Re: [rbridge] a stronger RPF check for TRILL
letracy <letracy@cisco.com> Thu, 15 March 2012 23:27 UTC
Return-Path: <rbridge-bounces@postel.org>
X-Original-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Delivered-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56FED21E8044 for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Thu, 15 Mar 2012 16:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.601
X-Spam-Level:
X-Spam-Status: No, score=-5.601 tagged_above=-999 required=5 tests=[AWL=-0.398, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id erH896u4OzWU for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Thu, 15 Mar 2012 16:27:36 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id E691421E8043 for <trill-archive-Osh9cae4@lists.ietf.org>; Thu, 15 Mar 2012 16:27:36 -0700 (PDT)
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2FNKatJ008719; Thu, 15 Mar 2012 16:20:38 -0700 (PDT)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2FNK24f008687 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Thu, 15 Mar 2012 16:20:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=letracy@cisco.com; l=7222; q=dns/txt; s=iport; t=1331853611; x=1333063211; h=date:subject:from:to:cc:message-id:in-reply-to: mime-version; bh=EzmnsnoADbGOuQNW5rRlvBwl4Pp9WA+mwSkmw9ozB50=; b=TSlnQbzekUohpHJPuCpSA4JSI64ZAbxNFNpdfyW7lebTk/+Xs/UQt1Pb kNIRJvwTUkwgRZmgW4z+G5DWDmtjIP0cwCvb4KiS+eYDV6VdhWdki0f9r X0JKcPi/5TYx/tVL3vMQuON3MfjK2w/lPJzsy44BwgOUXgTmEEjywQjns c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFAMJ3Yk+rRDoH/2dsb2JhbABCgkWyc3aBB4IJAQEBAwESASo8BQ0BCAkPTzYBAQQBDQUbB4djBAGabZ8EiVCHNwSIJDOFKodgiy6DEYFogwY
X-IronPort-AV: E=Sophos; i="4.73,593,1325462400"; d="scan'208,217"; a="36243798"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-4.cisco.com with ESMTP; 15 Mar 2012 23:20:02 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q2FNK101024157; Thu, 15 Mar 2012 23:20:01 GMT
Received: from xmb-sjc-238.amer.cisco.com ([128.107.191.16]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 15 Mar 2012 16:20:01 -0700
Received: from 10.21.148.90 ([10.21.148.90]) by xmb-sjc-238.amer.cisco.com ([128.107.191.16]) with Microsoft Exchange Server HTTP-DAV ; Thu, 15 Mar 2012 23:20:00 +0000
User-Agent: Microsoft-Entourage/12.32.0.111121
Date: Thu, 15 Mar 2012 16:19:52 -0700
From: letracy <letracy@cisco.com>
To: Sam Aldrin <aldrin.ietf@gmail.com>, Santosh Rajagopalan <sunny.rajagopalan@us.ibm.com>
Message-ID: <CB87C728.74E8%letracy@cisco.com>
Thread-Topic: [rbridge] a stronger RPF check for TRILL
Thread-Index: Ac0DAh+vE0Y5NTC0/02n7ccngyeheg==
In-Reply-To: <F88EF32D-1C13-44F2-8BD2-D6AFCF4C9871@gmail.com>
Mime-version: 1.0
X-OriginalArrivalTime: 15 Mar 2012 23:20:01.0832 (UTC) FILETIME=[258B5A80:01CD0302]
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: letracy@cisco.com
Cc: "rbridge@postel.org" <rbridge@postel.org>, Anoop Ghanwani <anoop@alumni.duke.edu>, Radia Perlman <radiaperlman@gmail.com>, Donald Eastlake <d3e3e3@gmail.com>, "rbridge-bounces@postel.org" <rbridge-bounces@postel.org>, Jon Hudson <jon.hudson@gmail.com>
Subject: Re: [rbridge] a stronger RPF check for TRILL
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0356481742=="
Sender: rbridge-bounces@postel.org
Errors-To: rbridge-bounces@postel.org
Hi Sunny, I wanted to try and clarify my point a little better: >From W¹s perspective nothing has changed except the addition of the SMAC. RFC6325 does not mandate that it accept traffic from both links, so it can have a single RPF check if it wishes. In the example below, A and X do not know which port on the LAN link W will send a particular frame on. The RFC explicitly states that W is free to loadsplit flows among its ports on the link and requires that A and X be able to accept traffic from either of W¹s links (See RFC6325 Section 4.4.4). This means that A and X (all Rbridges which share the LAN link with W) will be required to have 1 RPF check per port W has on the link for W and for each Rbridge behind W in the tree. In the below example that means A must have the following RPF checks for its interface connected to the LAN link: (U,interface, SMAC_W1) (U,interface, SMAC_W2) (V,interface, SMAC_W1) (V,interface, SMAC_W2) (W,interface, SMAC_W1) (W,interface, SMAC_W2) (X,interface, SMAC_X) (Y,interface, SMAC_X) (Z,interface, SMAC_X) Thanks, Leonard On 3/15/12 2:54 PM, "Sam Aldrin" <aldrin.ietf@gmail.com> wrote: > Having read both sides of the story, two points I hear are > 1. There is a scenario or corner case, where existing rpf check doesn't > satisfy the needs. > 2. Because the new proposal requires SMAC to be maintained, the size of tables > exponentially increases. > > IMO, weight given to 1and 2 could vary depending on vendor and whom you talk > to. If stronger rpf check is needed, a solution without increasing the > complexity in table size etc should be proposed. If that is something not > going to be achieved, it should be left optional, till something is > identified. > > My 2 cents > Sam > > Sent from my iPhone > > On Mar 15, 2012, at 2:28 PM, Santosh Rajagopalan > <sunny.rajagopalan@us.ibm.com> wrote: > >> I think that a similar argument can be made for the current RPF check as well >> - it costs us table space and helps us in rare, transient cases. If you >> decide that the RPF check is worthwhile having in its current form, I think >> you can make the case that it's worthwhile having in the expanded form as >> well. >> >> Because really, the new form of the RPF check says the same thing as the >> current form - it's just that in multi-access links you need to qualify the >> "allowed link" a little more strongly. Also, I'm not sure if its absence >> could lead to loops - duplicates were just the first case I thought of. >> >> Note that in the case you illustrated below (where rbridges have multiple >> links to the CE network) you would need to have multiple RPF entries anyway, >> even without the new expanded check. For example, the rbridge W would need >> "allow (A, link_1)" in addition to "allow (A, link_2)". Of course, there's no >> denying that adding the mac address there will bring in additional memory >> costs.
_______________________________________________ rbridge mailing list rbridge@postel.org http://mailman.postel.org/mailman/listinfo/rbridge
- Re: [rbridge] a stronger RPF check for TRILL Donald Eastlake
- [rbridge] a stronger RPF check for TRILL Santosh Rajagopalan
- Re: [rbridge] a stronger RPF check for TRILL Anoop Ghanwani
- Re: [rbridge] a stronger RPF check for TRILL Radia Perlman
- Re: [rbridge] a stronger RPF check for TRILL Jon Hudson
- Re: [rbridge] a stronger RPF check for TRILL letracy
- Re: [rbridge] a stronger RPF check for TRILL Santosh Rajagopalan
- Re: [rbridge] a stronger RPF check for TRILL Sam Aldrin
- Re: [rbridge] a stronger RPF check for TRILL letracy
- Re: [rbridge] a stronger RPF check for TRILL Donald Eastlake
- Re: [rbridge] a stronger RPF check for TRILL Santosh Rajagopalan