IETF Logo Mail Archive

Re: [GROW] draft-ietf-grow-bgp-gshut status?

Robert Raszuk <robert@raszuk.net> Fri, 17 March 2017 08:41 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25120126B72 for <grow@ietfa.amsl.com>; Fri, 17 Mar 2017 01:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.197, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6qyCnLtTyD0 for <grow@ietfa.amsl.com>; Fri, 17 Mar 2017 01:41:33 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE9A7124D68 for <grow@ietf.org>; Fri, 17 Mar 2017 01:41:32 -0700 (PDT)
Received: by mail-qk0-x231.google.com with SMTP id p64so59017466qke.1 for <grow@ietf.org>; Fri, 17 Mar 2017 01:41:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=kqwvxGum7gGeylUb2MkGTws8r0qcVY1D9lRzV7P8ocw=; b=cK5heV6c5RQDvttMUtkeMaBTA8QchWbUENGxRQHIPgzfvtIn1DR+qv4HQJjzpJJB2Y XwnCT8Icl0UNDMDB2F+jdZ1L0CNu3HFWAj2LNNb+7wBC7Ubd/lPSPKLVEFu/4cqgqg2s bhW5Q/fesxQyPsZbsQT/kDneLKHbcvpuVcF6xYodXln7GMKKRfH4DOtESyKAmmWiezTl zpy06n1auT6KK2tutu5sAVNbUahNDvh+bCrTVxLqQHwev89eYoSQ9tyoS8B9jRjcJRRx dqS1NGHgAK0IhRGyCAASSxF5P7cJ6wVodmC3DRLK+kaW/IumoNLlwUiYZZ7K75XnN/Aw a3wA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=kqwvxGum7gGeylUb2MkGTws8r0qcVY1D9lRzV7P8ocw=; b=OuoMDvTZcWO4NjvowhpZ8yOyRx4gglG5YaFytpAbzuvjZuzV0r8XSkyi+x9pwVf1/K Ev/lt9o/pqgb+X9fbfr6gz4u0DKWPH+3AgMT4GGExz7j377TBVpBx+8TpuOWoDWbhKGV TyNK3+wicH8YdGP4XipNq0oXs+b2QFd56qbrl181qogCxyUMK4g5/7F8/2Kf7aGtnhhe YXu3zERX31lUemsn9bS61dYDw8mt6K/+OvSNeyMkzF+HRJ/pyAztffENH41OIvxaylwM N3pYZoo8Xnc269tepDKFf795Ik+0OtHdtCoak+vrL245BqZn/3irdRONUq/ZtDhGoQ40 BKMQ==
X-Gm-Message-State: AFeK/H1WpNikeOh8aK3R4ZKx6jlWYODj89JNhimzttusw7eNwseQf6NYUiGc/tXwJw0mFly2Tl1lui/pdnBntg==
X-Received: by 10.55.22.66 with SMTP id g63mr11616534qkh.18.1489740091881; Fri, 17 Mar 2017 01:41:31 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.140.42.181 with HTTP; Fri, 17 Mar 2017 01:41:31 -0700 (PDT)
In-Reply-To: <11201_1489591587_58C95D23_11201_1310_1_53C29892C857584299CBF5D05346208A31C705A3@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <20170315131039.gxle23rupztnexqm@Vurt.local> <1294_1489586438_58C94906_1294_16108_1_53C29892C857584299CBF5D05346208A31C6FFA0@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20170315145416.iiox6dz4u53dkfn4@Vurt.local> <874E439F335FD742B8D1565730E537E0011C83F76C@ex2.workonline.co.za> <11201_1489591587_58C95D23_11201_1310_1_53C29892C857584299CBF5D05346208A31C705A3@OPEXCLILM21.corporate.adroot.infra.ftgroup>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 17 Mar 2017 09:41:31 +0100
X-Google-Sender-Auth: qHMiaW_ocWlRz8m8cRAh_uh7tT8
Message-ID: <CA+b+ERmBLtJunc+zAUC35TtMCJwXWW1CSniVOdmaREvFa8vF2w@mail.gmail.com>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>
Cc: "grow@ietf.org" <grow@ietf.org>
Content-Type: multipart/alternative; boundary="001a1147734afc0ce6054ae924c3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/mUNYbhFqa9qSh674SRU93DL_I7U>
Subject: Re: [GROW] draft-ietf-grow-bgp-gshut status?
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 08:41:35 -0000

Bruno,

BGP session can carry multiple messages. One is UPDATE MSG

Why do you want to nest indicator about session going down in the UPDATE
msg rather then just using new NOTIFICATION subcode say "Gracefull
shutdown" ?

Clearly it would not be backwards compatible but I guess this is no longer
a goal is it ?

The issue with sending it in UPDATE MSG is that you effectively need to
re-advertise the entire table just before going down which will in turn
could cause more churn in your peer's ASes and beyond.

Or do you want to came back to concept of defining a beacon prefix acting
as semaphore for entire session :)

Cheers,
R.






