Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt

Gyan Mishra <hayabusagsm@gmail.com> Thu, 13 May 2021 03:15 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5F373A21AA for <idr@ietfa.amsl.com>; Wed, 12 May 2021 20:15:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EROMOA-UWED1 for <idr@ietfa.amsl.com>; Wed, 12 May 2021 20:15:03 -0700 (PDT)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F6CF3A21A7 for <idr@ietf.org>; Wed, 12 May 2021 20:15:03 -0700 (PDT)
Received: by mail-pg1-x530.google.com with SMTP id t193so7459376pgb.4 for <idr@ietf.org>; Wed, 12 May 2021 20:15:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Civk6brv5WyxuDbZZKdJzRf4ExdlQZBH7h948B2Sxac=; b=Ts8DaPw78UO2NqrIc7BBMlQbjstMuYoAqTkbfxy5hxjbSE9OqFWsMvKZf0twcxdkIy AfOShkfG87b4m6PRFjvfXvhoLtfHYJgfVvXuNWbNs3IA97ldr1DqDZp93kToy5RWqLdk x71nEhyc5EOHonANeVrnVFPmgtRMSIq1iKkxrAfootq9rrnD3o1qNjLcfN6Yo8X1A7qT +e2QojIcK3Nigl2UCGjrBFhDTFqJ/FeW90k2cUablUGE2iVAzRxp5Mh52ReWjOG59iTT uXNj6GcQ64LJCyqkYOc3qin6QYOM8SrzWuyfVLjKLMJGTDeVHc5Q75ZDg5Uc/KCMfmX8 1LXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Civk6brv5WyxuDbZZKdJzRf4ExdlQZBH7h948B2Sxac=; b=Xz0pxXb9KbdNuq28FBE9O4E8UWbIPTXv0/WVgTp2+23I2YFjtqTpBn/ydrEvxKwzzv Lq6L0ZeFlCiad08FNg8KoryXcYvS3k5+47+5ZZPDwVJClzjZ/r7ESsW7qSS3YdDHn/vA ymnptDLjd1o3AvZVV9hY3ShKA36Wb1PtZG0EC6FK0hinPrM+tGIUe8I8n6238i/TF0pW QuInCVTt0yr6q6aJUyH/Z6t1x3Rq01CKqWW8gkhkNOb98toJREO7+cqXy932gRfIpXy9 8Ckw2t7WzMWBBD6cjaV8HjPt3XYk4wxPlSAMhlEfddCsWEySEI45P8od8ZvbcMEcdHOh h4jg==
X-Gm-Message-State: AOAM532HgVwAf4GfYC2LBeffbh8VBHI3j0YiUkRNutAfxkWMGszAfPAu oErW0CGKwvR7C4/nxzTVwKDLsGP5bIW+b7YMv3U=
X-Google-Smtp-Source: ABdhPJy0siDebvU4JHr7T1i7+pHHjgstmI1Qkz6fG8bR1ax9IpSAUgoTLRondRVQ26TDqW5xsADkoVJe1ZfKQX7Rwys=
X-Received: by 2002:a17:90a:4608:: with SMTP id w8mr42636785pjg.132.1620875702313; Wed, 12 May 2021 20:15:02 -0700 (PDT)
MIME-Version: 1.0
References: <161843563034.11054.13811966622190622752@ietfa.amsl.com> <CAOj+MMH=cCgtn7cL=HvOjQOMH1B9tmjOYOT04jXE9oky4SuevQ@mail.gmail.com> <YHhJTB51/joiz9Pg@snel> <CAOj+MMEFOGm=hCQcZNAUoN8vsPeVT3gqnjsQihUMJo4AOObZfw@mail.gmail.com> <CALxNLBhtQDDo9Dn7vBAZx+RbVwJ5BSbZfRS1wGStt_k7C2nPuQ@mail.gmail.com> <CAOj+MMHDPGt30deY6KtC+E-5eD9Q8cRtrL-xydLhsNic7KBdSw@mail.gmail.com> <CALxNLBi5Borzgr6ntRZHu0P6dnEcoZ8pk7=JKKfRhNcUbv873w@mail.gmail.com> <CABNhwV2mUP2f8sKdqOEde35U6a5idY+XGWNf0G2rzheRULhmmw@mail.gmail.com> <BYAPR11MB3207A318E89779FDBE4F1EDFC0529@BYAPR11MB3207.namprd11.prod.outlook.com> <CAOj+MMGpsLcdPynRWOiUK6-8Gx+MtwtPyOBLJDW8EsXknWXJ1w@mail.gmail.com>
In-Reply-To: <CAOj+MMGpsLcdPynRWOiUK6-8Gx+MtwtPyOBLJDW8EsXknWXJ1w@mail.gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Wed, 12 May 2021 23:14:51 -0400
Message-ID: <CABNhwV3d0OXUurMkcbB-hC1LT-dtRTV464p_9v84SdBcH_FbNQ@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, Melchior Aelmans <melchior@aelmans.eu>, Melchior Aelmans <maelmans@juniper.net>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000076272605c22d880d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/BsbYJ8hDHrBOgutjdXoUq5b1CW8>
Subject: Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2021 03:15:09 -0000

