IETF Logo Mail Archive

Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?

Robert Raszuk <robert@raszuk.net> Wed, 30 September 2020 18:51 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C0C3A0ABA for <idr@ietfa.amsl.com>; Wed, 30 Sep 2020 11:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJkAd32gPf9x for <idr@ietfa.amsl.com>; Wed, 30 Sep 2020 11:51:46 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65FA53A0AE9 for <idr@ietf.org>; Wed, 30 Sep 2020 11:51:28 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id n22so3013900edt.4 for <idr@ietf.org>; Wed, 30 Sep 2020 11:51:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RVKFAvvydATfUVAIUQHt1qZ5TEWNap5rea7NTQJR7ig=; b=NRPThTFbO64kw1pKz6/yR+mzxz4V7Kf4tGoDMmQ5ZiV+c5f7IkCvoE5g2bKZgauGY0 x6xAM1xXSKBM4G+ujWbumGQ4ZlkjPrTuOoGh+VsDs00lMBS7X0CNWYJhvs4YBqX8fPF0 g9mecl3O2iqhlQG/3yWsEBarz/WR2F+FQiW/q9iiEssSe4ymI+Th8UvdWPwUIZwarbhL urOFh0YkPBkODo5wrpKm+xuSEIfUHb8dBDu30MTttHww/22v20GBfkyqOJbA9sOlgoQE QoggsNNH3awKi2nuWWF0+f6f0nTQblG2qEJZWcff1z4gDu1HbI6B8AuOi7HWUxN65zue A+Dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RVKFAvvydATfUVAIUQHt1qZ5TEWNap5rea7NTQJR7ig=; b=ELyu0wZ2v2lb9ddN4/9s2SmITYErXiNoOe6Q+ZlB9+Xt4HeD4L9GGKe/nZ8zrri62q RQd5VvCxIPTaTr2VNe3/VDclrrtXkjEy0LMUBSLDUPlH4YIWKNlgZ1PbziXu4wypb1SL URz26hv1qsK8L3uRQmhobALEcY0HR02dWXdrUtErHiZr4zV8QXJnwKOymQrbaQA5aLPb YPF/TmrLk2hl9gr60xii3r8MsQ066Dd7ziVchQxAy9Spe/cbzOEaS2AHxXoZh2T3Mk7l 710MtppyBJ1n46MP2JJsietg7LQ2YWNZRNeerrn4Nw5ytYJ2ff291q2rFO+idCKY4ZTx u11g==
X-Gm-Message-State: AOAM532j+nVK4cH9MLkye91I0umfwzEUDxqH+ChdAjnvm718ooHbrzKx 4XExMXuf5zfJib2Ze2029gBcc4plrc+d8IUroOtKDleEllHcTQ==
X-Google-Smtp-Source: ABdhPJyZQeV8w2bh5OzfTX2J1kHICCT9U48LB3WLFplgQdFeVQ6auiOj4BCIEw/PmJtStb0v+ej8P/JxFcJ2y/DaLsA=
X-Received: by 2002:a05:6402:3c8:: with SMTP id t8mr4180443edw.266.1601491886721; Wed, 30 Sep 2020 11:51:26 -0700 (PDT)
MIME-Version: 1.0
References: <303E54F6-833A-4458-B3E6-DE90E7CA121B@juniper.net> <22341_1601052988_5F6E213C_22341_268_1_53C29892C857584299CBF5D05346208A48F82C17@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <DEE76A95-339B-433C-BD46-AD0243F72FBE@juniper.net> <3366_1601300732_5F71E8FC_3366_6_3_53C29892C857584299CBF5D05346208A48F86028@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <21B4E52C-38F4-4C94-985C-8C1DF88F4A92@juniper.net> <CAMMESsxG+ASdax1USizop-1bzYELcSdvND-f3RNEJ78zDUPrng@mail.gmail.com> <A9128F3D-948E-4F22-B000-7B470AFAC219@tix.at> <CAOj+MMESP=1EtTcuptE9xdyb+g36kDiD4sH6wSLezeZX74v2vw@mail.gmail.com> <BYAPR11MB32079E5730B9B170C1ADF7E1C0350@BYAPR11MB3207.namprd11.prod.outlook.com> <CAOj+MMFrFhwF1D=j1KS5wJXzc-ULEA6Ne-n296LYvit5fKUB+w@mail.gmail.com> <eaf30ef00cff4e3ca7d610fb48f8aa7d@huawei.com> <BYAPR11MB3207121F8D22B4379F2279DFC0330@BYAPR11MB3207.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3207121F8D22B4379F2279DFC0330@BYAPR11MB3207.namprd11.prod.outlook.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Wed, 30 Sep 2020 20:51:17 +0200
Message-ID: <CAOj+MMFX6PhWEUt5JhK7XO12Lv8MEoA29O4xgLQM+yGU7g=+vA@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Cc: "Dongjie (Jimmy)" <jie.dong@huawei.com>, "idr@ietf. org" <idr@ietf.org>, John Scudder <jgs=40juniper.net@dmarc.ietf.org>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>, Hares Susan <shares@ndzh.com>
Content-Type: multipart/alternative; boundary="00000000000004dc9f05b08c630f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Ec8iqRS_rZh_8SGJK299wFDxEbs>
Subject: Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 18:51:49 -0000

Hi Jakob,

> I personally prefer that BGP be nothing more than a transport for
flowspec.

