Re: [Idr] clarification sought on rfc4360 non-transitive extended communities

Eric C Rosen <erosen@juniper.net> Fri, 14 April 2017 14:59 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A3AF13013D for <idr@ietfa.amsl.com>; Fri, 14 Apr 2017 07:59:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.912
X-Spam-Level:
X-Spam-Status: No, score=-2.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z_aYYm6kSnDz for <idr@ietfa.amsl.com>; Fri, 14 Apr 2017 07:59:06 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0127.outbound.protection.outlook.com [104.47.38.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAC38124D68 for <idr@ietf.org>; Fri, 14 Apr 2017 07:59:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kLFATZy8f0HNcPqo3XrjDdTMHcV+k8Xp9WtFespzn7c=; b=gRWqrDaJeW72uZCpi+5tEgbmHT0yJH/4qa02scGsV5psmXS5mDMzc6EnVPhqIo6AXo6qNEHpBIbh7Tg7peusHwr8/lxsmAxtMCTg00HzYF4V3yQb/yI0MO1PE+1COnpb9ycvhQL0fCW0fbE5fwQhNLlVDbCvfSzVTwCPfXPBVPQ=
Authentication-Results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=juniper.net;
Received: from [172.29.35.180] (66.129.241.11) by BY2PR05MB2181.namprd05.prod.outlook.com (10.166.112.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.6; Fri, 14 Apr 2017 14:59:02 +0000
To: Job Snijders <job@instituut.net>, idr@ietf.org
References: <20170414134435.tpocpyuappmbcam4@Vurt.local>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <c5f761c9-2a9f-3353-17f9-aac4fca2c07e@juniper.net>
Date: Fri, 14 Apr 2017 10:58:57 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170414134435.tpocpyuappmbcam4@Vurt.local>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [66.129.241.11]
X-ClientProxiedBy: BN6PR1301CA0009.namprd13.prod.outlook.com (10.174.84.150) To BY2PR05MB2181.namprd05.prod.outlook.com (10.166.112.9)
X-MS-Office365-Filtering-Correlation-Id: 5930de6b-4ad9-454f-c160-08d48346ca51
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(201703131423075)(201703031133081); SRVR:BY2PR05MB2181;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 3:5SwEa7FYmvNEv1cwAfHB78idq7yF3PMRRBFwMVaya8MnclpXLfaOzmb3FK8Cz8DINOfwy74VmXEba/+HwnrcMbyx4jwQntK7bHbpyAIozZsQgkuQwy7cqdUmCrQqHRmIAscIT5TDB9fFD5FwdJBEEwsYLGOyMDDlMXttkausHfUFq++xlaPR/QVj5945m42mF8oJhFNeMIWai/G6I/xk96ljghCMUR40A2nzeWq9Y2SvDJ6sunxKnG7uJUMrvxCnVNa4F2aptmRGqRzxEiA27NQpVk8bL8eirOdhZ3+dwlX06hQNwH578drBQMFksTvt5Bvdf7fq7lUAXfr99e0WeFwoptXc0ZjlSDWf0HHA61w=; 25:N3yF1eV1pB5TN08+V67gvxRe2tpWw0p3BKxpsYkNMraCOX1bzrnmcLzHWEyKbolgaqPK55waO3n7TxVCuDM/39gnL9hVnBUkBccMlvAQCIdhXVnsK9F5fLo2/vqt5a5lWbUQQqqbbSJGS4S5XeaJHepOaB9V9nFEQUxqmEyUF5frVvH20sE1g2qs9IcTv/sw0vuwluLcCIbn5mxfYRdI92XTWekuQERfH2kSufBi+d6/W65yZD+k1l6do6aC7c6FxvsXkhd2g1x7DdD/iobIJRohofMhtiDg3v+75qktFtFQ2ugL06GE3p5SBEPQK3HfhgeNYKtmH+NexAdlPWfnfhVN1P/4tDpeLXzZZOKrF+SfmHSfimnvfxcu+i5lM11c7CgUKjzen80BDmmNIIFOWrn8/z5lxys72rsEXiYRYissf4xIEVs2Vci2xMTySixxA9LmQexCcRcQmAdF8+1SN6ND197x7PlCBtMANWEFot0=