I think from a NOC perspective you want flexibility and so I agree on
having two separate maximum prefix for pre and post policy and for both
maximum prefix exceeded being able to drop the peer.   As I stated the
impact is more with post policy with next hop tracker table walk and
control and data plane,  however I do agree that in a case of flood of
routes that the pre policy can definitely have significant impact as well.

+1 more for implementation not for draft

Thanks

Gyan

On Wed, May 12, 2021 at 5:33 PM Robert Raszuk <robert@raszuk.net> wrote:

> Jakob,
>
> Spot on.
>
> That is why I mentioned that the very same max-prefix when applied
> pre-policy vs post-policy can have a different value.
>
> But I guess this is implementation thing not so much an IETF draft one.
>
> Thx,
> R.
>
> On Wed, May 12, 2021 at 11:26 PM Jakob Heitz (jheitz) <jheitz@cisco.com>
> wrote:
>
>> The reason to terminate the session is illustrated in:
>>
>>
>> https://datatracker.ietf.org/meeting/104/materials/slides-104-grow-bgp-maximum-prefix-limits-00
>>
>>
>>
>> Suppose you have a customer whose prefix advertisements vary somewhat,
>>
>> so you give him a decent margin. Suppose you set max-prefix to 1000
>>
>> and on a fateful day he advertises 200 prefixes.
>>
>> You have some good inbound filters for him, but not perfect, again,
>>
>> because the prefixes he advertises vary somewhat.
>>
>> Now, on this day, he leaks the internet to you and you manage to filter
>> most of it out,
>>
>> but several routes sneak past your filter and leak.
>>
>> Those that sneak past your filter are not enough to trip your max-prefix
>> of 1000.
>>
>> If you have a pre-policy max-prefix of, say, 10000, that will easily
>> catch the leak
>>
>> and you could terminate the session to stop the leak.
>>
>>
>>
>> Regards,
>>
>> Jakob.
>>
>>
>>
>> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of * Gyan Mishra
>> *Sent:* Wednesday, May 12, 2021 12:20 AM
>> *To:* Melchior Aelmans <melchior@aelmans.eu>
>> *Cc:* idr@ietf. org <idr@ietf.org>rg>; Melchior Aelmans <
>> maelmans@juniper.net>gt;; Robert Raszuk <robert@raszuk.net>
>> *Subject:* Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt
>>
>>
>>
>>
>>
>> After thinking about it I agree that that the prefix pre and post can
>> definitely be different.  The pre policy is a copy of the adj-rib-in stored
>> separately in memory so the limit values can definitely be different. In
>> such case as the pre policy is pre inbound filter so it can have a very
>> high water mark for maximum prefix, and the post policy would have the
>> maximum prefix exact value to trigger the neighbor being clamped down. In
>> general the trigger event peer being clamped down would happen on the post
>> policy adj-rib-in as that value would always be lower then the pre policy
>> adj-rib-in.  In that respect thought I can’t see a scenario where the pre
>> policy maximum prefix would take down the peer over the post policy maximum
>> prefix.  That being said I am not sure we really need a pre policy maximum
>> prefix.
>>
>>
>>
>> I understand the reason behind it to save on memory copy of tbt
>> ash-rib-in but I don’t think the action that the peer must be taken down if
>> pre policy maximum is exceeded if the post policy is not exceeded.  The
>> post policy the control plane rib is programmed into hardware for
>> forwarding so there is more impact to resources both control and data plane
>> for post policy as opposed to pre policy is control plane copy and also is
>> not advertised to other peers as well as are pre policy prefixes.  Much
>> less impact if pre policy is exceeded.
>>
>>
>>
>> I think the case where a peer advertisement went from 100k to 2M and the
>> pre policy was set to
>>
>> 1M and the post policy was set to 100k and 100k was received in this case
>> if it was a Must to clamp down the peer due to pre policy being exceeded
>> where post policy was not exceeded  I don’t think that’s a good idea as is
>> impacting.  I think for pre policy maybe only a warning should be allowed
>> but not clamping down the peer.
>>
>>
>>
>> Gyan
>>
>>
>>
>>
>>
>> On Tue, May 11, 2021 at 12:13 PM Melchior Aelmans <melchior@aelmans.eu>
