Re: [Idr] dear diary: well-known community vs new path attribute

Robert Raszuk <robert@raszuk.net> Sat, 01 April 2017 02:17 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F08BA127A91 for <idr@ietfa.amsl.com>; Fri, 31 Mar 2017 19:17:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.401
X-Spam-Level:
X-Spam-Status: No, score=-2.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.197, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMBQsu6o6UIJ for <idr@ietfa.amsl.com>; Fri, 31 Mar 2017 19:17:03 -0700 (PDT)
Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A9BE1200A0 for <idr@ietf.org>; Fri, 31 Mar 2017 19:17:03 -0700 (PDT)
Received: by mail-io0-x22f.google.com with SMTP id b140so50009113iof.1 for <idr@ietf.org>; Fri, 31 Mar 2017 19:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=vR63Mchdd2cknvqImwu1OaQq4bwP65S1WdhoLGD1d/8=; b=NdzGJDxweWsfACtAHVXQGsZoZegRyxEvaYg7+JWk65kSdR3tEuvRLfWQbqUp4mx8Hx wZVBDveiz4qMwN1nCMJ6XqhPxJfw5bBKk22cD7+YV4vS4BOl4aPAIMQw6dLqWJCC7a3N bOMpwPdaOrDWuE+G/+LvvVSrbWQk2ta9VHAj+0RduxiIM8clkEopCBFeslsQdoMMcUoK GoIcZRIFLZf2dPHKkVX5WBsJTQhQVsCIr3cQ1dEl7vFkvAhzTjP3Y4J4L6J9HtEhA3d4 lFkAvxG0aFKqMKdDVsEOC+3HbKrGx8TsgVHNQtfAz0QmXQXDzVSUaLsxDj8MASIC86Mu TgCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=vR63Mchdd2cknvqImwu1OaQq4bwP65S1WdhoLGD1d/8=; b=hpYU3h7DXt0ETip7lctiZ+3mjnCH9cJ05N3WCG0ulscaesLXvs7hx7WWTedksglZGd 4ePsOW5oKUnfoY9UyUy0niNRL4xwTq2BDEWZ6QJBBoFGiDjbBOk5CESyomJuY2ZOEvvY ycjLRo6Y8D9z4NZrUegfVnHrmRiOOKCICaC6lhQM+pQEnJbeS0NT47K36ZPYxS48BqP2 VLaXaXuhb7UZqIxXAaGSeFwkOz5QW1bozW4stPyqpufIfdb8kGHZ12SKUzn7oJtieGwm 0G+nf0dLTsTvIdcbFcQyWExmPJYhqYvQDzmgyMnFZYoykpvbVgDyHF0yYEeL6gm2bEIq tc6Q==
X-Gm-Message-State: AFeK/H0u9JE3EYJOPT08R2YHJcPGKkwLufzh43WI2s1Ge1bjEWr5GpI0beWJZx3Vh6qbYINbcpcHTIv3GSL0/A==
X-Received: by 10.107.7.29 with SMTP id 29mr6940967ioh.57.1491013022590; Fri, 31 Mar 2017 19:17:02 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.79.90.71 with HTTP; Fri, 31 Mar 2017 19:17:01 -0700 (PDT)
Received: by 10.79.90.71 with HTTP; Fri, 31 Mar 2017 19:17:01 -0700 (PDT)
In-Reply-To: <20170401020136.ftbjliohoaznzqyx@dhcp-86cf.meeting.ietf.org>
References: <20170401020136.ftbjliohoaznzqyx@dhcp-86cf.meeting.ietf.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 31 Mar 2017 21:17:01 -0500
X-Google-Sender-Auth: V8Sk52NzVNoztkOv56rp2owi-5k
Message-ID: <CA+b+ERkB8ZBCMRODTausuj8oLvVpkCuiF-p=1C9Re0n6mKqHSQ@mail.gmail.com>
To: Job Snijders <job@ntt.net>
Cc: idr wg <idr@ietf.org>
Content-Type: multipart/alternative; boundary=001a113ea6f09130a4054c118557
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/C8XUSJ3IPOzmXiSWhmuWSsJCvjQ>
Subject: Re: [Idr] dear diary: well-known community vs new path attribute
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Apr 2017 02:17:06 -0000

Hello Job,

If we start to make choice between community vs attribute for each "boolean
function" based on the assumption that some folks will "_*never_ upgrade
their software*" then IDR job becomes really simple.

IDR should just manage registry of communities in 80% of its proposals and
we are done.

So while in Sriram's proposal for intra-as (if at all needed) community
will be a better choice IMO such call should be made each time on a case by
case basis depending on the extension being discussed rather then any
generic overrule.

Cheers,
Robert.

On Mar 31, 2017 21:01, "Job Snijders" <job@ntt.net> wrote:

Dear colleagues,

In today's IDR session (thank you for the orderly meeting, chairs &
secretary!) the topic of 'well-known BGP community vs BGP Path
attribute' came up, in context of having a marker to signify or signal a
route's audience [Sriram] https://datatracker.ietf.org/
meeting/98/agenda/idr/

I've come to the conclusion that we have no choice other then to use a
well-known communities for boolean functions like the ones currently on
the table.

