Hi Russ,
How about the following change to most of Section 5.2 (all but the
last threee paragraphs which would be unchanged)? I've pasted the new
text here and attached a wdiff with the currently posted version.
5.2. Local Routing Information Synchronization
When a routing instance is created on an edge RBridge, the tenant
ID, tenant Data Label (VLAN or FGL), tenant gateway MAC, that
correspond to that instance should be set and globally advertised
(see Section 7.1). The Tenant ID uniuely identifies that tenant
throughout the campus. The tenant Data Label identifies that tenant
at the edge RBridge. The tenant gateway MAC may identify that
tenant or all tenants or some subset of tenants at the edge
RBridge.
When an ingress RBridge performs inter-subnet traffic TRILL
encapsulation, the ingress RBridge uses the Data Label advertised
by the egress RBridge as the inner VLAN or FGL and uses the tenant
gateway MAC advertised by the egress RBridge as the
Inner.MacDA. The egress RBridge relies on this tenant Data Label to
find the local VRF instance for the IP forwarding process when
receiving inter-subnet traffic from the TRILL campus. (The role of
tenant Data Label is akin to an MPLS VPN Label in an MPLS IP/MPLS
VPN network.) Tenant Data Labels are independently allocated on
each edge RBridge for each routing domain. An edge RBridge can use
an access Data Label from a routing domain to act as the
inter-subnet Data Label, or the edge RBridge can use a Data Label
different from any access Data Labels to be a tenant Data Label. It
is implementation dependent and there is no restriction on this
assignment of Data Labels.
The tenant gateway MAC differentiates inter-subnet Layer 3 traffic
or intra-subnet Layer 2 traffic on the egress RBridge. Each tenant
on a RBridge can use a different gateway MAC or same tenant gateway
MAC for inter-subnet traffic purposes. This is also implementation
dependant and there is no restriction on it.
When a local IP prefix is learned in a routing instance on an edge
RBridge, the edge RBridge should advertise the IP prefix
information for the routing instance so that other edge RBridges
will generate IP routing entries. If the ESs in a VN are spread
over multiple RBridges, these RBridges should advertise each local
connecting end station's IP address in the VN to other RBridges
using host routes. If the ESs in a VN are only connected to one
edge RBridge, that RBridge only needs to advertise the subnet
corresponding to the VN to other RBridges. A globally unique tenant
ID is also carried in the advertisement to differentiate IP
prefixes between different tenants, because the IP address space of
different tenants can overlap (see Sections 7.3 and 7.4).
If a tenant is deleted on an edge RBridge RB1, RB1 SHOULD re-
advertise the local tenant Data Label, tenant gateway MAC, and
related IP prefixes information of the rest tenants to other edge
RBridges. It may take some time for the re-advertisement to reach
all other RBridges, so during this period of time there may be
transient routes inconsistency among the edge RBridges. If there
are traffic in flight during this time, it will be dropped at
egress RBridge due to local tenant deletion. In a stable state, the
traffic to the deleted tenant will be dropped by the ingress
RBridge. Therefore the transient routes consistency won't cause
issues other than wasting some network bandwidth.
If there is a new tenant which is created and the original's tenant
Data Label is assigned to the new tenant immediately, it may cause
a security policy violation for the traffic in flight, because when
the egress RBridge receives traffic from the old tenant, it will
forward it in the new tenant's routing instance and deliver it to
the wrong destination. So a tenant Data Label MUST NOT be
re-allocated until a reasonable amount of time, for example twice
the IS-IS Holding Time generally in use in the TRILL campus, has
passed to allow any traffic in flight to be discarded.
When the ARP entry in an edge RBridge for an ES times out, it will
trigger an edge RBridge LSP advertisement to other edge RBridges
with the corresponding IP routing entry deleted. If the ES is an IP
router, the edge RBridge also notifies other edge RBridges that they
must delete the routing entries corresponding to the IP prefixes
accessible through that IP router. During the IP prefix deleting
process, if there is traffic in flight, the traffic will be
discarded at the egress RBridge because there is no local IP routing
entry to the destination.
If an edge RBridge changes its tenant gateway MAC, it will trigger
an edge RBridge LSP advertisement to other edge RBridges giving the
new gateway MAC to be used as Inner.MacDA for future traffic
destined to the edge RBridge. During the gateway MAC changing
process, if there is traffic in flight using the old gateway MAC as
Inner.MacDA, the traffic will be discarded or be forwarded as layer
2 intra-subnet traffic on the edge RBridge. If the inter-subnet
tenant Data Label is a unique Data Label that is different from any
access Data Labels, when the edge RBridge receives the traffic
whose Inner.MacDA is different from local tenant gateway MAC, the
traffic will be discarded. If the edge RBridge uses one of the
access Data Labels as an inter-subnet tenant Data Label, the
traffic will be forwarded as layer 2 intra-subnet traffic unless a
special traffic filtering policy is enforced on the edge RBridge.
Thanks,
Donald
===============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
[email protected]
On Tue, May 24, 2016 at 10:25 PM, Haoweiguo <[email protected]> wrote:
> Thanks Donald for the correct reply, i agree with Donald's discriptions. Also
> thanks for Russ's careful reviewing and comments.
> weiguo
>
> ________________________________________
> From: Donald Eastlake [[email protected]]
> Sent: Wednesday, May 25, 2016 7:34
> To: Russ White
> Cc: [email protected]; [email protected]
> Subject: Re: [RTG-DIR] RtgDir review: draft-ietf-trill-irb-09.txt
>
> Hi Russ,
>
> Thanks for this review. Sorry for the delay in responding but I think
> it went astray for some reason and we just saw it recently.
>
> From: Russ White <[email protected]>
> Date: Mon, Dec 28, 2015 at 9:16 PM
> Subject: [RTG-DIR] RtgDir review: draft-ietf-trill-irb-09.txt
> To: [email protected], [email protected], [email protected]
> Cc: [email protected], Jon Hudson
> <[email protected]>
>
>> Y'all --
>>
>> I have been selected as the Routing Directorate reviewer for this
>> draft. The Routing Directorate seeks to review all routing or
>> routing-related drafts as they pass through IETF last call and IESG
>> review, and sometimes on special request. The purpose of the review
>> is to provide assistance to the Routing ADs. For more information
>> about the Routing Directorate, please see
>> http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir
>>
>> Although these comments are primarily for the use of the Routing
>> ADs, it would be helpful if you could consider them along with any
>> other IETF Last Call comments that you receive, and strive to
>> resolve them through discussion or by updating the draft.
>>
>> Document: draft-ietf-trill-irb-09.txt
>> Reviewer: Russ White
>> Review Date: 28 December 2015
>> Intended Status: Standard Track
>>
>> I have some minor concerns about this document that I think should
>> be resolved before publication.
>>
>> First, in 5.2:
>>
>> When a routing instance is created on an edge RBridge, the tenant
>> ID, tenant Label (VLAN or FGL), tenant gateway MAC, and their
>> correspondence should be set and globally advertised (see Section
>> 7.1).
>>
>> When an ingress RBridge performs inter-subnet traffic TRILL
>> encapsulation, the ingress RBridge uses the Label advertised by the
>> egress RBridge as the inner VLAN or FGL and uses the tenant gateway
>> MAC advertised by the egress RBridge as the Inner.MacDA. The egress
>> Bridge relies on this tenant Data Label to find the local VRF
>> instance for the IP forwarding process when receiving inter-subnet
>> traffic from the TRILL campus. (The role of tenant Label is akin to
>> an MPLS VPN Label in an MPLS IP/MPLS VPN network.) Tenant Data
>> Labels are independently allocated on each edge RBridge for each
>> routing domain.
>>
>> There seems to be some confusion between the concepts of a tenant
>> label and a tenant data label. Is the tenant label globally set and
>> advertised, or is it locally set on a per edge RBridge basis? Is it
>> the set of tenant id + tenant lable that is meant to be unique, or
>> -- ?? This seems like it could use some clarification.
>
> I believe the distinction is between Tenant ID and Tenant Label. I
> think all instances of Label, at least in this section, could say
> "Data Label" and that "Label" is just used as a shorter form. In
> TRILL, "Data Label" is used to mean "VLAN or Fine Grained Label
> (FGL)". The Tenant ID is unique across the TRILL campus but the Tenant
> Data Label for that Tenant ID can be different at different edge
> RBridges.
>
>> Second, it seems that the way this should work would be with host
>> routes at layer 3. I'm not certain how a subnet route would really
>> work given the ability of the operator to split a subnet across
>> multiple flooding domains under multiple ToR devices. Is this
>> correct? There doesn't seem to be any mention in the document.
