Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to 3/23)

Gyan Mishra <hayabusagsm@gmail.com> Tue, 16 March 2021 18:43 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3FDB3A0E12 for <idr@ietfa.amsl.com>; Tue, 16 Mar 2021 11:43:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pu2zTcvXiqL5 for <idr@ietfa.amsl.com>; Tue, 16 Mar 2021 11:43:20 -0700 (PDT)
Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB85C3A0E10 for <idr@ietf.org>; Tue, 16 Mar 2021 11:43:19 -0700 (PDT)
Received: by mail-pg1-x536.google.com with SMTP id g4so23216241pgj.0 for <idr@ietf.org>; Tue, 16 Mar 2021 11:43:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Q1Fv9o29mcdtgOcLcxJUL+7IqoBecieFvdjrTaCLqLo=; b=EpfAHAhKATuB2jIvcCDfYr/ZZodff0GV6VN+IjPh5hbtKs16KwcPweoGl5CSMJnema 26y5RPV0na5zV3bID6+SS19B7qz+x2fvSfMHqZ7aJAt91sGt2Vx01S31yqR27AgmKX+V 26ffv1aeuz/rL0jap96HYKd9BwwBnxCp3HO8gtlbivW6xQojUKrvgGrQ0Cpg9pdQMmuK UuRc30C1ycVRvH56J5KtbYX4TE1QndnBUVMWZP4d/cUioEQhb+sMYKVM7tExvLAqRm8+ U8VQEXNOeIVylSAebn0OgJ7jbsJcSsC37FnUHhK/6nQuhtw8dAfK9/SBaNoUx7gE8gLa 2Tzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q1Fv9o29mcdtgOcLcxJUL+7IqoBecieFvdjrTaCLqLo=; b=RwST5tAzjfDuOsDYXJ15BtGUKSBh1dzwOq5n1XnIymYDEs0210e3YlyDI6zRbRVNnc RKq0dKtSNmYETTq3bqtuSdAJDSuUdZDAER8LpjZWAm980vY3BvgD9RyhMVsLL5E02t5/ DlYWEuvGEXwpQg4rDLg848zGPTSIQw3gF+gMucErG6AZig0V2UQ1Jq1Nhb4jRML/wxg0 P03Kk5s0eSOKvQLEW6snMpOP0CoZ342S2uXmj36TGWrkKmy8xKhX+ZeAiUihcTMj1kVP PLUYyuK0PWMCCC251qW958JtGPNvaLwhnSAFu8DKvNCnauIklWXUUluMlJy5AmInAP9o vYFg==
X-Gm-Message-State: AOAM5327ZRo6Kbd2nqZPWd/Q0pnRLTtzNJS0DO/r1/h6FmknvfDnB/0A eNy2VIbHeqYfs4ukBsqkzoW525+wwc/97SW+yLtuGDuFYAI=
X-Google-Smtp-Source: ABdhPJzZiWC6FV1khF7O0G1SdVQPgIDwKTOwhZv6fSbofED3Tn1Zl9C3VY6dnaP/FyEAbJeqOgKLJq7QMVKVFtnsXTc=
X-Received: by 2002:a65:62c7:: with SMTP id m7mr953624pgv.50.1615920198621; Tue, 16 Mar 2021 11:43:18 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR11MB3207CF86CF2FBD56CA3EAD66C0919@BYAPR11MB3207.namprd11.prod.outlook.com> <CBFDE565-E501-4344-BF6C-53A541D50391@tsinghua.org.cn> <012b01d7170f$7ec90310$7c5b0930$@tsinghua.org.cn> <BYAPR11MB3207D4E973EE9ED170687E1EC06F9@BYAPR11MB3207.namprd11.prod.outlook.com> <015601d7171a$036be470$0a43ad50$@tsinghua.org.cn> <CAH1iCiqy3uu0SF2i9TyTRwCdt2d2Ud9+nUCtRG+vc2E-gwfLPQ@mail.gmail.com> <000501d71940$e9b87420$bd295c60$@tsinghua.org.cn> <BYAPR11MB320799969ECFDA66B32F2BBBC06C9@BYAPR11MB3207.namprd11.prod.outlook.com> <002901d71971$ed947f90$c8bd7eb0$@tsinghua.org.cn> <BYAPR11MB320729520FD51C969744AC7BC06B9@BYAPR11MB3207.namprd11.prod.outlook.com> <CABNhwV01QCvUmTwTYnmcULtaYJDhuLFru_39mCUeK5rinadtUw@mail.gmail.com> <BYAPR11MB32077BD8D34B329F9664D560C06B9@BYAPR11MB3207.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB32077BD8D34B329F9664D560C06B9@BYAPR11MB3207.namprd11.prod.outlook.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Tue, 16 Mar 2021 14:43:07 -0400
Message-ID: <CABNhwV197JUHraUKar8DK79yZdgEYiF402JuvaFkCYM=C5SL6w@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Cc: IETF IDR <idr@ietf.org>, "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006c9b4b05bdabbd4a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/3E0n8fNm_zp3xLWIHR5erokLGes>
Subject: Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to 3/23)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2021 18:43:24 -0000

Thanks Jacob for the history and agree  that attribute leaking especially
communities leaking and careful filtering at all exit points  is very
important to operators.