There are a number of significant advantages to using communities, that
in my opinion outweigh the perceived benefit of introducing a new path
attribute. This is asserted from a deployment process and adoption rate
perspective. Throughout this email I'll refer to the _function_ of the
path attribute/community as "feature X". Most reasons relate to
"accelerated" deployment rates. With "accelerated" I'm referring to a
2-3 year timescale rather then 8+ years. I'll share my analysis below.

We have to assume that there are many networks which might (from this
moment on) _never_ upgrade their software to the required newer software
to support feature X natively. There are a number of reasons why a
network might never receive the necessary software upgrades: the network
choose to continue using devices well after the End-of-Sale/Support/Life
date for economic reasons. Some networks use hardware longer then the
vendor intended, sometimes because the operator disagreed with the
vendor's view on longevity. Like some of you, I've travelled to regions
of the world where a good router, is a router without bullet holes in
it, in such cases you'll have to make things work with whatever was
loaded on there. In other cases, the vendor simply has gone bankrupt,
and the network has to make do with what is available on their sparing
shelves until the hardware is fully amortised.

With the above in mind, I'd argue that for many BGP features it is
entirely acceptable to state "upgrade your software and receive awesome
feature Y!". But in the instance of routing security, one might need to
salvage as much as one can in existing deployments, for altruistic
reasons.

I think it is fair to assume that in all cases, the BGP speakers will
support RFC 1997 BGP Communities. We can also assume that the device
supports neighbor-specific routing policy options to (at the very least)
match, and subsequently deny or permit based on the RFC 1997 community.

Another interesting (perhaps underappreciated) angle is that there are
both open source and commercial ancillary configuration management
systems on the market, which will happily manage devices which were not
upgraded to support Feature X natively. When vendor B doesn't want to
implement native support for Feature X, perhaps the ancillary third
market will support Feature X on vendor B.

A number considerations apply for well-known BGP communities in context
of route leak prevention:

- on day 0, there will be no routes tagged with the well-known
  community, likewise on day 365, there will be a small number of routes
  tagged with the well-known community.

- throughout the lifetime of feature X, the tagged routs are likely
  to be outnumbered by the untagged routes, in all contexts.

- ideally feature X can be deployed incrementally within an AS, so it
  should _add_ an extra layer of protection, rather then replace or
  hotswap an existing protection function.

- RFC 1997 communities are transitive, so Feature X must at the very
  least not be significantly hindered by the transivity, and in an ideal
  case actually benefit from the transivity property. Enforcing
  non-transivity through a RFC 2119-style "When received on EBGP, MUST
  delete" is also acceptable. Operators can manually emulate the
  non-transivity, and wait for software upgrades to do it for them.

- the presence of a well-known community on one route, cannot, and
  should not be superimposed to other routes received through the same
  BGP session. In a more general sense, a well-known community on one
  route cannot act as a semaphore for the entire session. I am not aware
  of any implementations which allow to match/act on one route and
  perform congruent manipulation of properties on a different route.

- When the well-known community for Feature X is present (aka 'true'),
  we can assume feature X for the route was enabled intentionally,
  however, in the case where it is absent, we're dealing with either an
  'unknown' or 'false'. The deny/accept logic we expect to be present
  either through manual manipulation or through

We also might be able to assume that networks looking to implement
Feature X, will do so out of their own volition, sufficiently motivated
to do so correctly. (Even though they are implementing the feature
manually!) Likewise, there will be a significant number of networks
which will not hear about Feature X for the foreseeable future, and only
receive the feature through software upgrades. In other words: network
operators whom are ignorant of Feature X until they read Release notes,
could be considered harmless. Furthermore, networks which are well
intended, might be in a position to recitfy erroneous use of the
well-known community for feature X when received across EBGP sessions.

>From my own deployment perspective, when using a BGP Community,
(disclaimer: merely stating options!) I can start deploying _right_now_,
_network-wide_ (meanwhile waiting for software upgrades to slowly start
catching up and replace my manual implementation). More importantly, I
can deploy in a heterogeneous environment where the timelines for policy
deployment and software deployment are not aligned, or with parts of the
network not even expected to receive the required software upgrade for
native support.

We haven't seen a standards track well-known community in a while, but
I'd be supportive of a well-known community RFC which demands rigorous
discipline related to the transivity, semantics, and would provide
configuration examples for those who cannot (yet) use Feature X
natively, with an agreed upon upgrade path to native support for
feature X.

As long as the benefits of using Feature X are 'egocentric' (aka
"deploying this concept helps me, and I don't need others to cooperate
with me"), and misuse of Feature X through the well-known community is
either merely self-inflicted pain, or harmless, we'll be fine.

Since Feature X is positioned in context of routing security, something
we'd probably like to see broad adoption on, I'd argue that the lowest
common denominator should be used: well-known BGP communities.

Kind regards,

Job

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr