[Idr] AD Review of draft-ietf-idr-wide-bgp-communities-08

Alvaro Retana <aretana.ietf@gmail.com> Fri, 23 December 2022 11:37 UTC

From: Alvaro Retana <aretana.ietf@gmail.com>
MIME-Version: 1.0
Date: Fri, 23 Dec 2022 05:37:35 -0600
Message-ID: <CAMMESsw_kC_V-7px1xNbgxsinWW0RFUrugDmu2ziF8ioxqxCRQ@mail.gmail.com>
To: draft-ietf-idr-wide-bgp-communities@ietf.org
Cc: Keyur Patel <keyur@arrcus.com>, idr-chairs@ietf.org, idr@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Gw7FWmYORZwKP72vxck2WXCWGF0>
Subject: [Idr] AD Review of draft-ietf-idr-wide-bgp-communities-08
Precedence: list

Dear authors:

Thank you for your continued efforts with this document!

I have many comments (see inline) that I will want to see addressed
before starting the IETF Last Call.

(1) In general, I found that the naming is not consistent across the document.
For example, "BGP Wide Community", "Wide Community", "Wide community", and
"side community" are all used. The same treatment applies to the name of
the TLVs, Atoms, etc. I mentioned this below, but may have missed several
occurrences. Please take a look.

(2) Should this document be marked as replacing draft-ietf-idr-registered-wide-
bgp-communities? I know draft-ietf-idr-registered-wide-bgp-communities and
draft-ietf-idr-wide-bgp-communities were both adopted at about the same
time...

Besides my notes, please also address Warren's review [1].

Thanks!

Alvaro.

[1] https://mailarchive.ietf.org/arch/msg/idr/aW8XfPljF0YlrptpXPWf9bj96w4/

[Line numbers from idnits.]

2 IDR Working Group R. Raszuk, Ed.
3 Internet-Draft Individual
4 Intended status: Standards Track J. Haas, Ed.
5 Expires: 12 January 2023 Juniper Networks
6 A. Lange, Ed.
7 Nokia
8 B. Decraene, Ed.
9 Orange
10 S. Amante
11 Apple, Inc.
12 P. Jakma
13 Huawei Ireland Research Centre
14 11 July 2022

[major] Shepherd/Chairs: There are more than the recommended number of
authors in the front page (rfc7322). Please work to reduce the list
to 5 (or less). Some are already identified as Editors. Others can
be added to the Contributors section.

...
19 Abstract
...
28 This document defines a new encoding which will enhance and simplify
29 what can be accomplished today with the use of BGP communities. The
30 most important addition this specification makes over currently
31 defined BGP communities is the ability to specify and advertise an
32 operator's parameters for execution It also provides an extensible
33 platform for any future community encoding requirements.

[nit] Suggestion>
This document defines a new encoding that enhances and simplifies
what can be accomplished with BGP communities. This specification's
most important addition is the ability to specify and advertise an
operator's parameters for execution. It also provides an extensible
platform for any future community encoding requirements.

35 Requirements Language

37 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
38 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
39 document are to be interpreted as described in RFC 2119 [RFC2119].

[major] Use the template from rfc8174.

...
128 1. Introduction
...
145 The authors believe that defining a new BGP Path Attribute, with the
146 ability to contain locally defined parameters will enhance the
147 current level of network policies, as well as simplify BGP policy
148 management. The proposed encoding will also facilitate the delivery
149 of new network services without the need to define a new BGP
150 extension for each new application.

[minor] "The authors believe..."

This document is the product of the WG...

s/The authors believe that defining a new BGP Path Attribute/The
definition of a new BGP Path Attribute

[nit] Some of the claims (in this paragraph, for example) are written
in future tense (will enhance...will facilitate), but this
specification is the present. Consider "enhances...facilitates...".

152 When defining any new type of tool there is always a unique
153 opportunity to specify a subset of well recognized behaviors. Lists
154 of the current most commonly used BGP communities, as well as
155 creation of a new registry for future definitions will be described
156 in an extension-specific document.

[minor] It seems that this paragraph may have been overtaken by
events: there's no "extension-specific document", the registries are
created here, etc..