On Wed, Mar 15, 2017 at 4:26 PM, <bruno.decraene@orange.com> wrote:

> Thanks for the useful feedback.
>
> --Bruno
>
>  > -----Original Message-----
>  > From: Ben Maddison [mailto:benm@workonline.co.za]
>  > Sent: Wednesday, March 15, 2017 4:23 PM
>  > To: Job Snijders; DECRAENE Bruno IMT/OLN
>  > Cc: grow@ietf.org
>  > Subject: RE: [GROW] draft-ietf-grow-bgp-gshut status?
>  >
>  > I would be very happy with that outcome.
>  > We've been using this for ages, and would like to see it work more
> widely in our adjacent
>  > networks.
>  >
>  > Although not truly a fix for the transitivity problem, when we match on
> gshut from a peer, in
>  > addition to setting a lower-than-usual LP, we also append no-export,
> which prevents gshut-
>  > ed prefixes from leaking at all.
>  > I've never been hugely worried about the security consequences
> otherwise.
>  >
>  > Cheers,
>  >
>  > Ben Maddison
>  >
>  > Director
>  > Workonline Communications (Pty) Ltd
>  >
>  > Office:     +27 (0) 21 200 9000
>  > Mobile:   +27 (0) 82 415 5545
>  > Email:      benm@workonline.co.za
>  > SIP:          benm@workonline.co.za
>  >
>  >
>  >
>  >
>  > -----Original Message-----
>  > From: GROW [mailto:grow-bounces@ietf.org] On Behalf Of Job Snijders
>  > Sent: Wednesday, March 15, 2017 4:54 PM
>  > To: bruno.decraene@orange.com
>  > Cc: grow@ietf.org
>  > Subject: Re: [GROW] draft-ietf-grow-bgp-gshut status?
>  >
>  > Hi Bruno,
>  >
>  > On Wed, Mar 15, 2017 at 02:00:37PM +0000, bruno.decraene@orange.com
> wrote:
>  > > > From: GROW [mailto:grow-bounces@ietf.org] On Behalf Of Job Snijders
>  > > > > Sent: Wednesday, March 15, 2017 2:11 PM
>  > > >
>  > > > I noticed that
>  > > > https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-06
>  > > > expired two years ago. Can anyone offer some insight why it lapsed?
>  > >
>  > > In order to signal the graceful shutdown over the EBGP session, gshut
>  > > uses a "well-know" BGP community. Compared to using a protocol
>  > > extension, this allows a vanillia sender/receiver to handle the
>  > > information using a regular BGP policy.
>  > > So far so good. This is specified, implemented both with BGP policy
>  > > and automated by some routers, tested (both options).
>  > >
>  > > Now, for some deployments, the use of a non-transitive community offer
>  > > a better assurance that the community has indeed be originated by the
>  > > connected eBGP peer. The issue is that currently there is no
>  > > implementation of non-transitive well-known communities.
>  > > draft-ietf-idr-reserved-extended-communities is a short draft to
>  > > define non-transitive well-known communities. It proposed to re-use an
>  > > "existing" non-transitive extended community, defined for four-octets
>  > > AS: draft-ietf-idr-as4octet-extcomm-generic-subtype. But it turns out
>  > > that this latter draft did not progress and has recently been replaced
>  > > by BGP large community. The later do no support non-transitive
>  > > community.
>  > >
>  > > So after waiting for some years for
>  > > draft-ietf-idr-as4octet-extcomm-generic-subtype, this path has just
>  > > been closed. As of today, the possible options seems:
>  > >
>  > > - forget about non-transitive community. In particular as during the
>  > > BGP large community discussions, the requirement for non-transitive
>  > > community has been discussed and explicitly called as not needed. So
>  > > let's listen to this and do the same.
>  >
>  > I'd like to add a small nuance: For the use case of large communities,
> non-transitivity was
>  > considered an undesirable property.
>  >
>  > To be honest, if the 'gshut' community 'escapes' the adjacent ASN for
> which it was intended,
>  > what is the worst that can happen? That BGP speakers somewhere in the
> DFZ consider the
>  > path less desirable? This aligns with what is expected to happen in the
> near future anyway:
>  > the bgp session will be torn down and the path will cease to exist.
>  >
>  > In the case where no shutdown event follows (the gshut community is
> used as a traffic
>  > engineering trick), it kind of goes in the same category as intermediat
> networks prepending
>  > ASNs to the AS_PATH to make it less desirable, or fiddling with origin.
> If I were to consider
>  > "permanent use" of the gshut community a violation of my agreement with
> the adjacent
>  > network, this would be easy enough to monitor for and subsequently
> resolve at layer-8.
>  >
>  > > - have draft-ietf-idr-reserved-extended-communities use a different
>  > > extended community type. This is easy to write, but if this does not
>  > > get implemented, the value is limited/null.
>  >
>  > I concur. A similar consideration could be made whether gshut deserves
> its own path
>  > attribute or not.  Usually the nice thing about well known rfc 1997
> communities is their
>  > rapid implementation and deployability.
>  >
>  > > > What implementatations exist? A fellow operator told me that IOS,
>  > > > IOS XE has support for graceful shutdown, are there others?
>  > >
>  > > Same information on my side.  With the restriction that those
>  > > implementations only implement the transitive community.
>  >
>  > ack.
>  >
>  > I'm somewhat inclined to proceed with the gshut concept as a well-known
> transitive rfc
>  > 1997 community. What do others think?
>  >
>  > Kind regards,
>  >
>  > Job
>  >
>  > _______________________________________________
>  > GROW mailing list
>  > GROW@ietf.org
>  > https://www.ietf.org/mailman/listinfo/grow
>
> ____________________________________________________________
> _____________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez
> recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
> electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou
> falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged
> information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and
> delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been
> modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> GROW mailing list
> GROW@ietf.org
> https://www.ietf.org/mailman/listinfo/grow
>

v2.23.0 | Report a Bug | By Email