100%

- - -

Can you take a look if XR, XE & NX all parse today's shipping FS NLRIs and
validate each type and when applicable length to be "valid" ?

What all three of those implementations do when they:

a) run into the case of unknown type ?

b) run into the case of invalid value of any type carried inside the NLRI ?

Many thx,
R.



On Wed, Sep 30, 2020 at 8:34 PM Jakob Heitz (jheitz) <jheitz@cisco.com>
wrote:

> In that case, I'm fine with it.
>
> I personally prefer that BGP be nothing more than a transport for flowspec.
>
> That makes it possible to change the flowspec updates without modifying BGP
>
> or upgrading speakers that don't install the flowspecs themselves.
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Dongjie (Jimmy) <jie.dong@huawei.com>
> *Sent:* Wednesday, September 30, 2020 12:53 AM
> *To:* Robert Raszuk <robert@raszuk.net>; Jakob Heitz (jheitz) <
> jheitz@cisco.com>
> *Cc:* idr@ietf. org <idr@ietf.org>; John Scudder <jgs=
> 40juniper.net@dmarc.ietf.org>; bruno.decraene@orange.com;
> draft-ietf-idr-rfc5575bis@ietf.org; Hares Susan <shares@ndzh.com>
> *Subject:* RE: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth
> fixing?
>
>
>
> Hi Robert and Jakob,
>
>
>
> Please note that section 3 of 5575bis says:
>
>
>
> “BGP itself treats the NLRI as a key to an entry in its databases. Entries
> that are placed in the Loc-RIB are then associated with a given set of
> semantics, which is application dependent.”
>
>
>
> Although comparing with RFC5575 the word “opaque” is removed, the NLRI is
> still treated as the key.
>
>
>
> Best regards,
>
> Jie
>
>
>
> *From:* Idr [mailto:idr-bounces@ietf.org <idr-bounces@ietf.org>] *On
> Behalf Of *Robert Raszuk
> *Sent:* Tuesday, September 29, 2020 2:58 PM
> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>
> *Cc:* idr@ietf. org <idr@ietf.org>; John Scudder <
> jgs=40juniper.net@dmarc.ietf.org>; bruno.decraene@orange.com;
> draft-ietf-idr-rfc5575bis@ietf.org; Hares Susan <shares@ndzh.com>
> *Subject:* Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth
> fixing?
>
>
>
> Hi Jakob,
>
>
>
> > Flowspec does not AFAIK have any such NLRI... yet.
>
>
>
> I am not quite sure what are you trying to say above.
>
>
>
> Today in RFC5575 NLRI is clearly defined as a numeric value with a given
> length. It was by design not parsable by BGP. The entire NLRI is a key.
>
>
>
> So updates and withdraws processing happens on the key as defined.
>
>
>
> Now if we start to parse that value (except maybe for validation which I
> am also now pretty sceptical about) and dissecting part of that calling
> some types to be a key and some not - at min IMHO we should use different
> SAFI not to create complete deployment issues.
>
>
>
> Many thx,
>
> R.
>
>
>
>
>
> On Tue, Sep 29, 2020 at 1:23 AM Jakob Heitz (jheitz) <jheitz@cisco.com>
> wrote:
>
> Also to consider that in BGP, there are several examples of NLRI
>
> where the NLRI key is not the whole NLRI, starting with RFC 3107,
>
> where the label is not part of the key.
>
>
>
> A speaker that receives an update with an unknown NLRI does not
>
> know if that unknown NLRI servers to withdraw a (seemingly)
>
> different unknown NLRI, if the parts that are different are not
>
> key material.
>
>
>
> Therefore, a BGP speaker must always be able to completely
>
> parse and understand received NLRI.
>
>
>
> Flowspec does not AFAIK have any such NLRI... yet.
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of *Robert Raszuk
> *Sent:* Monday, September 28, 2020 1:44 PM
> *To:* Christoph Loibl <c@tix.at>
> *Cc:* idr@ietf. org <idr@ietf.org>; draft-ietf-idr-rfc5575bis@ietf.org;
> John Scudder <jgs=40juniper.net@dmarc.ietf.org>; bruno.decraene@orange.com;
> Hares Susan <shares@ndzh.com>
> *Subject:* Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth
> fixing?
>
>
>
> All,
>
>
>
> To me the real question is if we really should validate the content of
> NLRI or just make sure that NLRI boundaries meet BGP MP_REACH
> definition and treat NLRI values completely opaque to BGP (as per original
> RFC5575).
>
>
>
> If NLRI is really malformed resulting in MP_REACH attribute being
> malformed I do not see that much harm in session reset.
