[Idr] Point #3 on draft-ietf-grow-bgp-reject
Robert Raszuk <robert@raszuk.net> Sat, 06 May 2017 17:10 UTC
Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7943E120454; Sat, 6 May 2017 10:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BAJsg_QiCxK; Sat, 6 May 2017 10:10:57 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF903128896; Sat, 6 May 2017 10:10:56 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id c15so46308877ith.0; Sat, 06 May 2017 10:10:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=D6DhI5QlWRj/OhE+dr4Ax+ZCEOAFzyGE3gT0VWFpKrM=; b=WsSaQXXIRHZaK1yUsbMf50Qde+MUZj2zTUDRD6MRhmZGBQN7VdRNhisCjWNOPF/9Jb D3q1PWLtACLiO850LFPEfeQvclXPe1iHlX2L1xVS8dj1IztcwYwsr3ccGFMF485RmIq4 GvgwTMvPSMe1O+7rWInPXN8AoFmp3AMWPZ8UrbksGyPniLNIOv/ChnROxB31FRYKra9D SNiD1LuZEjpIDtuDrxzlbr2svxu3lX994uc20S+9iPvUE1MScXNnK3ckQ3j+Nh7qYNCR bImr+lTZ0YQksTKlA1IiIgLiEFZdeXGTRc+eAKIw8dksdNTP3ZUrxCNTQeOxhKCsWZyf 5rbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=D6DhI5QlWRj/OhE+dr4Ax+ZCEOAFzyGE3gT0VWFpKrM=; b=I9zskQfy0uA/f4CXRUjl/IsT2Fc2YchDINHcP2EE/QG84Jc48Fc8v67eIhOl04AE1J c01uMEIr+b/AVWwCrIwnxNkgknUKmY9Br6PG89avzJExZZtNO2NgkKUjCXcQ1zJDovB/ FNJWL0MeJzbKNlV5rABQhRebL4BfqbFl4CYyu691zp2YElX2/cSrFnHZtbif3oo/6niM bpbnOiWhl9hu0nD7N02KgMtSteq1N7lXTgXZkoqVOIycyzlN6apHi9YoNwXJLmrqMKcY hLygHo2Lov/0NPdkmZJMDy0j4YQAlT1lLxDrzZq+AoqZjKGeb+bK8SWKUZLhQxRRSde9 TffQ==
X-Gm-Message-State: AN3rC/7Uo24obIbx0vpRvRY7TcReKAJQcz9dv8PsUgVBEMvhjjteSvf4 PUEsmE0yyy5txhaaa/5bVLCuZcXCiQ==
X-Received: by 10.36.139.67 with SMTP id g64mr13496063ite.18.1494090656144; Sat, 06 May 2017 10:10:56 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.79.62.24 with HTTP; Sat, 6 May 2017 10:10:55 -0700 (PDT)
From: Robert Raszuk <robert@raszuk.net>
Date: Sat, 06 May 2017 19:10:55 +0200
X-Google-Sender-Auth: UoVjCdAa81LG1iOxXNWZm8XEmQM
Message-ID: <CA+b+ERmfbPgV8GzsqZPyYt-iB+g04LZMtAJ99jDXSgZQhez8cQ@mail.gmail.com>
To: idr wg <idr@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c04b7c0d293d6054ede161c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ApNg9GEBwTDqk3bRL8lww_nVaO4>
Subject: [Idr] Point #3 on draft-ietf-grow-bgp-reject
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 May 2017 17:10:58 -0000
Dear IDR and BESS WGs members, As you have either participated or seen from other email exchanges there is ongoing communication about change in eBGP specification to mandate by default use of policy in order to make all receive routes ineligible for best path and to suppress sending them to your peers. And that in spite of different opinions of the authors itself at this point is to apply to all existing and future AFI/SAFIs. John S. summarized this point as stated below: *"3. Should the behavior be per-AFI/SAFI instead of global? Perhaps to apply only to Internet routing and not other applications?Pro: the motivation section of the document calls out the Internet use caseCon: there's no clear, unambiguous way to actually specify this (AFI/SAFI 1/1 can be used in a VPN context, e.g.). different defaults for different AFI/SAFI is confusing for the user and the extra complexity not required."* So first let me observe that technically it is very clear to know that under vrf in a VPN context (towards CEs or inter-as ASBR in option A) address family ipv4 or ipv6 unicast is configured. There is no disambiguity of it of any sort. Likewise it is also very clear when address family vpnv4 or vpnv6 is configured over eBGP Inter-AS option B or C sessions. During IDR discussion 4 individual contributors where opposed to make this proposal applicable to any eBGP AFI/SAFI and recommended to make it only for IPv4 and IPv6 existing address families. While in the same time only voice of 1 with reference to past discussion in GROW WG had taken place expressed otherwise. Well this reference to GROW list in 2016 results in one voice against, one pro and author concluding that this is pro all AFs. I think on that point if there is rough consensus at all it is really against that. Now why I am bringing this specific point up ... * There are numerous SAFIs in use today that even authors of this proposal fail to produce any valid in or out policy other then "send all/accept all". So even with good will operator will be simply forced to add those lines to the configuration. Now fun starts when an implementation code does not allow for it in some specific AFI/SAFIs or that manual policy would overwrite RTC or ORF based for L2VPN or L3VPN. That effectively means that to be complaint to this proposal implementations must change. * This draft is to update RFC4271 that means that now any newly defined AFI/SAFI will also have to define a set of policies to be used to enable it over eBGP sessions both in the draft/rfc and in the code. That clearly makes it harder for everyone with no gain. * There are address families today which are opaque to best path and are applied when received .. examples BGP-LS or Flow-spec. At most best path is run only when sending it out (if at all). The current spec does not limit reception of the information but does limit its eligibility for best path computation. I think there is room for large number of surprising behaviors with that for those SAFIs which carry opaque information to core BGP. * As the spec (as it is written today) applies to all eBGP sessions what happens if BGP UPDATE message contains in new SAFI no MP_REACH attribute at all and does not carry "routes" ? Would it be explicitly allowed ? (Example: draft-ietf-idr-operational-message-00). * As the spec (as it is written today) applies to all "routes" received or to be sent over eBGP sessions it actually fails to define what is a "route" Within MP_REACH we have a concept of NLRI which for different address families have been redefined and departed long time back from pure definition of ip route. * If BGP UPDATE message carries only MP_UNREACH attribute .. so effectively routes to be withdrawn .. are those still subject to proposed policy or not ? Therefor I would like to ask members of both working groups to express clear opinion if this proposal and update to RFC4271 specification should apply only IPv4 and IPv6 unicast (AFI/SAFI 1/1 & 2/1) or should be extended to all AFI/SAFIs we have today and we are going to invent in the future. If the majority of WG members would choose to have this change applicable to all AFI/SAFIs I do ask authors to address in the document all of the above points before proceeding forward. Kind regards, Robert.
- [Idr] Point #3 on draft-ietf-grow-bgp-reject Robert Raszuk
- Re: [Idr] Point #3 on draft-ietf-grow-bgp-reject Robert Raszuk