On August 26, 2020 at 5:25:20 PM, Adrian Farrel wrote:
Adrian: Hi! ... > > The concern I have is that in BGP's distribution model FlowSpecs are > > forwarded to other BGP speakers...which may not also be PCCs. If PCEP > > takes precedence, and the actions are different, then there might be > > nodes that take the BGP-defined action when not intended to...potentially > > resulting in unexpected forwarding or rate-limiting of the traffic. > > > > Clearly, this issue is related to the different distribution models for > > the information. If the operator took care of using BGP to distribute > > FlowSpecs to only the PCCs, then this issue wouldn't exist. I would like > > to see some text that provides guidance when using both distribution > > mechanisms. > > This is a worthy Discuss! > > My understanding of the way that BGP FlowSpecs work is that it is not > required that they be identical at different BGP routers. Indeed, part of > the point is that different flows are treated differently at different > routers. Right. That is not my concern; I wasn't clear enough. As you know, there are multiple ways of setting up distribution of FlowSpec in BGP. One way is to have point-to-point BGP sessions from a central box to specific routers where the actions are to be applied -- limiting the distribution to just those BGP speakers. In this case, the FlowSpecs/Actions will likely be different (as you describe). I'm not concerned about that case. Let me try again. rfc5575bis says this: From an operational perspective, the utilization of BGP as the carrier for this information allows a network service provider to reuse both internal route distribution infrastructure (e.g., route reflector or confederation design) and existing external relationships (e.g., inter-domain BGP sessions to a customer network). By reusing the "internal route distribution infrastructure", the FlowSpecs are advertised, for example, from the originator to a route reflector to its clients -- and maybe even further (consider a hierarchical RR deployment). Note that this type of distribution is "normal" BGP, not specific to FlowSpec. In this case, the FlowSpecs are the same everywhere -- there may not be traffic that matches, but they are the same (modulo local policy). Assume distribution through a RR, and locating the LSP headend at the RR (= PCC). If traffic comes into the network through the clients, it will first be matched against the BGP FlowSpec...even if PCEP has precedence over BGP at the RR/PCC. IOW, the traffic would first be subject to the action advertised by BGP before the PCC can act on it. Is this explanation clearer? Note that in some cases this type of setup may be what the operator wants: maybe the intent is to rate limit (some of) the traffic (at the client using BGP) and then let the headend put it in a specific LSP (using PCEP). I think this document doesn't cover the potential downside of using different distribution models. It might not be evident to everyone that the BGP information may be propagated further. Thanks! Alvaro. _______________________________________________ Pce mailing list Pce@ietf.org https://www.ietf.org/mailman/listinfo/pce