>
> Well, if you have to go to different egress RBridges for different
> individual IP addresses of a Tenant, then you need host routes. But
> how different is that from a subnet of size 1?
>
>> The formaqtting of the document looks fine. There do not appear to
>> be any downrefs. The security considerations section appears to be
>> useful, and to cover the issues I could think of when reading
>> through the doc.
>
> Thanks.
>
> I'm sure if I've said anything wrong above, the authors will correct
> me.
>
> Donald
> ===============================
> Donald E. Eastlake 3rd +1-508-333-2270 (cell)
> 155 Beaver Street, Milford, MA 01757 USA
> [email protected]
>
>> :-)
>>
>> Russ
>
> From: Russ White <[email protected]>
> Date: Mon, Dec 28, 2015 at 9:16 PM
> Subject: [RTG-DIR] RtgDir review: draft-ietf-trill-irb-09.txt
> To: [email protected], [email protected], [email protected]
> Cc: [email protected], Jon Hudson <[email protected]>
>>
>>
>> Y'all --
>>
>> I have been selected as the Routing Directorate reviewer for this draft. The
>> Routing Directorate seeks to review all routing or routing-related drafts as
>> they pass through IETF last call and IESG review, and sometimes on special
>> request. The purpose of the review is to provide assistance to the Routing
>> ADs. For more information about the Routing Directorate, please see
>> http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir
>>
>> Although these comments are primarily for the use of the Routing ADs, it
>> would be helpful if you could consider them along with any other IETF Last
>> Call comments that you receive, and strive to resolve them through
>> discussion or by updating the draft.
>>
>> Document: draft-ietf-trill-irb-09.txt
>> Reviewer: Russ White
>> Review Date: 28 December 2015
>> Intended Status: Standard Track
>>
>> I have some minor concerns about this document that I think should be
>> resolved before publication.
>>
>> First, in 5.2:
>>
>> When a routing instance is created on an edge RBridge, the tenant ID, tenant
>> Label (VLAN or FGL), tenant gateway MAC, and their correspondence should be
>> set and globally advertised (see Section 7.1).
>>
>> When an ingress RBridge performs inter-subnet traffic TRILL encapsulation,
>> the ingress RBridge uses the Label advertised by the egress RBridge as the
>> inner VLAN or FGL and uses the tenant gateway MAC advertised by the
>> egress RBridge as the Inner.MacDA. The egress Bridge relies on this tenant
>> Data Label to find the local VRF instance for the IP forwarding process when
>> receiving inter-subnet traffic from the TRILL campus. (The role of tenant
>> Label is akin to an MPLS VPN Label in an MPLS IP/MPLS VPN network.) Tenant
>> Data Labels are independently allocated on each edge RBridge for each
>> routing domain.
>>
>> There seems to be some confusion between the concepts of a tenant label and
>> a tenant data label. Is the tenant label globally set and advertised, or is
>> it locally set on a per edge RBridge basis? Is it the set of tenant id +
>> tenant lable that is meant to be unique, or -- ?? This seems like it could
>> use some clarification.
>>
>> Second, it seems that the way this should work would be with host routes at
>> layer 3. I'm not certain how a subnet route would really work given the
>> ability of the operator to split a subnet across multiple flooding domains
>> under multiple ToR devices. Is this correct? There doesn't seem to be any
>> mention in the document.
>>
>> The formatting of the document looks fine. There do not appear to be any
>> downrefs. The security considerations section appears to be useful, and to
>> cover the issues I could think of when reading through the doc.
>>
>> :-)
>>
>> Russ
>>
>>
Title: wdiff irb5.2old.txt irb5.2new.txt
5.2. Local Routing Information Synchronization
When a routing instance is created on an edge RBridge, the tenant
ID, tenant Data Label (VLAN or FGL), tenant gateway MAC, and their
correspondence that
correspond to that instance should be set and globally advertised
(see Section 7.1). The Tenant ID uniuely identifies that tenant
throughout the campus. The tenant Data Label identifies that tenant
at the edge RBridge. The tenant gateway MAC may identify that
tenant or all tenants or some subset of tenants at the edge
RBridge.
