[Idr] Point #3 on draft-ietf-grow-bgp-reject

Robert Raszuk <robert@raszuk.net> Sat, 06 May 2017 17:10 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7943E120454; Sat, 6 May 2017 10:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BAJsg_QiCxK; Sat, 6 May 2017 10:10:57 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF903128896; Sat, 6 May 2017 10:10:56 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id c15so46308877ith.0; Sat, 06 May 2017 10:10:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=D6DhI5QlWRj/OhE+dr4Ax+ZCEOAFzyGE3gT0VWFpKrM=; b=WsSaQXXIRHZaK1yUsbMf50Qde+MUZj2zTUDRD6MRhmZGBQN7VdRNhisCjWNOPF/9Jb D3q1PWLtACLiO850LFPEfeQvclXPe1iHlX2L1xVS8dj1IztcwYwsr3ccGFMF485RmIq4 GvgwTMvPSMe1O+7rWInPXN8AoFmp3AMWPZ8UrbksGyPniLNIOv/ChnROxB31FRYKra9D SNiD1LuZEjpIDtuDrxzlbr2svxu3lX994uc20S+9iPvUE1MScXNnK3ckQ3j+Nh7qYNCR bImr+lTZ0YQksTKlA1IiIgLiEFZdeXGTRc+eAKIw8dksdNTP3ZUrxCNTQeOxhKCsWZyf 5rbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=D6DhI5QlWRj/OhE+dr4Ax+ZCEOAFzyGE3gT0VWFpKrM=; b=I9zskQfy0uA/f4CXRUjl/IsT2Fc2YchDINHcP2EE/QG84Jc48Fc8v67eIhOl04AE1J c01uMEIr+b/AVWwCrIwnxNkgknUKmY9Br6PG89avzJExZZtNO2NgkKUjCXcQ1zJDovB/ FNJWL0MeJzbKNlV5rABQhRebL4BfqbFl4CYyu691zp2YElX2/cSrFnHZtbif3oo/6niM bpbnOiWhl9hu0nD7N02KgMtSteq1N7lXTgXZkoqVOIycyzlN6apHi9YoNwXJLmrqMKcY hLygHo2Lov/0NPdkmZJMDy0j4YQAlT1lLxDrzZq+AoqZjKGeb+bK8SWKUZLhQxRRSde9 TffQ==
X-Gm-Message-State: AN3rC/7Uo24obIbx0vpRvRY7TcReKAJQcz9dv8PsUgVBEMvhjjteSvf4 PUEsmE0yyy5txhaaa/5bVLCuZcXCiQ==
X-Received: by 10.36.139.67 with SMTP id g64mr13496063ite.18.1494090656144; Sat, 06 May 2017 10:10:56 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.79.62.24 with HTTP; Sat, 6 May 2017 10:10:55 -0700 (PDT)
From: Robert Raszuk <robert@raszuk.net>
Date: Sat, 6 May 2017 19:10:55 +0200
X-Google-Sender-Auth: UoVjCdAa81LG1iOxXNWZm8XEmQM
Message-ID: <CA+b+ERmfbPgV8GzsqZPyYt-iB+g04LZMtAJ99jDXSgZQhez8cQ@mail.gmail.com>
To: idr wg <idr@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Content-Type: multipart/alternative; boundary=94eb2c04b7c0d293d6054ede161c
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ApNg9GEBwTDqk3bRL8lww_nVaO4>
Subject: [Idr] Point #3 on draft-ietf-grow-bgp-reject
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 May 2017 17:10:58 -0000

Dear IDR and BESS WGs members,

As you have either participated or seen from other email exchanges there is
ongoing communication about change in eBGP specification to mandate by
default use of policy in order to make all receive routes ineligible for
best path and to suppress sending them to your peers. And that in spite of
different opinions of the authors itself at this point is to apply to all
existing and future AFI/SAFIs.

John S. summarized this point as stated below:




*"3. Should the behavior be per-AFI/SAFI instead of global? Perhaps to
apply only to Internet routing and not other applications?Pro: the
motivation section of the document calls out the Internet use caseCon:
there's no clear, unambiguous way to actually specify this (AFI/SAFI 1/1
can be used in a VPN context, e.g.). different defaults for different
AFI/SAFI is confusing for the user and the extra complexity not required."*

So first let me observe that technically it is very clear to know that
under vrf in a VPN context (towards CEs or inter-as ASBR in option A)
address family ipv4 or ipv6 unicast is configured. There is no disambiguity
of it of any sort. Likewise it is also very clear when address family vpnv4
or vpnv6 is configured over eBGP Inter-AS option B or C sessions.

During IDR discussion 4 individual contributors where opposed to make this
proposal applicable to any eBGP AFI/SAFI and recommended to make it only
for IPv4 and IPv6 existing address families. While in the same time only
voice of 1 with reference to past discussion in GROW WG had taken place
expressed otherwise. Well this reference to GROW list in 2016 results in
one voice against, one pro and author concluding that this is pro all AFs.

I think on that point if there is rough consensus at all it is really
against that.

Now why I am bringing this specific point up ...

* There are numerous SAFIs in use today that even authors of this proposal
fail to produce any valid in or out policy other then "send all/accept
all". So even with good will operator will be simply forced to add those
lines to the configuration. Now fun starts when an implementation code does
not allow for it in some specific AFI/SAFIs or that manual policy would
overwrite RTC or ORF based for L2VPN or L3VPN. That effectively means that
to be complaint to this proposal implementations must change.

* This draft is to update RFC4271 that means that now any newly defined
AFI/SAFI will also have to define a set of policies to be used to enable it
over eBGP sessions both in the draft/rfc and in the code. That clearly
makes it harder for everyone with no gain.

* There are address families today which are opaque to best path and are
applied when received .. examples BGP-LS or Flow-spec. At most best path is
run only when sending it out (if at all). The current spec does not limit
reception of the information but does limit its eligibility for best path
computation. I think there is room for large number of surprising
behaviors with that for those SAFIs which carry opaque information to core
BGP.

* As the spec (as it is written today) applies to all eBGP sessions what
happens if BGP UPDATE message contains in new SAFI no MP_REACH attribute at
all and does not carry "routes" ? Would it be explicitly allowed ?
(Example: draft-ietf-idr-operational-message-00).

*  As the spec (as it is written today) applies to all "routes" received or
to be sent over eBGP sessions it actually fails to define what is a "route"
Within MP_REACH we have a concept of NLRI which for different address
families have been redefined and departed long time back from pure
definition of ip route.

* If BGP UPDATE message carries only MP_UNREACH attribute .. so effectively
routes to be withdrawn .. are those still subject to proposed policy or not
?


Therefor I would like to ask members of both working groups to express
clear opinion if this proposal and update to RFC4271 specification should
apply only IPv4 and IPv6 unicast (AFI/SAFI 1/1 & 2/1) or should be extended
to all AFI/SAFIs we have today and we are going to invent in the future.

If the majority of WG members would choose to have this change applicable
to all AFI/SAFIs I do ask authors to address in the document all of the
above points before proceeding forward.

Kind regards,
Robert.