IETF Logo Mail Archive

Re: [rbridge] a stronger RPF check for TRILL

Donald Eastlake <d3e3e3@gmail.com> Fri, 16 March 2012 19:28 UTC

Return-Path: <rbridge-bounces@postel.org>
X-Original-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Delivered-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 457FE21F86B7 for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Fri, 16 Mar 2012 12:28:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.891
X-Spam-Level:
X-Spam-Status: No, score=-105.891 tagged_above=-999 required=5 tests=[AWL=0.708, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IV8oJbKx38Jh for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Fri, 16 Mar 2012 12:28:16 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 57CA521F86C5 for <trill-archive-Osh9cae4@lists.ietf.org>; Fri, 16 Mar 2012 12:28:16 -0700 (PDT)
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2GJ4VPb004619; Fri, 16 Mar 2012 12:04:32 -0700 (PDT)
Received: from mail-lpp01m010-f52.google.com (mail-lpp01m010-f52.google.com [209.85.215.52]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q2GJ3ur2004393 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <rbridge@postel.org>; Fri, 16 Mar 2012 12:04:06 -0700 (PDT)
Received: by lahi5 with SMTP id i5so6239353lah.39 for <rbridge@postel.org>; Fri, 16 Mar 2012 12:03:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=CHluuw0m8HTaRYTrfDOcWBydj90o5aZdrhOr4WFfVgs=; b=rdiQTZX9BYG9X+3LWk70MLdUyMpUTM3NUsOcGoj7QhYTXA92KFznIXpz0ELyWhPvyQ r6vZ5rqmpwcaEn8I+3kappdX+OH0YaSuqajLIBAT+EOy79quKUGaNSBqsOs3SZv8NAOz ntF/FL9/5d4tKVaPS0GbEFsfOc8N89p3rPqBV7VIEt1tEOnRpHrfT3K0KRdC6+J7URcf D6z6YPJp0odyFlkKHiDtCvqyzcXZ1pQxdrh0R675aZ8SLWqLNqNbQcqHUKHr2excFui4 OuDF+qIKGIImLk8d2N6VJqqoli0/Mtzmr6kyA+BhrY04B8ePEfSdHRYy5TjePcwXRdj+ 9Yyw==
Received: by 10.112.36.167 with SMTP id r7mr1386278lbj.32.1331924635485; Fri, 16 Mar 2012 12:03:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.13.227 with HTTP; Fri, 16 Mar 2012 12:03:35 -0700 (PDT)
In-Reply-To: <CB87C728.74E8%letracy@cisco.com>
References: <F88EF32D-1C13-44F2-8BD2-D6AFCF4C9871@gmail.com> <CB87C728.74E8%letracy@cisco.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Fri, 16 Mar 2012 15:03:35 -0400
Message-ID: <CAF4+nEFJyWoacCrQ73=LQ7p-HJX9cS+d-q=37s2Gc63Fh=oTKQ@mail.gmail.com>
To: "rbridge@postel.org" <rbridge@postel.org>
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: d3e3e3@gmail.com
X-MIME-Autoconverted: from quoted-printable to 8bit by boreas.isi.edu id q2GJ3ur2004393
Subject: Re: [rbridge] a stronger RPF check for TRILL
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Sender: rbridge-bounces@postel.org
Errors-To: rbridge-bounces@postel.org

Hi,

I agree that use of the stronger, simpler RPFC should be optional.
Among other things, we certainly don't want to declare faithful
implementations of RFC 6325 non-conformant. Also, I think there are,
for reasonable implementation strategies, cases where there would be
more state information with the current standard RPFC requirement and
other cases where there would be more state information with the
simpler, stronger RPFC requirement. (The most important factor for
distinguishing between these cases is, as implied by the message
below, how many ports each RBridge has on the multi-access link.)

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com

On Thu, Mar 15, 2012 at 7:19 PM, letracy <letracy@cisco.com> wrote:
> Hi Sunny,
>
> I wanted to try and clarify my point a little better:
>
> From W’s perspective nothing has changed except the addition of the SMAC.
>  RFC6325 does not mandate that it accept traffic from both links, so it can
> have a single RPF check if it wishes.
>
> In the example below, A and X do not know which port on the LAN link W will
> send a particular frame on.  The RFC explicitly states that W is free to
> loadsplit flows among its ports on the link and requires that A and X be
> able to accept traffic from either of W’s links (See RFC6325 Section 4.4.4).
>  This means that A and X (all Rbridges which share the LAN link with W) will
> be required to have 1 RPF check per port W has on the link for W and for
> each Rbridge behind W in the tree.
>
> In the below example that means A must have the following RPF checks for its
> interface connected to the LAN link:
> (U,interface, SMAC_W1)
> (U,interface, SMAC_W2)
> (V,interface, SMAC_W1)
> (V,interface, SMAC_W2)
> (W,interface, SMAC_W1)
> (W,interface, SMAC_W2)
> (X,interface, SMAC_X)
> (Y,interface, SMAC_X)
> (Z,interface, SMAC_X)
>
> Thanks,
> Leonard
>
>
>
>
> On 3/15/12 2:54 PM, "Sam Aldrin" <aldrin.ietf@gmail.com> wrote:
>
> Having read both sides of the story, two points I hear are
> 1. There is a scenario or corner case, where existing rpf check doesn't
> satisfy the needs.
> 2. Because the new proposal requires SMAC to be maintained, the size of
> tables exponentially increases.
>
> IMO, weight given to 1and 2 could vary depending on vendor and whom you talk
> to. If stronger rpf check is needed, a solution without increasing the
> complexity in table size etc should be proposed. If that is something not
> going to be achieved, it should be left optional, till something is
> identified.
>
> My 2 cents
> Sam
>
> Sent from my iPhone
>
> On Mar 15, 2012, at 2:28 PM, Santosh Rajagopalan
> <sunny.rajagopalan@us.ibm.com> wrote:
>
> I think that a similar argument can be made for the current RPF check as
> well - it costs us table space and helps us in rare, transient cases. If you
> decide that the RPF check is worthwhile having in its current form, I think
> you can make the case that it's worthwhile having in the expanded form as
> well.
>
> Because really, the new form of the RPF check says the same thing as the
> current form - it's just that in multi-access links you need to qualify the
> "allowed link" a little more strongly. Also, I'm not sure if its absence
> could lead to loops - duplicates were just the first case I thought of.
>
> Note that in the case you illustrated below (where rbridges have multiple
> links to the CE network) you would need to have multiple RPF entries anyway,
> even without the new expanded check. For example, the rbridge W would need
> "allow (A, link_1)" in addition to "allow (A, link_2)". Of course, there's
> no denying that adding the mac address there will bring in additional memory
> costs.

_______________________________________________
rbridge mailing list
rbridge@postel.org
http://mailman.postel.org/mailman/listinfo/rbridge

v2.23.0 | Report a Bug | By Email