Re: [GROW] The automatic policy exchange by draft-ietf-idr-rpd-05.txt can be used for draft-ietf-rtgwg-net2cloud-gap-analysis
Robert, Thank you very much for the explanation. “new BGP Transport Instance with new separate port and separate process”, very interesting perspective. But draft-raszuk-ti-bgp-01 was written 10 years ago. Is it still valid and worth pursuing? Thank you Linda From: Robert Raszuk Sent: Sunday, July 26, 2020 5:23 PM To: Linda Dunbar Cc: Lizhenbin ; Jakob Heitz (jheitz) ; i...@ietf.org; grow@ietf.org grow@ietf.org ; rt...@ietf.org Subject: Re: The automatic policy exchange by draft-ietf-idr-rpd-05.txt can be used for draft-ietf-rtgwg-net2cloud-gap-analysis Hi Linda, So are you suggesting that this new SAFI is to be sent on EBGP too ?? Whow ... Note BGP is not too secure transport ! I would never allow any peer to push me policy via eBGP to my ASBRs regardless how much I would trust it. That aside I think no one is questioning that overall this is nice to have BGP policy distributed in a dynamic way. We are however concerned in three planes ... Aspect #1 - BGP is p2mp and information and encoding (NLRI) here clearly make this proposal p2p. And no Robin p2p is not a special case of p2mp :) Aspect #2 - This proposal adds additional burden to IP Routing BGP subsystem and its clear that if approved there will be more and more extensions to new MATCH and SET sub-TLVs coming. While it is easy to write a draft that at the end requires a serious commitment from any vendor to now turn BGP into configuration channel. That means overall more cycles spend and more burden on BGP dev teams. Aspect #3 - The proposal has lots of technical issues (as described) which can not just be swapped under the carpet. My recommendations (in order of preference): *1* Turn proposed sub-TLVs into JSON and use HTTPS PUT, GET & DELETE along with real time response status codes to send required policy over targeted TCP sessions just using curl to remote ASBRs. Note all vendors today support RESTful commands or httpd on the routers. Some already even support JSON based BGP configuration for some time now (ex: NX-OS). *2* At least decouple it from routing BGP - support new BGP Transport Instance with new separate port and separate process. Whenever we need to use such protocol (call it Configuration Transport Protocol "CTP") for loop free information dissemination such isolation could deliver what you are really after with no impact to stability of IP routing. Ref: https://tools.ietf.org/html/draft-raszuk-ti-bgp-01<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-raszuk-ti-bgp-01&data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cfc692e6f8ad641dd5b9908d831b27afd%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637313989929483251&sdata=t6YI2%2BYcngtpCMJ3d%2BSFAkuffeGFW236zvXIZsd7cA8%3D&reserved=0> Thx, R. On Sun, Jul 26, 2020 at 11:53 PM Linda Dunbar mailto:linda.dun...@futurewei.com>> wrote: Robert, Jakob, etc. Thank you very much for detailed explanation of the issues. One of the points you all raised is that p2p policies should be administrated by controller via NETCONF. https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-gap-analysis/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-rtgwg-net2cloud-gap-analysis%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cfc692e6f8ad641dd5b9908d831b27afd%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637313989929483251&sdata=ESJ%2BqmxEnlpAq32P3H3WxrkWzFIN863%2F7bKtucFdTrg%3D&reserved=0> describes a scenario of one vCPE in cloud DC reachable by multiple PEs. Depending on the nature of the applications or/and network conditions, some applications may need to egress or ingress from PE1, others may need to egress or ingress from PE2. Today’s Cloud DC configuration can use the AS Path metric to influence the preferred path to/from a specific PEs. But requires manual configuration. After reading through the draft-ietf-idr-rpd-05, I think the automatic approach can make the change on demand. The policy change can be ephemeral. Therefore, if one side doesn’t implement the feature, the “spray” doesn’t have any impact. The traffic egress or ingress to the peer network would just go with the configuration. If the “spray” is answered, then the performance can be improved. [cid:image001.jpg@01D66381.DF851460] If not using the automatic method proposed by draft-ietf-idr-rpd, do you have other suggestions? Thank you very much. Linda Dunbar From: Robert Raszuk mailto:rob...@raszuk.net>> Sent: Friday, July 24, 2020 2:50 PM To: Linda Dunbar mailto:linda.dun...@futurewei.com>>; Lizhenbin mailto:lizhen...@huawei.com>> Cc: Jakob Heitz (jheitz) mailto:jhe...@cisco.com>>; i...@ietf.org<mailto:i...@ietf.org>; grow@ietf.org<mailto:grow@ietf.org> grow@ietf.org<mailto:grow@ietf.org> mailto:grow@ietf.org>> Subject: Re: [Idr] WG LC on draft-ietf-idr-rpd-05.
