public icon indicating copy to clipboard operation
public copied to clipboard
verified publisher icon openconfig

Add policy forwarding for next hop match and GUE encapsulation action

Open danameme opened this issue 1 year ago • 2 comments

Change Scope

  • Add support for policy forwarding match on next hop and GUE encapsulation action.
  • Move the encapsulation-header-type to a common module so it can be used more generally.

danameme avatar Oct 24 '24 22:10 danameme

/gcbrun

dplore avatar Oct 24 '24 22:10 dplore

Major YANG version changes in commit dc39a8e6144a45a3c336330ee475c4c1d838cb83: openconfig-aft-types.yang: 1.2.0 -> ``

OpenConfigBot avatar Oct 24 '24 22:10 OpenConfigBot

/gcbrun

dplore avatar Oct 31 '24 23:10 dplore

Regarding implementations for this policy language, we are pursing support for this from multiple vendors.

dplore avatar Oct 31 '24 23:10 dplore

/gcbrun

dplore avatar Nov 01 '24 00:11 dplore

Can we link another implementation here?

robshakir avatar Nov 06 '24 21:11 robshakir

Can we link another implementation here?

There is only one known implementation. We are actively engaged with multiple vendors who have agreed that this is feasible to implement on their platforms. Finalizing the OC model helps complete the specification.

dplore avatar Nov 07 '24 02:11 dplore

A few comments that I mentioned during the call today:

  1. arista reference does not describe the policy-based implementation with the NH match criteria
  2. it does, however, describe the encap based on statically configured NHG.

It would be good to a) find a correct reference if one exists b) explain the motivation of why do you want to do this via the policy instead of static config of NH/NHGs. From the current description it is not clear if there's a reason for it. (perhaps there is, something like a dependency on dynamic routing protocols?)

In addition, could you please elaborate on possible combinations of match/action rules? Some of the PF actions can affect the egress lookup (e.g. next-hop or network-instance actions), so I think we should clearly indicate which combinations are illegal (can i combine next-hop match with next-hop action?). Would be nice to add (to the PR description) a few typical combinations to illustrate how this is supposed to be used as well.

Last but not least, I'm a slightly perplexed by the mix of NH and NHG constructs in the proposal. If there's a desire to match on a next-hop IP address, what is the role of the NHG construct there? This doesn't seem to be well explained

LimeHat avatar Nov 07 '24 17:11 LimeHat

I discussed offline with @danameme and this will receive a major refactor. Please standby while Dan prepares it.

dplore avatar Nov 13 '24 08:11 dplore

hello dan just following up on discussion regarding prefix. please refractor IP to prefix" dest-ip for udp, gre and ip containers to use a ip-prefix instead of ip-address ". thx

AnnamalaiRajeev avatar Dec 03 '24 18:12 AnnamalaiRajeev

Hi All,

Based on feedback, a new https://github.com/openconfig/public/pull/1234 has been created to use static route with next hop groups approach to configure this. Closing this PR so all discussions can happen in the new PR.

Thanks.

danameme avatar Dec 17 '24 01:12 danameme