Re: [Idr] 2 Week WG LC on draft-ietf-idr-as-migration (4/9 to 4/23/2105

Jeffrey Haas <jhaas@pfrc.org> Tue, 21 April 2015 20:41 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A589F1B2B21 for <idr@ietfa.amsl.com>; Tue, 21 Apr 2015 13:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.578
X-Spam-Level:
X-Spam-Status: No, score=-1.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id icEutXVlHksI for <idr@ietfa.amsl.com>; Tue, 21 Apr 2015 13:41:36 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id B909F1B2B0F for <idr@ietf.org>; Tue, 21 Apr 2015 13:41:36 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 7D59EC19B; Tue, 21 Apr 2015 16:41:36 -0400 (EDT)
Date: Tue, 21 Apr 2015 16:41:36 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Message-ID: <20150421204136.GC1600@pfrc>
References: <003f01d07394$9b5f1c00$d21d5400$@ndzh.com> <D14DB16F.A4767%aretana@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <D14DB16F.A4767%aretana@cisco.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/BPGjIEA12q5XKRcNnZ2rC2ohsJU>
Cc: idr wg <idr@ietf.org>, "amante@apple.com" <amante@apple.com>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 2 Week WG LC on draft-ietf-idr-as-migration (4/9 to 4/23/2105
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2015 20:41:37 -0000

Alvaro,

On Mon, Apr 13, 2015 at 08:50:40PM +0000, Alvaro Retana (aretana) wrote:
> I do have one item that I think may be above ?minor?: when using ?Local AS?, when should the ASN be prepended?  When sending eBGP-received UPDATEs to iBGP neighbors (as it is specified currently), OR, then receiving those eBGP UPDATEs?  If it is not done when receiving, then the AS_PATH will be inconsistent in the AS (the border router will have a shorter AS_PATH).  I think this can lead to inconsistent route selection (given that the attributes are inconsistent inside the AS), but that of course may be mitigated by the fact that the application of Local AS may be towards stub networks in many (but not all) cases.   I would really like to hear others? (beyond the authors) opinions.  [My comments #3 and #7 in the Minor section below are related to this.]

Obviously there's a long standing history with both variations on the
feature along with a number of related but poorly (if ever) documented
behaviors to worry about.  A few here:

RFC 4271, 5.1.2 notes we don't modify the AS_PATH on advertisement to an
internal peer.  Obviously implementations do that, semantic quibbling about
doing it as part of modification of a route in adj-rib-in/loc-rib vs.
adj-rib-out aside.  Mostly a note of historical significance rather than
saying "we shouldn't do that".

Somewhat more relevant is in section 9.1.2:

:   If the AS_PATH attribute of a BGP route contains an AS loop, the BGP
:   route should be excluded from the Phase 2 decision function.  AS loop
:   detection is done by scanning the full AS path (as specified in the
:   AS_PATH attribute), and checking that the autonomous system number of
:   the local system does not appear in the AS path.  Operations of a BGP
:   speaker that is configured to accept routes with its own autonomous
:   system number in the AS path are outside the scope of this document.

That last sentence was provided to provide the little documentation
implementations had at the time on local-as.  What is not stated is the
somewhat problematic issue of the above paragraph.

The issue has to do with where an implementation does its loop detection.
Some implementations do loop detection at every BGP speaker.  Some do them
only at an ebgp edge.  Some bias this behavior based on local-as being
enabled or not.  How you do your loop detection and when heavily biases your
choice of implementation.  In implementations that only requires local-as at
your ebgp edges but do loop detection at route reflectors/external confederation
routers, adding your local-as as part of import is a problem.

So, consistency isn't only a big deal as part of when/where you do your
local-as prepend, it's also a matter of where you do loop detection.  If
implementations in the absence of some "outside the scope" implementation
were to pedantically implement the base BGP RFC, the migration mechanisms
would be a bit biased to a given solution.

-- Jeff