Hi Qin, Please see zzh3> below, and attached diff.
-----Original Message----- From: Qin Wu <[email protected]> Sent: Tuesday, April 27, 2021 9:53 PM To: Jeffrey (Zhaohui) Zhang <[email protected]>; Lenny Giuliano <[email protected]>; [email protected] Cc: [email protected]; [email protected]; [email protected] Subject: RE: Opsdir last call review of draft-ietf-bess-mvpn-msdp-sa-interoperation-05 [External Email. Be cautious of content] Thanks Jeffrey for clarification, I have better understanding on your document. I suggest to add clarity to the text from two perspectives: 1. Highlight the assumption difference between mechanism proposed in RFC6514 and one proposed in this draft, e.g., in this draft, it doesn't require MSDP session to be established between PEs while RFC6514 allows this, that is why we applied different policy on different network elements. Zzh3> The introduction section does clearly state the following: If a PE does advertise MSDP SA messages based on received MVPN SA routes, the VPN-specific MSDP sessions are no longer needed. Zzh3> I added "with other PEs": If a PE does advertise MSDP SA messages based on received MVPN SA routes, the VPN-specific MSDP sessions with other PEs are no longer needed. Zzh3> The policy difference is actually irrelevant here. 2. Clarify only one PE exist in the MSDP mesh group Zzh3> The "PE MSDP mesh group" actually includes all PEs that are either a C-RP or an MSDP peer. Please see below for further information. See comments marked with [Qin2] Zzh3> more responses below. -----邮件原件----- 发件人: Jeffrey (Zhaohui) Zhang [mailto:[email protected]] 发送时间: 2021年4月28日 3:18 收件人: Qin Wu <[email protected]>; Lenny Giuliano <[email protected]>; [email protected] 抄送: [email protected]; [email protected]; [email protected] 主题: RE: Opsdir last call review of draft-ietf-bess-mvpn-msdp-sa-interoperation-05 Hi Qin, Please see zzh2> below for clarifications. -----Original Message----- From: Qin Wu <[email protected]> Sent: Tuesday, April 27, 2021 2:38 AM To: Jeffrey (Zhaohui) Zhang <[email protected]>; Lenny Giuliano <[email protected]>; [email protected] Cc: [email protected]; [email protected]; [email protected] Subject: RE: Opsdir last call review of draft-ietf-bess-mvpn-msdp-sa-interoperation-05 [External Email. Be cautious of content] Hi, Jeffrey: -----邮件原件----- 发件人: Jeffrey (Zhaohui) Zhang [mailto:[email protected]] 发送时间: 2021年4月27日 4:35 收件人: Qin Wu <[email protected]>; Lenny Giuliano <[email protected]>; [email protected] 抄送: [email protected]; [email protected]; [email protected] 主题: RE: Opsdir last call review of draft-ietf-bess-mvpn-msdp-sa-interoperation-05 Hi Qin, Thank you for your review and comments. Let me share a diff to see if it addresses the issues, before I post a revision. Please see zzh> below. -----Original Message----- From: Qin Wu via Datatracker <[email protected]> Sent: Friday, April 23, 2021 11:20 AM To: [email protected] Cc: [email protected]; [email protected]; [email protected] Subject: Opsdir last call review of draft-ietf-bess-mvpn-msdp-sa-interoperation-05 [External Email. Be cautious of content] Reviewer: Qin Wu Review result: Ready Reviewer: Qin Wu Review result: Ready with nits I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes how to convey the RP address information into the MVPN Source Active route using an Extended Community so this information can be shared with an existing MSDP infrastructure. It provides an update to RFC6514. Major issues: None Minor issues: I am wondering how MVPN and MSDP SA Interoperation is back compatible with existing source discovery information dissemination methods? Is there any downside to make MVPN SA and MSDP SA work together. Zzh> There is no downside. The RFC6514 specified MSDP SA -> MVPN SA but is missing the other direction (MVPN SA -> MSDP SA), which causes lots of headache. This document is to add the missing part, as explained in introduction section. Zzh> The only backwards compatibility issue is with a scenario further explained at the end of this message - where PE2 is a legacy PE that does not attach the EC. [Qin]: Thank for clarification, I am little bit worried about this, with the magic policy control, we can solve all the backward compatibility issues,:-) Zzh2> Well at this time we don't foresee other issues 😊 [Qin2]:How about "rpt-spt" mode which is beyond scope of this document. I don't investigate this. Zzh3> Because it is out of scope, it is irrelevant 😊 As the document already says, the MVPN SA routes in the rpt-spt mode are for a different purpose. Section 1: Suggest to add term for GTM, RPT, C-Multicast