>
>
>
> But if we dive into each atomic type parsing of the NLRI value itself at
> each BGP speaker talking SAFI 133/134 I think this is going to be a mess.
>
>
>
> Best,
>
> R.
>
>
>
>
>
>
>
> On Mon, Sep 28, 2020 at 9:41 PM Christoph Loibl <c@tix.at> wrote:
>
> Hi,
>
>
>
> I do not really want to repeat the whole discussion here (seems that we
> are going in circles) if not needed. I think that we agreed that if the
> NLRI is malformed the only option is to reset (+send notification) the
> session (even if we consider rfc7606). And from draft-rfc5575bis it is
> clear that we are talking about a malformed NLRI:
>
>
>
>    A NLRI value not encoded as specified specified here is considered
>
>    malformed and error handling according to Section 10 is performed.
>
>
>
> -> I think that adding the small term that John suggested is sufficient.
>
>
>
> Cheers Christoph
>
>
>
> --
> Christoph Loibl
> c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at
>
>
>
>
>
>
>
> On 28.09.2020, at 21:16, Alvaro Retana <aretana.ietf@gmail.com> wrote:
>
>
>
> [Explicitly adding Jeff to the To list.]
>
>
>
> Hi!
>
>
>
> During my AD review there was a discussion on the list about this point,
> and whether we could avoid resetting the session.  Jeff presented some
> examples and, I think, made a very convincing case of why we really can’t:
> even if we can look at the length, we would still be guessing.
>
>
>
> I think this is one of the messages:
> https://mailarchive.ietf.org/arch/msg/idr/FHC-Vz26LZfam-o5Y-9-WSrEm2g/
>
>
>
> Jeff: if you get a chance, please chime in.
>
>
>
> Thanks!
>
>
>
> Alvaro.
>
>
>
> On September 28, 2020 at 2:16:38 PM, John Scudder (
> jgs=40juniper.net@dmarc.ietf.org) wrote:
>
>
>
> I think that is the right thing, too: FS uses T,V and not T,L,V for its
> component types, the lengths are implicit. So, if my parser encounters an
> unknown type code it is impossible for me to know how to skip over that
> type code. At that point, parsing breaks down.
>
> [Bruno] I had in mind the higher level of hierarchy:
>
>
>
>    The NLRI field of the MP_REACH_NLRI and MP_UNREACH_NLRI is encoded as
>
>    one or more 2-tuples of the form <length, NLRI value>.  It consists
>
>    of a 1- or 2-octet length field followed by a variable-length NLRI
>
>    value.  The length is expressed in octets.
>
>
>
>                      +-------------------------------+
>
>                      |    length (0xnn or 0xfnnn)    |
>
>                      +-------------------------------+
>
>                      |    NLRI value   (variable)    |
>
>                      +-------------------------------+
>
>
>
>                 Figure 1: Flow Specification NLRI for IPv4
>
>
>
> At this level, assuming that the NLRI value is found semantically
> incorrect, it seems to me that one could:
>
> -          Skip this NLRI (thanks to the ‘length’ field) and continue
> with the next NLRI
>
> -          Read the ‘NLRI value’ as an opaque data, and treat this NLRI
> as withdraw. (In the context of the discussion, this NLRI would never had
> been accepted, so ‘treat-as-withdraw’  could even be replaced with ‘ignore
> ’. But I’m _*not*_ calling for this).
>
> Hence it seems to me that treat-as-withdraw is technically possible.
>
>
>
> Fair enough. It’s a little unfortunate that the draft contains this
> ambiguity; in retrospect it would have been better to be explicit about the
> error-handling strategy chosen rather than simply referencing RFC 7606.
> Whether or not we want to respin the draft in order to clarify it, is a
> question for the WG. If we were to make a change, it could potentially be
> the addition of this sentence, in Section 10:
>
>
>
>    Error handling according to [RFC7606 <https://tools.ietf.org/html/rfc7606>] and [RFC4760 <https://tools.ietf.org/html/rfc4760>] applies to this
>
>    specification. *Notably, an NLRI that is found to be semantically*
>
>    *incorrect (for example due to an unknown component type) MUST be*
>
>    *handled using the “treat-as-withdraw” strategy (which in this case,*
>
>    *it must be noted, works out to be the same as skipping over the NLRI).*
>
>
>
>

v2.29.0 | Report a Bug | By Email | System Status