Re: [Idr] clarification sought on rfc4360 non-transitive extended communities

Jeffrey Haas <jhaas@pfrc.org> Tue, 18 April 2017 21:18 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F135C12EB22 for <idr@ietfa.amsl.com>; Tue, 18 Apr 2017 14:18:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vi0CoDFeu3xm for <idr@ietfa.amsl.com>; Tue, 18 Apr 2017 14:18:39 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id CC188131478 for <idr@ietf.org>; Tue, 18 Apr 2017 14:18:27 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 62A551E332; Tue, 18 Apr 2017 17:25:35 -0400 (EDT)
Date: Tue, 18 Apr 2017 17:25:35 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Eric C Rosen <erosen@juniper.net>
Cc: Job Snijders <job@instituut.net>, idr@ietf.org
Message-ID: <20170418212534.GD9688@pfrc.org>
References: <20170414134435.tpocpyuappmbcam4@Vurt.local> <c5f761c9-2a9f-3353-17f9-aac4fca2c07e@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c5f761c9-2a9f-3353-17f9-aac4fca2c07e@juniper.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/8oenqzz2xXgr6H657vHThdt7Mas>
Subject: Re: [Idr] clarification sought on rfc4360 non-transitive extended communities
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 21:18:41 -0000

I have slightly more context here.

On Fri, Apr 14, 2017 at 10:58:57AM -0400, Eric C Rosen wrote:
> On 4/14/2017 9:44 AM, Job Snijders wrote:
> >Hi IDR,
> >
> >RFC 4360 states:
> >     """
> >     If a route has a non-transitivity extended community, then before
> >     advertising the route across the Autonomous System boundary the
> >     community SHOULD be removed from the route.  However, the community
> >     SHOULD NOT be removed when advertising the route across the BGP
> >     Confederation boundary.
> >     """
> >
> 
> You'll note that there are very few non-transitive extended
> communities.  Extended communities are usually used to carry
> parameters of various BGP-based control protocols.  As such, it
> would be nice if they could be scoped to the "domain" of the control
> protocol.  The transitive/non-transitive distinction was a somewhat
> primitive attempt to provide this scoping.  Unfortunately, the
> boundaries of the control protocol domain are rarely the boundaries
> of the AS in which a route originates.  So this particular form of
> scoping has not proven to be very useful.
> 
> >For my edification, I have two questions:
> >
> >     o   Why was nothing specified for the behaviour of receivers?
> 
> Since the authors are either retired or in management, it is
> difficult to say for sure.  I'd say there are two possibilities:
> 
> - Sloppy specification writing.
> 
> - A belief that if the transmitter has decided to send the
> non-transitive EC over an AS boundary, it may have a good reason for
> doing so, and the receiver shouldn't second guess it.
> 
> I'd guess the former.

The missing use case covers the difference between propagation and
origination.

When you are originating a non-transitive EC, you can send it to your iBGP
peers and the case is clear to all parties.  However, you can also attach a
non-transitive community when sending routes to your eBGP peers.  This would
be the case if you're attaching a community that you wanted to only live
within that network.

Thus, by default, if you're not adding a non-transitive EC, you should strip
it when propagating your routes along an eBGP boudnary.

There of course is the annoying case where your policy says "propagate it",
which is effectively the same as if it's re-originating the community.

> >Is it a "SHOULD" because Extended Communities are wrapped in an optional
> >transitive path attribute, so strictly speaking, the non-transivity can't
> >be enforced anyway, since a middle-box might not understand the Extended
> >Community?
> 
> Well, that's a possibility, but I don't recall anyone worrying too
> much about ASBRS that don't understand the Extended Communities
> attribute.

I believe this was to handle the propagate via policy consideration.

-- Jeff