Zzh> Added. Section 3 When we say MVPN Pes that have one or more MSDP session in a VPN, does this statement contradict with “VPN-specific MSDP sessions are not required among the PEs”? zzh> The MSDP session that the PEs have are with other non-PE MSDP speakers but not among themselves, so it does not contradict with that quoted text. [Qin]:Without your clarification, I feel MVPN PEs will only establish MSDP session with other PEs in a VPN, rather than non-PE MSDP speakers? Can you add text to make this clear? Zzh2> Section 1 does say the following: ... One or more of the PEs, say PE1, either act as a C-RP and learn of (C-S,C-G) via PIM Register messages, or have MSDP sessions with some MSDP peers and <==== learn (C-S,C-G) via MSDP SA messages... [Qin2]: without your clarification or familiar with the context of RFC6514, I will believe MSDP can be either PE2 or non PE elements. [RFC6514] only specifies that a PE receiving the MVPN SA routes, say PE2, will advertise (C-S,C-G) C-multicast routes if it has corresponding (C-*,C-G) state learnt from its CE. PE2 may also have MSDP sessions with other C-RPs at its site, <==== [Qin2]: In the VPN membership context, I will assume C-RPs can be PE1, but of course I am wrong. Zzh2> MVPN PEs establishing MSDP sessions with other non-PE devices is a common practice in RFC6514, so we should not need to call it again. [Qin2]: I think having some text to clarify MSDP peers or C-RPS as MSDP speakers is non-PE elements will have no harm, e.g., OLD TEXT: " The MVPN PEs that act as customer RPs or have one or more MSDP sessions in a VPN (or the global table in case of GTM) are treated as an MSDP mesh group for that VPN (or the global table). In the rest of the document, it is referred to as the PE mesh group. It MUST NOT include other MSDP speakers, and is integrated into the rest of MSDP infrastructure for the VPN (or the global table) following normal MSDP rules and practices. " NEW TEXT: " The MVPN PEs that act as customer RPs or have one or more MSDP sessions with non-PE elements in a VPN (or the global table in case of GTM) are treated as an MSDP mesh group for that VPN (or the global table). In the rest of the document, it is referred to as the PE mesh group. It only have one PE and MUST NOT include other PEs as MSDP speakers, and is integrated into the rest of MSDP infrastructure for the VPN (or the global table) following normal MSDP rules and practices. " Zzh3> Unfortunately the new text is not correct 😊 Zzh3> This document is about a PE treating incoming MVPN SA routes as MSDP SA messages (which triggers outgoing MSDP SA messages to MSDP peers). Therefore, the PEs originating the MVPN SA routes and PEs originating outgoing MSDP SA messages as a result are considered in the same MSDP mesh group (as if they were running MSDP among themselves). That mesh group, referred to as PE mesh group, includes all PEs that "act as customer RPs or have one or more MSDP sessions in a VPN". Zzh3> A PE may have multiple MSDP sessions and mesh groups. Zzh3> This document does assume "familiarity with MVPN and MSDP protocols and procedures", and adding more clarifications will pull in more and more concepts/procedures like a chain reaction, so I'd rather avoid that. Zzh3> Thanks. Zzh3> Jeffrey Section 3 What do you mean other MSDP speaker? Do we assume there is one or only one MSDP speaker in the MSDP mesh group? How MSDP speaker is different from MSDP peer? Do you mean there is no session to be established between MSDP peer? Zzh> MSDP sessions are established among MSDP speakers/peers. The text here means that the MVPN PEs that are running MSDP (with sessions to other non-PEs) form a mesh group and that group does not include other MSDP peers that are not PEs. [Qin]:Confused, the first half sentence said the MSDP session is established between PE and non-PEs, the second half sentence said the group does not include non-PE as MSDP peers? Are you saying in the second half sentence that the group only include other MSDP peers that are not PEs? Zzh2> Correct. The text says that the mesh group includes PEs "that act as customer RPs or have one or more MSDP sessions" and does not "include other MSDP speakers". Those other MSDP peers are just no in the same "PE mesh group". Section 3, last paragraph: When we say ” In that case, if the selected best MVPN SA route does not have the "MVPN SA RP-address EC" but another route for the same (C-S, C-G) does, then the best route with the EC SHOULD be chosen.”, which best route is selected? Selected best MVPN SA route without EC or normal route with the EC? It looks