Hi Les,
this topic, and this document is in my eyes a very important one. Thanks
a lot for writing and promoting it!
During the Berlin WG session you proposed a new preference rule which
would make the policy choice easier. You asked for a discussion on the
list - more on your slides rather than the existing draft document.
As an operator, and as an individual that has insight in more than just
one or two IP/MPLS carrier networks, that has the main engineering
responsibility for a rather large backbone, and that stays in actual
contact with the operational staff and security authorities, I strongly
ask you: PLEASE DO NOT CHANGE THE PREFERENCE RULE!
The first two elements of the preference rule are, in my eyes, the most
important ones of the whole document and must not be changed or dropped!
1) PFX source wins over SRMS soucre
2) Smaller range wins
Why is this so important?
I don't care so much about the _amount_ of traffic that would be
affected by a conflict. No amount of traffic lost due to a network
design or configuration error is permissible. But I do care about the
overall _robustness_ and _security_ of the network.
Of course - in terms of security a first approximation would say that
segment routing plays within the IGP only, and that the IGP needs to be
trusted anyways. It must be secured against the outside. While this is
true, I nevertheless would like to differentiate a bit more.
For the sake of robustness, and possibly also for security, I would like
to apply the following guidelines:
a) Effects of local misconfiguration should be as local as possible.
b) The more reliable and controllable source should win over a less
reliable or controllable one.
As I see it, both guidelines lead to a clear preference of PFX sources
over SRMS sources. Also the preference for smaller ranges seems to fit.
Please do consider environments where more and more formely separate
IP/MPLS networks get merged into a single IGP domain. I am seeing this a
lot since a couple of years - several times within DT, but also at other
carriers. Sometimes this is done as a complete merge e.g. into a single
IS-IS area, sometimes different areas are used, and sometimes seperate
IGP instances are maintained but connected. While redistributing from
one IGP area or instance to the other you can do more or less filtering,
but it definitely is being done. Thus, even within the IGP filters and
policies are being applied - be it for the sake of security or
scalability. While there are well-known mechanisms and tools to filter
and control prefix redistribution, I am not so sure about SRMS.
I'm going to also write my opinion about the policy selection, but
keeping the preference rule really is my main concern.
BR,
Martin
_______________________________________________
spring mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/spring
