IETF Logo Mail Archive

Re: [GROW] BGP Looking Glass Capability

"Rayhaan Jaufeerally (IETF)" <ietf@rayhaan.ch> Sun, 25 July 2021 21:58 UTC

Return-Path: <rayhaan@rayhaan.ch>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8816E3A0AC7 for <grow@ietfa.amsl.com>; Sun, 25 Jul 2021 14:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.652
X-Spam-Level:
X-Spam-Status: No, score=-0.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rayhaan-ch.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6Ooi5RTg-gO for <grow@ietfa.amsl.com>; Sun, 25 Jul 2021 14:58:40 -0700 (PDT)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C65C93A0AB5 for <grow@ietf.org>; Sun, 25 Jul 2021 14:58:39 -0700 (PDT)
Received: by mail-wm1-x333.google.com with SMTP id l11-20020a7bc34b0000b029021f84fcaf75so6936634wmj.1 for <grow@ietf.org>; Sun, 25 Jul 2021 14:58:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rayhaan-ch.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LoWEY+16ATbLIH/nhyQWyZVrAyC01f47mSm3T5l7ijQ=; b=FHZVFeUMeJI7N1xj/BKq0F1vDgcEFB164G32qvoWO+b8tOyB3sM4jGiVD46di6uXJp yno9+26HKpcoVQld+ecpSIHXDk8Bdr2W/PH/xE8FcQEoBs6ebLZtOWWvInME2xExWQ5t GlbJc3N44bAsGQxgahez5CY6OkM12Yyf/EVzH90WlvuxUri11LEp8NvxMnDbWEVC2Ihx 6dXWVV2TnL4oGIbPRBlF8+Fa35n++qx2OPn6KJHBr+1fMDQbZQepj5Y/1xhl9EjMQFDh vaiadalhhd+hKytOfcYwkOBM+qNEXNua/5+DBSYXZNogm4FXdkzo0qvWf4WvElzgMiHP U/5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LoWEY+16ATbLIH/nhyQWyZVrAyC01f47mSm3T5l7ijQ=; b=N4TsQHyeqEdwgwJ9Te6iXngnS87dfdEksy7gP+DJG7AtRPK6lYdg5OHambqEGdK/yL 1eL57sXgsUQkcJyMGrXtVx536wfS7lScPgZ8V3SkEGAqW2hwFYRX8kaXwG9p47H6j/lC wToBkC0pOkx1sHDH+42pA+1v7MJ+9eanjQYyzO2aJJZOqfVjUMeHgFnNtz3NDf24mlZV JKdFVk07Z7XiYMxeVz2w4HKPI58BZvphqqrydoujtnCVMnIbf8M4XPN1rQxTgSIaOwyF yQmWzPndHY8wan6M/IR6hIuOE8zYqKp8u6Dmdarq2sqolryerrFHn+abYyJ605oPkE2K Fkjg==
X-Gm-Message-State: AOAM531FuyGQFA/dNLFIDyhP55EPwE+kA5pjzcb9VG78heo6d27IWCm1 GcyFUQA7NINCE6HThmEWXTd/i3bWXt5Q0EM2Lij0ng==
X-Google-Smtp-Source: ABdhPJymt7bhTBwJUdfkdW4jeF1AfljFBaUVgHRmy25b5CNfN0nXulL0/Xclv/kX72va9BYOyxKWvz8gFfzyBlbwnzk=
X-Received: by 2002:a7b:c2a2:: with SMTP id c2mr14461665wmk.89.1627250312374; Sun, 25 Jul 2021 14:58:32 -0700 (PDT)
MIME-Version: 1.0
References: <CACcWx2FN=o4chgOH6chbYkuCK82n2m+BCjfjpRPnM0qznBVQDw@mail.gmail.com> <5c549c8d-3e26-100d-0ee9-a5e3c6c40476@foobar.org> <YIWT6qece5NbuuJf@shrubbery.net> <CACcWx2EmV2s4gYBvmgcUXZTrbWEMzfuOz=CHkwFYkHw+KenZ8A@mail.gmail.com> <YIf1itmpLCoB/REi@snel> <CACcWx2Gcy=zp7Dw6L212H3TaHA8h=fHERh9n=GD+6Uggg5CBvw@mail.gmail.com> <CAOj+MMH1++A8PO3Sz2RY9jxYgesasUf+LnuCpi25+4_Vx+Bf8g@mail.gmail.com>
In-Reply-To: <CAOj+MMH1++A8PO3Sz2RY9jxYgesasUf+LnuCpi25+4_Vx+Bf8g@mail.gmail.com>
From: "Rayhaan Jaufeerally (IETF)" <ietf@rayhaan.ch>
Date: Sun, 25 Jul 2021 23:58:21 +0200
Message-ID: <CACcWx2F5E9p0QiLogjnZ2HnW8-FmjLrzz6828UdW+fmZe2UHZg@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: "grow@ietf.org grow@ietf.org" <grow@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d47e2d05c7f9bcb8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/fLIzMYv5W21JYwddZobLTLaGXv4>
Subject: Re: [GROW] BGP Looking Glass Capability
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2021 21:58:54 -0000

Thanks for the reply and the great points Robert,

On Sun, Jul 25, 2021 at 10:58 PM Robert Raszuk <robert@raszuk.net> wrote:

> Dear Rayhaan,
>
> Thank you for working on this draft.
>
> As far as your suggestion to use new SAFI to auto discover presence and
> addresses of Looking Glass servers across ASN boundaries I have
> nothing against.
>

Ah I just realized that you mention SAFI here, but when writing the draft I
was thinking about an AFI. Now that you mention it though, I was initially
thinking how a peer with a multiprotocol session would know which address
family the looking glass is for, if there are multiple. My reasoning here
was that the looking glass itself would allow for selecting the AFI through
its interface, so it does not need to be advertised in band. Now you
mentioned it though, it seems that actually using the proper AFI set (e.g.
IPv4 or IPv6 etc) and then using a new SAFI to carry the looking glass
address would be an elegant design too.


> As you know the alternative to exchange this type of information would be
> via defining a new BGP Message (just like we ddi this in the past in case
> of BGP Operational Message). But here perhaps you want to propagate this
> beyond single ASN peer so new SAFI may work better.
>

Yeah I took a look at the operational message and it is one of the things I
took inspiration from, to make the mechanism extensible to carry other
administrative payloads in the future. I think going down the path
attribute approach would be easier to implement since it reuses the
existing semantics of the multiprotocol path attributes. For example, I can
imagine looking glass reachability can use MP_REACH and then when the
looking glass is no longer reachable it can be withdrawn with MP_UNREACH,
without needing to add that complexity into the looking glass message
itself.


>
> I however have one major concern on how are Looking Glasses going to help
> to address your original problem ie. to check if my prefix was announced
> and accepted by peering AS.
>
> Note that ASBRs normally send only best paths. If best path was learned
> over IBGP (tie breaker was Local Pref or MED) ASBR may receive and accept
> your route, but that route would not be advertised to LGs.
>

Interesting, I hadn't considered this type of architecture where there is a
centralized looking glass that is fed from the border routers. From what I
had seen on some looking glasses like https://lg.he.net/ or
https://lg.twelve99.net/ they let you choose which PoP to perform the
lookup in. From that I had assumed that the LG URL provided in the
administrative message would be customized to be a looking glass for the
ASBR that the BGP session is with. Maybe one way to deal with this would be
to use the query parameter router field in RFC8522 section 2.2:
https://datatracker.ietf.org/doc/html/rfc8522#section-2.2, and pre-populate
that URL with the query parameter in the admin message.

When I do a BGP route lookup on for example the HE looking glass, I get
some output like

1 Prefix: 193.36.104.0/24, Rx path-id:0x00000000, Tx path-id:0x00000000,
rank:0x00000001, Status: BI, Age: 15d1h2m45s
NEXT_HOP: 91.206.52.201, Metric: 17, Learned from Peer: 216.218.252.82
(6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0, GROUP_BEST: 1
AS_PATH: 210036
COMMUNITIES: 6939:7215 6939:8756 6939:9002
2 Prefix: 193.36.104.0/24, Rx path-id:0x00000000, Tx path-id:0x000a0001,
rank:0x00000002, Status: I, Age: 15d1h2m45s
NEXT_HOP: 37.49.238.32, Metric: 127, Learned from Peer: 216.218.252.184
(6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0, GROUP_BEST: 0
AS_PATH: 210036
COMMUNITIES: 6939:7055 6939:8250 6939:9002
... truncated ... full version: https://pastebin.com/SxukdS4L

Which shows all the accepted routes, and then the announcing router can
look through that for it's own address as the nexthop? I agree though that
rfc8522 does not specify this and maybe a more structured output format
would be desirable to allow for parsing.