you assume the normal route with the EC is the best selected route as well in this context? Zzh> The BGP selected best route may not have the EC. In that case, for MSDP interop purpose, the next best route with the EC should be used. [Qin]: Understood, thanks for clarification. Section 3 Can you provide an example of fine grained policy control? Is this related to local policy? “accepted MSDP SA message when receiving PE’s RP for the C-G is MSDP peer to which the generated MSDP message is advertised” Zzh> Yes I changed it to local policy. We probably don't need examples here - just whatever MSDP policies that can be used in an MSDP deployment. Zzh> The quoted text is part of the following description: a receiving PE1 receives an SA route from another PE2 who does not attach the EC, so PE1 uses its own local RP address (say R1) to construct that MSDP SA message and advertise to its peer. If that peer happens to be R1, the peer will reject it because PE1 used R1 in constructing the message. To prevent this rejection, R1 should configure MSDP policy to accept the message. Zzh> Thanks! Zzh> Jeffrey [Qin]: I found another inconsistency issue, section 2, 3rd paragraph said: " unless blocked by policy control, PE2 would in turn advertise MVPN SA routes because of those MSDP SA messages that it receives from PE1, which are redundant and unnecessary. " Zzh2> That policy, if exists, is on PE2. Section 3 said: " In that case, it is possible that receiving PE's RP for the C-G is actually the MSDP peer to which the generated MSDP message is advertised, causing the peer to discard it due to RPF failure. To get around that problem the peer SHOULD use local policy to accept the MSDP SA message. " Zzh2> That is on the (non-PE) peer. I am wondering whether these two places are talking about the same policy control, but one policy control is to avoid redundant message while the other is accept the MSDP SA message. Please make sure they are consistent. Zzh2> Indeed one is for the PE to block redundant message and the other is for the non-PE peer to accept message. [Qin]:Thanks for your clarification, maybe we should further clarify in section 3 that the mechanism proposed in this draft doesn't require MSDP session to be established between PEs, this is something different from what RFC6514 is doing. I know you clarify this in the introduction, but seems not reflect obviously in the section 3. Zzh2> Thanks. Zzh2> Jeffrey Juniper Business Use Only Juniper Business Use Only
<<< text/html; name="Diff_ draft-ietf-bess-mvpn-sa-to-msdp.txt - draft-ietf-bess-mvpn-msdp-sa-interoperation-05.txt.html": Unrecognized >>>
BESS Z. Zhang
Internet-Draft L. Giuliano
Updates: 6514 (if approved) Juniper Networks
Intended status: Standards Track April 28, 2021
Expires: October 30, 2021
MVPN and MSDP SA Interoperation
draft-ietf-bess-mvpn-msdp-sa-interoperation-06
Abstract
This document specifies the procedures for interoperation between
Multicast Virtual Private Network (MVPN) Source Active routes and
customer Multicast Source Discovery Protocol (MSDP) Source Active
routes, which is useful for MVPN provider networks offering services
to customers with an existing MSDP infrastructure. Without the
procedures described in this document, VPN-specific MSDP sessions are
required among the PEs that are customer MSDP peers. This document
updates RFC6514.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 30, 2021.
Zhang & Giuliano Expires October 30, 2021 [Page 1]
Internet-Draft mvpn-sa-msdp April 2021
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Terminologies . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. MVPN RPT-SPT Mode . . . . . . . . . . . . . . . . . . . . 4
3. Specification . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
7.1. Normative References . . . . . . . . . . . . . . . . . . 6
7.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Terminologies
Familiarity with MVPN and MSDP protocols and procedures is assumed.
Some terminologies are listed below for convenience.
o ASM: Any source multicast.
o SPT: Source-specific Shortest-path Tree.
o RPT: Rendezvous Point Tree.
o C-S: A multicast source address, identifying a multicast source
located at a VPN customer site.
o C-G: A multicast group address used by a VPN customer.
o C-RP: A multicast Rendezvous Point for a VPN customer.
o C-Multicast: Multicast for a VPN customer.
Zhang & Giuliano Expires October 30, 2021 [Page 2]
Internet-Draft mvpn-sa-msdp April 2021
o EC: Extended Community.
o GTM: Global Table Multicast, i.e., multicast in the default or
global routing table vs. VRF table.
