IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

Robert Raszuk <robert@raszuk.net> Sun, 09 December 2012 20:51 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D62BD21F8D04 for <idr@ietfa.amsl.com>; Sun, 9 Dec 2012 12:51:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.956
X-Spam-Level:
X-Spam-Status: No, score=-2.956 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdsEL0KdYi-a for <idr@ietfa.amsl.com>; Sun, 9 Dec 2012 12:51:05 -0800 (PST)
Received: from mail-ia0-f175.google.com (mail-ia0-f175.google.com [209.85.210.175]) by ietfa.amsl.com (Postfix) with ESMTP id EA69A21F8CFF for <idr@ietf.org>; Sun, 9 Dec 2012 12:51:04 -0800 (PST)
Received: by mail-ia0-f175.google.com with SMTP id z3so3200971iad.34 for <idr@ietf.org>; Sun, 09 Dec 2012 12:51:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=QDwtBLPs2s4t2f9/6NRnnTgb+ssD7gUFKhYXK8p6u6s=; b=bI6mc9WWETGA9SYdoRFanRGS2kxyggZgsclknf7V+nqHEIYWXlSpAS/fKOe6WMDb8n tyHWkzQ45xnN7PIx6+zqrYCf4Vahdor7uB2BKK9Qd7VJQFNQ/tx5BYedoxikZB4OJe6j 90IBfccEh9blI0Xs6HkXEqNafyhgxOAaPUjYl8Zbmc03jPCrHwUqQGlXUuwXuQusYaHS 0fRsCP/kSLHo9idramltdH4a/RcbVihjLFppGyhh0tJptOqOxZVyl1Ya2jzpbeFOeHLm db9kjVoNbXDQYrTguI3njFDMl7HJHNMpmLhgBHrPGASm94qTgXAox45M14/bMqRTGvQm Ot9Q==
MIME-Version: 1.0
Received: by 10.50.40.137 with SMTP id x9mr7488212igk.1.1355086264392; Sun, 09 Dec 2012 12:51:04 -0800 (PST)
Sender: rraszuk@gmail.com
Received: by 10.64.135.100 with HTTP; Sun, 9 Dec 2012 12:51:04 -0800 (PST)
In-Reply-To: <50C4D7EC.4070309@cisco.com>
References: <20121121191321.6164.6887.idtracker@ietfa.amsl.com> <50AD2986.90705@cisco.com> <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com> <8ED5B0B0F5B4854A912480C1521F973A0F4940@xmb-rcd-x13.cisco.com> <94913EE5-2864-4EE2-B474-9631430B1E22@ericsson.com> <068701cdd478$2cf01cf0$86d056d0$@highwayman.com> <CAEGVVtBy-zdLz8hVajLnuAqgzfgQHrseK4r-N9=pOZGtqV7LbA@mail.gmail.com> <CAH1iCipfup-GEeJduBti_KHvX1pUZfmZLA3Zz5Y9Aw9xV3fQ9w@mail.gmail.com> <079901cdd601$9901b630$cb052290$@highwayman.com> <50C4D7EC.4070309@cisco.com>
Date: Sun, 09 Dec 2012 21:51:04 +0100
X-Google-Sender-Auth: 5xqHBq5Ja5etqV_ho39P-Y5_ikw
Message-ID: <CA+b+ER=AuKFo+v8O6Wk1FArQD9LfQ0gH7yqb4We722hKkeMczA@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
To: Enke Chen <enkechen@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2012 20:51:06 -0000

Hi Enke,

I think the draft is pretty clear reg the MP_REACH_NLRI. However as
indicated in this thread what is not clear are the following cases:

- MP_UNREACH_NLRI is not mandatory so you never know if it was not
sent after some malformed attribute -> possible solution would be to
send empty UNREACH each time after MP_REACH. Otherwise if you are not
sure sender did not include MP_UNREACH you really can not
treat-as-withdraw so session will get reset.

- Sending vanilla IPv4 reach/unreach unicast NLRI is still allowed and
receiver has no way of knowing if sender did include those or not in
addition to new SAFIs in MP_REACH - here again lack of such assurance
will cause session reset even if first MP_REACH was parsed  ->
possible solution would be to depreciate vanilla IPv4 reach/unreach
unicast NLRI if MP capabilities were negotiated.

Thx,
R.


On Sun, Dec 9, 2012 at 7:26 PM, Enke Chen <enkechen@cisco.com> wrote:
> Hi, Chris:
>
> As I replied before,  the receiver knows from parsing the path attributes
> whether the MP_REACH_NLRI and/or MP_UNREACH_NLRI is the first attribute in
> an UPDATE message.  It does not need a new capability to make that
> determination.
>
> -- Enke
>
>
> On 12/9/12 3:37 AM, Chris Hall wrote:
>>
>> Brian Dickson wrote (on Fri 07-Dec-2012 at 23:13 +0000):
>>>
>>> I see the high-level problem Chris describes, and think maybe
>>> it requires discussing possible ways of removing
>>> doubt/ambiguity over successful parsing of such MP_REACH
>>> and MP_UNREACH attributes.
>>
>> My suggestion, for minimal change to the protocol, would be a new
>> capability which would carry the undertaking that:
>>
>>    * when sending MP_UNREACH_NLRI and/or MP_REACH_NLRI
>>      they will be the first attribute(s), and will
>>      appear in that order.
>>
>>    * the ORIGIN attribute will be the first attribute,
>>      or will follow any NLRI attributes.
>>
>>      Which deals with the absence of one or both NLRI
>>      attributes.
>>
>> A receiver in possession of this new capability knows that, once it
>> has seen completely valid versions of these leading attributes, it can
>> tolerate any malformation of the following attributes, or absence of
>> essential attributes, etc. and "treat-as-withdraw".
>>
>> The ORIGIN attribute has the value 0x0X 0x01 0x01 0x0Y -- where X is
>> supposed to be 0 and Y MUST be 0, 1 or 2.  This pattern is,
>> effectively, and "end-of-NLRI-attributes" mark.
>>
>> If the new capability also meant that this attribute would always be
>> output with extended length and guaranteed X = 0, then the receiver
>> would expect to see 0x10 0x01 0x00 0x01 0x0Y -- which is a little more
>> unique, and offer a little more assurance that the attributes so far
>> are completely valid.  (But this is not essential)
>>
>> (The new capability could also mean that IPv4 Unicast will not appear
>> both in the body of the message and in NLRI attributes -- but that is
>> not essential, either.)
>>
>> If the sender misbehaves, and sends any NLRI attribute after the
>> ORIGIN then:
>>
>>    a) if it is not a repeat attribute then...
>>
>>         ...accept, but turn off the capability ?
>>
>>         ...treat as a repeat ?
>>
>>    b) if it is a repeat attribute then...
>>
>>         ...session-reset, as per draft ?
>>
>>    c) if the extra attribute is hidden by a preceding
>>       broken attribute then...
>>
>>         ...the change to the relevant NLRI is lost.
>>
>> The last case is BAD: the receiver will "treat-as-withdraw" the NLRI
>> it can see, but not those it cannot.  The risk here may be deemed
>> ignorable -- but needs to be assessed.
>>
>> For all code which deals with BGP updates -- BGP speakers or analysers
>> of BGP streams etc -- the only change here is the new capability;
>> UPDATE messages will have attributes in a particular order (and
>> perhaps take a particular form) but are entirely RFC4271 compliant.
>>
>> That leaves the question of what the receiver does in the absence of
>> the new capability... but that's another story, for another day.
>>
>> Chris
>>
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email