You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: rfcs/rfc7-client-route-liveness-probing.md
+12-14Lines changed: 12 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -51,7 +51,7 @@ ICMP echo probing was selected for its simplicity, universality, and backward-co
51
51
52
52
### Integration Context
53
53
54
-
The probing subsystem integrates with the existing **BGP plugin** in `doublezerod`. Each service type (IBRL, IBRL with allocated IP, multicast) can declare whether route probing is active. In this proposal, probing is **enabled only for IBRL (without allocated IP)** mode.
54
+
The probing subsystem integrates with the existing BGP plugin in `doublezerod`. Each service type (IBRL, IBRL with allocated IP, multicast) can declare whether route probing is active. In this proposal, probing is enabled only for IBRL (without allocated IP) mode.
55
55
56
56
<details>
57
57
@@ -187,9 +187,9 @@ sequenceDiagram
187
187
188
188
The probing worker periodically sends ICMP echo requests toward each destination.
189
189
190
-
- Echo replies are received either by the **user-space ICMP listener** or directly by the kernel’s ICMP stack when the route is already installed.
191
-
- The **Scheduler** determines when each route is probed, introducing jitter to avoid synchronized bursts.
192
-
- The **Limiter** bounds the number of concurrent probes to control resource usage.
190
+
- Echo replies are received either by the user-space ICMP listener or directly by the kernel’s ICMP stack when the route is already installed.
191
+
- The Scheduler determines when each route is probed, introducing jitter to avoid synchronized bursts.
192
+
- The Limiter bounds the number of concurrent probes to control resource usage.
193
193
- Each probe runs with a per-probe timeout, and the listener automatically restarts with exponential backoff if it fails.
194
194
-**Liveness Evaluation**
195
195
@@ -328,7 +328,7 @@ The feature introduces no new externally reachable services or credentials, and
328
328
329
329
## Backward Compatibility
330
330
331
-
Route liveness probing is designed to be **interoperable across mixed client versions**, ensuring that enabling it does not break communication between upgraded and non-upgraded peers.
331
+
Route liveness probing is designed to be interoperable across mixed client versions, ensuring that enabling it does not break communication between upgraded and non-upgraded peers.
332
332
333
333
### Compatibility Matrix
334
334
@@ -347,19 +347,17 @@ Route liveness probing is designed to be **interoperable across mixed client ver
347
347
348
348
### Deployment Considerations
349
349
350
-
Initial testing indicates that **approximately 7% of existing clients do not currently respond to ICMP probes**.
350
+
Route probing will ship as a disabled feature flag in initial releases. Operators can opt in for testing, but it will remain off by default until the subsystem has proven stable and client ICMP responsiveness is broadly consistent.
351
351
352
-
These clients will appear unreachable to peers performing liveness probing, even though routing and forwarding may still function correctly over the control plane.
352
+
Early testing shows that about 7% of existing clients do not currently respond to ICMP probes. These nodes will appear unreachable to peers performing liveness probing, even though control-plane routes and forwarding may continue to function normally.
353
353
354
-
To ensure consistent behavior, the **first phase of rollout**should focus on enabling ICMP responsiveness across all clients, regardless of whether route probing itself is enabled.
354
+
The first rollout phase should focus on ensuring ICMP reachability across all clients. During this period, probing should be enabled only in controlled or opt-in deployments, where its behavior can be observed without affecting reachability. Once ICMP handling is consistent and the subsystem demonstrates stable performance, the feature can be gradually enabled for broader use and eventually made default-on in later releases.
355
355
356
-
Once universal ICMP handling is confirmed, **subsequent upgrades** can enable route probing selectively or by default.
356
+
During the transition:
357
357
358
-
During this transition:
359
-
360
-
-**Mixed environments remain compatible**, as unupgraded peers still respond via their kernel-space ICMP stack when their routes are installed.
361
-
-**When overlay ICMP is unavailable on the destination**, replies will return over the public internet rather than `doublezero0`, and are treated as probe failures.
362
-
-**Full overlay-level reachability validation over `doublezero0`** becomes reliable once all clients are ICMP-responsive.
358
+
- Mixed environments remain compatible, as unupgraded peers still respond via their kernel-space ICMP stack when their routes are installed.
359
+
- When overlay ICMP is unavailable on the destination, replies will traverse the public internet instead of `doublezero0` and be treated as probe failures.
360
+
- Full overlay-level reachability validation via `doublezero0` becomes authoritative once all clients handle ICMP properly.
0 commit comments