IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Tue, 11 May 2021 21:40 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F27623A277E for <idr@ietfa.amsl.com>; Tue, 11 May 2021 14:40:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.595
X-Spam-Level:
X-Spam-Status: No, score=-9.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lyQzTkrF; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0HkL7D1s
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cvQ32P01AGDc for <idr@ietfa.amsl.com>; Tue, 11 May 2021 14:39:59 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBA563A277D for <idr@ietf.org>; Tue, 11 May 2021 14:39:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27666; q=dns/txt; s=iport; t=1620769198; x=1621978798; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=nZ34ol9qE9qiv9k2BD55J6aFLfjtKZv/lENDyRAi+Xs=; b=lyQzTkrFwJV7V/8J76XZkVatPewO7AbARMB6F3lB9378d1Q4Pdt4AiMZ o5XC60ntr0H1jZh1qlYP8VE7+xPX6lKBzC0iaP/ncNtS7sgITyC5kbN9x qTduj74zSI2nHzk51k9A157NZgWWyLK2xZwyGL4p1UpUpvXPH11qn9Unq 8=;
X-IPAS-Result: A0AjAgBT+ZpgmIUNJK1aHgEBCxIMggwLgSMwKSh+WjYxhEeDSAOFOYh6A484iiCBLhSBEQNUCwEBAQ0BASUBCgoCBAEBhFACF4FdAiU0CQ4CBAEBAQEDAgMBAQEBBQEBBQEBAQIBBgQUAQEBAQEBAQFohVANhkQBAQEDAQEBIQoTAQEsBgYECwIBCBEEAQEBJwMCAgIlCxQJCAIEEwiCHksBgX5XAw4hAQ6eWwKKH3qBMoEBggYBAQYEBIUzGIITAwaBOoJ7hAwBAYZaJxyBSUSBFUOCXz6CYgEBgSYRASorCYJhNoIrgU8KUhkGIhwmBANQLyAMIDkOEgk1J5FggwSIAI0LkFyBFQqDFJF6i1oQg1eLEpZJlTKfCxgMAYREAgQCBAUCDgEBBoFUOIFbcBU7gmlQFwIOjh8Zg1eFFIVJczgCBgoBAQMJfIlNASeCHgEB
IronPort-PHdr: A9a23:AoEFfBHFSjjfHUEFX4LRiJ1GfjoY04WdBeZdwpsql7wIdb6srNzuP 03asPNqilKBHYDW8OlNhOeetaf8EXcB7pCMvDFnEtRMWhYJhN9Qk1kmB8iIWkz2MPCsaDY1T 4xOUVZ/9CS9Nk5YUM/1e1zVpCi06jgfUhXyPAZ4PKL7AInX2s+2zOu1vZbUZlYguQ==
IronPort-HdrOrdr: A9a23:1psHeahLKl/TjqsX298C0Inkj3BQXwJ13DAbv31ZSRFFG/FwyP rOoB1L73HJYWgqN03IwerwRJVoMkmsiqKdgLNhcotKOTOHhILGFvAb0WKP+UyEJ8S6zJ8h6U 4CSdkxNDSTNykAsS+S2mDReLxMrKjlgcKVbKXlvg1QpGpRGsZdBnJCe3+m+zpNNW977PQCZf 6hz/sCgwDlVWUcb8y9CHVAdfPEvcf3mJXvZgNDLwI76SGV5AnYqYLSIly95FMzQjlPybAt/S zuiAri/JiutPm911v1y3LT1ZJLg9Hso+EzRPBky/JlaQkEuDzYIbiJaIfy+AzdZ9vfr2rCpe O84SvI+f4DrU85MFvF+CcFkDOQrgrGo0WSuGNwx0GT+fAQgFkBepB8bUUzSGqD16NohqAN7I tbm22erJZZFhXGgWD04MXJTQhjkg6urWMlivN7tQ0UbWIyUs4YkWUkxjIfLH7AJlOM1GktKp giMCgd3oceTbq+VQGUgoBC+q3YYp0DJGbxfqFZgL3m79F/pgEM86I3/r1toks9
