Re: [rbridge] a stronger RPF check for TRILL
Santosh Rajagopalan <sunny.rajagopalan@us.ibm.com> Fri, 16 March 2012 20:23 UTC
Return-Path: <rbridge-bounces@postel.org>
X-Original-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Delivered-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5D8021E8048 for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Fri, 16 Mar 2012 13:23:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.149
X-Spam-Level:
X-Spam-Status: No, score=-6.149 tagged_above=-999 required=5 tests=[AWL=0.449, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cAK4A3tDsdD for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Fri, 16 Mar 2012 13:23:32 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 7C67421E800F for <trill-archive-Osh9cae4@lists.ietf.org>; Fri, 16 Mar 2012 13:23:32 -0700 (PDT)
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2GKDich014636; Fri, 16 Mar 2012 13:13:45 -0700 (PDT)
Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2GKD7nS014562 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <rbridge@postel.org>; Fri, 16 Mar 2012 13:13:17 -0700 (PDT)
Received: from /spool/local by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <rbridge@postel.org> from <sunny.rajagopalan@us.ibm.com>; Fri, 16 Mar 2012 14:13:07 -0600
Received: from d01dlp03.pok.ibm.com (9.56.224.17) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 16 Mar 2012 14:12:05 -0600
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by d01dlp03.pok.ibm.com (Postfix) with ESMTP id 673DDC9005A for <rbridge@postel.org>; Fri, 16 Mar 2012 16:12:04 -0400 (EDT)
Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q2GKC3w0291532 for <rbridge@postel.org>; Fri, 16 Mar 2012 16:12:04 -0400
Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q2GKBu8s031864 for <rbridge@postel.org>; Fri, 16 Mar 2012 14:11:56 -0600
Received: from d03nm127.boulder.ibm.com (d03nm127.boulder.ibm.com [9.17.195.18]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id q2GKBrCH031333 for <rbridge@postel.org>; Fri, 16 Mar 2012 14:11:53 -0600
In-Reply-To: <CAF4+nEFJyWoacCrQ73=LQ7p-HJX9cS+d-q=37s2Gc63Fh=oTKQ@mail.gmail.com>
References: <F88EF32D-1C13-44F2-8BD2-D6AFCF4C9871@gmail.com> <CB87C728.74E8%letracy@cisco.com> <CAF4+nEFJyWoacCrQ73=LQ7p-HJX9cS+d-q=37s2Gc63Fh=oTKQ@mail.gmail.com>
To: "rbridge@postel.org" <rbridge@postel.org>
MIME-Version: 1.0
X-KeepSent: FFC80969:70E49312-872579C3:006EB038; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.1FP5 SHF29 November 12, 2010
Message-ID: <OFFFC80969.70E49312-ON872579C3.006EB038-882579C3.006F03CF@us.ibm.com>
From: Santosh Rajagopalan <sunny.rajagopalan@us.ibm.com>
Date: Fri, 16 Mar 2012 13:12:06 -0700
X-MIMETrack: Serialize by Router on D03NM127/03/M/IBM(Release 8.5.1FP2|March 17, 2010) at 03/16/2012 14:11:53, Serialize complete at 03/16/2012 14:11:53
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 12031620-7282-0000-0000-0000076CC46E
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: sunny.rajagopalan@us.ibm.com
Subject: Re: [rbridge] a stronger RPF check for TRILL
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0890598027=="
Sender: rbridge-bounces@postel.org
Errors-To: rbridge-bounces@postel.org
I agree; this sounds reasonable. From: Donald Eastlake <d3e3e3@gmail.com> To: "rbridge@postel.org" <rbridge@postel.org> Date: 03/16/2012 12:27 PM Subject: Re: [rbridge] a stronger RPF check for TRILL Sent by: rbridge-bounces@postel.org Hi, I agree that use of the stronger, simpler RPFC should be optional. Among other things, we certainly don't want to declare faithful implementations of RFC 6325 non-conformant. Also, I think there are, for reasonable implementation strategies, cases where there would be more state information with the current standard RPFC requirement and other cases where there would be more state information with the simpler, stronger RPFC requirement. (The most important factor for distinguishing between these cases is, as implied by the message below, how many ports each RBridge has on the multi-access link.) Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com On Thu, Mar 15, 2012 at 7:19 PM, letracy <letracy@cisco.com> wrote: > Hi Sunny, > > I wanted to try and clarify my point a little better: > > From W’s perspective nothing has changed except the addition of the SMAC. > RFC6325 does not mandate that it accept traffic from both links, so it can > have a single RPF check if it wishes. > > In the example below, A and X do not know which port on the LAN link W will > send a particular frame on. The RFC explicitly states that W is free to > loadsplit flows among its ports on the link and requires that A and X be > able to accept traffic from either of W’s links (See RFC6325 Section 4.4.4). > This means that A and X (all Rbridges which share the LAN link with W) will > be required to have 1 RPF check per port W has on the link for W and for > each Rbridge behind W in the tree. > > In the below example that means A must have the following RPF checks for its > interface connected to the LAN link: > (U,interface, SMAC_W1) > (U,interface, SMAC_W2) > (V,interface, SMAC_W1) > (V,interface, SMAC_W2) > (W,interface, SMAC_W1) > (W,interface, SMAC_W2) > (X,interface, SMAC_X) > (Y,interface, SMAC_X) > (Z,interface, SMAC_X) > > Thanks, > Leonard > > > > > On 3/15/12 2:54 PM, "Sam Aldrin" <aldrin.ietf@gmail.com> wrote: > > Having read both sides of the story, two points I hear are > 1. There is a scenario or corner case, where existing rpf check doesn't > satisfy the needs. > 2. Because the new proposal requires SMAC to be maintained, the size of > tables exponentially increases. > > IMO, weight given to 1and 2 could vary depending on vendor and whom you talk > to. If stronger rpf check is needed, a solution without increasing the > complexity in table size etc should be proposed. If that is something not > going to be achieved, it should be left optional, till something is > identified. > > My 2 cents > Sam > > Sent from my iPhone > > On Mar 15, 2012, at 2:28 PM, Santosh Rajagopalan > <sunny.rajagopalan@us.ibm.com> wrote: > > I think that a similar argument can be made for the current RPF check as > well - it costs us table space and helps us in rare, transient cases. If you > decide that the RPF check is worthwhile having in its current form, I think > you can make the case that it's worthwhile having in the expanded form as > well. > > Because really, the new form of the RPF check says the same thing as the > current form - it's just that in multi-access links you need to qualify the > "allowed link" a little more strongly. Also, I'm not sure if its absence > could lead to loops - duplicates were just the first case I thought of. > > Note that in the case you illustrated below (where rbridges have multiple > links to the CE network) you would need to have multiple RPF entries anyway, > even without the new expanded check. For example, the rbridge W would need > "allow (A, link_1)" in addition to "allow (A, link_2)". Of course, there's > no denying that adding the mac address there will bring in additional memory > costs. _______________________________________________ rbridge mailing list rbridge@postel.org http://mailman.postel.org/mailman/listinfo/rbridge
_______________________________________________ rbridge mailing list rbridge@postel.org http://mailman.postel.org/mailman/listinfo/rbridge
- Re: [rbridge] a stronger RPF check for TRILL Donald Eastlake
- [rbridge] a stronger RPF check for TRILL Santosh Rajagopalan
- Re: [rbridge] a stronger RPF check for TRILL Anoop Ghanwani
- Re: [rbridge] a stronger RPF check for TRILL Radia Perlman
- Re: [rbridge] a stronger RPF check for TRILL Jon Hudson
- Re: [rbridge] a stronger RPF check for TRILL letracy
- Re: [rbridge] a stronger RPF check for TRILL Santosh Rajagopalan
- Re: [rbridge] a stronger RPF check for TRILL Sam Aldrin
- Re: [rbridge] a stronger RPF check for TRILL letracy
- Re: [rbridge] a stronger RPF check for TRILL Donald Eastlake
- Re: [rbridge] a stronger RPF check for TRILL Santosh Rajagopalan