...
166 2.1. BGP Community Container Common Header
...
177 The BGP Community Container Common Header is defined in Section 3.1
178 and contains following encoding:

[minor] Please keep the description/specification of the encoding in
§3.1. No need to specify/describe things more than once (and with
different words).

180 Container Type:
181 Container Type 1, BGP Wide Community is defined in this document.

183 Flags:
184 Flags control common behavior including the transitivity of the
185 Container.

187 Length:
188 Length of the Container contents.

[] The description in §3.1 is more complete than this. Adding partial
descriptions may result in confusion.

190 2.2. Community Containers

192 This document defines one Community Container with the following
193 encoding:

[minor] Please keep the description/specification of the encoding in
§4. No need to specify/describe things more than once (and with
different words).

...
230 3. BGP Community Container Attribute
...
235 The BGP Community Container attribute is an optional, transitive BGP
236 attribute, and may be present only once in the BGP UPDATE message.

[major] What should a receiver do if the attribute is present more than once?

[major] Allowing only one Community Container doesn't permit the
ability to create both local *and* external policies for a given
prefix. All BGP Wide Communities would either be transitive or not.
If transitive, any local policy would be propagated. There is a
mention (in §10.1) of the ability to remove unwanted received
communities, but the document says nothing about controlling the
advertisement by filtering. Should this functionality exist? Please
add some text.

...
242 3.1. BGP Community Container Attribute Common Header

244 Containers always start with the following common header:

246 0 1 2 3
247 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
249 | Type | Flags |C|T| Reserved |
250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
251 | Length |
252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

254 Figure 1: Common container header

256 This document defines container type 1. See the Section 11 for
257 information on additional type registration policies.

[minor] Just to confirm: the definition in this section applies to all
types, not just type 1, is that correct?

If so, it would be nice if the specification of the common header was
presented first, including the general description of *all* fields.
This sentence (add a pointer to Section 4) should then be placed at
the end of the section.

259 +======+=======+==================================================+
260 | Bit | Value | Meaning |
261 +======+=======+==================================================+
262 | T | 0 | Not Transitive across administrative boundaries. |
263 +------+-------+--------------------------------------------------+
264 | | 1 | Transitive across AS/administrative boundaries. |
265 +------+-------+--------------------------------------------------+
266 | C | 0 | Not transitive across confederation boundaries. |
267 +------+-------+--------------------------------------------------+
268 | | 1 | Transitive across confederation boundaries. |
269 +------+-------+--------------------------------------------------+
270 | 3..7 | - | RESERVED - MUST be zero when originated and |
271 | | | SHOULD be ignored upon receipt. |
272 +------+-------+--------------------------------------------------+

[major] Should IANA manage the potential allocation of the reserved
bits? If so, please include the request for a new registry in §11.

...
278 Bit 0 (T bit) Transitivity bit:

280 When not set (value 0), the community in the container is
281 transitive across AS boundaries, but not across an administrative
282 boundary.

[major] "transitive across AS boundaries, but not across an
administrative boundary"

This definition is confusing, specially for the case where the
"administrative boundary" is defined as only containing the local AS
-- the texts seems to contradict itself: transitive across AS
boundaries, but not "this" AS boundary. Please clarify.

284 When set (value 1), the community in the container is transitive
285 across all ASes. An administrative boundary, in this sense, is an
286 arbitrary set of connected ASes, possibly under control of a
287 single entity. How such an administrative boundary is determined
288 is out of the scope of this document.

[major] Please pull out the definition of an "administrative boundary"
from the description of the bit being set. Should it be defined in
terms of an "administrative domain" (mentioned in §9.2) instead?

290 Bit 1 (C bit) Confederation bit:

292 The confederation bit is used to manage the propagation scope of a
293 given BGP Wide Community across confederation boundaries.

[minor] s/given BGP Wide Community/given container

The Wide Community is just one type.

[minor] Please add a Normative reference to rfc3065.

295 When not set (value 0) community is not transitive across
296 confederation sub-AS boundary. When set (value of 1) indicates
297 that community in a given container is transitive across
298 confederation boundary.

[major] "confederation sub-AS"

rfc3065 talks about a Member-AS, not a sub-AS. Please be consistent
with existing terminology.

