[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Idr] Fwd: I-D ACTION:draft-pmohapat-idr-acceptown-community-01.txt
- To: "UTTARO, JAMES, ATTLABS" <uttaro at att.com>
- Subject: Re: [Idr] Fwd: I-D ACTION:draft-pmohapat-idr-acceptown-community-01.txt
- From: Jeffrey Haas <jhaas at pfrc.org>
- Date: Tue, 6 May 2008 07:15:23 -0400
- Cc: idr at ietf.org, "LONGHITANO, ANTHONY C, ATTLABS" <aclonghitano at att.com>, "RAMSAROOP, JEEWAN P, ATTLABS" <jramsaroop at att.com>, "NGUYEN, HAN Q, ATTLABS" <hnguyen at att.com>
- Delivered-to: ietfarch-idr-web-archive at core3.amsl.com
- Delivered-to: idr at core3.amsl.com
- In-reply-to: <A1F50CB516D211409DFD05D6B3CE6D300ED2856E@KCCLUST06EVS1.ugd.att.com>
- List-archive: <http://www.ietf.org/pipermail/idr>
- List-help: <mailto:idr-request@ietf.org?subject=help>
- List-id: Inter-Domain Routing <idr.ietf.org>
- List-post: <mailto:idr@ietf.org>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
- References: <A1F50CB516D211409DFD05D6B3CE6D300ED2856E@KCCLUST06EVS1.ugd.att.com>
- Sender: idr-bounces at ietf.org
- User-agent: Mutt/1.5.9i
Jim,
On Mon, May 05, 2008 at 11:17:29AM -0500, UTTARO, JAMES, ATTLABS wrote:
> I wanted to take an opportunity to discuss the rationale for this draft.
Thanks for taking the time to go over this.
> Why is this draft so powerful? With this draft the SP can simply manage
> routing information from central location.
That may be an admirable goal but it has a bit more scope than may make
many people comfortable, including me. In your offered example of
managing VPNs this is reasonable, although IMO only weakly so. However,
since this is a general community rather than a different form of an
extended community, this has semantics that might be hazardous under
misconfiguration to non-VPN infrastructure.
The argument has been made that under proper implementation that it
wouldn't be dangerous. I'll just leave it that I'm skeptical.
At least two modifications to the protocol mechanism suggest themselves
to me:
1. Add a configuration knob that says "accept this route with
route-target and ignore originator".
2. A new version of the route-target extended community that has the
"accept this with your own originator" semantics.
Both of these options limit the scope of this feature to the VPN case.
> In order to create a VPN
> stitch, the SP simply applies RTs to facilitate the stitch and reflects
> to all PEs. In order to deliver these services from a central location (
> RR, etc... ) we need to be able to reflect a route back to the PE that
> originated it. This is due to the fact the the two VPNs being stitched
> may reside on the same PE.
I think one of the things I find unfortunate here is that this feature
shouldn't be necessary. The code path for sending your BGP
routes could simply reflect them internally back to your router as an
"incoming route" when a route-target of interest is being appended on an
outbound basis.
Having been involved in an implementation that did this, it's certainly
possible even if the code path is awkward.
-- Jeff
_______________________________________________
Idr mailing list
Idr at ietf.org
https://www.ietf.org/mailman/listinfo/idr