Kind Regards

Gyan

On Tue, Mar 16, 2021 at 1:57 AM Jakob Heitz (jheitz) <jheitz@cisco.com>
wrote:

> A story if I may.
>
> When I started at Cisco, I wrote the code for Graceful Shutdown.
>
> This was strongly impressed upon me: Operators do not like junk attributes
> leaking
>
> from far corners of the internet. Make sure you add plenty of safety to
> prevent
>
> the Graceful Shutdown community from leaking out beyond its intended scope.
>
> This sentiment was built from having to create the "send-community-ebgp"
> command
>
> that you reference below. Still, when an operator uses that command, they
> have
>
> to be careful what they send. Every new community used must be carefully
>
> filtered at all inter-AS points.
>
>
>
> Another example: the DMZ link-bandwidth extended community is
> non-transitive.
>
> However, the place it is most useful is across AS boundaries. But only the
> first boundary.
>
> So, we had to write code to specially send this extcomm across the AS
> boundary
>
> where the extcomm is originated.
>
>
>
> It is this experience with inadequate community transitivity that led me to
>
> devise the extra transitivities.
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of * Gyan Mishra
> *Sent:* Monday, March 15, 2021 10:10 PM
> *To:* Jakob Heitz (jheitz) <jheitz=40cisco.com@dmarc.ietf.org>
> *Cc:* IETF IDR <idr@ietf.org>
> *Subject:* Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> Hi Jacob
>
>
>
> Comments in-line
>
>
>
> On Mon, Mar 15, 2021 at 8:03 PM Jakob Heitz (jheitz) <jheitz=
> 40cisco.com@dmarc.ietf.org> wrote:
>
> Basically, we want to make a better extended community.
>
>
>
>     Gyan> Understood.  Note that RFC 1977 Standard BGP communities are
> widely deployed within enterprises and across the internet by service
> providers wherever Global table routing is utilized.  Standard communities
> have work very well over the last 20+ years and are still fairly
> ubiquitously deployed.
>
>
>
> Extended communities are only used and deployed for VPN overlay RT import
> for private MPLS and Public MPLS where operators carry the internet table
> in a VPN overlay any-any routing which is common with Tier-1, Tier-2 and
> Tier-3 providers.
>
>
>
> Extended communities have done well over the years until 4 byte ASN came
> along and thus support for 4 byte extended community data field in the 8
> byte extended community with 6 bytes available yielded 4 octet GA and 2
> octet LA.
>
>
>
> Thus the need came for a larger data field for extended community which
> then came RFC 8092 with 12 octets and 3 4 byte data fields
>
> The extended community was fine when it was invented.
>
>
>
> It allowed a BGP speaker to be uniquely identified and 2 more octets of
> data.
>
> Since RFC 6286, 8 octets are required to identify a BGP speaker: ASN + BGP
> identifier.
>
>
>
> Another problem with communities in general is containing them within
>
> a small set of ASes where they are intended to be used.
>
> Communities often leak to the wider internet, where they are not wanted
> and just
>
>
>
>     Gyan> Not true as BGP community propagation always required a manual
> CLI for send-community for the communities to be advertised.  So explicit
> controls were built in.  As well as the ability to send no-export additive
> community  to block advertisement to external peers as well as no-advertise
> community to block community advertisement to any peers eBGP or iBGP.  Also
> all operators both  service providers and enterprises and the concept of
> Trust boundary as far as communities as you don’t trust communities coming
> from your customers unless a specific rule exists for special multi homing
> scenarios and with that the best practice no-trust rule by operators was to
> reset the community tag inbound to easily block any communities sent by
> customers.  In cases where their is a trust relationship the set  is done
> but with additive option so the customer tag can be forwarded to the
> internet if desired per provisioning agreement.
>
> use up resources.
>
> Thus many ISPs just filter all communities except the few they are
> contracted to accept.
>
>      Gyan> Agreer
>
> So, we invented transitive/non-transitive extended communities.