2. Introduction
Section "14. Supporting PIM-SM without Inter-Site Shared C-Trees" of
[RFC6514] specifies the procedures for MVPN PEs to discover (C-S,C-G)
via MVPN Source Active A-D routes and then send (C-S,C-G) C-multicast
routes towards the ingress PEs, to establish SPTs for customer ASM
flows for which they have downstream receivers. (C-*,C-G)
C-multicast routes are not sent among the PEs so inter-site shared
C-Trees are not used and the method is generally referred to as "spt-
only" mode.
With this mode, the MVPN Source Active routes are functionally
similar to MSDP Source-Active messages [RFC3618]. For a VPN, one or
more of the PEs, say PE1, either act as a C-RP and learn of (C-S,C-G)
via PIM Register messages, or have MSDP sessions with some MSDP peers
and learn (C-S,C-G) via MSDP SA messages. In either case, PE1 will
then originate MVPN SA routes for other PEs to learn the (C-S,C-G).
[RFC6514] only specifies that a PE receiving the MVPN SA routes, say
PE2, will advertise (C-S,C-G) C-multicast routes if it has
corresponding (C-*,C-G) state learnt from its CE. PE2 may also have
MSDP sessions for the VPN with other C-RPs at its site, but [RFC6514]
does not specify that it advertises MSDP SA messages to those MSDP
peers for the (C-S,C-G) that it learns via MVPN SA routes. PE2 would
need to have an MSDP session with PE1 (that advertised the MVPN SA
messages) to learn the sources via MSDP SA messages, for it to
advertise the MSDP SA to its local peers. To make things worse,
unless blocked by policy control, PE2 would in turn advertise MVPN SA
routes because of those MSDP SA messages that it receives from PE1,
which are redundant and unnecessary. Also notice that the PE1-PE2
MSDP session is VPN-specific, while the BGP sessions over which the
MVPN routes are advertised are not.
If a PE does advertise MSDP SA messages based on received MVPN SA
routes, the VPN-specific MSDP sessions with other PEs are no longer
needed. Additionally, this MVPN/MSDP SA interoperation has the
following inherent benefits for a BGP based solution.
o MSDP SA refreshes are replaced with BGP hard state.
o Route Reflectors can be used instead of having peer-to-peer
sessions.
Zhang & Giuliano Expires October 30, 2021 [Page 3]
Internet-Draft mvpn-sa-msdp April 2021
o VPN extranet mechanisms can be used to propagate (C-S,C-G)
information across VPNs with flexible policy control.
While MSDP Source Active routes contain the source, group and RP
addresses of a given multicast flow, MVPN Source Active routes only
contain the source and group. MSDP requires the RP address
information in order to perform peer-RPF. Therefore, this document
describes how to convey the RP address information into the MVPN
Source Active route using an Extended Community so this information
can be shared with an existing MSDP infrastructure.
The procedures apply to Global Table Multicast (GTM) [RFC7716] as
well.
2.1. MVPN RPT-SPT Mode
For comparison, another method of supporting customer ASM is
generally referred to as "rpt-spt" mode. Section "13. Switching
from a Shared C-Tree to a Source C-Tree" of [RFC6514] specifies the
MVPN SA procedures for that mode, but those SA routes are a
replacement for PIM-ASM assert and (s,g,rpt) prune mechanisms, not
for source discovery purposes. MVPN/MSDP SA interoperation for the
"rpt-spt" mode is outside of the scope of this document. In the rest
of the document, the "spt-only" mode is assumed.
3. Specification
The MVPN PEs that act as customer RPs or have one or more MSDP
sessions in a VPN (or the global table in case of GTM) are treated as
an MSDP mesh group for that VPN (or the global table). In the rest
of the document, it is referred to as the PE mesh group. It MUST NOT
include other MSDP speakers, and is integrated into the rest of MSDP
infrastructure for the VPN (or the global table) following normal
MSDP rules and practices.
When an MVPN PE advertises an MVPN SA route following procedures in
[RFC6514] for the "spt-only" mode, it SHOULD attach an "MVPN SA RP-
address Extended Community". This is a Transitive IPv4-Address-
Specific Extended Community. The Local Administrative field is set
to zero and the Global Administrative field is set to an RP address
determined as the following:
o If the (C-S,C-G) is learnt as result of PIM Register mechanism,
the local RP address for the C-G is used.
o If the (C-S,C-G) is learnt as result of incoming MSDP SA messages,
the RP address in the selected MSDP SA message is used.
