IETF Logo Mail Archive

[Idr] Questions regarding BGP capabilities (RFC5492)

Claudio Jeker <cjeker@diehard.n-r-g.com> Thu, 18 April 2024 10:32 UTC

Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE116C14F6B5 for <idr@ietfa.amsl.com>; Thu, 18 Apr 2024 03:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1n4pP3cfLThA for <idr@ietfa.amsl.com>; Thu, 18 Apr 2024 03:32:58 -0700 (PDT)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0D50C14F609 for <idr@ietf.org>; Thu, 18 Apr 2024 03:32:56 -0700 (PDT)
Received: (qmail 92836 invoked by uid 1000); 18 Apr 2024 10:32:53 -0000
Date: Thu, 18 Apr 2024 12:32:53 +0200
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: idr@ietf.org
Message-ID: <ZiD21ViYxwCLju8p@diehard.n-r-g.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Dlor_GqO4d__SdHVyfvOlPtJidI>
Subject: [Idr] Questions regarding BGP capabilities (RFC5492)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 10:32:58 -0000

Hi all,

I have a few questions about BGP capabilities since we want to enforce
some capabilities long term in OpenBGPD.

As a first step we want to remove an old fallback to start over with no
capabilities in case of a NOTIFICATION with error code 2 (OPEN) and
suberr 4 (Unsupported Optional Parameter).

Are there still BGP implementations out there that do not support
capabilities (RFC5492)?



On top of this I have a question about NOTIFICATION error code 2 (OPEN)
suberr 7 (Unsupported Capability). From the RFC5492:

5.  Extensions to Error Handling

   This document defines a new Error Subcode, Unsupported Capability.
   The value of this Subcode is 7.  The Data field in the NOTIFICATION
   message MUST list the set of capabilities that causes the speaker to
   send the message.  Each such capability is encoded in the same way as
   it would be encoded in the OPEN message.

   As explained in the "Overview of Operations" section, the Unsupported
   Capability NOTIFICATION is a way for a BGP speaker to complain that
   its peer does not support a required capability without which the
   peering cannot proceed.  It MUST NOT be used when a BGP speaker
   receives a capability that it does not understand; such capabilities
   MUST be ignored.

I have an issue with "Each such capability is encoded in the same way
as it would be encoded in the OPEN message".  The thing is for some
capabilities the system may not really know the exact encoding of the
missing capability. For example graceful restart could include some
AFI/SAFI pairs but those are optional.

For OpenBGPD when parsing notifications only the first byte of data is
looked at so that we can log which capability code caused the problem.
When sending such a notification we build a capability with valid code and
length fields but apart from capa 1 the payload of the capability is 0.
For capa 1 we do send the AFI/SAFI pair that is missing.

How do other implementations handle this?

I checked some other opensource BGP implementations and noticed that
both FRR and bird send this suberr 7 NOTIFICATION without any data!
I can not really check the behaviour of other propretary implementations.

Also FRR seems to send suberr 7 NOTIFICATIONs for unknown or superfluous
capabilities. Which violates the last sentence of Section 5.
Again, do other implementations do the same?

-- 
:wq Claudio

v2.23.0 | Report a Bug | By Email