Les, Thanks for the updated draft.
IINM, you have not answered my below email/proposal. I had waited for the new version of the draft but it also does not touch this subject. So, could you please consider and answer my comment? In short, in an implementation-independent sentence: > I'm wondering if we could address the conflict on a per FEC/Prefix basis > rather than on a per IGP advertisement (range) basis. > If so, this may avoid the discussion between the Quarantine vs ignore policy. Thanks Bruno From: spring [mailto:spring-boun...@ietf.org] On Behalf Of bruno.decra...@orange.com Sent: Wednesday, May 18, 2016 1:57 PM To: Les Ginsberg (ginsberg); spring@ietf.org Subject: Re: [spring] draft-ietf-spring-conflict-resolution - Policy Les, Please see inline [Bruno] From: Les Ginsberg (ginsberg) [mailto:ginsb...@cisco.com] Sent: Sunday, May 15, 2016 12:41 AM To: DECRAENE Bruno IMT/OLN; spring@ietf.org<mailto:spring@ietf.org> Subject: RE: draft-ietf-spring-conflict-resolution - Policy Bruno - I am having difficulty parsing the examples you provide below as they seem to incorporate advertisement source into the description whereas the draft deliberately omits source. [Bruno] My text does not incorporate the source, but the type of source IOW the type of sub-TLV. So it does not matter if R2 sends an advertisement or R12 sends advertisement or both of them do (which could happen when an advertisement is leaked) - what matters is what unique entries are in the database independent of source. [Bruno] It may not matter for your algorithm (pending another thread), but it does for the one I proposed. It would be good if you could present your examples using the format defined in the draft i.e.: [Bruno] My examples are described in plain text. Then the examples giving intermediate steps of my algo uses the data that are needed i.e. the type of advertisement (Prefix-SID vs MS). Then finally, my algo runs on a per FEC/IP Prefix basis, and not on a per IGP advertisement basis which your format describe. So I'm sorry but I don't see how to indulge your request. Pi - Initial prefix Pe - End prefix L - Prefix length Lx - Maximum prefix length (32 for IPv4, 128 for IPv6) Si - Initial SID value Se - End SID value R - Range value T - Topology A - Algorithm A Mapping Entry is then the tuple: (Pi/L, Si, R, T, A) Pe = (Pi + ((R-1) << (Lx-L)) Se = Si + (R-1) Example: (192.0.2.120/32, 200, 1, 0, 0) As regards your proposal - Find all SIDi advertised for the prefix P1 // identification of Prefix conflicts - For each SIDi find all the prefix Pij associated with SIDi // identification of SID conflicts Get the best as per the preference algorithm. If best Pij == P1 then use SIDij for P1 else return no SID this to me specifies an implementation - which isn't necessary. [Bruno] Well, _you_ are the one talking about implementation, and more specifically implementation complexity. Assuming the above algo works, it looks relatively simple to implement, in which case, I would not buy the argument about implementation complexity which is the only argument in favor or the "ignore" or "quarantine" policy. Bottom line, I would welcome your feedback and comments on this proposed algo/policy. Thanks, Regards, -- Bruno However, there is one important point which has not been specified in the draft which reading your post has brought to my attention - that is the order in which checks are made. The draft states: "Prefix conflicts are specific to mapping entries sharing the same topology and algorithm." "SID conflicts are independent of address-family, independent of prefix len, independent of topology, and independent of algorithm." If we consider an example where a network supports two VPNs, the significance of ordering in the evaluation of conflicts will be highlighted: VPN1: (192.0.2.1/32, 100, 1, 1, 0) (192.0.2.1/32, 200, 1, 1, 0) VPN2: (192.0.2.100/32, 200, 1, 2, 0) If we evaluate prefix conflicts first, then the following entries are "active": (192.0.2.1/32, 100, 1, 1, 0) !VPN1 (192.0.2.100/32, 200, 1, 2, 0) !VPN2 If we evaluate SID conflicts first, then the following entries are "active": (192.0.2.1/32, 100, 1, 1, 0) !VPN1 The latter choice is suboptimal because it prevents use of the VPN2 entry unnecessarily. This point needs to be made explicit in the draft. Les From: spring [mailto:spring-boun...@ietf.org] On Behalf Of bruno.decra...@orange.com<mailto:bruno.decra...