Zhang & Giuliano Expires October 30, 2021 [Page 4]
Internet-Draft mvpn-sa-msdp April 2021
In addition to procedures in [RFC6514], an MVPN PE may be provisioned
to generate MSDP SA messages from received MVPN SA routes, with or
without local policy control. If a received MVPN SA route is to
trigger MSDP SA message, it is treated as if a corresponding MSDP SA
message was received from within the PE mesh group and normal MSDP
procedure is followed (e.g. an MSDP SA message is advertised to other
MSDP peers outside the PE mesh group). The (S,G) information comes
from the (C-S,C-G) encoding in the MVPN SA NLRI and the RP address
comes from the "MVPN SA RP-address EC" mentioned above. If the
received MVPN SA route does not have the EC (this could be from a
legacy PE that does not have the capability to attach the EC), the
local RP address for the C-G is used. In that case, it is possible
that receiving PE's RP for the C-G is actually the MSDP peer to which
the generated MSDP message is advertised, causing the peer to discard
it due to RPF failure. To get around that problem the peer SHOULD
use local policy to accept the MSDP SA message.
An MVPN PE MAY treat only the best MVPN SA route selected by BGP
route selection process (instead of all MVPN SA routes) for a given
(C-S,C-G) as a received MSDP SA message (and advertise corresponding
MSDP message). In that case, if the selected best MVPN SA route does
not have the "MVPN SA RP-address EC" but another route for the same
(C-S, C-G) does, then the next best route with the EC SHOULD be
chosen. As a result, when/if the best MVPN SA route with the EC
changes, a new MSDP SA message is advertised if the RP address
determined according to the newly selected MVPN SA route is different
from before. The previously advertised MSDP SA message with the
older RP address will be timed out.
4. Security Considerations
RFC6514 specifies the procedure for a PE to generate an MVPN SA upon
discovering a (C-S,C-G) flow (e.g. via a received MSDP SA message) in
a VPN. This document extends this capability in the reverse
direction - upon receiving an MVPN SA route in a VPN generate
corresponding MSDP SA and advertise to MSDP peers in the same VPN.
As such, the capabilities specified in this document introduce no
additional security considerations beyond those already specified in
RFC6514 and RFC3618. Moreover, the capabilities specified in this
document actually eliminate the control message amplification that
exists today where VPN-specific MSDP sessions are required among the
PEs that are customer MSDP peers, which lead to redundant messages
(MSDP SAs and MVPN SAs) being carried in parallel between PEs.
Zhang & Giuliano Expires October 30, 2021 [Page 5]
Internet-Draft mvpn-sa-msdp April 2021
5. IANA Considerations
This document introduces a new Transitive IPv4 Address Specific
Extended Community "MVPN SA RP-address Extended Community". IANA has
registered subcode 0x20 in the Transitive IPv4-Address-Specific
Extended Community Sub-Types registry for this EC.
6. Acknowledgements
The authors thank Eric Rosen and Vinod Kumar for their review,
comments, questions and suggestions for this document. The authors
also thank Yajun Liu for her review and comments.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP
Encodings and Procedures for Multicast in MPLS/BGP IP
VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012,
<https://www.rfc-editor.org/info/rfc6514>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References
[RFC3618] Fenner, B., Ed. and D. Meyer, Ed., "Multicast Source
Discovery Protocol (MSDP)", RFC 3618,
DOI 10.17487/RFC3618, October 2003,
<https://www.rfc-editor.org/info/rfc3618>.
[RFC7716] Zhang, J., Giuliano, L., Rosen, E., Ed., Subramanian, K.,
and D. Pacella, "Global Table Multicast with BGP Multicast
VPN (BGP-MVPN) Procedures", RFC 7716,
DOI 10.17487/RFC7716, December 2015,
<https://www.rfc-editor.org/info/rfc7716>.
Zhang & Giuliano Expires October 30, 2021 [Page 6]
Internet-Draft mvpn-sa-msdp April 2021
Authors' Addresses
Zhaohui Zhang
Juniper Networks
EMail: [email protected]
Lenny Giuliano
Juniper Networks
EMail: [email protected]
Zhang & Giuliano Expires October 30, 2021 [Page 7]
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