[GROW] The automatic policy exchange by draft-ietf-idr-rpd-05.txt can be used for draft-ietf-rtgwg-net2cloud-gap-analysis
Robert, Jakob, etc. Thank you very much for detailed explanation of the issues. One of the points you all raised is that p2p policies should be administrated by controller via NETCONF. https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-gap-analysis/ describes a scenario of one vCPE in cloud DC reachable by multiple PEs. Depending on the nature of the applications or/and network conditions, some applications may need to egress or ingress from PE1, others may need to egress or ingress from PE2. Today’s Cloud DC configuration can use the AS Path metric to influence the preferred path to/from a specific PEs. But requires manual configuration. After reading through the draft-ietf-idr-rpd-05, I think the automatic approach can make the change on demand. The policy change can be ephemeral. Therefore, if one side doesn’t implement the feature, the “spray” doesn’t have any impact. The traffic egress or ingress to the peer network would just go with the configuration. If the “spray” is answered, then the performance can be improved. If not using the automatic method proposed by draft-ietf-idr-rpd, do you have other suggestions? Thank you very much. Linda Dunbar From: Robert Raszuk Sent: Friday, July 24, 2020 2:50 PM To: Linda Dunbar ; Lizhenbin Cc: Jakob Heitz (jheitz) ; i...@ietf.org; grow@ietf.org grow@ietf.org Subject: Re: [Idr] WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020) Linda, It seems that authors of this document are strongly pushing to pass the last call irrespective of observations made by WG. As said before and as reiterated by Jakob and Ketan BGP is not the right tool for p2p config push. We must stop adding such extensions to BGP like this one or BGP-LS or SR Policies if we really want to keep routing at some proper stability levels. But even if you would convince everyone in IDR that this is all great the draft itself is so immature that I can't imagine why are we discussing last call at this time. * Please observe that BGP state is ephemeral. When BGP sessions resets all state previously distributed is gone (modulo GR ...) Is the expectation here that state distributed by this new SAFI will persists ? If so for how long ? If not have you even considered the initial churn ? * We have hooks to make sure LDP and IGP play in concert with BGP reachability. Would we need to now add to also wait for BGP policy to be received from controllers ? * We have spent fair amount of time to make sure GR works well. Do you expect to now GR to recognize all policy parameters and sync deltas locally upon BGP sessions restarts ? * Do you expect BGP implementations to now get busy with understanding all BGP policies syntax and semantics not in current terms how they are send or received in BGP UPDATEs but how they are applied implementation by implementation ... * What happens when some implementation does not allow some policy defined in the draft ... for example flexible AS_PATH creation as defined in AS-Path Change sub-TLV ? Note that this section alone is catastrophic for BGP protocol to allow insertion of more then your own ASN into AS-PATH. Just looking at this alone should be enough to reject this draft. And there are many many more real issues with this proposal See when document has low adoption bar it does not mean that it will also have the same low bar to progress it :) Kind regards, R. PS. Let me cc GROW WG here as I think more operational review and comments would be highly valuable at this point. On Fri, Jul 24, 2020 at 6:28 PM Linda Dunbar mailto:linda.dun...@futurewei.com>> wrote: Jakob, Comparing Netconf with BGP is not apple to apple comparison. I remember a few years ago that Netconf advocators have claimed that Netconf can replace PCE, replace BGP, replace xx, … After many years debate, many of the Netconf limitations have been acknowledged, that is why PCE still exists, so does BGP. Other comments are inserted below: From: Jakob Heitz (jheitz) mailto:jhe...@cisco.com>> Sent: Thursday, July 23, 2020 5:37 PM To: Linda Dunbar mailto:linda.dun...@futurewei.com>>; i...@ietf.org<mailto:i...@ietf.org> Subject: RE: WG LC on draft-ietf-idr-rpd-05.txt (7/15 to 7/29/2020) Netconf provides needed features that BGP does not have: - Atomic Transactions: If one configuration item fails, they all fail. They all either succeed or all fail. There is no partial success. Multiple configurations in one transaction are applied at the same time. . This avoids non-deterministic transient behavior between application of the first policy and the last. [Linda] Just like Routes Advertisement, receivers can improperly install the routes into their RIB/FIB. BGP has been running for over 3 decades. Those who don’t implement correctly eventually fix their bugs. If the Policies sent to peers are not enforced as the RPD is asking for, traffic might be sent to non-preferred li
