IETF Logo Mail Archive

Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Jeffrey Haas <jhaas@pfrc.org> Tue, 28 November 2017 18:29 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54027128954; Tue, 28 Nov 2017 10:29:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTL4EObid1VY; Tue, 28 Nov 2017 10:29:44 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 011EE128CD5; Tue, 28 Nov 2017 10:29:43 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 4968E1E37B; Tue, 28 Nov 2017 13:33:13 -0500 (EST)
Date: Tue, 28 Nov 2017 13:33:13 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Cc: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>, idr wg <idr@ietf.org>, "idr-ads@ietf.org" <idr-ads@ietf.org>, Robert Raszuk <robert@raszuk.net>, Idr <idr-bounces@ietf.org>, Thomas Mangin <thomas.mangin@exa.net.uk>
Message-ID: <20171128183312.GT16871@pfrc.org>
References: <CACWOCC-EfzOYdUrHAWQN10LBzofySrKRADc6Zq-dyca1o0DPvw@mail.gmail.com> <CA+b+ER=ppm1N2wnMrPxxS_Nug2EaETBkW5gASTVZ2UKKq0aZJA@mail.gmail.com> <976743ea96934039a85fa74415b45862@XCH-ALN-014.cisco.com> <CA+b+ERmpEghcndHKM+WKKxg1V8ufTwg=xqb0J5jNowZHj2OwAQ@mail.gmail.com> <88d5df779a344b588745108c771d3145@XCH-ALN-014.cisco.com> <deae6e85c3ff47a6bbcac176eb91bd3e@XCH-ALN-014.cisco.com> <F0EAF2D4-656D-48BD-830B-DC2E8B862813@nist.gov> <A0106E1A-272D-4E1D-A0F3-E3531D583AA3@cisco.com> <1D2FD437-0EEF-4FF6-9853-C09E7EEA2A15@nist.gov> <2B92A151-5A78-46EE-8A46-C09603A37219@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2B92A151-5A78-46EE-8A46-C09603A37219@cisco.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/61GpBMmCvk_3lsNv2AnuxTRySA0>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 18:29:45 -0000

[I'm choosing this message as my response point, but not intending to
suggest that other bits of the thread weren't relevant.]

On Wed, Nov 22, 2017 at 11:26:32PM +0000, Jakob Heitz (jheitz) wrote:
> If router A follows this draft, then it can quite legitimately send an update with 16000 communities. If router B cannot receive and process it, then it’s broken.
> 
> If path attribute size is not addressed, then this draft will cause inoperable implementations. As such, it is not fit for standardization. Either we assume the maximum possible size for all attributes or specify shorter maximum sizes. Anything less leads to failure to interoperate.

BGP has always had an issue with features that had the risk of overflowing
the Path Attributes.  I've seen this (as likely have others supporting
implementations) with odd combinations of AS_PATH, communities, etc.
Extended communities and new features simply make this more likely.

My take on the issue is this:
- If you've selected a route and are attempting to send it to a neighbor and
  you are unable to format a valid BGP PDU containing only a single NLRI,
  you MUST NOT try to send it.
- If you previously sent reachability for that NLRI, and are unable to send
  it as above, you MUST withdraw it.  Otherwise you run the risk of
  improper reachability or forwarding.

Basically, "treat as withdraw" applies here.

IMO, it's no different for extended messsages.  If I receive a > 4k message
and I can't format it for a subsequent peer, treat as withdraw for those
peers.

Where we've had good room for discussion has been what to do in order to
avoid these sort of things:
- Are there circumstances where we might be able to drop an optional
  attribute?  Maybe.  This seems messy to me.
- Are there circumstances where we might be able to limit the size of large
  attributes?  (E.g. communities.)  Possibly.  But this may be unsafe and
  would be highly circumstantial.  Whose route-target do you drop from a VPN
  route as an example?
- Is there wisdom in suggesting "old world" path attributes shouldn't be
  allowed to overflow the 4k limit?  Possibly.  Then you start getting into
  interesting mixes of combinatorics.  For example, long AS_PATH and a long
  community list together.  Implementations already do things like limit
  maximum AS_PATH length.

My personal opinion on the mitigations is that we shouldn't try to be
normative about them in the spec.  As noted in the AS_PATH example, vendors
already limit some attributes to be shorter than what the protocol might
maximally allow.  Leave it to the implementations to provide knobs
appropriate to those implementations.  There may be room in the spec
suggesting that such things are possible.

We *MUST* be normative about the treat as withdraw behavior.

-- Jeff

v2.23.0 | Report a Bug | By Email