[major] A "confederation sub-AS boundary" and "confederation boundary"
are used apparently to mean the same thing. But I don't think they
do. Specifically, a "confederation boundary" seems to imply exiting a
confederation, which is different from advertising something from one
Member-AS to another. Please clarify.

[major] What about the interaction between the T and C bits?
Specifically, if the T bit is set ("transitive across all ASes") and
the C bit is not set ("not transitive across confederation sub-AS
boundary"). A Member-AS is an AS, so it would fit in the description
of "all ASes".

...
303 The Length field represents the total length in octets of a given
304 container's contents.

[major] ...not including the common header, right? Given that it
could be interpreted that the container starts with the header, it may
be worth clarifying.

...
329 4.1. Community Value

331 Community Value: 4 octets

[major] §11.5 uses "Community Type".

333 The Community Value indicates what set of actions a router is
334 requested to take upon reception of a route containing this
335 community. The semantics of this value depend on whether this is a
336 private/local community or IANA registered.

338 When the high order bit of the Community Value field - I - is set,
339 the value is IANA Registered and has a well defined meaning with
340 underlying semantics. See the documentation for each Registered BGP
341 Wide Community for its semantics and validation requirements.

343 When the high order bit of the Community Value field is clear, the
344 value is Locally defined and has semantics solely within the control
345 of the AS defining that community. The Context AS Number provides
346 the namespace in which this Community Value is interpreted. It is
347 that AS's responsibility to provide the semantics and validation
348 requirements for the BGP Wide Community.

350 See Section 11.5 for code point space partitioning.

[major] Given how the ranges are allocated, the definition of the I
bit is not providing any additional information. It is also not
correct to say that it indicates that the value is "IANA Registered
and has a well defined meaning with underlying semantics" for two
reasons: (1) values in the experimental range are not recorded by
IANA, and (2) there may be undefined values...

It may be too late to remove the I bit -- and simply let the 32-bit
field reflect the value. [The suggestion below doesn't use it.]

[major] "...clear, the value is Locally defined and has semantics
solely within the control of the AS defining that community."

This phrase seems to indicate a willingness for the Wide Community to
not be propagated outside the Context AS, or only be used inside it,
or maybe both. Should there be a scope indicated with the T and C
bits if this type of Community Value is used? What should a router do
if the Context ASN doesn't correspond to the local ASN? Are there
special considerations for confederations?

[This question is related to the filtering question above.]

[major] What should a receiver do if it encounters an unknown Community Value?

[] Suggestion>
The Community Value indicates what set of actions a router is
requested to take upon reception of a route containing this
community. All new BGP Wide Community Values MUST be defined
with specific semantics and validation requirements.

Some Community Values are reserved for Private or Experimental
Use (Section 11.5). When these values are used, the Context AS
Number provides the namespace in which this Community Value is
interpreted. The definition of the semantics and validation
requirements and their communication are out of scope.

[Text about scoping and handling of the Context ASN.]

[Text about handling of unknown values.]

352 4.2. Source AS Number
...
356 The Autonomous System number indicates the AS originating this BGP
357 Wide Community.

[major] Should this field always have a value? If so, please
Normatively indicate so. What should a receiver do if the field is
empty (zero)? Should there be any additional verification -- for
example, comparing the AS_PATH to the Source ASN?

359 4.3. Context AS Number
...
363 This identifies the AS that provides the semantics to interpret this
364 Community.

[major] It is clear from above that this field should be considered
when a Private/Experimental value is used. But, what about when
registered values are used? Please indicate what should be done (I
assume ignore, but better to be explicit).

[major] Should the Context and Source ASNs always match? If locally
defined Community Values are to be used locally, then that should be
the case, right? When would it be ok for the values to not match?

366 4.4. BGP Wide Community TLVs
...
382 Sub-Type:
383 The sub-type of the BGP Wide Community TLV. A given Sub-Type
384 MUST NOT appear more than once.

[nit] These are not sub-TLVs... Just a nit.

[major] What should a receiver do if a given TLV appears more than once?

...
392 4.4.1. Sub-Type 1, BGP Wide Community Target(s) TLV

[minor] Even if only one Target can be configured, should the name of
this TLV be generalized by using "Targets" (and not "Target(s)"? It
would make the text clearer.