@orange.com> Sent: Thursday, May 12, 2016 8:23 AM To: spring@ietf.org<mailto:spring@ietf.org> Subject: [spring] draft-ietf-spring-conflict-resolution - Policy Hi authors, all As an individual contributor, please find below some feedback on the policy. I'm wondering if we could address the conflict on a per FEC/Prefix basis rather than on a per IGP advertisement basis. If so, this may avoid the discussion between the Quarantine vs ignore policy. The problem that we need to solve, is to find the SID for a prefix (P1). The algo could be: - Find all SIDi advertised for the prefix P1 // identification of Prefix conflicts - For each SIDi find all the prefix Pij associated with SIDi // identification of SID conflicts // as a result, we get a list of SIDi - Pij for P1 Get the best as per the preference algorithm. If best Pij == P1 then use SIDij for P1 else return no SID / no SID available for this prefix P1 Note that it would probably be better for the preference algo to put the SID tie-brake before the prefix tie-break as with the prefix tie-break, we suffer from the conflict twice (Prefix - SID mapping, then SID- prefix mapping) which increase the diversity and hence the chance of not finding a valid entry. But for the below examples, I used the preference algo from draft-ietf-*-00 Below are examples, running this policy on typical configuration error cases. Examples 3.4.4. Network operation Consider the following simple network example: 1. 100 nodes: R1 to R100; 2. IP Loopbacks are from 192.0.2.1 to 192.0.2.100: 3. SID are from 1 to 100; 4. R1 to R50 are SR capable and advertised their own SID using Prefix-SID sub-TLV; 5. R51 to R100 are SR non-capable, running LDP and their SID are advertised by two redundant Mapping Server MS1 and MS2; 6. As the number of nodes which are SR capable are expected to increase and as in real deployment their Loopback addresses would no the contiguous, the Mapping servers advertisement covers all Loopbacks: (192.0.2.1/32, 1, 100); Subsequent sections evaluate the consequences of a single configuration error, for all conflict resolution options. 3.4.4.1. Example 1: SID configured on 1 node conflict with SID configured on another node Following a typo during configuration, R2 is configured with a SID of 12. That SID conflicts with the Prefix-SID advertised by R12 and the Mapping Server Advertisement for R12. Note: both MS advertisement are the same, so we only consider one in the below analysis. All prefix but R2 and R12, a single SID is advertised and hence selected. For R2, the algo evaluates a conflict between the following advertisments: R2 - SID2 - R2 (MS, MS) R2 - SID12 - R12 (prefix SID, MS) R2 - SID12 - R2 (prefix SID, prefix SID) Best one is R2 - SID12 - R2 (smaller range (prefix SID),smaller range (prefix SID)) ==> SID12 is selected for R2. For R12, the algo evaluates a conflict between the following advertisments: R12 - SID12 - R12 (prefix SID, prefix SID) R12 - SID12 - R2 (prefix SID, prefix SID) R12 - SID12 - R12 (prefix SID, MS) R12 - SID12 - R2 (MS, prefix SID) R12 - SID12 - R12 (MS, MS) Best one is R12 - SID12 - R2 (smaller range (prefix SID),smaller range (prefix SID), smaller starting adresse (R2)) R12 <> R2 ==> R12 has no SID. 3.4.4.2. Example 2: SID configured on 1 node conflict with SID configured on the Mapping Server Following a typo during configuration, R2 is configured with a SID of 52. That SID conflicts with the Mapping Server advertisements of MS1 and MS2 for the loopback of R52. Note: both MS advertisement are the same, so we only consider one in the below analysis. All prefix but R2 and R52, a single SID is advertised and hence selected. For R2, the algo evaluates a conflict between the following advertisments: R2 - SID52 - R2 (prefix SID, prefix SID) R2 - SID52 - R52 (prefix SID, MS) R2 - SID2 - R2 (MS, MS) Best one is R2 - SID52 - R2 (smaller range (prefix SID),smaller range (prefix SID)) ==> SID52 is selected for R2. For R52, the algo evaluates a conflict between the following advertisments: R52 - SID52 - R52 (MS, MS) R52 - SID52 - R2 (MS, prefix SID) Best one is R52 - SID52 - R2 (smaller range (prefix SID)) R52 <> R2 ==> R52 has no SID. 3.4.4.3. Example 3: wrong configuration of a MS Following a typo during configuration, MS1 is configured (192.0.2.0/32, 1, 100). (i.e. 192.0.2.0 instead of 192.0.2.1). That advertisement conflicts with the Mapping Server advertisements of MS2 and the Prefix-SID advertised by R1...R50. We have a conflict for all routers except R100. For LDP only routers R51 to R99 we have a conflict between both MS advertisement. For R52, the algo evaluates a conflict between the following advertisments: R52 - SID52 - R52 (MS2, MS2) R52 - SID52 - R51 (MS2, MS1) R52 - SID53 - R52 (MS1, MS1) R52 - SID53 - R53 (MS1, MS2) Best one is R52 - SID52 - R51 (smaller starting address) R52 <> R51 ==> R52 has no SID. For SR routers, R1 to 50, we have a conflict between both MS advertisement and Prefix SID advertisements. For R2, the algo evaluates a conflict between the following advertisments: R2 - SID 2 - R2 (Prefix SID, Prefix SID) R2 - SID 2 - R2 (Prefix SID, MS2) R2 - SID 2 - R1 (Prefix SID, MS1) R2 - SID 2 - R2 (MS2, MS2) R2 - SID 2 - R2 (MS2, Prefix SID) R2 - SID 2 - R1 (MS2, MS1) R2 - SID 3 - R2 (MS1, MS1) R2 - SID 3 - R3 (MS1, MS2) R2 - SID 3 - R3 (MS1, Prefix SID) Best one is R2 - SID 2 - R2 (Prefix SID, Prefix SID) R2 == R2 hence R2 use SID2. Regards, Bruno _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
_______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