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 31:qSDpS92CfynEH+CayKp3TocPiHGIDRs2K/z1Ng7roX++Yaea/QG005M53R7OUQpb4rbEqgMd9jtM20e3scrzo/INdIF7ylea+Q3AkKKBBi09jhXsPxwtaC/vozEEwVHM2wJ/v6wSObWr8O8Ci3E3EXiRHFcEVLBJMxpO+zgIWGh6uOlDS+HEcftqjfpw0zr3i9TzzhP24ABVkb6QEbHpNBv3qvtbpOEj7+T6vzZSX6A=; 20:5t8J5iXLKu+DpQ4sTFObl7Qhfk48DM6F/pwb6/KNr0znzObKgOsDXJTY+PNHVTZKa0sbM/rzNQTqDr2Fq3hCuTFNyL9Jy+3G6YQ3NIUTfC+2yEs9ZvRo/LUYcIB2p+gn47dsxmikF38o/rsKFn3mJqx9w7C89Fsf1584TzIhPMUmItiIk9SWW33Abih7pL19vEcpd9mAkEQxJfBaRwzGBMbOnhOD8LKurW//Eylrs/IC32aNHTnfi81tpWfNNxwxTjUJpUCpdY7y22SUsUm4G9VRgF8VnXJss2RL6Uo118d9boBfPe2Gb2TGJGSnUO8zx97Bk+Vr1Zc6WWhu0OvSpcnzrawaCWmzFqkR3U9SheuiO9H0GsWXvkLT1b3MJu/oVvAqaQ616gVBZF5UpoXOEflsL95NHqjPwiJYSaq+wqDFoGBnu5AZ84sKnhm2fyo7wckNMYg493O9ZJQwBkIZ+ZexPHF+I3TwUtFnwqipd5f7x1KRLf+V3p+7JeOssKlcN46idiFOZJ6R4sMqe11mJ/aSstvE9kIrGP9sZZU956mCO+2cggY5OXcMuHPg246f0hZvLshWdM5FaTVGvcfWAnph8L7Wo1jHfCMiQkdKBRs=
X-Microsoft-Antispam-PRVS: <BY2PR05MB2181A91FFA9B82E2CB09B920D4050@BY2PR05MB2181.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(278428928389397);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123564025)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(6072148); SRVR:BY2PR05MB2181; BCL:0; PCL:0; RULEID:; SRVR:BY2PR05MB2181;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 4:4WEiEx0F3M3UlwlXvv52+QmBBc1UBBgxv1mG7cv5sUyuS2KPrYnUYNbq1cw8ACg0geoz2siFHwcSpub54Lv5JCuASk3E2jUBDUl7nDoi6uQEUAwGzpzdJcakPmGzVIKwc2AXIP6eTGcEyAQq0TdbejJE/YO2ZIPrXsvEIuUbDLASUUiH4jr85Ve9o0TFc7uS00PTIxfchaGmD+IFP3jHtVDzjrLeryhRJFPcE4ew6DpWq8HbfMgeHA8mZinruW7b9qSaFgN6GNw0Ht7l+WkkzHElhzQPwctr5gN2/tOdmg7sLL0KzGiydnGHG0skT+6MkCC5ktY9brU9Hvps9/rsLHqFXUZ3PLhmu05O/7WfH+NQWtxhZdE0XZZZ/QxK0BIJtbFQILPAxiby0QTTSdVM6W1OhADszjoVVRxdCE1mgerrq5FuiB9t8aRPfBg9hDbWAhgGhE64wm9A+QuvJaFRnzZ3+NOLK2jJe4BPfcVyeX+j1G/xJCqd2RMYaZmmwhgpwxxVvK8FR38vGAfABYNfLfNYXTjiG4NrTiOjRZKNqGzo0pQQxwkRh3ddwjGHLditvA3pPRrKl9LdDKZpMyhvWdAFKv7+HvgOSfQoK5I0vwL5wRdIcmTOcTE1NHJ574aEoFo3bW4Lc+lawMOiGgY2p7ZiX7lRvgKjCDU6W2WZu6kTON5QEYQ4Ll75XyGGeptkvqOVN0TEo1a+l3bhNZf2zNgMHq3yFlulOM4CX0XcFQQf26y17bWtElUoN8lD0xjN5Hi3HIsbMjrCdQ8sdUc0S4paKxHvITEJnh/fIxfkmvE=
X-Forefront-PRVS: 02778BF158
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6049001)(6009001)(39850400002)(39410400002)(39400400002)(39840400002)(39860400002)(39450400003)(24454002)(377454003)(66066001)(50466002)(36756003)(25786009)(3260700006)(53546009)(31696002)(47776003)(86362001)(38730400002)(6246003)(8676002)(81166006)(33646002)(189998001)(4001350100001)(229853002)(23746002)(53936002)(42186005)(83506001)(5660300001)(31686004)(65826007)(7736002)(50986999)(305945005)(54356999)(77096006)(230700001)(6486002)(2950100002)(2906002)(6116002)(6666003)(90366009)(3846002)(76176999); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR05MB2181; H:[172.29.35.180]; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 