IETF Logo Mail Archive

Re: [Idr] Fwd: Slot request in IDR to present https://www.ietf.org/internet-drafts/draft-idr-bgp-route-refresh-options-00.txt

Robert Raszuk <robert@raszuk.net> Mon, 01 August 2016 08:54 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EA5F12D563 for <idr@ietfa.amsl.com>; Mon, 1 Aug 2016 01:54:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HWLm5D-JrPSW for <idr@ietfa.amsl.com>; Mon, 1 Aug 2016 01:54:02 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D827112D580 for <idr@ietf.org>; Mon, 1 Aug 2016 01:53:57 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id g62so110536891lfe.3 for <idr@ietf.org>; Mon, 01 Aug 2016 01:53:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=D60msAFe5kaLLcWwVnaQBcTFPaNhcm+lYOd3TXEYimU=; b=eT/D4iUIv9D9VZn8XWmDv/VK8NDoM2jDoKcePxetSHW7HIp5EJxTSJKjc+aoYwN4Mj DIgmH9CXOUre4tBZHm59LcqTAFI+KBk2jyPPzo5JyN7ZpjuUgKKoLErl2+MjocpEZFXB yhBG4QS6fUbSPpmpjUpF3YXa89l/0iHvdZFoGXiIHFeXJ2Sw8rhT/G8/R3fp66ILm1i3 yqxT4JPCWcGaqQu+xv4b8lRopYPokCyAFRtf8ljEF6Ptcm1BT3q9+NheDiuro10Ew/R+ akicu/aV5M058zKxYaoA9ObHBAJDl5ho5EZGsqplhFHC7RZ1BiHCsEq1bj+2kIWpKHKS qRmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=D60msAFe5kaLLcWwVnaQBcTFPaNhcm+lYOd3TXEYimU=; b=OH5Yo5i9MTogJaewzDQZZovK3rYqgBmiZq+i33Kn/06/YBQrPdqIPf2lP8qDgJJkYO CAtHJHZBEosb5bqIKCHMzSa5/H2FliBMILUtTf0porchdq9i06JG6ZnxyVX74WZL7DgD LLsmTp7+dDJdeJWifBDSr74y15MujWTft0hfiklkkIZXGwG9TpyM4UrWp5AEIHmjO2Ih x4tlJ6/xeEuuuweQMaD8uunnYSdXd22f2WieFuzt9GIv+qNHx+UuimInL224XW3kVK38 Eeh1I64SoJEf/V2MLvN/2Ynv0kvGhprFgvwV+AIri9hP2P/QqCazmZvv2uo16eXCP4GW wqGg==
X-Gm-Message-State: AEkoouskKzSyc/pVWk1YL4SRpCP3lx4XJuVpvYelsLEnX/g5KpeCdZKCLlwoW9Gt9N/NRDl9+lPDOZyoL5wLpg==
X-Received: by 10.25.214.40 with SMTP id n40mr18824916lfg.105.1470041635913; Mon, 01 Aug 2016 01:53:55 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.25.10.131 with HTTP; Mon, 1 Aug 2016 01:53:53 -0700 (PDT)
In-Reply-To: <2138159007.9153002.1470032396712.JavaMail.yahoo@mail.yahoo.com>