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,291,1613433600"; d="scan'208,217";a="693233832"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 May 2021 21:39:41 +0000
Received: from mail.cisco.com (xbe-rcd-001.cisco.com [173.37.102.16]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 14BLdf9M024135 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <idr@ietf.org>; Tue, 11 May 2021 21:39:41 GMT
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xbe-rcd-001.cisco.com (173.37.102.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Tue, 11 May 2021 16:39:41 -0500
Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Tue, 11 May 2021 16:39:41 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Tue, 11 May 2021 16:39:41 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=leD/s9VyUwHiDZVM1XLmHwZ1d9WyQtykHU3S4Y3/FNHIn/0bB7Ve72WbPE6+WnKUOFqnjEidxhmqwSAbpf+0mGli4KzQLUxv0ncFtgkR4DLIFAEI1nmQKE2+RS4/QnxC7rf3nUSe+wgrlPmieYIdOE0khlry3guoxEe5MRPuQTWyUGgcd8WRMRRDI1ukU1EdzjF7aF9Pa2LXif9xZiusIerg63Yp18cM/Jisk4dALWgxOATiiwgHoXZnGxQxBwX+hiCijcleIZfgbOPs2GAlFpXFblB0R2g/RhVUN1lZvBVvjHQLCxmd+XxuFow/iZKdDef0cauzgzyHgwMoXkRnbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZ34ol9qE9qiv9k2BD55J6aFLfjtKZv/lENDyRAi+Xs=; b=aRCyYtVH+HBC7cPbq/5+npQlFQyb/d6oiR0eLyNFhIRe+iKsN9rNob0rRCqc3/HLHq59maZQl+SD6QjYgGQjxAc7M+nwflFTcIqoiZgnY+ZBX2Cjmcq8bhYGeXDSffpNxpNPblL1d12Umpw3UWD+qmozn1SYbaOuHdNNeAd1rB59Sk41i0GfU0LeL7xpdmJNyB7bWQxuo6PYiSqIQeYlsEGGwRnWi3/nulagtMOs41jHOxQxH8QbHmx5hOWJF3Fi3A92mVNqybcPtQbgzTPyJGD+aKTpbEkHaQmBFWq/qk67ViRePO0EI3fE/ZVTNLhVjG3qrhI1aah42X4U5ziV9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZ34ol9qE9qiv9k2BD55J6aFLfjtKZv/lENDyRAi+Xs=; b=0HkL7D1sDgkplZP8ZTZYDiQh8su0TyHl7RJTbcrssD4GoVr4hlqp4x5wRvbVgRLwUVMpB2nOH5Yp5k0Eji1gkvzLs5zkK9MNffddzyOJgKed790Ob9KOJ0tyjRXcHKi8/n2y1uM1YGJe8NrkNIab9OHvAEdWi7ifYnP33grWuWo=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB3702.namprd11.prod.outlook.com (2603:10b6:a03:f7::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25; Tue, 11 May 2021 21:39:40 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::106d:d229:f71b:b34f]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::106d:d229:f71b:b34f%4]) with mapi id 15.20.4108.031; Tue, 11 May 2021 21:39:39 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "idr@ietf. org" <idr@ietf.org>