...
398 BGP Wide Community Targets define the matching criteria for the
399 community. A given wide community may have a number of targets to
400 which it applies. The semantics of these targets will vary on a per-
401 community basis. Depending on the definition of the community,
402 targets may be optional.

[nit] s/wide community/Wide Community/g

Most of the text used the capitalized version. Please be consistent.

404 Wide Community Targets consist of a series of Atoms that have "match
405 any" semantics. Thus, if any given target matches per the semantics
406 of that Atom for the community, the community is considered to match
407 and the action defined by the community should be executed.

[nit] s/Wide Community Targets/BGP Wide Community Targets

[minor] It may just be me, but I had to look up what "match any" referred to.

...
411 If the semantics of a given Atom is undefined for the community in
412 question, this Atom MUST be ignored.

[major] If reuse is possible, what does it mean for an Atom to be
"undefined for the community"? Does this sentence require that new
Community Values mention which Atoms are applicable (defined) to them?
And that if a document defines a new Atom it then has to list all the
applicable Communities?

...
419 4.4.2. Sub-Type 2, BGP Wide Community Exclude Target(s) TLV

421 The BGP Wide Community Exclude Target(s) TLV (Sub-Type 2) contains a
422 list of Atoms.

[minor] A "list of Atoms" seems to be, well, a list of Atoms...instead
of "series of Atom TLVs", as the specification in §4.4.1 says. Please
be consistent and precise in the specification.

424 Wide Community Exclude Targets define criteria by which the community
425 is considered to NOT match. Depending on the semantics of the BGP
426 Wide Community, Exclude Target(s) may be optional.

[nit] s/Wide Community Exclude Targets/BGP Wide Community Exclude Targets

[major] "NOT" is not an rfc2119 keyword and will require to be written
in lowercase -- even if the intent is to add emphasis.

...
439 If the BGP Wide Community Target(s) TLV and the BGP Wide Community
440 Exclude Target(s) TLV have conflicting semantics, priority MUST be
441 given to the Wide Community Exclude Target(s) TLV.

[major] "conflicting semantics...priority MUST be given"

I think you may mean "conflicting results" (or something like that) as
the semantics (include vs exclude) are already conflicting. To be
clear, I mean that the Targets TLV matched on a set of targets, but
the Exclude Targets TLV also matches on the same. Is that an example
of that you mean?

If so, then it seems to me that the result is to ignore the matches
from the Targets TLV and act (exclude) on the matched from the Exclude
Targets TLV. I'm sure there must be a succinct way of specifying the
behavior clearly.

All this comes from the fact that "priority" implies (to me) that the
Targets may be considered *after* the Exclude Targets.

...
449 4.4.3. Sub-Type 3, BGP Wide Community Parameter(s) TLV

451 The BGP Wide Community Parameter(s) TLV (Sub-Type 3) contains a list
452 of Atoms.

[] "list of Atoms" -- the mention below of "an ordered set of Atom
sub-TLVs" is a better description.

...
461 Care must be taken when using Atoms with list semantics. If the
462 desired behavior is a single or limited number of instances of that
463 type, this should be documented as part of the use case of that BGP
464 Wide Community.

[major] "should be documented"

Other mentions of documentation requirements use MUST, but this one
uses a non-normative statement. Why the difference? Should this
mention be Normative too?

...
478 4.4.4. Usage

480 The detailed interpretation of the targets or parameters SHALL be
481 provided when describing given community type in a separate document
482 or when locally defined by an operator.

[] This section seems to just be a restatement of the requirements
listed above. Please remove it.

484 5. BGP Community Container Atoms
...
504 The Type field contains a value of 1-254. The values 0 and 255 are
505 reserved for future use. The TLV types are to be assigned and
506 maintained by IANA registry; see Section 11.2.

[major] No need to include any IANA-related text here.

...
512 Supported format of the TLVs can be:

[minor] These are the defined TLVs, but other may be (eventually)
supported. In any case, if the Atoms are defined in the following
sections it seems redundant to list them here.

514 Type 1: Autonomous System Number List.
515 Type 2: IPv4 Prefix (1 octet prefix length + prefix) List.
516 Type 3: IPv6 Prefix (1 octet prefix length + prefix) List.

[major] The TLVs are called "IPvx Prefix List" -- no patenthesis for
clarification.