>
>     Gyan> BGP communities are optional transitive
>
> non-transitive is fine, because many are used just within a single AS.
>
>
>
>      Gyan> BGP communities are natively optional transitive but you can
> block the community or choose not to advertise outside the AS by not doing
> a BGP send-community.
>
> Then for several reasons, many organizations end up with multiple ASes.
>
> These organizations can't use non-transitive communities within their set
> of ASes.
>
>     Gyan> As I stated BGP communities are optional transitive attributes
>
> Transitive communities still go too far, so need to be carefully
> controlled.
>
>  Gyan> As stated they can be easily controlled by not using CLI
> send-community to propagate the communities
>
> Basically, Community transitivity is an operational burden.
>
> Gyan> As I stated not at all a burden as you have plenty of controls built
> into use of communities to propagate or not propagate to the internet.
>
> We want to ease that burden by adding 2 more transitivities:
>
> . One-time transitivity
>
> . Administration transitivity
>
>  Gyan>  I am not understanding the problem.  Can you please restate the
> problem you are trying to solve based on my feedback given that we have
> plenty of built in controls with communities.
>
> This draft is a proposal to use large communities to make a better
> extended community.
>
>
>
>     Gyan> BGP communities both standard and extended 2 byte AS communities
> work fine and have been fine for decades.  The gap being solved with RFC
> 8092 large communities is with 4 byte AS and the need for a larger data
> field.
>
> The number of data bytes (10) versus discriminator bits (6) is a tradeoff
> that I
>
> think is reasonable.
>
>  Gyan>  Let’s continue the discussion to understand the problem statement
> fully as to what is broken and what we are trying to fix.
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
> *Sent:* Monday, March 15, 2021 1:05 AM
> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; 'Brian Dickson' <
> brian.peter.dickson@gmail.com>
> *Cc:* 'IETF IDR' <idr@ietf.org>
> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> Hi, Jakob:
>
>
>
> I think your purpose is to define 256 WKLC, each can has its own
> Data1/Data2/Data3 definition to carry some additional information for the
> specified WKLC.
>
> To accomplish this, you should reserve  4093640704 (0xF4000000) to
> 4160749567 (0xF7FFFFFF) 4-bytes AS number, which can’t be allocated for
> the legitimate usage by operators.
>
>
>
> The reason to get such results is that you want to define the additional “Data
> 1” field from the  “Global Administrator”, but there is no description to
> explain the necessary.  Brian gave some potential examples in this thread
> and I think expanding them more clearly in your draft maybe more
> convincible.
>
>
>
> Best Regards
>
>
>
> Aijun Wang
>
> China Telecom
>
>
>
> *From:* Jakob Heitz (jheitz) <jheitz@cisco.com>
> *Sent:* Monday, March 15, 2021 1:29 PM
> *To:* Aijun Wang <wangaijun@tsinghua.org.cn>cn>; 'Brian Dickson' <
> brian.peter.dickson@gmail.com>
> *Cc:* 'IETF IDR' <idr@ietf.org>
> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> *[WAJ] Yes, there are abundant range for the 32 bit ASN space, but my main point is that your draft doesn’t state the reason to reserve 1/64 32-bit ASN space(*4093640704 (0xF4000000) to 4160749567 (0xF7FFFFFF)*).  *
>
>
>
> [JH] Aijun. I'm glad you agree that there is still abundant space to
> allocate ASNs.
>
> The reason to reserve space is explained in the introduction.
>
> It is to prevent WKLCs from having the same Global Administrator field as
> a legitimate AS trying to distribute its LC.
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
> *Sent:* Sunday, March 14, 2021 7:14 PM
> *To:* 'Brian Dickson' <brian.peter.dickson@gmail.com>
> *Cc:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; 'IETF IDR' <idr@ietf.org>
> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> Hi, Brian:
>
>
>
> Based on your intention, I think you should consider to redefine the
> encoding of LC, not only well-known LC.
>
> Even for the redefinition of LC encoding, you should also state clearly
> the potential advantages.
>
>
>
> More detail replies are inline below.
>
>
>
> Best Regards
>
>
>
> Aijun Wang
>
> China Telecom
>
>
>
> *From:* Brian Dickson <brian.peter.dickson@gmail.com>
> *Sent:* Saturday, March 13, 2021 2:14 AM
> *To:* Aijun Wang <wangaijun@tsinghua.org.cn>
> *Cc:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; IETF IDR <idr@ietf.org>
> *Subject:* Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
>
>
>
>
> On Fri, Mar 12, 2021 at 12:31 AM Aijun Wang <wangaijun@tsinghua.org.cn>
> wrote:
>
> Hi, Jakob:
>
>
>
> *From:* Jakob Heitz (jheitz) <jheitz@cisco.com>
> *Sent:* Friday, March 12, 2021 3:45 PM
> *To:* Aijun Wang <wangaijun@tsinghua.org.cn>
> *Cc:* idr@ietf.org
> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> 1.      It is small, not huge as explained in the draft.
