IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

Jeff Wheeler <jsw@inconcepts.biz> Mon, 10 December 2012 19:54 UTC

Return-Path: <jsw@inconcepts.biz>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAE0621F861B for <idr@ietfa.amsl.com>; Mon, 10 Dec 2012 11:54:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.722
X-Spam-Level:
X-Spam-Status: No, score=-2.722 tagged_above=-999 required=5 tests=[AWL=0.255, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Clh25eABSYYU for <idr@ietfa.amsl.com>; Mon, 10 Dec 2012 11:54:40 -0800 (PST)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id E6FF721F860A for <idr@ietf.org>; Mon, 10 Dec 2012 11:54:39 -0800 (PST)
Received: by mail-ob0-f172.google.com with SMTP id za17so3035354obc.31 for <idr@ietf.org>; Mon, 10 Dec 2012 11:54:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=BqHAzORNNV4KqhVU/7+U1QnTGJzzFWe5JBJwGbcDDQw=; b=MJz/RNPMOdqjTlrV3do1KzluYkKHo18Oz2lGBInb360wyCYHvFbzk34gDQMcUowxxR DKEJ7xnPY4SrOGZ3NIEeDyfnhHPUh8DKRc66u0YgSamOLdIVYgYd5MikktP1YYDeFAN8 PsCnqS5tplo8ie+ki7imrTDJrdrKrh+Kb5542lPaPeF9gxtySJZuhZQI3gDBWWtYubcb tCTDwFvNQ7ZS9ICU5jvf3DLmQYmt7CpTamQbZ3HvNgOj2TvFCaduFbsjJb7g/UvP7t9B ArhjG6ZTBdmjAhG5QLCBD0dY6NYUolM8JkYyCZAzPfnqRdiHqqkT2GVDYRthXei2s7MT IN0Q==
MIME-Version: 1.0
Received: by 10.182.36.8 with SMTP id m8mr2432385obj.93.1355169279422; Mon, 10 Dec 2012 11:54:39 -0800 (PST)
Received: by 10.76.13.201 with HTTP; Mon, 10 Dec 2012 11:54:39 -0800 (PST)
X-Originating-IP: [74.134.22.105]
In-Reply-To: <009001cdd6ff$1c982530$55c86f90$@highwayman.com>
References: <20121121191321.6164.6887.idtracker@ietfa.amsl.com> <50AD2986.90705@cisco.com> <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com> <8ED5B0B0F5B4854A912480C1521F973A0F4940@xmb-rcd-x13.cisco.com> <94913EE5-2864-4EE2-B474-9631430B1E22@ericsson.com> <068701cdd478$2cf01cf0$86d056d0$@highwayman.com> <CAEGVVtBy-zdLz8hVajLnuAqgzfgQHrseK4r-N9=pOZGtqV7LbA@mail.gmail.com> <074d01cdd536$173f5830$45be0890$@highwayman.com> <9474D8DC-30FF-4C52-9504-15CBCC47E7D8@ericsson.com> <07df01cdd661$f28ef7c0$d7ace740$@highwayman.com> <36E98AE5-3EF8-4738-9982-42B9CA0BAAF5@rob.sh> <005001cdd6da$099f1e90$1cdd5bb0$@highwayman.com> <828AAFF5-0260-4AA6-BBDC-6C1F69919837@ericsson.com> <009001cdd6ff$1c982530$55c86f90$@highwayman.com>
Date: Mon, 10 Dec 2012 14:54:39 -0500
Message-ID: <CAPWAtb+JZaJejebL0qd8LzC+3zhGYcagnz9m7gqq=AMC9T=mhw@mail.gmail.com>
From: Jeff Wheeler <jsw@inconcepts.biz>
To: Chris Hall <chris.hall@highwayman.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQlc+wdzk6Tjnz9qoptfUT+gZVqDaxusdBN3t9sBt8qc3dGPecWTGdMRTS1Vc1kW7V34PJ/H
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2012 19:54:40 -0000

On Mon, Dec 10, 2012 at 12:52 PM, Chris Hall <chris.hall@highwayman.com> wrote:
>> . MP_REACH
>> . MP_UNREACH
>
> If the sender is unchanged (which I recall you were keen on) how is it
> certain that either or both these attributes will precede the first
> broken one ?

Actually RFC4271 Pg24 says: "The sender of an UPDATE message SHOULD
order path attributes within the UPDATE message in ascending order of
attribute type.  The receiver of an UPDATE message MUST be prepared to
handle path attributes within UPDATE messages that are out of order."
The same text is also in RFC1771.

So the MP_UN?REACH_NLRI Attribute type codes are 14 and 15 which is
larger than most things like as_path, aggregator, and so on.

I have not tried to collect any data on what implementations are
actually doing.  I could collect some by packet dumping my BGP
sessions on an IXP in a few weeks when I have a chance to setup the
necessary equipment to make the dump.  It would be much more helpful
if someone who runs a large IXP route-server could do this analysis,
but if no such person volunteers and the data would be useful, I will
do some work on this around the holiday or in early-January.

On Mon, Dec 10, 2012 at 12:21 PM, Chris Hall <chris.hall@highwayman.com> wrote:
> I haven't considered IGNORE because the draft appears to vote against
> that pretty strongly.

I think maybe some folks haven't imagined the failure modes of IGNORE
vs WITHDRAW, and what is actually possible to do with WITHDRAW
depending on the nature of the malformation.  Really, the
inconsistencies created by IGNORE are not too bad.  You would hope
Acme Router Co won't ship that as the default configuration of their
products and that networks won't just turn that knob on a routine
basis without understanding it.  However, in a pinch, it will actually
do only minimal damage to unrelated prefixes.

Honestly, if Messages would not pack so much unrelated changes
together, IGNORE would be fantastic.  Simply separating nominal BGP
withdraws from updates would make IGNORE quite safe.  I think many
people would argue that discouraging, or disallowing, a mixture of
withdraws and updates in a single Message will be costly, but in fact
it won't be.  You wouldn't even need to discourage or forbid this
though, vendors could choose to provide a knob to avoid mixing
withdraws and updates together with no changes to the BGP
specification.  This would be ideal but it's hard to imagine customers
actually requesting it as a feature, because vendors spent some years
convincing customers that larger TCP MSS was going to improve converge
performance, etc.

Anyway, at least vendors have this choice if they wanted to do it.
There are some consequences relating to the frequency of Message
transmissions but I do not think anyone really obeys that text because
it is stupid.

> Well, that's an interesting idea :-)  If the only important thing to
> extract from a broken set of attributes is the NLRI, then why not scan
> for it and assume that there is sufficient redundancy to effectively
> rule out false positives.  Interesting :-)

I don't know what other way would be sensible.  The other attribute
information is not needed to effect a withdraw, only the NLRIs
themselves.

The troubling thing is that false positives could be created.  For
example, if you had a broken MP attribute toward the end of the
Message (and the RFC effectively recommends that it be put toward the
end, see above) then you can make a really big mistake and think that
some MP NLRI are native NLRI.  This means your Internet IPv4 RIB gets
withdraws from prefixes that happened to be updated or withdrawn in a
VRF within the same Message.  That is why I mentioned that BGP is
continually being extended to do new things that it is not good at.

So you can see, the false positive problem is worth thinking about
in-depth.  I am sure that's why the draft wants to move the MP
attribute to the beginning of the Message instead of the end.  It is a
smart idea if everyone would actually do it, but it isn't helpful if
the peer doesn't.

-- 
Jeff S Wheeler <jsw@inconcepts.biz>
Sr Network Operator  /  Innovative Network Concepts

v2.23.0 | Report a Bug | By Email