Hello Sasha/ WG, Apologies for the delayed response, Thank you for your detailed comments. Thanks to Donald Eastlake and Ali Sajassi for their kind offline discussions. We have submitted -10 version to the datatracker to address them. In addition, please see our responses below iniline with GVP+DE-1> below. Donald, Please add further clarifications that you think are required. Thanks, Prasad
Message-ID-Hash: BDALREYNUJUBZZ3J35JWR3PGL4QOJYKJ X-Message-ID-Hash: BDALREYNUJUBZZ3J35JWR3PGL4QOJYKJ X-MailFrom: alexander.vainsht...@rbbn.com CC: "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-evpn-bfd....@ietf.org" <draft-ietf-bess-evpn-bfd....@ietf.org>, "rtg-...@ietf.org" <rtg-...@ietf.org>, "rtg-...@ietf.org" <rtg-...@ietf.org> X-Mailman-Version: 3.3.9rc6 Precedence: list Subject: [bess] Re: My comments on draft-ietf-bess-evpn-bfd (was:: [RTG-DIR]Re: [EXTERNAL] Rtgdir early review of draft-ietf-bess-evpn-bfd-07) List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org> Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/L-V40mAiRnl_PpD_8KFnLxoDuF8> Donald and all, More of the same. As I see it, BFD for known unicast network layer in EVPN-MPLS can be considered as a special case of MPLS LSPs from the OAM POV. Therefore, I have looked up Section 4 of RFC 5884<https://datatracker.ietf.org/doc/html/rfc5884#section-4><http://5884%3Chttps//datatracker.ietf.org/doc/html/rfc5884#section-4%3E> which defines theory of operations for BFD of MPLS LSPs. GVP+DE-1> Accepted, We have added text in Sec 3 to clarify the aspect of avoiding false detection. This document says, (among other things, the relevant text is highlighted): To use BFD for fault detection on an MPLS LSP, a BFD session MUST be established for that particular MPLS LSP. BFD Control packets MUST be sent along the same data path as the LSP being verified and are processed by the BFD processing module of the egress LSR. If the LSP is associated with multiple FECs, a BFD session SHOULD be established for each FEC. For instance, this may happen in the case of next-hop label allocation. Hence, the operation is conceptually similar to the data plane fault detection procedures of LSP Ping. To me this strongly suggests that, in the case of per MAC-VRF (or per MAC/VRF/BD) label allocation, a dedicated BFD session SHOULD be established for each specific MAC address that has been locally learned by this MAC-VRF/BD (because each MAC address represents a dedicated FEC). GVP+DE-1> While this is highly desirable, it may not be practical to run one BFD session per MAC address given the number of MAC addresses learnt by each PE. The implementation(s) I am aware of, establish one BFD session for selected VNIs. Also, please see below about the usage of MAC addresses. My 2c, Sasha From: Alexander Vainshtein Sent: Sunday, October 13, 2024 2:16 PM To: Donald Eastlake <d3e...@gmail.com><mailto:<d3e...@gmail.com>> Cc: bess@ietf.org<mailto:bess@ietf.org>; draft-ietf-bess-evpn-bfd....@ietf.org<mailto:draft-ietf-bess-evpn-bfd....@ietf.org>; rtg-...@ietf.org<mailto:rtg-...@ietf.org>; rtg-...@ietf.org<mailto:rtg-...@ietf.org> Subject: My comments on draft-ietf-bess-evpn-bfd (was:: [RTG-DIR]Re: [EXTERNAL] Rtgdir early review of draft-ietf-bess-evpn-bfd-07) Importance: High Donald, Lots of thanks for your email and, again, my apologies for a delayed response. My original comment on the EVPN-BFD draft<https://mailarchive.ietf.org/arch/msg/bess/dkQWy6jSzra_QXoGgEh0iBFhxWQ/><http://draft%3Chttps//mailarchive.ietf.org/arch/msg/bess/dkQWy6jSzra_QXoGgEh0iBFhxWQ/%3E> included the following: · The underlay failures such as link failures, P and PE node failures etc.) should be monitored by their own monitoring mechanisms and should be quite aggressive for fast detection of failure and activation of the relevant protection mechanisms GVP+DE-1> Agreed · EVPN Network Layer OAM should be limited to detecting failures in programming the labels/VNI advertised in various EVPN routes. Such failures can occur, but hardly require fast monitoring mechanisms and EVPN LSP Ping (RFC 9489) already provides an on-demand OAM mechanism for detecting such failures GVP+DE1> I beg to differ, there are various failure scenarios (link, node, Route processor failures within a node) that