23:Vm3d9ZDAPt8iiqn7Le4wDaUqCXplV4hV1k16F8+XRwNwpd4ysZNQcvXdE5BVwm3YaT1II3V7RGvcI2e4tLa9jqL+LD1syAjGN4wRdaKOSNiF43z8VsOh9rCMvjARZObKCb1xg3/ciMhqMCcSkShO5c/kuXVwnj32BIidaYZrWruhPerxI3u+01atcfLR06FofRalzwqAyfZ7H/HTG59tcwbUL0BLZqf8l4Hkaa929rsXfgTSxtq0J9AVF+i/G3Isx8RBr7PjiqG19rdJ+Ci0LlUEnKTVP6HkAf196/nz6veMa2tReHYB+vlfP+ta0kWf5RnIho/cr4CVHRcVTLuzR89XTHEJ/y4TtGEM1dLuKMGwFj9pEMNAzlwkhGXeGwYTIAcOfoSafgy/sh0CaYawQQPXkt0YX4f/WSRbHMkwwIuabJ47Itu4NBmG51m1QiFVJot61wkJUAzPta8Af7yzHJMj0jtGXV0wF7zLvkLG3ZcuSigH0R8KiN8lWD4CDu0fK8mE4141VlQAHqz5GMOLZ6iy11f3uiQoHUIxo5MDJdvHQtn3pSHXbFlMv0T+wsun0kODlBhx7M7BFf4/fJ2Yj60qzpj8nfyHjeilmYVXjYDvVf0HyBVIadzSHLNgkwNrN1tPAKV8PKNXh0IxgecXpBrP/CdKjEAZ1XEXQVVwcvy63/jxHyf+8LGlV73Ss1KNoMSjE2XFCT3W4BztDEmLskp+p0aUzDIR/BDuA8rCseCWbQ9cIwMQF5R8Q0KAy5g78b4luVTq4JZVgQ+LuS6y8g4tpxVlM6xht6VESeQ3lTLlZaZYQxJcmopAiMZQayjQMFlVVK+dJBacqPRbhr/e74AWAwND2J9vs5ZiL0gIyHEdc/9Zx05mHyoKCK3moT2gPPWCa4NGzdmsODGkGyZdwosLhM+frXv+hcGphhOaLqnAlUu5TxCzoZ2gEICEGSU1+HIUcrFwIbSUphrRcogOOgNfzZcnh2p1SedaRmDDI7Rd48s3UaAFNil5GHeS62dRDdJI9PeyKgQnMEmxaxdKLIFOefcQ/ZdpO6xc5JP8oZ0EVmq4+MAXTdjVrwRALE+ab83BV0pMOtUMQZvSqbuvY/Hhg2DAvdp/6zZ7uV6z07VWmpYayZHEc02XErvIxMbhL/DRVSwfgdadOTDklbW8LGYoiW0C4Nyx2nILhp+FyJPJ995k9fLpHP+opVLFOwF2vZEMRwgjs6hIFiMtjCFZPw==
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 6:K87gFe0U4Pe8K46auKI7g156NvzlEXLa7VQQY3rgkPXdJddK7YgXTmRUtvEedn//LHA3o1AvkvBsafbYKB6nDljpurdhZRGFiOromzpxBDwZlK8GuQ/sXJbV0J1gEaxeeTCKoOcca/X7UxqwjlZ9TNDnBR5mYep2ueEzQZrzxBR5awaVhd1ZLOGhDtx5eJQRVuLfeU24KJj0gSNcem/kaylbnfsw/QvZD8P8Ot7hZBg5yzrj/47tufndcjdKykT8y4Yecs2fYlNIrW+BuBVl3F7WrZuG58L2o9N1oKLG9WJKiG/IMu3yPhVTcqCK8o3T/lxVP8uk5D/YOf9gvSrxgHJWvyG67vJtwAyz+77rpxrCoiBbi6biRoPKnsjE6/K/1oTTURTsLtf6d6aKfgPjlY9REROqXev27N3qMbM9mcYzQvXrHBRX8M1gFUnJ8Wo7Z18Q2N5n6jcUjHvuU9UlySpYhWEoeFjnSozwDkK/4sI=; 5:D7YMWMCTl1ZeKx3Zah7sjeu+2PcTkq1LMPFrfNYENiyJkcYr/MVyd6VZoJ3M5OI1opAU+vSPaB190i5lT+kE42ln8Sfqqznu9iwMFqaT/sPvp7I/rFC5Cr46TOzczy/bEWIyX6qZPCvbv6l80p8ayC1iEwzoVh0wYI5da71I+iw=; 24:z0mpf+1In6cKaZoPEoPj5zExJdArhZ1JbX4ZMi9XZJV/6cyAyQ2VbBf02oYZ66STfr2yK4AxRlUEHtt9AVC4emQoCqgjxiYY5ENwMx8gZ9Y=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BY2PR05MB2181; 7:S1ZWmMoZQq/nEcZMS6iMvfEYyj+uGxZMZX36WBfkIbRCx2mBjFlM/ZDsJmri/kUEKunuFyPKcIq4eOlgGb+vmKqDgiLxewwtdNqgvHixGXSaxElP+23dw2LfbZ90exaEL8W7EPsmA6tZYeXfnAGoP8ww4iqt3RF62JHUQLLPk3UiTqYOjN98kp68/4UqftKhqSMs0LmmN/OxCf9UcQUuK/MKmM0ZBTj65JdNXabQp8O5h5Tu/Ul12q7i5VeGG4KFAG0pt61anPbESlbTURkLqCwoDsiibBdoxii/WxBKJ91VFBkmcvxw/VCa/Tb7szhriCgOoooAjNkzHccG5r4PIg==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Apr 2017 14:59:02.4512 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR05MB2181
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/0gy_OUhshX7mjJDAZM97i2BPxHs>
Subject: Re: [Idr] clarification sought on rfc4360 non-transitive extended communities
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 14:59:07 -0000