References: <CA+wi2hM+y_K+_50Q_QRS64VBdzgBWtx8hL-6iepsVqed+NtqTw@mail.gmail.com> <CA+b+ERm2AnRAYeJRDdsAh=hLX81aQUTVd7Pe5PYLpWmHNvbgtQ@mail.gmail.com> <CA+wi2hMsbVetW_D+HpsdXEHyh75yZkx+QTpj+FoX2hMTcqbrzw@mail.gmail.com> <CA+wi2hNk2+GLY0G800Uo8qgdZQWh=9AzFGhZTk+fWRd6isgriw@mail.gmail.com> <76CD132C3ADEF848BD84D028D243C92774EEF7CF@NKGEML515-MBX.china.huawei.com> <CA+b+ERnkkhYK7Cz5eG_8fuQ_cdeo3TSCK3sBQtA0SyfkGktwAg@mail.gmail.com> <D3B3F3D9.47283%keyupate@cisco.com> <CA+b+ERm+2HSu+QyU7pHsEXO9WKh9uavX2y4MtuSX=WADDYx_vg@mail.gmail.com> <D3B5343D.474BD%keyupate@cisco.com> <CA+b+ERn7Rb2=d7UFyxKC01dh7=JFpbnf+dd+_uL+UvAarnkE6w@mail.gmail.com> <CA+wi2hNjD+4Y3vfoDMXW2yzYiyv+9+Xhv=3ZTRumKkZcjY22Hg@mail.gmail.com> <CA+b+ER=_7P_Zg9GQYVT+RVMm9XB6H5o-r86axc0zyLnHf1f8fQ@mail.gmail.com> <CA+b+ERnr_9y9ta3VW99xbDbtRS=9jnNy9mtkk+h6MZ8r2Rj3AQ@mail.gmail.com> <CA+b+ERm39+UjahPJpQrGkAEGTguEQ_yQzNBoufR9wo7dOXDDbQ@mail.gmail.com> <CA+wi2hNMtzhkugis35ja_NbtvckaGSeb+QdFUyj1uMHq6oRWng@mail.gmail.com> <CA+b+ERkJwY8ucxR-FnWuoLMFE48CWE_5GbMwQRNX_3Und8jfsA@mail.gmail.com> <CA+wi2hOWCZjr78vic2O0crm_bSNww4HTJvdWjq0NfzdTpEEbpw@mail.gmail.com> <CA+b+ER=T-X0JYfvpGPcM4gs4y_HPRWwkLuktN9aO0jwUBybJFg@mail.gmail.com> <CA+wi2hPyhiGhMdnS3x_ZHFiy9dAFnx0mxCtRqr=rP6tu+aaePQ@mail.gmail.com> <CA+b+ERkT_zLQqd1B4295Z6Ezz0i+542SNouGBPXan=p15_PbRA@mail.gmail.com> <5506bd9120c44493acb735085ead333a@XCH-ALN-014.cisco.com> <CA+b+ERmuMyEEeqFrhh_eb_LCvBW8AqDeT6Mq6ij35K022Hb-8g@mail.gmail.com> <F8A1EED6-4A40-408A-99EF-46E7F0984B49@cisco.com> <CA+b+ERnV=f-m+Cmk3hy5jNkR3o5jUKVNQJwsJQN6FYtQaXsuzA@mail.gmail.com> <2138159007.9153002.1470032396712.JavaMail.yahoo@mail.yahoo.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 01 Aug 2016 10:53:53 +0200
X-Google-Sender-Auth: BmkZShyNt9h2mf0q73JQyQtmEPM
Message-ID: <CA+b+ERnzoRFbENRsBroXziZffS_v3UMBd6QsjbuoH_j+8evt4g@mail.gmail.com>
To: Niloofar Fazlollahi <niloofar_fazlollahi@yahoo.com>
Content-Type: multipart/alternative; boundary="001a114117068388cf0538febd85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/4Of_DPdbcrDWuXyNvATGMKFeSd8>
Cc: "Keyur Patel (keyupate)" <keyupate@cisco.com>, idr wg <idr@ietf.org>
Subject: Re: [Idr] Fwd: Slot request in IDR to present https://www.ietf.org/internet-drafts/draft-idr-bgp-route-refresh-options-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2016 08:54:05 -0000