require a continuous monitoring of the programming of labels/VNI both at imposition and disposition. This is not the same as monitoring the> underlying transport (LSP). Also please note the draft also supports VXLAN and I don't think there is an "LSP Ping" equivalent for VXLAN. · It is not clear when a specific BFD session is set up, and at what granularity (per MAC address? Per EVI? Per EVI Ethernet Tag> for EVI that implements VLAN-aware Bundle service interface ?) GVP+DE-1> The draft provides a mechanism to monitor the finest granular level (a single MAC). However, in reality monitoring an EVI (using a standard MAC address as requested by the draft) is sufficient. Please note that the BFD over VxLAN RFC8971 already has a MAC address allocated. This can be reused. Currently 6.2.1 of the draft proposes the allocation of a MAC address. While a single MAC address is cheap to allocate, it is better to use the existing one. Please look at the last paragraph of Section 4 of the draft) give a reasonable indication of when a BFD session is set up? (Except that I think the verbiage about "priority" is meaningless and should be removed.). "Once a PE node knows a unicast route and discriminator for another PE node and if it is the higher priority of the two PE nodes to initiate BFD and is configured to do so, it endeavors to bring UP and maintain a BFD session to that other PE node. The BFD session is brought down if a PE node is no longer configured to maintain it or if a route and discriminator are no longer available." · Encapsulation of the BFD packets defined in Sections 6.1.1 and 6.2.1 include a VAN ID field, but the draft does not specify how the value of this VLAN ID is defined. GVP+DE-1> This is now not mandatory. For BFD encapsulation, I am not sure the VLAN tag is needed in either Figure 2 or 3 in the draft. I think it should be labeled as "optional". I don't think intermediate P nodes would see the VLAN IDand priority code point and, once it is delivered to the destination PE, they don't matter any more. I do not think that any of these comments has been addressed in the 08 version of the draft. I can add that “excessively fast” detection of failures in programming the labels/VNI advertised in various EVPN routes may easily result in “false positives”. Please consider the scenario in which: 1. A certain MAC address has been locally learned by a certain PE and advertised in RT-2 2. A remote PE has, based on this advertisement, has initiated a fast (detection time of tens of milliseconds) EVPN BFD session with the advertising PE for this MAC address GVP+DE1> Fast BFD seems more appropriate for the Transport/Link Layers (between adjacent P's or P<->PE) than the Network Layer. 3. The MAC address in question is now aged out, and the original advertising PE withdraws its RT-2 for this MAC address 4. The remote PE detects failure of its fast EVPN BFD session for this MAC address before it receives and handles withdrawal of the original RT-2. The obvious way to avoid such “false positives” would be to slow down detection of failures to the rate comparable with that of propagation of EVPN routes – but the, why should we use BFD? GVP+DE-1> With the usage of IANA MAC (well-known), this scenario is not possible as a MAC move for a well-known MAC is not a valid scenario. I also think that the claim (in the Introduction section of the -08 draft) that “EVPN service restoration mechanisms (redundancy and recovery/convergence) are the most logical clients, in the [RFC5882] sense, for BFD sessions specified herein” is not justified because the draft does not specify how the former (EVPN recovery mechanisms) could be aware of existence of EVPN-BFD sessions. A good example of describing the relationship between the BFD sessions of a specific flavor and its client application can be found in Section 3 of RFC 7130<https://datatracker.ietf.org/doc/html/rfc7130#section-3><http://7130%3Chttps//datatracker.ietf.org/doc/html/rfc7130#section-3%3E>. GVP+DE-1> Please see updated sec3 of this draft. Finally, I do not think that using the UDP Port number that has been allocated for 1-hop IP BFD is a valid proposal. AFAIK, every other BFD Flavor that used IP/BFD encapsulation uses its own UDP Port number, and I do not see any reason for breaking this tradition. I am adding the BFD WG to the distribution list. GVP+DE-1> We have no problem asking for a new UDP port number. but we do not see major issues with reusing the existing port number as well. Hopefully, these notes will be useful. GVP+DE-1> Yes, thank you once again. Regards, Sasha From: Donald Eastlake <d3e...