IETF Logo Mail Archive

Re: [Idr] draft-ietf-idr-bgp-extended-messages-12 WG LC (5/24 to 6/7)

Robert Raszuk <robert@raszuk.net> Thu, 26 May 2016 11:20 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADB5B12DD39 for <idr@ietfa.amsl.com>; Thu, 26 May 2016 04:20:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aureuA6jSRxP for <idr@ietfa.amsl.com>; Thu, 26 May 2016 04:20:17 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B0F12DA1E for <idr@ietf.org>; Thu, 26 May 2016 04:20:10 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id w16so18897074lfd.2 for <idr@ietf.org>; Thu, 26 May 2016 04:20:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=RW5eT8cayYalb21Szp1L4LaP+K54rLLoBaaBfwhE5eQ=; b=YF2QZXCYChzFcay9EcLt42oYylTCK+P61t4nTlznCG1vFzWt6XaybXdCn1UG3hQv17 eJUseJAmxxiGYHCAfACBsipp0Ro9KX8LAQwMn75tgGzbsJvt/UUVm7FxjNlA2ruX2jLA 38XJEwmxnfGtpdtHbMXsxzAYz4Qf3I2TS7QCPzFhI6Dk8HDASX25lgU5ldQqljLEQlAJ fND7fb0N+l/njwOMNOLrw1JVivS5rqeHwo4mzop0jzeE+Uq9Bz6X3X/tnT0fMY9pYPsW Y4irm20oJtDFyl0b1OZalwwJsvyET5/f+nTG5rO68/Csd8ZhM7+qmHLep+80t3ieV7p1 J6Mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=RW5eT8cayYalb21Szp1L4LaP+K54rLLoBaaBfwhE5eQ=; b=YPaOtYkRxOO1/VGSOC7qDkkXJAApzWE9pbsOqfkgeynOfue3REsQBg9Y7OwlSzTsLz dTtKjsJb2G2Efh1bnrBebjcRV0s3CZJobo/z/EuWzbaX4Ybi328xcmCmxa59XLv3n+Wv FbAJGdxPGTmrtpdggjT7A0whastS76zrrNprtNo4NOzIAOs3XZDJ8XyOFca+LtLiUqdq +VXr1y5VCLmq7OKaXx+R/HTMzr0SWNJ2L+10V2pOGbks9/87h+RgtjnRmxZodjfxFnf/ UzhpNqtwN2NKdubYNw5tHk1OhE1IIoizcRbvVg6ewsdL/+lJf/qRLteTe0LXVPejl1Lx 0W6A==
X-Gm-Message-State: ALyK8tKr0SL0PM8LW5nY/X4ZqdUWNvSWCh3jCJysWJ3NXejtUDEvbvEYPgWuYDcxfAFwjgTml4w7REO3raEAiA==
MIME-Version: 1.0
X-Received: by 10.25.87.65 with SMTP id l62mr2209372lfb.4.1464261608358; Thu, 26 May 2016 04:20:08 -0700 (PDT)
Sender: rraszuk@gmail.com
Received: by 10.25.134.196 with HTTP; Thu, 26 May 2016 04:20:08 -0700 (PDT)
In-Reply-To: <15012_1464254328_5746BF78_15012_699_1_53C29892C857584299CBF5D05346208A0F8D0469@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <037f01d1b5fc$bfb596f0$3f20c4d0$@ndzh.com> <13146_1464170675_574578B3_13146_4888_1_53C29892C857584299CBF5D05346208A0F8CD227@OPEXCLILM21.corporate.adroot.infra.ftgroup> <D36B14EC.40818%keyupate@cisco.com> <15012_1464254328_5746BF78_15012_699_1_53C29892C857584299CBF5D05346208A0F8D0469@OPEXCLILM21.corporate.adroot.infra.ftgroup>
Date: Thu, 26 May 2016 13:20:08 +0200
X-Google-Sender-Auth: bLhSdHDQRFp7ScgW9Jw3kYIa5dg
Message-ID: <CA+b+ERnzfsTT4-myQoyoHLNcf3QdTBPugvAXJKHse+KYrXk9RA@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
To: Bruno Decraene <bruno.decraene@orange.com>
Content-Type: multipart/alternative; boundary="001a11418d40064fe60533bcf9a9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/2lu0ShPl0vgE9muwQRtYcGrgUfo>
Cc: "Keyur Patel (keyupate)" <keyupate@cisco.com>, "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] draft-ietf-idr-bgp-extended-messages-12 WG LC (5/24 to 6/7)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 11:20:19 -0000

Hi Bruno/all,

“A protocol designer or network operator needing to advertise, outside of
> its AS, a BGP route which size would require a BGP message larger than 4096
> octets should take into account that it has no guarantee that its route
> will be propagated as expected as a downstream BGP speaker might not be
> compliant or might not has enabled BGP extended messages and hence will not
> propagate the route. This is especially the case if one expect Internet
> wide propagation of its route, which seems highly improbable until a few
> years/decades”.
>


​The above text which very true triggered few more observations:

​- As this is WG last call implementation report (even on the wiki should
be available) Can we get a pointer to it ? I do not see it on the IETF page:
https://www.ietf.org/iesg/implementation-report.html

- Did implementation report (if even completed) included the set of test
cases say with large AS_PATH or long Extended Community (stuffing a lot of
RTs as described in RTC backwards compatibility work) to make sure that
most popular BGP implementation can handle such large attributes without
crashing ? Otherwise enabling this would be an excellent attack vector in
the Internet.

- Do we have an agreement that this will not be "ON" by default, but will
be enabled only with a knob ?

- How do we detect if this is supported across the private AS/public
Internet zoo of routers ? Should we have a protocol tool which would allow
to detect support of extended messages at each BGP speaker and if not
report this as an error to the originator of the large message ? Sending
large BGP message if not supported by any remote peer by any BGP speaker
along the propagation would trigger reporting it back with new ICMP error
could be one approach. I am sure there would be others ...

Thx,
r.

v2.23.0 | Report a Bug | By Email