...
526 In the following sections defining the different Atoms, validation
527 rules for the Length of the Atom will be presented. If the Length of
528 the Atom does not match the rules for that Atom, it SHALL be
529 considered malformed. (See Section 8.)

[nit] The first sentence seems to be missing something...

Suggestion>
The following sections define the Atoms and the validation rules
for their Length.

531 In general, Atoms of List type have the semantics of sets. Duplicate
532 entries SHOULD NOT be present and MAY be removed by a BGP Speaker
533 propagating the Lists. The presence of duplicate entries have no
534 additional semantics.

[major] "SHOULD NOT be present"

This phrase brings up the question of when is it ok to include
duplicate entries...but I think that the statement should not be
normative.

Suggestion>
In general, Atoms of List type have the semantics of sets. The
presence of duplicate entries have no additional semantics, and
they MAY be removed by a BGP Speaker propagating the Lists.

536 5.1. Atom Type 1, The Autonomous System Number List

538 This Atom represents a list of Autonomous System numbers, each 4
539 octets in size. When encoding two-octet ASes, the first two octets
540 of this four-octet value MUST be filled with zeros. The minimum
541 Length of this Atom is 4 octets. The Length MUST be a multiple of 4.

[major] "When encoding two-octet ASes, the first two octets of this
four-octet value MUST be filled with zeros."

This encoding is already in the base spec (rfc6793 formally Updated
rfc4271) so it doesn't need to be specified here again. Note also
that the specification of the Source/Context ASN doesn't include this
behavior specification -- it is not needed there either because it is
part of the base spec.

543 Two special values are reserved for the Autonomous System Atoms:

[major] "values are reserved"

In general, the concept of reserving values carries the impression
that they have been set aside in a registry. That is not the case
here.

Suggestion>
When used in an Autonomous System Number List Atom, the following
values have special meaning:

...
548 5.2. Atom Types 2 and 3, The IPv4 and IPv6 Prefix Lists

550 This Atom represents a list of IPv4 or IPv6 prefixes. IPv4 and IPv6
551 Prefix Atom values are encoded in the same format used by BGP NLRI in
552 Section 4.3 of [RFC4271].

[minor] s/This Atom represents/These Atoms represent

[minor] s/IPv4 and IPv6 Prefix Atom/IPv4 and IPv6 Prefix List Atom

[minor] s/encoded in the same format used by BGP NLRI in Section 4.3
of [RFC4271]./encoded as specified for the BGP NLRI in Section 4.3 of
[RFC4271].

...
562 The Prefix Length for IPv4 prefixes MUST be in the range of 0..32.

564 The Prefix Length for IPv6 prefixes MUST be in the range of 0..128.

[major] If using the same specification from rfc4271 there's no need
to respecify the behavior here.

566 The Length field must be able to accommodate the list of prefixes
567 according to the encoding rules. If the Length cannot fully
568 accommodate the required number of octets to encode the Prefix Length
569 and the Prefix, the Atom SHALL be considered malformed. (See section
570 Section 8

[major] "Length cannot fully accommodate the required number of octets"

Without knowing upfront the number of prefixes in the list, how can it
be determined that the Length is wrong? If just one prefix is
included then there's no issue, but more than one can result in the
next value (or Atom) being overrun/underrun.

The length of the NLRI is not explicitly encoded in an UPDATE, but
rfc4271 offers a way to calculate it. In this case, a calculation (if
possible) could be used to asses the validity of the Length.

...
589 5.5. Atom Type 6, The Neighbor Class List

591 The Neighbor Class list Atom represents a list of Neighbor classes,
592 each 4 octets in size. Neighbor class currently can contain three
593 values:

595 Peer (1):
596 This class is typically applied to sessions where a transit-free
597 relationship exists between two providers.

599 Customer (2):
600 This class is typically applied to sessions where the remote end
601 of the session is operated by a customer.

603 Upstream (3):
604 This class is typically applied to sessions where the remote end
605 of the session is operated by a network from which you receive
606 transit routes.

[major] RFC9234 defined the concept of a Role, which seems to align
with the Neighbor Classes defined here. Why wasn't that work reused?