>> wrote:
>>
>> Ack Robert, thanks for confirming.
>>
>>
>>
>> Cheers,
>>
>> Melchior
>>
>>
>>
>> On Tue, May 11, 2021 at 3:51 PM Robert Raszuk <robert@raszuk.net> wrote:
>>
>> Hi Melchior,
>>
>>
>>
>> After rethinking this I think the current text in the draft is ok.
>>
>>
>>
>> It is after all optional cfg and if vendor supports both pre and post
>> policy max-prefix limit inbound the configured numbers may not need to be
>> identical.
>>
>>
>>
>> Thx,
>>
>> R.
>>
>>
>>
>>
>>
>> On Tue, May 11, 2021 at 3:22 PM Melchior Aelmans <melchior@aelmans.eu>
>> wrote:
>>
>> Hi Robert, all,
>>
>>
>>
>> First of all thanks for your feedback!
>>
>>
>>
>> The part we are confused about is that soft-reconfiguration inbound is a
>> Cisco command to enable adj-RIB-In which then stores all the received
>> routes. On Juniper and OpenBGPd (and possibly other implementations as
>> well) adj-RIB-In is enabled by default and protected by a maximum-prefix
>> limit inbound.
>>
>> Could you please elaborate on what you are exactly trying to describe and
>> as Job suggested make suggestions for text adjustments?
>>
>>
>>
>> Thanks!
>> Melchior
>>
>>
>>
>> On Thu, Apr 15, 2021 at 4:36 PM Robert Raszuk <robert@raszuk.net> wrote:
>>
>> Hi Job,
>>
>>
>>
>> The distinction between Per and Post policy is clear.
>>
>>
>>
>> Inbound Prefix Limit may (depending on implementation) apply to either or
>> both of those processing stages.
>>
>>
>>
>> The observation I am trying to make is that IMHO soft in is not really a
>> Pre Policy in a sense that you must not apply Prefix Limit to it. Otherwise
>> the entire idea of soft-in becomes questionable.
>>
>>
>>
>> To me perhaps the proper way to visualize it is actually to divide Pre
>> Policy into two blocks - ALL Prefixes and Pre-Policy Prefix-Limited. All
>> Prefixes block would occur only when soft in is enabled. Otherwise some may
>> expect or request to apply Inbound Prefix Limit before routes are stored
>> when soft reconfiguration inbound is enabled.
>>
>>
>>
>> Or perhaps you actually want to do that sort of breaking that knob ?
>>
>>
>>
>> Many thx,
>>
>> R.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Apr 15, 2021 at 4:10 PM Job Snijders <job@fastly.com> wrote:
>>
>> Dear Robert,
>>
>> On Thu, Apr 15, 2021 at 02:16:12PM +0200, Robert Raszuk wrote:
>> > I think I have one question or suggestion.
>>
>> Your review is appreciated!
>>
>> > As you all know some implementations allow you to explicitly force BGP
>> > speaker to keep (pre-policy) all routes/paths received.
>> >
>> > Example:
>> >
>> > neighbor 192.168.1.1 soft-reconfiguration inbound
>> >
>> > The draft does not seem to comment on this case yet if implementation
>> > maintains the above behaviour at least some of the justifications for
>> > the document is gone.
>>
>> Interesting, the draft's objective is to clarify that inbound limits can
>> be applied at multiple stages of the pipeline (pre and post policy), not
>> all Network Operating Systems appear to offer this (operationally
>> speaking much needed) granularity, and through this draft we hope to
>> clarify to implementers that it is something worth considering to add.
>>
>> > I think that draft should at least mention such behaviour, not force to
>> > change it however put some light that if
>> > configured by the operator some of the benefits of inbound prefix limit
>> > will not be fully effective.
>>
>> What you call 'soft-reconfiguration inbound' ends up storing into what
>> the draft refers to as 'Pre Policy'. (At least... that is the intention,
>> it is possible the text is readable to us but not easy to understand for
>> others)
>>
>> Do you have specific text in mind to add to the draft to clarify this?
>>
>> Kind regards,
>>
>> Job
>>
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>>
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>>
>> --
>>
>> <http://www.verizon.com/>
>>
>> *Gyan Mishra*
>>
>> *Network Solutions Architect *
>>
>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>
>> *M 301 502-1347*
>>
>>
>>
> --

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *

*Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*



*M 301 502-1347*