Thread-Topic: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt
Thread-Index: AQHXMfFrTLXM9ljR7k6FaD+snnPsJKq1nkAAgAAGxoCAKMhgAIAACEcAgAAnUACAAFgdcA==
Date: Tue, 11 May 2021 21:39:39 +0000
Message-ID: <BYAPR11MB3207E29D15EB3362B4A0AAD7C0539@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <161843563034.11054.13811966622190622752@ietfa.amsl.com> <CAOj+MMH=cCgtn7cL=HvOjQOMH1B9tmjOYOT04jXE9oky4SuevQ@mail.gmail.com> <YHhJTB51/joiz9Pg@snel> <CAOj+MMEFOGm=hCQcZNAUoN8vsPeVT3gqnjsQihUMJo4AOObZfw@mail.gmail.com> <CALxNLBhtQDDo9Dn7vBAZx+RbVwJ5BSbZfRS1wGStt_k7C2nPuQ@mail.gmail.com> <CAOj+MMHDPGt30deY6KtC+E-5eD9Q8cRtrL-xydLhsNic7KBdSw@mail.gmail.com> <CALxNLBi5Borzgr6ntRZHu0P6dnEcoZ8pk7=JKKfRhNcUbv873w@mail.gmail.com>
In-Reply-To: <CALxNLBi5Borzgr6ntRZHu0P6dnEcoZ8pk7=JKKfRhNcUbv873w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:e145:5b96:6241:b67a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: de71c9c2-1509-4627-64eb-08d914c547e9
x-ms-traffictypediagnostic: BYAPR11MB3702:
x-microsoft-antispam-prvs: <BYAPR11MB3702DB2739A4BE4BEDACD816C0539@BYAPR11MB3702.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /TICibFSCQXeBHdv3pS92Ujm4/XwQFHbV76yiBHjYvE5579Y9tjVjSfw/aHnLMsC/mxMG8kRFqzTjVzXOM/bBLKRFBl/eUOm3dRv6c9wHE/4VDwupIkmu9/l/3bwfbLuTtwq/g8yGDKPjBIKmzjXoSoVAg2vO7r4wiwdDYdavuKK/z7v6i7R5y5s1dpQZRdlMvnUhJeLTkkdGnfAOCClEjkI24LRIaX78JPWZmpfPoCwygg/nhA9/m/H0D5SCRioGAYUvZ0QSrPGY5z2E5JtJ1izMzzB/ge4pVYGmPvrfy7r2J0dqh/IK10QerOnjEq0fsybHhCrgUGu9/M6DWbZIAwpaPfXxjSs6PiwHZ8jiYneMxiysDpXXbrCWBeZ6I8C6Shs2JImo7fftkiyo3QMeBZyKSORgYd9rNbpOiUm6h/DGRvM6K3BECcb8endRYwQpQ9qeQc/QJ+O2LG3gma8CzAl4h8DG2JbTFEKrBKv8RWKBvMHpyKjDCAbp3WLYBYqRZ+jNzwYyIP6wgEDX+f+Q3bmHFzBvsChXXXHclKCo057fTCQIHm2nWoKgt6D7dfo2FYxe80BAHxZJiY7cgX6WIux9MOtKzsymkFztrCbaX1MPPfPeJFajJozi/OePTLEXrgJH+vmJYoD8i//zV0rVgI3ub0Hsflx8Mpi7u2eJeHb2gm4Offr5RcCRjlXC21K