Re: [GROW] Genart last call review of draft-ietf-grow-bmp-adj-rib-out-05
Tim, Thank you very much for the changes. Your newly proposed texts are very clear. Linda -Original Message- From: Gen-art On Behalf Of Tim Evens (tievens) Sent: Wednesday, June 19, 2019 4:22 PM To: Linda Dunbar ; gen-...@ietf.org Cc: grow@ietf.org; draft-ietf-grow-bmp-adj-rib-out@ietf.org; i...@ietf.org Subject: Re: [Gen-art] Genart last call review of draft-ietf-grow-bmp-adj-rib-out-05 Hi Linda, Thank you so much for your review and comments. Please see response inline marked [tievens]. On 6/14/19, 1:44 PM, "Linda Dunbar via Datatracker" wrote: Summary: The draft updates the BGP Monitoring Protocol BMP by adding access to the Adj-RIB-Out RIBs. There are some unclear areas that need authors to clarify. Major issues: Minor issues: Section 1 last paragraph: It is not clear if BMP sender send to multiple BMP receivers or just to one "BMP receiver". The first part of the sentence says "..send to a BMP receivers", the second part says ".. advertise to BGP peers, .." Suggest to make it consistent, such as sending to multiple, or just one. ".. to send to BMP receivers what it advertises.." [tievens] There are one or more receivers for each sender. The implementation defines how many receivers it can send to. I've updated it to: "Adding Adj-RIB-Out provides the ability for a BMP sender to send to BMP receivers what it advertises to BGP peers, which can be used for outbound policy validation and to monitor RIBs that were advertised." [Linda] Yes, your new text is much more clear. Does a BMP sender also send out Adj-RIB-In? it is not clear to. [tievens] Yes, RFC7854 defines Adj-RIB-In only. How about the below? "BGP Monitoring Protocol (BMP) RFC 7854 [RFC7854] only defines Adj- RIB-In being sent to BMP receivers. This document updates section 4.2 [RFC7854] per-peer header by adding a new flag to distinguish Adj-RIB-In verses Adj-RIB-Out. BMP senders use the new flag to send either Adj-RIB-In or Adj-RIB-Out." [Linda] Thank you for the change. It is very clear now (sorry that I didn't devote time to read the RFC7854). Section 6 first sentence: just curious which BMP messages are NOT applicable to Adj-RIB-In or Adj-RIB-out? If it is specified in other documents, please add a reference. [tievens] How about the below update to clarify some. I didn’t want to create a list of them because it could be different in updated/new drafts. "Many BMP messages have a per-peer header but some are not applicable to Adj-RIB-In or Adj-RIB-Out monitoring, such as peer up and down notficiations." [Linda] thanks. It is very clear now. Nits/editorial comments: Thank you. Linda Dunbar ___ Gen-art mailing list gen-...@ietf.org https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fgen-art&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C71348478589849f9d41b08d6f4fc2b04%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C636965761234078303&sdata=gWj2o%2BUm8nRnYFVqIazO0bKQehhkjQZPsZpP7hXqVlU%3D&reserved=0 ___ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow
[GROW] Genart last call review of draft-ietf-grow-bmp-adj-rib-out-05
Reviewer: Linda Dunbar Review result: Almost Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-grow-bmp-adj-rib-out-?? Reviewer: Linda Dunbar Review Date: 2019-06-14 IETF LC End Date: 2019-06-25 IESG Telechat date: Not scheduled for a telechat Summary: The draft updates the BGP Monitoring Protocol BMP by adding access to the Adj-RIB-Out RIBs. There are some unclear areas that need authors to clarify. Major issues: Minor issues: Section 1 last paragraph: It is not clear if BMP sender send to multiple BMP receivers or just to one "BMP receiver". The first part of the sentence says "..send to a BMP receivers", the second part says ".. advertise to BGP peers, .." Suggest to make it consistent, such as sending to multiple, or just one. ".. to send to BMP receivers what it advertises.." Does a BMP sender also send out Adj-RIB-In? it is not clear to. Section 6 first sentence: just curious which BMP messages are NOT applicable to Adj-RIB-In or Adj-RIB-out? If it is specified in other documents, please add a reference. Nits/editorial comments: Thank you. Linda Dunbar ___ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow