Thanks for the feedback, Jeff. We can definitively keep working on improving the text in the security considerations section.
Jorge From: Jeffrey Haas <jh...@pfrc.org> Date: Monday, June 24, 2024 at 7:20 AM To: Jorge Rabadan (Nokia) <jorge.raba...@nokia.com> Cc: draft-ietf-bess-evpn-dp...@ietf.org <draft-ietf-bess-evpn-dp...@ietf.org>, bess@ietf.org <bess@ietf.org>, idr-cha...@ietf.org <idr-cha...@ietf.org> Subject: Re: Questions about route selection in draft-ietf-bess-evpn-dpath-00 CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. Jorge, On Jun 24, 2024, at 10:14 AM, Jorge Rabadan (Nokia) <jorge.raba...@nokia.com<mailto:jorge.raba...@nokia.com>> wrote: How do you tell if the PE is "non-upgraded"? Note that such considerations were part of the reason I urged the dpath authors towards a BGP capability. :-) Note that this is for layer 2 routes that are NOT redistributed to any PE-CE protocol or any other AFI/SAFI, and the D-PATH is generated/modified exclusively by the Gateways. The gateways are typically redundant and upgraded in pairs, and they are well known in an EVPN domain. So the non-upgraded gateways are well known and if needed, it should be easy to apply a policy for routes coming from them with D-PATH. What I'm reading here is "... by provisioning'" and "... the operator must know". We can go through the scenarios as we did for the dpath draft, but we are confident this is a controlled walled garden layer 2 environment. The additional text is hardening the implementation in case it is needed as per your suggestion. Understood. The relevant point is you're protecting vs. impacts when the systems are not fully upgraded. This can include inconsistent route selection. If you fail to have systems consistently updated, per above, may the odds be in your favor. When you say “escape has been observed from existing implementations” I assume you meant “existing implementations of dpath for ISF routes (IP reachability)”, and not for layer-2 routes, right? The text in this document indicates that this is only for routes imported in layer 2 FIBs. Right, the in the wild observations were with IP routing in the Internet and lead to some of the discussion about aggregation. :-) -- Jeff
_______________________________________________ BESS mailing list -- bess@ietf.org To unsubscribe send an email to bess-le...@ietf.org