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(366004)(39860400002)(396003)(376002)(346002)(52536014)(55016002)(66556008)(5660300002)(38100700002)(66446008)(64756008)(9686003)(76116006)(8936002)(66946007)(86362001)(316002)(8676002)(966005)(7696005)(478600001)(53546011)(6506007)(166002)(6916009)(2906002)(71200400001)(66476007)(33656002)(83380400001)(186003)(66574015)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: NO4n1/fpx+Kxja0NePGmUmq8UHAYxZRvm4wflr41VG1TxmJmTrNxdJwCDJk6AGyQzS9mAnv8JOFKnzbK/lfgVZ+wkFfHdQFlck7VoaLsct0hP9P402fK3CuhxpG5MMck90CCmQkmE9KMTSbHqz7L6q1G7LOMBm3xSSjj8AIRKcHPLR0ArlSGYtDGxYk/irBgT1xgymv7IWpxtdmzhzVc0DGhPXTc3ce0TpCzzAQqpkHwXLw3BSpeSqbkch8Jcm/MGcwPbifv9mEpLTSq6r/szrTvMqEfBHGRsdj8rBtd9vM28GbqLyC0k1bJ6+/yEUMD2xAIaevsBq6oQtqHn2kPeaAzrYGSN3fz2HC55qKalyBZ5FDqQxcsOIqbmW9jksvnWLYfzzS8AI7Y4Rqmsi1/8bKAM+H1rDxrmj7BiAF9dR5PaTk9J3K41UDwQ1dGnaYUeh8S4uhGvjILK182dlyOPY8Uo75IE7is+oDOiZShgNjSsyEQHuDL0Oz97RHPUcLsIlW95jwJWlFwWuCGWkRJoxQCSfYOWRLGEhbX1bcliBsiYVIonDlsvtr2yo+7uxx8vGgfhlS5Sp8jVb0xQ74nPKKrTrMbOGEACu3OghaDOnkZHlDB6NPJ21BpXPw07RNK+KwuFCV5z7reAByjttK+i+Pzrxz8L5JzFBlpy8kZaG/SaRBO4TGVwiZBr+RXf5uXCEAMfeZ53rUG7FiyX8TMmEoG+8c7z1nn1fic3XQ4HKF1O+wf2lcvnQ+weUpKdDKKhQBsuscvLk8CiGOWfDZ2Csf+aO97H90AAvACLPTPF7VSNnDQ6MEC3vg4IlcdctUagivSoZegmJDElYQhW8leIrnuEOs2Zo/mSungUE1ZsnyC7odIKiEHhsmM67D5uQSp43Rm2SKGnDlUjm7JR1FhK9L/6g0FZeGQOpJ3lOZ/Il2yk2wmGlgb6Zy/4C+IlrqDXyD3ldMZDJe3j+HZ9q/NkuMVj8JXYf6wjokv9fugf+NRh1Sv9dRWZav817UZZREodv5Cj0PKpXVcqN9fMf903dO4qYPN8eaZ7NIP5srWk0CllAA1cZ5A7kZq4SAI41pDWuv3Z7zQsFZzWmwko49YyBbDz19wGqilSWYaH6FoYzVfjvyAnU8Hbekw42WRbkpPuBvwkHS4PCD5rlV4uq4BfUqhM4nWbjPZnP2XVIoG/uo1n64wDY3pqyxxX+ZpUqi25oxxrNSKDaFyhNJXR5WZeEd6Rvn8gJ70+H/D14ST+9is+Wwnlmzrxf0tQx0nmAT1fAVFNih740nAeG85Ez2XkrqIeN4vw6CsAEMFkomUt3ECNPJ6dGnFg/+5J9PfVO9wTLVMDw9y+0x9oB9VjuUdibUk3zFX4DZRfA2VDnvuW4XjVZpJ+3kFTp2muy1ds/UC
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB3207E29D15EB3362B4A0AAD7C0539BYAPR11MB3207namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: de71c9c2-1509-4627-64eb-08d914c547e9
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2021 21:39:39.2299 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b1kt9fAZLz0oWhJHkXJLuK+K5Dk4Pbj+bevCf6+hstrnMAP6Ic4BoafZIIN0uhOW7F1LfkXfDbiSQetGJ0hq3w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3702
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xbe-rcd-001.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/DFj_i8Lut3UosAghKE1dkdFXh5s>
Subject: Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2021 21:40:04 -0000

