IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

"Chris Hall" <chris.hall@highwayman.com> Sun, 09 December 2012 11:37 UTC

Return-Path: <chris.hall@highwayman.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBF2121F883A for <idr@ietfa.amsl.com>; Sun, 9 Dec 2012 03:37:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.539
X-Spam-Level:
X-Spam-Status: No, score=-0.539 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_UK=1.749, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shAgsqdUJYu0 for <idr@ietfa.amsl.com>; Sun, 9 Dec 2012 03:37:45 -0800 (PST)
Received: from smtp.demon.co.uk (mdfmta009.mxout.tbr.inty.net [91.221.168.50]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF7A21F8745 for <idr@ietf.org>; Sun, 9 Dec 2012 03:37:44 -0800 (PST)
Received: from mdfmta009.tbr.inty.net (unknown [127.0.0.1]) by mdfmta009.tbr.inty.net (Postfix) with ESMTP id 80D3B384081; Sun, 9 Dec 2012 11:37:43 +0000 (GMT)
Received: from mdfmta009.tbr.inty.net (unknown [127.0.0.1]) by mdfmta009.tbr.inty.net (Postfix) with ESMTP id 59FF3384080; Sun, 9 Dec 2012 11:37:43 +0000 (GMT)
Received: from hestia.halldom.com (unknown [80.177.246.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mdfmta009.tbr.inty.net (Postfix) with ESMTP; Sun, 9 Dec 2012 11:37:43 +0000 (GMT)
Received: from hyperion.halldom.com ([80.177.246.170] helo=HYPERION) by hestia.halldom.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.76) (envelope-from <chris.hall@highwayman.com>) id 1ThfCX-0005em-VP; Sun, 09 Dec 2012 11:37:42 +0000
From: Chris Hall <chris.hall@highwayman.com>
To: idr@ietf.org
References: <20121121191321.6164.6887.idtracker@ietfa.amsl.com> <50AD2986.90705@cisco.com> <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com> <8ED5B0B0F5B4854A912480C1521F973A0F4940@xmb-rcd-x13.cisco.com> <94913EE5-2864-4EE2-B474-9631430B1E22@ericsson.com> <068701cdd478$2cf01cf0$86d056d0$@highwayman.com> <CAEGVVtBy-zdLz8hVajLnuAqgzfgQHrseK4r-N9=pOZGtqV7LbA@mail.gmail.com> <CAH1iCipfup-GEeJduBti_KHvX1pUZfmZLA3Zz5Y9Aw9xV3fQ9w@mail.gmail.com>
In-Reply-To: <CAH1iCipfup-GEeJduBti_KHvX1pUZfmZLA3Zz5Y9Aw9xV3fQ9w@mail.gmail.com>
Date: Sun, 09 Dec 2012 11:37:36 -0000
Organization: Highwayman
Message-ID: <079901cdd601$9901b630$cb052290$@highwayman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
thread-index: AQHwJ9rDNhpCAk7gfRWZlMlTSLUu6QFwpw6KAjDRnx0CVlUcVAFHaBeAARUnQBoBYBPk8QGYNqrRl3E29RA=
Content-Language: en-gb
X-MDF-HostID: 4
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2012 11:37:46 -0000

Brian Dickson wrote (on Fri 07-Dec-2012 at 23:13 +0000):
>
> I see the high-level problem Chris describes, and think maybe 
> it requires discussing possible ways of removing 
> doubt/ambiguity over successful parsing of such MP_REACH
> and MP_UNREACH attributes.

My suggestion, for minimal change to the protocol, would be a new
capability which would carry the undertaking that:

  * when sending MP_UNREACH_NLRI and/or MP_REACH_NLRI
    they will be the first attribute(s), and will
    appear in that order.

  * the ORIGIN attribute will be the first attribute,
    or will follow any NLRI attributes.

    Which deals with the absence of one or both NLRI
    attributes.

A receiver in possession of this new capability knows that, once it
has seen completely valid versions of these leading attributes, it can
tolerate any malformation of the following attributes, or absence of
essential attributes, etc. and "treat-as-withdraw".

The ORIGIN attribute has the value 0x0X 0x01 0x01 0x0Y -- where X is
supposed to be 0 and Y MUST be 0, 1 or 2.  This pattern is,
effectively, and "end-of-NLRI-attributes" mark.

If the new capability also meant that this attribute would always be
output with extended length and guaranteed X = 0, then the receiver
would expect to see 0x10 0x01 0x00 0x01 0x0Y -- which is a little more
unique, and offer a little more assurance that the attributes so far
are completely valid.  (But this is not essential)

(The new capability could also mean that IPv4 Unicast will not appear
both in the body of the message and in NLRI attributes -- but that is
not essential, either.)

If the sender misbehaves, and sends any NLRI attribute after the
ORIGIN then:

  a) if it is not a repeat attribute then...

       ...accept, but turn off the capability ?

       ...treat as a repeat ?

  b) if it is a repeat attribute then...

       ...session-reset, as per draft ?

  c) if the extra attribute is hidden by a preceding
     broken attribute then...

       ...the change to the relevant NLRI is lost.

The last case is BAD: the receiver will "treat-as-withdraw" the NLRI
it can see, but not those it cannot.  The risk here may be deemed
ignorable -- but needs to be assessed.

For all code which deals with BGP updates -- BGP speakers or analysers
of BGP streams etc -- the only change here is the new capability;
UPDATE messages will have attributes in a particular order (and
perhaps take a particular form) but are entirely RFC4271 compliant.

That leaves the question of what the receiver does in the absence of
the new capability... but that's another story, for another day.

Chris

v2.23.0 | Report a Bug | By Email