>
> *[WAJ] When compared to the 22 well-known community, “67,108,864 AS
> numbers” is too large.  I am worrying the unnecessary reservation may
> prevent the allocation of the unallocated AS-number for other purposes.*
>
>
>
> The range of reserved ASNs occupies two bits of the upper 8 bits, plus the
> entirety of the the next 24 bits in its range.
>
> This represents a single value from the 6-bit portion of the ASN space, or
> exactly 1/64 of the 32-bit ASN space.
>
> Given that the current usage for ASNs is 2^16 for the 16-bit ASNs, plus
> less than 7 bits out of the upper 16 bit range, that is roughly 64/65536 or
> about 1/1000.
>
> This still leaves well over 31/32 of the potential ASN space, so I believe
> your worry is unjustified.
>
> *[WAJ] Yes, there are abundant range for the 32 bit ASN space, but my main point is that your draft doesn’t state the reason to reserve 1/64 32-bit ASN space(*4093640704 (0xF4000000) to 4160749567 (0xF7FFFFFF)*).  *
>
>
>
> 2. It got updated and I missed it when I updated my draft. Thanks for
> catching it.
>
> 3. I don't understand your question. Can you expand?
>
> *[WAJ] why not take the approach directly as that descried in  *
> https://tools.ietf.org/html/draft-ietf-grow-route-leak-detection-mitigation-04.
> ?
>
> *That is to say, for each potential well-known large community, reserve
> one value for the “Global Administrator” part of the large community, and
> defined the associated data for the other two local parts. Transitive or
> non-transitive can be defined accordingly. *
>
> *Currently, you define “WKLC ID” as the large community type. From the
> definition of large community(RFC8092), the “Global Administrator” part
> will be divided into 256 groups, each group will have 2^16 number, that is
> 2^16 well-known large communities? *
>
> *I know you want to leave some field to the data part, but this arises
> some confusion when your proposed encoding is different from the original
> definition of RFC8092.*
>
>
>
> The logic for this is as follows:
>
> The initial use case is to establish a structured value of TBD1:TBD2:ASN
> for the route-leak-detection-mitigation (as that draft explains).
>
> The TBD2 is a single value out of a 32-bit range which will be in its own
> (new) registry. Having a registry allows for future uses in the context of
> TBD1, allowing new kinds of LC's in this bigger registered range.
>
> *[WAJ] You should state also the reason that such sub-registry under one
> well-known LC.  Describe some examples may be helpful.  DO community is one
> example, but there still also no more explanation.*
>
>
>
> However, the router implementations, for the most part, permit filtering
> of LCs on the basis of 3 32-bit values, where either literal values or
> wildcards can be used.
>
> Having the elements be aligned on the 32-bit boundary, and having TBD1 and
> TBD2 be fixed values, permits LC matching using a patterns of either
> TBD1:TBD2:* (wild-card), or TBD1:TBD2:ASN (explicit ASN match).
>
> In other words, this structure choice is forced by router implementations,
> and really not appropriate to second-guess. It isn't up for negotiation, as
> this is a necessary requirement for the first use case.
>
>
>
> BTW: Both of these patterns (fixed single value and wild-card of lower
> 32-bit value) are required to implement the GROW draft you referenced.
>
>
>
> Having said that, this is the first out of up to 255 WKLCs, and the
> maximum benefit to other potential uses for WKLC is achieved by making the
> maximum (reasonable) number of octets available for those other WKLCs,
> specifically 10 octets of undefined structure.
>
>
>
> In particular, it is possible that other WKLCs require two ASN data values
> in their encoding (such as a source ASN and a destination ASN), and
> additional values (single bits or ranges of values) beyond that. Limiting
> the WKLC to having only single Global Administrator values and 8 octets of
> data, would be insufficient in that case.
>
>
>
> This would require re-design of WKLCs at a later date, and it may not be
> possible due to existing usage or reservations of WKLCs.
>
>
>
> By providing more octets to EACH WKLC, this problem is prevented. Making
> data allocations on power-of-two boundaries at the highest order is
> necessary up front. Attempting to expand ranges after allocations is
> possible, but may not be compatible with the power-of-two alignment
> required by future use cases of WKLC.