> The natural solution here is use of best external and add-paths to make
> sure LGs really get all received and accepted paths for a given net - but I
> am not sure how common that is deployed today on sessions between ASBRs and
> LGs. Last time I checked LGs get peering with RRs and get RR paths. Even
> with add-path there and no best external your original issue would not be
> solved.
>

I think using the router query parameter / nexthop lookup would solve this,
but I may have misunderstood the setup / problem, so please do correct me
if this would not solve the issue.


>
> So I would recommend that we review this point before focusing more on LG
> auto discovery mechanics. Btw this draft if progressing should be IMO
> discussed in IDR and changed to Standards Track. But GROW is an excellent
> forum to first make sure if the entire idea proposed here is sound enough.
>

Sounds good, I'm learning a lot through discussing the proposal here and
I'm thankful for the first rounds of feedback to get the document into a
better state before discussing it more broadly. I'll defer to the chairs to
determine if / when this should be changed to standards track, as I think
there are some prerequisites for that?

Thanks,
Rayhaan


>
> Best,
> R.
>
>
>
>
>
>
>
>
> On Sun, Jul 25, 2021 at 9:24 PM Rayhaan Jaufeerally (IETF) <
> ietf@rayhaan.ch> wrote:
>
>> Dear GROW WG,
>>
>> Following the feedback previously on my looking glass draft proposal,
>> I've updated the looking glass draft (
>> https://datatracker.ietf.org/doc/draft-jaufeerally-bgp-lg-cap/), to move
>> away from a capability mechanism to a new AFI which uses the MP_REACH and
>> MP_UNREACH messages in the BGP multiprotocol specification (
>> https://datatracker.ietf.org/doc/html/rfc4760) to carry an
>> administrative message. This administrative message is then defined to have
>> a payload type that carries a URL for the looking glass (LG), as well as
>> the ASN that is operating the LG.
>>
>> The advantage of this approach is that it allows for propagating the LGs
>> of upstream peers so leaf ASes can check prefix reachability in peers not
>> directly connected.
>>
>> Looking at the development of the idea, I think it could make sense to
>> split the document into one for the administrative message and AFI, and
>> another for the looking glass message type within that.
>>
>> I will present an overview of the draft and the expected use cases during
>> the upcoming GROW meeting at IETF111, so feel free to either comment here
>> or ask a question in the session if you have any feedback.
>>
>> Thanks,
>> Rayhaan
>>
>>
>>
>> On Tue, Apr 27, 2021 at 1:29 PM Job Snijders <job@fastly.com> wrote:
>>
>>> On Mon, Apr 26, 2021 at 01:16:55AM +0200, Rayhaan Jaufeerally (IETF)
>>> wrote:
>>> > > Consistent API that serves RIB data
>>> >
>>> > Initially I tried to avoid defining the exact API of the looking glass
>>> by
>>> > pointing to https://tools.ietf.org/html/rfc8522, but unfortunately it
>>> does
>>> > not strictly define the response format instead leaving it up to the
>>> > implementation what to return to queries, which IMO is not very useful
>>> for
>>> > automation.
>>> >
>>> > As y'all have pointed out there is a wealth of implementations out
>>> there
>>> > that have tried to address this (and adding some others I've found):
>>> >
>>> >    - Paolo's pmacct looking glass document:
>>> >
>>> https://github.com/pmacct/pmacct/blob/master/docs/LOOKING_GLASS_FORMAT,
>>> >    - Birdseye https://github.com/inex/birdseye
>>> >    - CAIDA looking glass API
>>> >    https://www.caida.org/tools/utilities/looking-glass-api/
>>> >    - DE-CIX: https://www.de-cix.net/en/resources/looking-glass (which
>>> is
>>> >    using https://github.com/alice-lg/alice-lg)
>>> >    - RIPEStat's API, e.g.
>>> >
>>> https://stat.ripe.net/data/looking-glass/data.json?preferred_version=2.1&resource=2a0d:d740::/48
>>>
>>> Just to add to the list: there is yet another API-based Looking Glass
>>> targetting OpenBGPD: https://github.com/cjeker/bgplgd
>>>
>>> A demo is here:
>>>     http://165.22.27.105/bgplgd/summary
>>>     http://165.22.27.105/bgplgd/rib?as=22512
>>>
>>> Kind regards,
>>>
>>> Job
>>>
>> _______________________________________________
>> GROW mailing list
>> GROW@ietf.org
>> https://www.ietf.org/mailman/listinfo/grow
>>
>

v2.23.0 | Report a Bug | By Email