@gmail.com<mailto:d3e...@gmail.com>> Sent: Wednesday, October 9, 2024 12:56 AM To: Alexander Vainshtein <alexander.vainsht...@rbbn.com<mailto:alexander.vainsht...@rbbn.com>> Cc: bess@ietf.org<mailto:bess@ietf.org>; draft-ietf-bess-evpn-bfd....@ietf.org<mailto:draft-ietf-bess-evpn-bfd....@ietf.org>; rtg-...@ietf.org<mailto:rtg-...@ietf.org> Subject: [RTG-DIR]Re: [EXTERNAL] Rtgdir early review of draft-ietf-bess-evpn-bfd-07 Hi Sasha, On Sun, Oct 6, 2024 at 5:47 AM Alexander Vainshtein <alexander.vainsht...@rbbn.com<mailto:alexander.vainsht...@rbbn.com>> wrote: > > Hi Donald, > > My apologies for a much-delayed response to your email. No problem, I have not always been swift in responding... > I am now reading the -08 version of the draft, and I will send a detailed response based on this document. > > At the same time, I would like to bring to your attention my detailed comments on the -07 version of the draft which I have asked to consider as any other LC comments on the draft. Thanks for reminding me of those comments. > I cannot yet say whether the -08 version addresses these comments or not. In general, I think it does not address all of those comments. On one particular item, I believe you suggest considering LSP Ping rather than BFD. When I was added as a co-author on this draft, it was already oriented to BFD and it has remained so. I believe you are the only one who has posted on the BESS list suggesting a change to LSP Ping. It would be nice if a few other people would chime in. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com<mailto:d3e...@gmail.com> > Regards, > > Sasha > > > > From: Donald Eastlake <d3e...@gmail.com<mailto:d3e...@gmail.com>> > Sent: Monday, September 30, 2024 6:54 PM > To: Alexander Vainshtein <Alexander.Vainshtein=40rbbn....@dmarc.ietf.org<mailto:Alexander.Vainshtein=40rbbn....@dmarc.ietf.org>> > Cc: Mohamed Boucadair <mohamed.boucad...@orange.com<mailto:mohamed.boucad...@orange.com>>; bess@ietf.org<mailto:bess@ietf.org>; draft-ietf-bess-evpn-bfd....@ietf.org<mailto:draft-ietf-bess-evpn-bfd....@ietf.org>; rtg-...@ietf.org<mailto:rtg-...@ietf.org> > Subject: [RTG-DIR]Re: [EXTERNAL] Rtgdir early review of draft-ietf-bess-evpn-bfd-07 > > > > Hi Sasha, > > On Tue, Sep 17, 2024 at 8:27 AM Alexander Vainshtein > <Alexander.Vainshtein=40rbbn....@dmarc.ietf.org<mailto:Alexander.Vainshtein=40rbbn....@dmarc.ietf.org>> wrote: > > > > Mohammed, > > > > Lots of thanks for the review. > > > > I have posted my concerns about the draft in question some time ago, and they are mainly orthogonal to the issues you raise. > > > > However, there is one important point that you are raising and that overlaps, to some extent, with some of my comments. > > > > You have written that you have failed finding “EVPN network layer” in 7432 or 7432bis, and your guess is that the authors may refer to the definition in Section 2.1 of RFC 9062. > > Yes, the draft does intend to refer to the network layer specified in > Section 2.1 of RFC 9062 and hopefully that is clearer in the latest > revision of the draft. > > > But I think that the real question here should be whether EVPN network layer exists at all, and, if yes, whether it could be monitored using BFD. > > Well, it seems to me that PEs exist and the paths between PEs that are > used by EVPN exist and it can be useful to monitor those paths. It is > convenient to have some name to use for the set of such paths. Is > there some name you would prefer to "network layer"? It also seems to > me that it can be monitored with BFD but it could be monitored in > other ways. > > > Quoting from Section 9.2.1 of RFC 7432 (the relevant text is highlighted): > > > > > > A PE may advertise the same single EVPN label for all MAC addresses > > in a given MAC-VRF. This label assignment is referred to as a per > > MAC-VRF label assignment. Alternatively, a PE may advertise a