any VL guys, and
> calculate at least one FGL-friendly multicast tree that also avoids any VL
> guys. So let's say R1 is an FGL guy.  R1 discards all LSPs from VL guys
> (ones that don't advertise FGL capability in their LSP), when calculating
> paths to other FGL RBridges. Then R1 calculates paths to the VL guys using
> all LSPs.  Likewise, when calculating an FGL-friendly tree, R1 calculates a
> tree through only FGL guys.   This option is more work for the upgraded
> RBridges (because they have to calculate Dijkstra in two different ways,
> one for reaching VL guys, and one for reaching FGL guys).  However, it does
> allow having long-term coexistence with VL guys.  For instance, you could
> forever keep some VL edge RBridges that communicate just fine through an
> FGL core.  They can stay there forever, and still be able to communicate
> through the core to all the links attaching to their VLAN.
>