Cheers,
R.
On Thu, Apr 16, 2015 at 10:35 PM, Erik Nordmark <nordm...@acm.org
<mailto:nordm...@acm.org>> wrote:
On 4/15/15 11:25 PM, Robert Raszuk wrote:
Ok I think there are two scenarios.
The original scenario I had in mind was indeed the loopback
anycast which would really not have any issues with arp.
The other scenario is NIC overload with multiple addresses
some of them would be anycast. It is in fact not that uncommon
to have an identical VMs with same IP for robustness without
LB. I am not sure if we need to *solve* it at ARP, but we do
need to consider it as a valid case and not react as far as
duplicate address detection is concerned. Again here depending
on the implementation if you put both such VMs say in
different VRFs you have no ARP issue, but anycast works fine.
Robert,
The case of a dual-NIC server is typically solved locally (using
e.g., multi-chassis LAG for redundancy), and AFAIK the same MAC
address is used (but I haven't looked at all the flavors of Linux
NIC bonding and VmWare options).
I think to proceed I would be happy to see those cases just
documented in deployment section of the draft and we move on.
I do not think that solving or even touching IPv4 ARP is
needed here at this point.
Agreed.
Or perhaps a different comment to add to the draft would be to
mention that duplicate IPv4 address detection is scoped to the
same ARP table (which may not be the same as same subnet :).
That seems like a useful addition (if it isn't already in this or
some other document).
Erik
Cheers,
r.
On Thu, Apr 16, 2015 at 12:44 AM, Erik Nordmark
<nordm...@acm.org <mailto:nordm...@acm.org>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>>> wrote:
On 4/15/15 2:53 PM, Robert Raszuk wrote:
Erik,
How about /32 IPv4 anycast addresses with multiple
subnet per
linux NIC ? It is typical to be able to overload host
networking with same anycast loopbacks.
I guess "same subnet" isn't sufficient as criteria - "same
subnet
which corresponds to a connected route" would be one way
to phrase
the constraint.
It does not need to be ARP resolved .. the resolution is
indirect via connected next hops.
Yes, that is the key issue.
For instance host routes (/32) and an anycast address on a
loopback interface works fine in IPv4 and IPv6.
Erik
Cheers,
R.
On Wed, Apr 15, 2015 at 11:48 PM, Erik Nordmark
<nordm...@acm.org <mailto:nordm...@acm.org>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>>>> wrote:
On 3/31/15 1:10 PM, Rabadan, Jorge (Jorge) wrote:
Hi Robert and Tony,
As Wim mentioned, ipv6 anycast is something
that we
will add
to the draft in the next rev. There is an easy
way to
know if
a given proxy-ND entry belongs to an anycast
address
or not
and disable the duplicate IP detection for those.
The challenge for IPv4 is that I don’t see an
easy way to
learn _dynamically_ from access attachment
circuits that a
given ipv4 is anycast. Even for default
gateways, if
they are
integrated in the EVPN PE, we are good, but if
they are
external and connected to a MAC-VRF, it is not so
clear how to
learn that (unless you learn those entries
from the
management
interface).
Jorge,
IPv4/ARP doesn't have any support for anycast
address on
the same
subnet. While IPv6/ND has such support (using the
O-flag) the
common anycast deployment for both is to have the
anycast
instances deployed on different subnets and, in
the case
of DNS
servers, in different ISPs.
Thus for IPv4 I think you can assume that the same
IP address
appearing with different MAC addresses is either a
duplicate IP
address or a case of a host having changed the MAC
address
on its
NIC. (I don't know if NIC bonding can be
configured in a
way where
it looks like an IP->MAC change each time there is a
failure; if
so that would be a third case.)
Erik
One of the reasons why we have lots of
“SHOULDs” in
the draft
and not “MUST” is because the implementation
has to be
flexible enough to be configured in a
different way
depending
on the use-case, which is one of the points
that Tony
mentions
below. In the use-case described at the moment
there is no
anycast and duplicate IP detection is very
important.
We will
add the DC use case in the next rev as
suggested by
Robert and
others.
Thanks.
Jorge
From: Antoni Przygienda
<antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>>>>
Date: Monday, March 30, 2015 at 12:12 AM
To: Robert Raszuk <rob...@raszuk.net
<mailto:rob...@raszuk.net>
<mailto:rob...@raszuk.net <mailto:rob...@raszuk.net>>
<mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net> <mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net>>>
<mailto:rob...@raszuk.net <mailto:rob...@raszuk.net>
<mailto:rob...@raszuk.net <mailto:rob...@raszuk.net>>
<mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net>
<mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net>>>>>, "Henderickx, Wim (Wim)"
<wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>>>
Cc: Erik Nordmark <nordm...@acm.org
<mailto:nordm...@acm.org>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>>>
<mailto:nordm...@acm.org
<mailto:nordm...@acm.org> <mailto:nordm...@acm.org
<mailto:nordm...@acm.org>>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>
<mailto:nordm...@acm.org <mailto:nordm...@acm.org>>>>>,
"bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>>"
<bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>>>, Jorge Rabadan
<jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>
<mailto:jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>>
<mailto:jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>
<mailto:jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>>>
<mailto:jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>
<mailto:jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>>
<mailto:jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>
<mailto:jorge.raba...@alcatel-lucent.com
<mailto:jorge.raba...@alcatel-lucent.com>>>>>
Subject: RE: [bess] ARP ND draft
I’m also skeptical whether IP duplicate
detection
would be
a good
default thing. Especially in case of what
I call
‘aliased
default
gateway’ which section 10.1 specifically
allows, i.e.
default GW
IP address is same but each PE may use a
different
MAC when
advertising it and consequently responses
for same
IP with
different ARPs may be seen in the
network. Yes,
default GW
ExtComm is there to differentiate so it can be
called an
exception
but nevertheless.
I also thought a tad about VRRP but I
think the IP
duplicate
detection will not apply there, it’s all same
IPx->MACx
from all
routers so if anything, it’s more of a MAC
move thing.
Generally I think someone who wants a secure,
stable eVPN
wants IP
duplicate detection, someone who runs a
very dynamic
network with
tons gateways, possibly anycast & floating
IPs will
probably not
be too enamored with it.
Thanks
--- tony
//
/There are basically two types of people.
People who
accomplish
things, and people who claim to have
accomplished
things. The
first group is less crowded.
<http://www.brainyquote.com/quotes/quotes/m/marktwain393535.html>/
/~~~ Mark Twain
<http://www.brainyquote.com/quotes/quotes/m/marktwain393535.html>/
*From:*rras...@gmail.com
<mailto:rras...@gmail.com>
<mailto:rras...@gmail.com <mailto:rras...@gmail.com>>
<mailto:rras...@gmail.com <mailto:rras...@gmail.com>
<mailto:rras...@gmail.com <mailto:rras...@gmail.com>>>
<mailto:rras...@gmail.com
<mailto:rras...@gmail.com> <mailto:rras...@gmail.com
<mailto:rras...@gmail.com>>
<mailto:rras...@gmail.com <mailto:rras...@gmail.com>
<mailto:rras...@gmail.com <mailto:rras...@gmail.com>>>>
[mailto:rras...@gmail.com
<mailto:rras...@gmail.com>
<mailto:rras...@gmail.com <mailto:rras...@gmail.com>>
<mailto:rras...@gmail.com <mailto:rras...@gmail.com>
<mailto:rras...@gmail.com
<mailto:rras...@gmail.com>>>] *On
Behalf Of *Robert Raszuk
*Sent:* Monday, March 30, 2015 1:19 AM
*To:* Henderickx, Wim (Wim)
*Cc:* Erik Nordmark; Antoni Przygienda;
bess@ietf.org <mailto:bess@ietf.org> <mailto:bess@ietf.org
<mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>
<mailto:bess@ietf.org
<mailto:bess@ietf.org> <mailto:bess@ietf.org
<mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>>; Rabadan,
Jorge (Jorge)
*Subject:* Re: [bess] ARP ND draft
Hi Wim,
> There is anycast at IPv4 level for sure
but I am not
ware this is
supported at arp level.
Precisely right. It needs to be documented and
addressed
if anyone
is up to proposing automated IP duplicate
address
detection and
disabling.
RFC1546 is rather too old to consider here as
solution :)
Cheers,
R.
On Mon, Mar 30, 2015 at 1:10 AM,
Henderickx, Wim (Wim)
<wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>>> wrote:
To be clear: RFC4861 section 7.2.7
explains the
anycast
behaviour
in IPv6.
I am not aware of such thing at IPv4/ARP
level. Do you
have a pointer?
There is anycast at IPv4 level for sure
but I am
not ware
this is
supported at arp level.
*From: *<Henderickx>, Wim Henderickx
*Date: *Monday 30 March 2015 07:38
*To: *Robert Raszuk
*Cc: *Erik Nordmark, Antoni Przygienda,
"bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>
<mailto:bess@ietf.org
<mailto:bess@ietf.org> <mailto:bess@ietf.org
<mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>>", Jorge Rabadan
*Subject: *Re: [bess] ARP ND draft
At interface level you get dad in most
stacks I know.
