frr icon indicating copy to clipboard operation
frr copied to clipboard

Published 20 hours ago verified publisher icon FRRouting

SRv6 BGP SID reachability

Open dmytroshytyi-6WIND opened this issue 1 year ago • 5 comments

For BGP SRv6 updates, This PR considers "SRv6 SID reachability" and replaces the NH reachability with the SRv6 SID reachability.

Today, only the NH reachability is checked, and when route is installed, if the SRv6 SID is not reachable then the SRv6 segs route will fail to be installed. This is what happens on kernel.

This PR:

  • avoids this use case, and does not install the BGP route.
  • ensures the SID is reachable, before installing the BGP route to zebra

Possible cases like the one below are not considered, and do not work anyway:

Router A and D are running BGP protocol. The route map, to set nexthop == C, is configured on router D. Such that router C IPv6 address is verified to be reachable to flag the SRv6 reachable, but if route on the router C that points to D router's SRv6 SID dissapears(broken link), on node A SID is expected to be still reachable, because nexthop C is reachable.

BGP update with explicit nexthop(C) set via route-map and SRV6 SID
__________________________ 
|                         |
▽                         ^
(A-B-C--------------------D)
     
     ^                    ^
nexthop C                SRv6 SID
of BGP update

dmytroshytyi-6WIND avatar Nov 16 '23 14:11 dmytroshytyi-6WIND

Just a quick question: is this behavior something that other vendors have (SID reachability tracking)? I'm worried that we can't break anything if this is turned ON by default and can't be controlled. Maybe a knob would be handy?

ton31337 avatar Nov 19 '23 18:11 ton31337

Would this raise any scale concerns?

VPN SID is similar to vpn label for MPLS VPN, which provides local information once packets reach to this PE. In the example you provide,

| | ▽ ^ (A-B-C--------------------D)

If we don't sue route-map to set nexthop, the nexthop is D. Do we really want to let A, B, C all aware the reachablity of your VPN SID, or just keep it as local context to D if some chip has scale concerns with v6 prefixes.

https://datatracker.ietf.org/doc/rfc8986/ section 3.3. "Routed and non-routed SRv6 SIDs are the SRv6 instantiation of global and local segments, "

how do you plan to handle these local segment use cases?

eddieruan-alibaba avatar Nov 30 '23 22:11 eddieruan-alibaba

ci:rerun

pguibert6WIND avatar Jan 19 '24 11:01 pguibert6WIND

ci:rerun

dmytroshytyi-6WIND avatar Jan 30 '24 16:01 dmytroshytyi-6WIND

ci:rerun

dmytroshytyi-6WIND avatar Jan 31 '24 06:01 dmytroshytyi-6WIND

2 minor issues. also, the commit "bgpd: srv6 sid reachability information". I would add this in the commit log: Fixes 7f8c7d9 ("bgpd: ignore nexthop validation for srv6-vpn")

If this were in, I think we could merge this.

riw777 avatar Feb 20 '24 14:02 riw777

2 minor issues. also, the commit "bgpd: srv6 sid reachability information". I would add this in the commit log: Fixes 7f8c7d9 ("bgpd: ignore nexthop validation for srv6-vpn")

If this were in, I think we could merge this.

This commit log includes the "Fixes" tag: https://github.com/FRRouting/frr/pull/14810/commits/b3ac50287df89684794affadd95c494a635fb7c2

And these two comments were addressed: https://github.com/FRRouting/frr/pull/14810#discussion_r1471428195 https://github.com/FRRouting/frr/pull/14810#discussion_r1471427821

dmytroshytyi-6WIND avatar Feb 20 '24 15:02 dmytroshytyi-6WIND