Hello Niloofar,

Requesting just the prefix which previously got dropped due to inbound
policy (no ORF no RTC) is very elegant.

However let's observe few points here:

* How often do you apply prefix lists on a full eBGP feeds ? The most
prefix lists dropping prefixes inbound are either to your customers (and
this is mainly permits not denys) and customers do not give you full routes
but just a tiny subset. Full refresh there for a given SAFI is not an
issue.

* If you are doing eBGP prefix drops as DDoS mitigation you are helping the
attacker as effectively you are cutting reachability to your customer's
destinations. Use of more granular policy is recommended to hold specific
attack at the data plane (rfc5575).

* Last let's notice that during discussions on introducing Enhanced Route
Refresh 3 years back your colleagues strongly highlighted that getting
periodic full table from a peer is a real necessity in BGP due to possibly
random state inconsistencies. Now it is interesting that the very same
folks no longer remember it :)

Ref: https://goo.gl/I6m3OS

Cheers,
Robert.


On Mon, Aug 1, 2016 at 8:19 AM, Niloofar Fazlollahi <
niloofar_fazlollahi@yahoo.com> wrote:

> Hi Robert,
> In response to your comment:
> "If you pushed your prefix list with ORF then removing it will get you
> the delta.
>
> If you filtered based on import RT then advertising RT in ORF or RTC will
> get you the delta.
>
> So in what exact protocol cases you envision use case for this scoped one
> time refresh ? And what exactly in your opinion should be the list of
> parameters used to perform a query ? "
>
> There is also the case that policy is enforced locally, nor ORF and
> neither RTC, e.g., route-map in with deny prefix-list.
> Once the policy is removed, with cap 74, speaker can request refresh of
> only the previously denied prefixes.
> How to implement this optimization with ORF?
>
> Based on your previous email:
> "For Match = PERMIT REMOVE action should result in *only* the delta
> between whole table and remaining ORF entries. "
>
> If we send a PERMIT ADD for those prefixes and then PERMIT REMOVE, we will
> be refreshed with the whole AFI/SAFI assuming no other ORF is added
> previously.
>
> Regards,
> Niloofar
>
>
>
> On Friday, July 29, 2016 4:30 AM, Robert Raszuk <robert@raszuk.net> wrote:
>
>
> Jakob,
>
> I did not make any judgement who is right and who is wrong. You did so let
> me explain where you are missing it.
>
> #1 - As someone wisely said at the last IETF MAY = MAY NOT hence if spec
> contains MAY it equally well could be interpreted in the opposite way.
> Enough to say this is not a base to make any right or wrong judgement.
>
> #2 - This entire thread as well as this draft in question is all about
> optimization. I must repeat that there is no problem in the first place so
> receiving all routes in a given SAFI modulo ORF or RTC filter is just fine.
> During policy change you issue Enhanced Route Refresh.
>
> However If this is not fine then I recommend to fix those inefficient
> implementations which are generating excess of messages in the BGP UPDATE
> rather then putting another layer of questionable band-aid on top of it.
>
> Thx,
> R.
>
> On Fri, Jul 29, 2016 at 12:12 PM, Jakob Heitz (jheitz) <jheitz@cisco.com>
> wrote:
>
> Wrong. RFC 5291 says:
>
> The speaker MUST re-advertise all the routes that have been
>    affected by the ORF entries carried in the message, but MAY also re-
>    advertise the routes that have not been affected by the ORF entries
>    carried in the message.
>
>
> Thanks,
> Jakob.
>
>
> On Jul 29, 2016, at 12:45 AM, Robert Raszuk <robert@raszuk.net> wrote:
>
> Hi Jakob,
>
> See inline ...
>
> On Fri, Jul 29, 2016 at 4:18 AM, Jakob Heitz (jheitz) <jheitz@cisco.com>
> wrote:
>
> Just reading some of this.
> A limited refresh is NOT the same thing as "Apply the ORF then remove it".
> Suppose you want to refresh a subset of the routes.
> You send an ORF to permit only the subset.
> You receive the subset.
> Now you remove the ORF.
> You receive the whole table.
> NOT what you wanted.
>
>
>
> ​If this is what your implementation does then I recommend you fix it
> first.
>
> For Match = DENY ​REMOVE action should result in *only* advertisement of
> previously filtered entries.
>
> For Match = PERMIT REMOVE action should result in *only* the delta between
> whole table and remaining ORF entries.
>
> ​In no case you get the whole table (other then removal of last ORF PERMIT
> entry). ​
>
>
>
>
> Also, the use case is good.
> The receiver dropped some routes due to policy.
> The receiver changed the policy.
> Now it wants a repeat of the previously dropped routes.
> This is not a use case for ORF or RTC.
> The thing is that ORF or RTC were already passing those routes, so
> changing them is nonsense.
>
>
>
> ​For this case you use Enhanced Route Refresh. As result you get those
> NLRIs which pass ORF or RTC the filters on a per AFI/SAFI basis.
>
> You have to be able to handle it anyway as when you boot you will get.
>
> If you pushed your prefix list with ORF then removing it will get you the
> delta.
>
> If you filtered based on import RT then advertising RT in ORF or RTC will
> get you the delta.
>
> So in what exact protocol cases you envision use case for this scoped one
> time refresh ? And what exactly in your opinion should be the list of
> parameters used to perform a query ?
>
>
> Best,
> R.
>
>
>
>
>
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>
>

v2.23.0 | Report a Bug | By Email