On 4/14/2017 9:44 AM, Job Snijders wrote:
> Hi IDR,
>
> RFC 4360 states:
>      
>      """
>      If a route has a non-transitivity extended community, then before
>      advertising the route across the Autonomous System boundary the
>      community SHOULD be removed from the route.  However, the community
>      SHOULD NOT be removed when advertising the route across the BGP
>      Confederation boundary.
>      """
>

You'll note that there are very few non-transitive extended 
communities.  Extended communities are usually used to carry parameters 
of various BGP-based control protocols.  As such, it would be nice if 
they could be scoped to the "domain" of the control protocol.  The 
transitive/non-transitive distinction was a somewhat primitive attempt 
to provide this scoping.  Unfortunately, the boundaries of the control 
protocol domain are rarely the boundaries of the AS in which a route 
originates.  So this particular form of scoping has not proven to be 
very useful.

> For my edification, I have two questions:
>
>      o   Why was nothing specified for the behaviour of receivers?

Since the authors are either retired or in management, it is difficult 
to say for sure.  I'd say there are two possibilities:

- Sloppy specification writing.

- A belief that if the transmitter has decided to send the 
non-transitive EC over an AS boundary, it may have a good reason for 
doing so, and the receiver shouldn't second guess it.

I'd guess the former.

It is of course true that receivers have to be careful about getting ECs 
from outside the domain of the relevant control protocol, but that's 
true whether the EC is transitive or non-transitive.

>      o   why is it a "SHOULD" and not a "MUST"?

I'm pretty sure it is a "SHOULD"  because the authors thought that there 
might be applications that need to violate the rule, and hence it should 
be allowable to have policy that passes the non-transitive ECs.

>
> Is it a "SHOULD" because Extended Communities are wrapped in an optional
> transitive path attribute, so strictly speaking, the non-transivity can't
> be enforced anyway, since a middle-box might not understand the Extended
> Community?
>
>

Well, that's a possibility, but I don't recall anyone worrying too much 
about ASBRS that don't understand the Extended Communities attribute.