...
611 5.6. Atom Type 7, The User-defined Class List
...
619 Examples of User-defined Class properties include geography (East,
620 West), continent (North America, Asia, Europe), etc. Similar to the
621 [RFC1997] BGP Communities, it is necessary that the Context AS
622 provide a registry of the value and the semantics of a given
623 community.

[minor] Add: "; how this is done is out of scope"

...
642 6. Well Known Standard BGP Communities

644 According to RFC 1997, as well as IANA's Well-Known BGP Communities
645 registry, the following BGP communities are defined to have global
646 significance:

648 0xFFFF0000 planned-shut [draft-francois-bgp-gshut]
649 0xFFFFFF01 NO_EXPORT [RFC1997]
650 0xFFFFFF02 NO_ADVERTISE [RFC1997]
651 0xFFFFFF03 NO_EXPORT_SUBCONFED [RFC1997]
652 0xFFFFFF04 NOPEER [RFC3765]

[major] There are more communities listed in the registry. Instead of
listing them, a reference to the registry may be more appropriate.

654 This document recommends for simplicity as well as for avoidance of
655 backward compatibility issues that the continued use of BGP Standard
656 Community Path Attribute, type 8, as defined in [RFC1997] and
657 [RFC3765] to distribute non-Autonomous System specific Well-Known BGP
658 Communities.

[minor] Where are global vs "non-Autonomous System specific" WKCs
categorized? Given that the recommendation is not Normative, would it
be ok to extend it to all WKCs?

660 For the same reason, this document does not intend to obsolete the
661 currently defined and deployed BGP Extended Communities.

[nit] "document does not intend" -- this document is being written
now, if it didn't obsolete then there's no point in mentioning what it
didn't do.

[] Suggestion>
A number of Well-Known BGP Communities are documented by IANA
[Informative-Reference-to-the-Registy]. It is recommended to
continue using the BGP Community Attribute [RFC1997] for the
propagation of these Well-Known Communities.

663 7. Operational Considerations

665 Having multiple ways to propagate locally assigned BGP Communities -
666 via the use of Standard, Extended or Large BGP Communities versus the
667 use of BGP Wide Communities - may seem to potentially cause problems
668 when considering propagation of conflicting actions. However, even
669 at present, an operator may append such Communities with conflicting
670 information.

[minor] Please add references.

[major] This first paragraph doesn't sound like much operational
guidance -- it reads: "this new container can cause problems, but you
can shoot yourself in the foot already!".

Perhaps, something like this might be better:

Suggestion>
Multiple mechanisms exist for an operator to propagate actions into the
network. Besides BGP Wide Communities, an operator can use the BGP
Community Attribute [rfc1997], the BGP Extended Communities Attribute
[rfc4360], or the BGP Large Communities Attribute [rfc8092] to achieve
similar objectives. Care should be taken when using more than one of
these tools. The interaction between the different community attributes
is out of the scope of this document.

672 Implementations SHOULD provide mechanisms to control the order of
673 processing and manipulation of the varying types of BGP communities.
674 With such a mechanism, operators will have the ability to control the
675 outcome of potentially conflicting actions.

[major] What does "manipulation" include?

[major] What about filtering? I ask because §10.2 says that "the
Community Value the Source AS may provide sufficient context to strip
unwanted or unexpected communities." -- but there is no corresponding
requirement/recommendation for an implementation to provide that
functionality.

[] Perhaps put the sentence about the interaction being out of scope
at the end of the second paragraph.

...
679 8.1. General Error Handling for BGP Community Containers

681 [RFC7606] "treat as withdraw" behavior is expected for any malformed
682 Community Containers or malformation of their contents.

[nit] s/[RFC7606] "treat as withdraw" behavior/The "treat as withdraw"
behavior [RFC7606]

[major] "is expected" -- can we make this Normative? SHOULD/MUST?

684 Each Community Container type may have additional validation rules,
685 including permitted length of Atoms. Failure to conform to those
686 additional rules MUST also be treated as a malformed Community
687 Container.

[] I asked several times about the behavior specified...it wasn't
clear to me that the result would be to treat the container/community
as malformed. Please indicate which errors should result in the
behavior specified here.

