Hi Neeraj, Please let me know your thoughts on below.
Thanks Saumya. From: Dikshit, Saumya Sent: Wednesday, September 1, 2021 3:54 PM To: Neeraj Malhotra (nmalhotr) <nmalh...@cisco.com>; draft-ietf-bess-evpn-irb-extended-mobil...@ietf.org Cc: bess-cha...@ietf.org; bess@ietf.org Subject: RE: Few queries on draft-ietf-bess-evpn-irb-extended-mobility Hi Neeraj, Thanks for clarifying. Please see inline with tag [SD] for couple of them. Thanks, Saumya. From: Neeraj Malhotra (nmalhotr) [mailto:nmalh...@cisco.com] Sent: Monday, August 30, 2021 4:12 AM To: Dikshit, Saumya <saumya.diks...@hpe.com<mailto:saumya.diks...@hpe.com>>; draft-ietf-bess-evpn-irb-extended-mobil...@ietf.org<mailto:draft-ietf-bess-evpn-irb-extended-mobil...@ietf.org> Cc: bess-cha...@ietf.org<mailto:bess-cha...@ietf.org>; bess@ietf.org<mailto:bess@ietf.org> Subject: Re: Few queries on draft-ietf-bess-evpn-irb-extended-mobility Hi Saumya, Apologies for the delay, and many thanks for some good comments and questions. Please see answers inline: Hello Authors of draft-ietf-bess-evpn-irb-extended-mobility: I have following queries and comments about this draft “draft-ietf-bess-evpn-inter-subnet-forwarding”. Please help clarify. >>>>Section >>>>https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.1> MUST be at least equal to corresponding SYNC MAC sequence number if one is present. Can we formally define what a “SYNC MAC sequence number” ? [NM]: sure, will define in the next revision. It refers to sequence number received with the MAC SYNCed from another PE sharing the same ESI. [SD]: >>>>Section >>>>https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.3<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.3> “MAC Mx with a sequence number that is higher than or equal to sequence number assigned to a LOCAL route for MAC Mx: o PE MUST trigger probe and deletion procedure for all LOCAL IPs associated with MAC Mx. o PE MUST trigger deletion procedure for LOCAL MAC route for Mx. ” As per rfc7423, if equal sequence number is received, then the one published with lower vtep-ip is retained, and the other one is withdrawn. While this section talks about probing it again. This should be called out in the Interop section as well, for the co-existence of old rule and newly defined [NM]: sure, that’s a good point. Will clarify in the next revision – essentially, the rule in RFC 7432 still needs to be applied to equal sequence number scenario, but a probe must as well be done for all associated IPs to handle transient race conditions. If indeed the host is attached to the PE with lower VTEP IP, a successful probe will force a sequence number increment and resolve the race OR lead to duplicate detection. Quoting from https://datatracker.ietf.org/doc/html/rfc7432#section-15<https://datatracker.ietf.org/doc/html/rfc7432#section-15>: “If two (or more) PEs advertise the same MAC address with the same sequence number but different Ethernet segment identifiers, a PE that receives these routes selects the route advertised by the PE with the lowest IP address as the best route” >>>> Section >>>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.6<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.6> “ an inter-op scenario with a different implementation could arise, where a PE implementation non-compliant with this document or with RFC 7432<https://datatracker.ietf.org/doc/html/rfc7432> assigns and advertises independent sequence numbers to MAC and MAC+IP routes” How do we expect this implementation to inter-op, as it may expect two different MAC-only and MAC-IP advertisement from remote peers as well.? Can we paraphrase this ? [NM]: correct, for a scenario where no MAC route is advertised, a non-compliant implementation may send different sequence numbers for multiple MAC-IPs with the same MAC. Handling for such a scenario should be explicitly called out as well. Will add to next revision. >>>> Section >>>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.8<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-8.8> “Following a host move from PE1 to PE2, the host's MAC is discovered at PE2 as a local MAC via a data frames received from the host.” Do we need to call out the misconfiguration case, where a probe may lead to DUP responses, one from the (local learning) access side and other one across the fabric (overlay tunnel). [NM]: Implementation don’t normally handle ARP from the core side to protect against such mis-configurations. This is an optional section that includes suggestions for better convergence. Hence, want to refrain from being too prescriptive about how n implementation may choose to protect from such mis-configurations. [SD] Without Arp-suppression, the neighbor learnings can happen from the fabric as well. Even without Arp-suppression, the first response can come from the fabric (and also via the EVPN control plane). Even GARPs, can be (selectively) allowed to flood over the fabric as well. I know few of the campus deployments tend to do this. Hence the ask to capture this case explicitly. >>>> Section >>>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-10.4.1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-10.4.1> “unfreezing the route at the FROZEN location will result in the route being advertised with a higher sequence number.” Why are we tying probing with “unfreezing” ? FROZEN will typically indicate dropping of flows. Probing can still go on in parallel ? Can this be called out explicitly. [NM]: There is no probing requirement for unfreezing. This section is just explaining, how the unfreezing will resolve the scenario following removal of duplicate host from location A, regardless of whether the freezing and unfreezing is done at location A OR B (since duplicate procedure could cause freezing to happen at any of location A OR B). Hope, this clarifies. [SD] I think I did not put I across clearly. What I meant to convey is, that the probing can happen in tandem while the MAC was designated as DUPLICATE/FROZEN. It need not wait for an explicit higher sequence number to trigger the same. This help would expedite the convergence. >>>> Section " >>>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-4.3.1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-extended-mobility-05#section-4.3.1>" >>>> : " [IP7, M1] is learnt as a new route at [PE3, PE4] and advertised to remote PEs with a sequence number of 0. As a result, L3 reachability to IP7 would be established across the overlay, however, MAC mobility procedure for MAC1 will not trigger as a result of this MAC-IP route advertisement" If a host is moved with the same MAC, the following is still being following in current implementation(s): - Either "MAC-only-route" or "MAC-IP-route" advertisement, the sequence number is bumped in both cases - On receiving side, - the sequence-number is picked up from "MAC-only-route" or "MAC-IP-route" and applied to MAC learnings - the bumped up sequence number leads a withdraw of "MAC-only" or "MAC-IP-route" from the inferior (earlier) publisher Kindly help explain, if the text mentioned in “section 4.3.1” is creating some doubts regarding the way things operate with current standards. Though I definitely believe that this literature does away with lot of existing ambiguities. I think we need to paraphrase this section atleast. [NM]: If the MAC-IP following a host move is learnt with a different IP, this draft explicitly calls out the procedure to associate sequence number with the MAC + inheritance to ensure that sequence number is indeed incremented even with a different IP. If an implementation is already doing this, then we are good. Some early implementations assigned independent sequence numbers to each MAC+IP key that had problems in IP change scenarios. [SD] I just wanted to indicate that the following statement(s) is not always true. As I mentioned above that in few of my known implementations, MAC+IP sequence number is leveraged to derive the sequence number for the MAC as well and hence leveraged to derive host move (in case of MAC movement). It will be great if this can be called out specifically in this example. For example “would not be sufficient” can be changed to “may not be sufficient”, as we know few of implementations which do the derivation as I mentioned (for MAC moves/dups). “[IP7, M1] is learnt as a new route at [PE3, PE4] and advertised to remote PEs with a sequence number of 0.” “However, in the absence of an additional MAC only route advertisement, a single sequence number advertised with a combined MAC+IP route would not be sufficient to update MAC reachability across the overlay.” Thanks, Neeraj
_______________________________________________ BESS mailing list BESS@ietf.org https://www.ietf.org/mailman/listinfo/bess