>
>
>
> You cannot aggregate that which was not initially allocated in a fashion
> suitable for aggregation. This was one major outcome of the IP allocation
> strategies prior to CIDR addressing for IPv4 address space. We would do
> well to learn from the mistakes of others, particularly when those mistakes
> were effectively repeated in the ASN space already (16 bits to 32 bits,
> because the initial assumption was 16 bits would be sufficient).
>
> *[WAJ] If you want to accomplish this, I think you should propose to
> change the encoding of LC, not only the well-known LC.   And, the community
> is not used to packet forwarding, what’s the necessary to aggregate?*
>
>
>
> So, in summary, the reservation of the range of ASNs is specifically to
> permit applying structure to the LC values within that range.
>
> The original LC definition is only applicable to "actual" ASNs as Global
> Administrator. RFC8092 says only "intended", and that the value "SHOULD" be
> an ASN.
>
> This is a new use case, and is the reason RFCs use "SHOULD" instead of
> "MUST".
>
> (What RFC8092 really says is, LCs where the Global Administrator value
> corresponds to an actual assigned ASN, are reserved exclusively for the
> operator of that ASN.)
>
> Since this proposal sets aside a range of ASNs as a group, the structure
> of LCs covering that range can be redefined accordingly, as long as that
> redefinition is scoped to that range of ASNs.
>
> *[WAJ] This is different from the structure of LC defined in RFC8092, in
> which only the Local part 1/local part 2 of one Global Administrator is
> operator-defined.*
>
>
>
> This is EXACTLY what this WKLC proposal is doing, and nothing more.
>
> The other draft is for the use of the first assigned WKLC values (single
> ID plus the Transitive Bit values).
>
>
>
> Hope this clarifies the usage and compatibility with other RFCs.
>
>
>
> Brian
>
>
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
> *Sent:* Thursday, March 11, 2021 11:16 PM
> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>
> *Cc:* idr@ietf.org
> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> Hi, Jakob:
>
>
>
> More questions for your draft:
>
> 1.     Do we need to reserve such huge range(4093640704 (0xF4000000) to 4160749567 (0xF7FFFFFF) as you described in https://datatracker.ietf.org/doc/html/draft-heitz-idr-wklc-02#section-6 for the countable well-known large communities?
>
> 2.     There is some inaccurate description for the current reserved AS number space in https://datatracker.ietf.org/doc/html/draft-heitz-idr-wklc-02#section-4.  You can check it at https://www.iana.org/assignments/as-numbers/as-numbers.xhtml. The unallocated AS range is 401309-4199999999, not at described in your draft “The range of AS numbers currently unallocated by IANA is 399,261 to 4,199,999,999.”
>
> 3.     What’s the necessary to group such WKLC via the WKLC ID?
>
>
>
> Best Regards
>
>
>
> Aijun Wang
>
> China Telecom
>
>
>
> *From:* idr-bounces@ietf.org <idr-bounces@ietf.org> *On Behalf Of *Aijun
> Wang
> *Sent:* Wednesday, March 10, 2021 9:38 PM
> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>
> *Cc:* idr@ietf.org
> *Subject:* Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> Yes, if we reserve some 4-bytes AS range, then your concerns will not
> happen.
>
> The well-known large community need just be allocated from this reserved
> range. That’s all.
>
> Do we need other definitions in your draft then?
>
> Aijun Wang
>
> China Telecom
>
>
>
> On Mar 10, 2021, at 21:18, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote:
>
> 
>
> Consider if there is a real AS that uses 4,093,640,704 as its ASN.
>
> And if this AS were to send a large community of its own.
>
> It would put its ASN into the Global Administrator field of the LC.
>
> This ASN is 11110100000000000000000000000000 in binary.
>
> Then another AS sends a WKLC with WKLC ID 0, Transitivity 0 and Data 1 = 0.
>
> This has the same bit pattern.
>
> To avoid the clash, we need to reserve the ASNs that would clash.
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
> *Sent:* Wednesday, March 10, 2021 12:11 AM
> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; 'Susan Hares' <
> shares@ndzh.com>gt;; idr@ietf.org
> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
> 3/23)
>
>
>
> And, what the reason to assign the “111101”value in the first 6bit your
> encoding? It is not conformed to general definition of large community, in
> which the first 4-bytes is to identify the Global Administrator.
>
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
> --
>
> <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions Architect *
>
>
>
> *M 301 502-1347 13101 Columbia Pike
> <https://www.google.com/maps/search/13101+Columbia+Pike?entry=gmail&source=g>
> *Silver Spring, MD
>
>
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *



*M 301 502-134713101 Columbia Pike *Silver Spring, MD