689 8.2. BGP Wide Community Container Error Handling

691 If any Atom in a BGP Wide Community container's Exclude Targets TLV
692 is unrecognized, that Wide Community MUST NOT be considered a match
693 and no actions for that community should be processed. While the
694 Targets TLV is meant to be inclusive, the Exclude Targets TLV is
695 meant to be proscriptive of applying the action.

[major] §4.4.1 talks about what to do if the Atom is "undefined for
the community", but there's no indication of what to do in the
unrecognized case. Please add text for that there.

[major] In the Targets TLV case, if an unrecognized Atom is ignored
(?), there may be routes that are not matched -- leaving them without
action. The action (and not the logic of the match) is what is
important here; for example, a Target Atom may leave out routes that
should have been announced, or announced ones that shouldn't have.
The same result is possible based on the Exclude Targets Atom.

697 9. Example

[] Nice example! Consider moving it to an Appendix.

699 9.1. Example Type 1 Wide Community Definition
...
707 AS 64496 has established a registered set of values to use for its
708 User-defined Class:

[nit] s/established a registered set/established a set

...
725 The Targets TLV MUST contain at least one entry.

[major] This is an example, don't use Normative language: s/MUST/must

727 The Exclude Targets TLV MAY contain entries of the above supported
728 Atoms.

[major] This is an example, don't use Normative language: s/MAY/may

...
739 9.2. Example Type 1 BGP Wide Community Encoding

741 In this example, the BGP Wide Community defined above is used by a
742 BGP Speaker to AS_PATH prepend BGP routes containing this community
743 AS_PATH prepend 4 TIMES when this route is to be distribute to any of
744 AS 2424, AS 8888, to peers marked as User Class Amsterdam (100) or to
745 peers marked User Class Moscow (104). However, such prepending would
746 not be done to peers that have been configured in the User Class of,
747 but not to peers of User Class New York (101), regardless of their AS
748 number.

[minor] s/AS_PATH prepend BGP routes containing this community AS_PATH
prepend 4 TIMES/AS_PATH prepend BGP routes containing this community 4
times

[minor] s/when this route is to be distribute to any of AS 2424, AS
8888, to peers marked as/when advertising to AS 2424 or AS 8888, and
to peers marked as

[minor] s/been configured in the User Class of, but not to peers of
User Class New York (101)/been configured in the User Class New York
(101)

...
753 0 1 2 3
754 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
755 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
756 | Type (1, Wide) | Flags |0|0| Reserved(0) |
757 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
758 | Length: 53 |
759 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[] If I counted correctly, the length should be 57.

760 | Community: LOCAL PREPEND ACTION CATEGORY 1 |
761 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
762 | Source AS 64496 |
763 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
764 | Context AS 64496 |
765 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
766 | Target TLV (1)| Length: 18 |
767 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[] If I counted correctly, the length should be 22.

768 | ASN List (1) | Length: 8 |
769 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
770 | Target ASN# 2424 |
771 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
772 | Target ASN# 8888 |
773 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
774 | User List(7) | Length: 8 |
775 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
776 | Amsterdam (100) |
777 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
778 | Moscow (104) |
779 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
780 |ExcTargetTLV(2)| Length: 5 |
781 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[] If I counted correctly, the length should be 7.

782 | User List(7) | Length: 4 |
783 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
784 | New York (101) |
785 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
786 | Param TLV (3) | Length: 5 |
787 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[] If I counted correctly, the length should be 7.

788 | Integer32 (4) | Length: 4 |
789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
790 | Prepend # 4 |
791 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

...
796 10.1. BGP Community Container Security Considerations

798 Transitive BGP Community Container communities could unintentionally
799 spread far from their origin. If a router receives many routes from
800 multiple sources on the Internet with different communities, it could
801 cause significant memory usage. To prevent excessive memory usage,
802 routers should be configured to strip unexpected communities from
803 received routes.

[] The "far from their origin" doesn't seem to directly result in
"cause significant memory usage". Maybe a better justification may be
the potential impact (in terms of actions) that could result from
receiving and parsing.

[major] "routers should be configured to strip unexpected communities"

This sounds like a good place to be Normative: MUST/SHOULD? I think
that RECOMMENDED might be best.

Also, given that we're talking about the Container, there may be other
types which are not communities. Please generalize.