I disagree with the "MUST" in the sentence:
                       For example, when an operator configures the pre-
         policy limit for IPv4 Unicast to be 50 on a given EBGP session,
         and the other BGP speaker announces its 51st IPv4 Unicast NLRI,
         the session MUST be terminated.

It conflicts with the statement in 2:

                                        When the upper bound is reached,

      the speaker, under control of local configuration, either:



      A.  Discards new address prefixes from the neighbor, while

          maintaining the BGP connection.  As these prefixes are

          discared, their reachability information is not stored on the

          local router, which might lead to inconsistent routing

          behaviour;



      B.  Receives all the new prefixes exceeding the threshold, accepts

          them and generates a log of the event;



      C.  Terminates the BGP connection with the neighbor.


In addition, terminating a BGP session is highly disruptive and may easily be
more disruptive than the leak it is trying to prevent. The decision to
terminate the session should be at the discretion of the operator.
I would be fine to make termination the default action, but would
want to give the operator other choices.
"SHOULD" would be strong enough in that sentence.

Regards,
Jakob.

From: Idr <idr-bounces@ietf.org> On Behalf Of Melchior Aelmans
Sent: Tuesday, May 11, 2021 9:12 AM
To: Robert Raszuk <robert@raszuk.net>
Cc: Melchior Aelmans <maelmans@juniper.net>; idr@ietf. org <idr@ietf.org>
Subject: Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt

Ack Robert, thanks for confirming.

Cheers,
Melchior

On Tue, May 11, 2021 at 3:51 PM Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:
Hi Melchior,

After rethinking this I think the current text in the draft is ok.

It is after all optional cfg and if vendor supports both pre and post policy max-prefix limit inbound the configured numbers may not need to be identical.

Thx,
R.


On Tue, May 11, 2021 at 3:22 PM Melchior Aelmans <melchior@aelmans.eu<mailto:melchior@aelmans.eu>> wrote:
Hi Robert, all,

First of all thanks for your feedback!

The part we are confused about is that soft-reconfiguration inbound is a Cisco command to enable adj-RIB-In which then stores all the received routes. On Juniper and OpenBGPd (and possibly other implementations as well) adj-RIB-In is enabled by default and protected by a maximum-prefix limit inbound.
Could you please elaborate on what you are exactly trying to describe and as Job suggested make suggestions for text adjustments?

Thanks!
Melchior

On Thu, Apr 15, 2021 at 4:36 PM Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:
Hi Job,

The distinction between Per and Post policy is clear.

Inbound Prefix Limit may (depending on implementation) apply to either or both of those processing stages.

The observation I am trying to make is that IMHO soft in is not really a Pre Policy in a sense that you must not apply Prefix Limit to it. Otherwise the entire idea of soft-in becomes questionable.

To me perhaps the proper way to visualize it is actually to divide Pre Policy into two blocks - ALL Prefixes and Pre-Policy Prefix-Limited. All Prefixes block would occur only when soft in is enabled. Otherwise some may expect or request to apply Inbound Prefix Limit before routes are stored when soft reconfiguration inbound is enabled.

Or perhaps you actually want to do that sort of breaking that knob ?

Many thx,
R.






On Thu, Apr 15, 2021 at 4:10 PM Job Snijders <job@fastly.com<mailto:job@fastly.com>> wrote:
Dear Robert,

On Thu, Apr 15, 2021 at 02:16:12PM +0200, Robert Raszuk wrote:
> I think I have one question or suggestion.

Your review is appreciated!

> As you all know some implementations allow you to explicitly force BGP
> speaker to keep (pre-policy) all routes/paths received.
>
> Example:
>
> neighbor 192.168.1.1 soft-reconfiguration inbound
>
> The draft does not seem to comment on this case yet if implementation
> maintains the above behaviour at least some of the justifications for
> the document is gone.

Interesting, the draft's objective is to clarify that inbound limits can
be applied at multiple stages of the pipeline (pre and post policy), not
all Network Operating Systems appear to offer this (operationally
speaking much needed) granularity, and through this draft we hope to
clarify to implementers that it is something worth considering to add.

> I think that draft should at least mention such behaviour, not force to
> change it however put some light that if
> configured by the operator some of the benefits of inbound prefix limit
> will not be fully effective.

What you call 'soft-reconfiguration inbound' ends up storing into what
the draft refers to as 'Pre Policy'. (At least... that is the intention,
it is possible the text is readable to us but not easy to understand for
others)

Do you have specific text in mind to add to the draft to clarify this?

Kind regards,

Job
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email