unique > > EVPN label per <MAC-VRF, Ethernet tag> combination. This label > > assignment is referred to as a per <MAC-VRF, Ethernet tag> label > > assignment. As a third option, a PE may advertise a unique EVPN > > label per <ESI, Ethernet tag> combination. This label assignment is > > referred to as a per <ESI, Ethernet tag> label assignment. As a > > fourth option, a PE may advertise a unique EVPN label per MAC > > address. This label assignment is referred to as a per MAC label > > assignment. All of these label assignment methods have their > > trade-offs. The choice of a particular label assignment methodology > > is purely local to the PE that originates the route. > > > > > > This is definition is re-phrased (without any change in the semantics) in Section 9.2.1 of 7432bis as following: > > > > > > The choice of a particular label assignment methodology is purely local to the PE that originates the route :¶ > > · A PE may advertise the same single EVPN label for all MAC addresses in a given MAC-VRF. This label assignment is referred to as a per MAC-VRF label assignment. > > · Alternatively, a PE may advertise a unique EVPN label per <MAC-VRF, Ethernet tag> combination. This label assignment is referred to as a per <MAC-VRF, Ethernet tag> label assignment. > > · As a third option, a PE may advertise a unique EVPN label per <ESI, Ethernet tag> combination. This label assignment is referred to as a per <ESI, Ethernet tag> label assignment. > > · As a fourth option, a PE may advertise a unique EVPN label per MAC address. This label assignment is referred to as a per MAC label assignment. > > All of these label assignment methods have their trade‑offs. An assignment per MAC-VRF label requires the least number of EVPN labels but requires a MAC lookup in addition to an MPLS lookup on an egress PE for forwarding. On the other hand, a unique label per <ESI, Ethernet tag> or a unique label per MAC allows an egress PE to forward a packet that it receives from another PE to the connected CE, after looking up only the MPLS labels without having to perform a MAC lookup. This includes the capability to perform appropriate VLAN ID translation on egress to the CE. > > > > > > In both cases 4 (four) different options for allocating labels carried in the Label1 field of the NLRI of EVPN Type 2 routes are listed, and 7432bis explains that each of these options has its own trade-offs. > > > > > > At the same time, Section 2.3 EVPN Network Layer OAM” of RFC 9062 says: > > > > EVPN Network OAM is visible to the PE nodes only. This OAM layer is analogous to Virtual Circuit Connectivity Verification (VCCV) [RFC5085] in the case of VPLS/VPWS. It provides mechanisms to check the correct operation of the data plane as well as a mechanism to verify the data plane against the control plane. This includes the ability to perform fault detection and diagnostics on:¶ > > · the MP2P tunnels used for the transport of unicast traffic between PEs. EVPN allows for three different models of unicast label assignment: label per EVI, label per <ESI, Ethernet Tag>, and label per MAC address. In all three models, the label is bound to an EVPN Unicast Forwarding Equivalence Class (FEC). EVPN Network OAM MUST provide mechanisms to check the operation of the data plane and verify that operation against the control plane view. > > > > > > This text is slightly inconsistent with the text in 7432/7432bis (one of the four options of the latter is missing in the former). But in any case, the “EVPN network layer” in the specific PE may be associated not just with a specific MAC-VRF (or with a specific BD within a MAC-VRF) but with a specific NAC-VRF, locally attached Ethernet Segment} pair or even with a specific <MAC-VRF, locally learned MAC address> pair. > > An Errata should be filed against RFC 9062. Do you want to do this or should I? > > > And this raises a question about the number of EVPN BFD sessions that could be required to monitor such EVPN Network layer. > > If there are a vast number of logically distinct paths used by EVPN > between PEs, then monitoring them all may be impractical. > > > Hope these notes will be useful. > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 2386 Panoramic Circle, Apopka, FL 32703 USA > d3e...@gmail.com<mailto:d3e...@gmail.com> > > > Regards, > > > > Sasha > > > > > > > > From: Mohamed Boucadair via Datatracker <nore...@ietf.org<mailto:nore...@ietf.org>> > > Sent: Monday, September 16, 2024 5:56 PM > > To: rtg-...@ietf.org<mailto:rtg-...@ietf.org> > > Cc: bess@ietf.org<mailto:bess@ietf.org>; draft-ietf-bess-evpn-bfd....@ietf.org<mailto:draft-ietf-bess-evpn-bfd....@ietf.org> > > Subject: [EXTERNAL] [RTG-DIR]Rtgdir early review of draft-ietf-bess-evpn-bfd-07 > > > > > > > > Reviewer: Mohamed Boucadair > > Review result: Has Issues > > > > Hi authors, > > > > Thanks for the effort put into this document. > > > > Overall, the document reads well. The specification leverages existing > > specifications with exceptions called out it in the document. This approach > > seems reasonable, but there are some issues that need to be fixed. These are > > highlighted in the detailed review (see below). A subset of them are > > highlighted hereafter: > > > > # Better position the document: For example, I failed to find this "network > > layer" defined in RFC7432 or 7432bis. I think that you are referring to the > > layering in 2.1 of 9062. For example, you can consider adding a sentence in the > > introduction about 2.1 of 9062 to position the layer you are considering. > > > > # 7432 or 7432bis: Any reason why the bis is cited explicitly here? Are there > > parts of the spec that are not applicable to 7432? I don't think so, but it is > > better clarify this in the doc rather than leaving the readers guess. > > > > # "future versions of this document" vs "other documents": The document says in > > several places that "It is intended to address this in future versions of this > > document.". The intended scope should be clarified. > > > > # Internal inconsistency: > > > > ## The document refers to TBD3 and cites Section 8, but there is no such > > definition in the IANA section ## The document cites "dedicated unicast MAC" > > and "dedicated multicast MAC" but these are not defined in the document. > > > > ## RFC 9026 > > > > Previous sections state that 9026 is not mandatory and other mechanisms can be > > used. However, Section This text seems to assume that it is always used: > > > > "It also contains a BFD Discriminator > > Attribute [RFC9026] with BFD Mode TDB4 giving the BFD discriminator > > that will be used by the tail. > > " > > > > (note that s/TDB4/TBD2) > > > > # Redundant requirements: For example, the document says > > > > " The mechanisms specified in BFD for MPLS LSPs [RFC5884] [RFC7726] and > > BFD for VXLAN [RFC8971] are, except as otherwise provided herein, > > applied to test loss of continuity for unicast EVPN traffic. > > " > > but then > > > > " Once the BFD session is UP, the ends of the BFD session MUST NOT > > change the local discriminator values of the BFD Control packets they > > generate, unless they first bring down the session as specified in > > [RFC5884]. > > " > > > > the intended behavior vs "local discriminator values" here is redundant with > > this part in Section 7 of 5884: > > > > "Note that once the BFD session for the MPLS LSP is UP, either end of the BFD > > session MUST NOT change the source IP address and the local discriminator > > values of the BFD Control packets it generates, unless it first brings down the > > session." > > > > No? > > > > # Detailed review can be found here, fwiw: > > > > * pdf: > > https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.pdf<https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.pdf><https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.pdf%3Chttps://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.pdf%3E> > > * doc: > > https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.doc<https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.doc><https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.doc%3Chttps://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2024/draft-ietf-bess-evpn-bfd-07-rev%20Med.doc%3E> > > > > Feel free to grab whatever you think useful. > > > > Hope this helps. > > > > Cheers, > > Med > > > > > >
_______________________________________________ BESS mailing list -- bess@ietf.org To unsubscribe send an email to bess-le...@ietf.org