Sent from my iPhone
On 30 Mar 2015, at 06:45, Robert Raszuk
<rob...@raszuk.net <mailto:rob...@raszuk.net>
<mailto:rob...@raszuk.net <mailto:rob...@raszuk.net>>
<mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net> <mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net>>>
<mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net>
<mailto:rob...@raszuk.net <mailto:rob...@raszuk.net>>
<mailto:rob...@raszuk.net <mailto:rob...@raszuk.net>
<mailto:rob...@raszuk.net
<mailto:rob...@raszuk.net>>>>> wrote:
Hi Wim,
What makes you say that in IPv4 there
is no
anycast ? All
anycase I have played so far is IPv4 :)
Cheers,
r.
On Sun, Mar 29, 2015 at 11:18 PM,
Henderickx,
Wim (Wim)
<wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>>> wrote:
We will update the draft to highlight
the IPv6
anycast
behaviour better as pointed out by
RObert. In IPv4
there is no
anycast behaviour and as such there
should be one
option possible.
On 30/03/15 04:59, "Antoni Przygienda"
<antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>>>> wrote:
>Yes, but of course I brought it up to
show
that 'the
last one
simply wins' as suggested by the draft
is not
enough
IMO. A
good architecture should probably keep
track
of what
it served
as answer and when the answer is
invalid or a new,
better one
exists, provide a GARP.
>
>As well, when PE2 sends a newer MAC
it may
not be a good
strategy to serve a GARP if PE1's MAC has
already been
offered. That could lead IMO to e.g.
gateway
chasing
problems.
>
>--- tony
>
>
>There are basically two types of people.
People who
accomplish things, and people who
claim to have
accomplished
things. The first group is less crowded.
>~~~ Mark Twain
>
>
>> -----Original Message-----
>> From: Henderickx, Wim (Wim)
[mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>
<mailto:wim.henderi...@alcatel-lucent.com
<mailto:wim.henderi...@alcatel-lucent.com>>>>]
>> Sent: Thursday, March 26, 2015 6:01 AM
>> To: Antoni Przygienda; Erik
Nordmark; Rabadan,
Jorge (Jorge)
>> Cc: bess@ietf.org
<mailto:bess@ietf.org> <mailto:bess@ietf.org
<mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>
<mailto:bess@ietf.org <mailto:bess@ietf.org>
<mailto:bess@ietf.org <mailto:bess@ietf.org>>>>
>> Subject: Re: [bess] ARP ND draft
>>
>> For this case you should sent a
GARP with
the new
MAC/IP
>>
>>
>>
>>
>> On 25/03/15 18:56, "Antoni Przygienda"
<antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>
<mailto:antoni.przygie...@ericsson.com
<mailto:antoni.przygie...@ericsson.com>>>>>
>> wrote:
>>
>> >> > b)It is worth explaining what
is suggested
behavior if
eVPN
>> >> > advertises the same IP with
multiple
MACs and what
happens when
>> >> > e.g. the served MAC vanishes
>> >> >
>> >> Doesn't the EVPN RFC already stating
that the routes
would be
>> >> withdrawn in that case?
>> >
>> >The scenario I had in mind was
when eVPN
PE receives
>> >
>> >From PE2 IP1/M1 and later
>> >From PE3 IP1/M2
>> >
>> >while having answered with IP1/M1 per
proxy alrady.
Additionally, in
>> >such situation ends up seeing
>> >
>> >From PE2 IP1/<no MAC>
>> >
>> >So the answer it gave is not valid
anymore
all of
a sudden.
>> >
>> >--- tony
_______________________________________________
BESS mailing list
BESS@ietf.org <mailto:BESS@ietf.org> <mailto:BESS@ietf.org
<mailto:BESS@ietf.org>> <mailto:BESS@ietf.org
<mailto:BESS@ietf.org>
<mailto:BESS@ietf.org <mailto:BESS@ietf.org>>>
<mailto:BESS@ietf.org <mailto:BESS@ietf.org>
<mailto:BESS@ietf.org <mailto:BESS@ietf.org>>
<mailto:BESS@ietf.org <mailto:BESS@ietf.org>
<mailto:BESS@ietf.org <mailto:BESS@ietf.org>>>>
https://www.ietf.org/mailman/listinfo/bess
_______________________________________________
BESS mailing list
BESS@ietf.org <mailto:BESS@ietf.org> <mailto:BESS@ietf.org
<mailto:BESS@ietf.org>> <mailto:BESS@ietf.org
<mailto:BESS@ietf.org>
<mailto:BESS@ietf.org <mailto:BESS@ietf.org>>>
https://www.ietf.org/mailman/listinfo/bess
_______________________________________________
BESS mailing list
BESS@ietf.org <mailto:BESS@ietf.org> <mailto:BESS@ietf.org
<mailto:BESS@ietf.org>>
https://www.ietf.org/mailman/listinfo/bess