When an ingress RBridge performs inter-subnet traffic TRILL
encapsulation, the ingress RBridge uses the Data Label advertised
by the egress RBridge as the inner VLAN or FGL and uses the tenant
gateway MAC advertised by the egress RBridge as the
Inner.MacDA. The egress RBridge relies on this tenant Data Label to
find the local VRF instance for the IP forwarding process when
receiving inter-subnet traffic from the TRILL campus. (The role of
tenant Data Label is akin to an MPLS VPN Label in an MPLS IP/MPLS
VPN network.) Tenant Data Labels are independently allocated on
each edge RBridge for each routing domain. An edge RBridge can use
an access Data Label from a routing domain to act as the
inter-subnet Data Label, or the edge RBridge can use a Data Label
different from any access Data Labels to be a tenant Data Label. It
is implementation dependent and there is no restriction on this
assignment of labels. Data Labels.
The tenant gateway MAC differentiates inter-subnet Layer 3 traffic
or intra-subnet Layer 2 traffic on the egress RBridge. Each tenant
on a RBridge can use a different gateway MAC or same tenant gateway
MAC for inter-subnet traffic purposes. This is also implementation
dependant and there is no restriction on it.
When a local IP prefix is learned in a routing instance on an edge
RBridge, the edge RBridge should advertise the IP prefix
information for the routing instance so that other edge RBridges
will generate IP routing entries. If the ESs in a VN are spread
over multiple RBridges, these RBridges should advertise each local
connecting end station's IP address in the VN to other RBridges. RBridges
using host routes. If the ESs in a VN are only connected to one
edge RBridge, that RBridge only needs to advertise the subnet
corresponding to the VN to other RBridges. A globally unique tenant
ID is also carried in the advertisement to differentiate IP
prefixes between different tenants, because the IP address space of
different tenants can overlap (see Sections 7.3 and 7.4).
If a tenant is deleted on an edge RBridge RB1, RB1 SHOULD re-
advertise the local tenant Data Label, tenant gateway MAC, and
related IP prefixes information of the rest tenants to other edge
RBridges. It may take some time for the re-advertisement to reach
all other RBridges, so during this period of time there may be
transient routes inconsistency among the edge RBridges. If there
are traffic in flight during this time, it will be dropped at
egress RBridge due to local tenant deletion. In a stable state, the
traffic to the deleted tenant will be dropped in by the ingress
RBridge. Therefore the transient routes consistency won't cause other
issues other than wasting some unnecessary network bandwidth wasting. bandwidth.
If there is a new tenant which is created and the original's tenant
label
Data Label is assigned to the new tenant immediately, it may cause
a security policy violation for the traffic in flight, because when
the egress RBridge receives traffic from the old tenant, it will
forward it in the new tenant's routing instance and deliver it to
the wrong destination. So a tenant Data Label MUST NOT be
re-allocated until a reasonable amount of time, for example twice
the IS-IS Holding Time generally in use in the TRILL campus, has
passed to allow any traffic in flight to be discarded.
When the ARP entry in an edge RBridge for an ES times out, it will
trigger an edge RBridge LSP advertisement to other edge RBridges
with the corresponding IP routing entry deleted. If the ES is an IP
router, the edge RBridge also notifies other edge RBridges that they
must delete the routing entries corresponding to the IP prefixes
accessible through that IP router. During the IP prefix deleting
process, if there is traffic in flight, the traffic will be
discarded at the egress RBridge because there is no local IP routing
entry to the destination.
If an edge RBridge changes its tenant gateway MAC, it will trigger
an edge RBridge LSP advertisement to other edge RBridges giving the
new gateway MAC to be used as Inner.MacDA for future traffic
destined to the edge RBridge. During the gateway MAC changing
process, if there is traffic in flight using the old gateway MAC as
Inner.MacDA, the traffic will be discarded or be forwarded as layer
2 intra-subnet traffic on the edge RBridge. If the inter-subnet
tenant Data Label is a unique Data Label that is different from any
access Data Labels, when the edge RBridge receives the traffic
whose Inner.MacDA is different from local tenant gateway MAC, the
traffic will be discarded. If the edge RBridge uses one of the
access Data Labels as an inter-subnet tenant Data Label, the
traffic will be forwarded as layer 2 intra-subnet traffic unless a
special traffic filtering policy is enforced on the edge RBridge.
_______________________________________________
trill mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trill