805 All the security considerations for BGP Communities [RFC1997], BGP
806 Extended Communities [RFC4360], and BGP Large Communities [RFC8092]
807 apply to BGP Community Containers.

[minor] s/All the security considerations/The security considerations

[minor] Put this paragraph first.

[] Other work that used UTF-8 has been required to include text like this:

This document uses UTF-8 encoding for the UTF-8 String Atom.
There are a number of security issues with Unicode. Implementers
and operators are advised to review Unicode Technical Report #36
[UTR36] to learn about these issues. UTF-8 "Shortest Form" encoding
is REQUIRED to guard against the technical issues outlined in [UTR36].

An Informative reference to UTR36 should be added as follows:

[UTR36] Davis, M., Ed. and M. Suignard, Ed., "Unicode Security
Considerations", Unicode Technical Report #36, August
2010, <http://unicode.org/reports/tr36/>.

809 10.2. BGP Wide Community Security Considerations

811 For BGP Wide Communities, the Community Value the Source AS may
812 provide sufficient context to strip unwanted or unexpected
813 communities.

[minor] s/Community Value the Source AS/Community Value and the Source AS Number

[] Stripping communities ("removing" may be a better word) was also
mentioned in the previous section. Repeating the recommendation made
there would be appropriate.

815 Given the flexibility and power offered by BGP Wide communities, it
816 is important to consider the additional possibilities allowed by
817 their definition. In particular, for locally defined BGP Wide
818 Communities, it may be wise to restrict the range of parameters. For
819 registered BGP Wide Communities, the security considerations of the
820 document defining them MUST address issues specific to those newly
821 defined Communities.

[minor] "it may be wise"

Can we turn this into a Normative recommendation?

823 11. IANA Considerations

[major] This section requests the creation of new registries, but it
doesn't indicate where they should be located. Other
community-related documents have created a separate group (from the
general bgp-parameters group [1]), for example: [2] and [3].

I suggest that you request a new group here too. You can then make a
general statement that all the new requested registries should be
located there (instead of doing so for each individual one).

Also, please indicate that all the Registration Policies are per
rfc8126, and add a Normative reference to it.

[1] https://www.iana.org/assignments/bgp-parameters/
[2] https://www.iana.org/assignments/bgp-well-known-communities/
[3] https://www.iana.org/assignments/bgp-extended-communities/

...
832 11.2. BGP Community Container Atoms Types
...
838 Registration procedures:

840 0x00: Reserved.
841 0x01-0x08: Defined in this document.
842 0x09-0xFE: IETF Review.
843 0xFF: Reserved.

[minor] Please number all the tables in this section.

[major] This table, and others in this section, mixes the
registration policies and the assignments. Please create separate
tables. The table indicating the Registration Policies should
indicate the whole range: 0x01-0xFE: IETF Review.

...
848 Name Type Value
849 ---- ----------
850 Autonomous System Number List 0x01
851 IPv4 Prefix list 0x02
852 IPv6 Prefix list 0x03
853 Unsigned Integer32 list 0x04
854 IEEE Floating Point Number list 0x05
855 Neighbor Class list 0x06
856 User-defined Class list 0x07
857 UTF-8 string 0x08

[major] This table, and others in this section, should have an extra
column for references. For the values defined here, use "[this
document]".

...
881 11.4. BGP Community Container Types
...
890 0x0000 : Reserved.
891 0x0001 : BGP Wide Community (defined in this
892 document).
893 0x0002-0x0004 : Reserved.
894 0x0005-0x00FF : IETF Review.
895 0x0100-0xFF00 : First Come, First Served.
896 0xFF01-0xFFFE : Experimental.
897 0xFFFF : Reserved.

[] s/First Come, First Served/First Come First Served

[] s/Experimental/Experimental Use

[major] This table mixes the registration policies and the
assignments. Please create separate tables.

The table indicating the Registration Policies should indicate the
whole range: 0x0001-0x00FF: IETF Review.

A different table should then include any allocations made in this
document, including a column that indicates the reference (to "[this
document]"). In this case 0x0001-0x0004. BTW, why are 0x0002-0x0004
reserved? Should they be marked as deprecated?

899 11.5. Registered Type 1 BGP Wide Communities Community Types

[major] §4.1 calls this field "Community Value".

...
907 0x00000000 : Reserved.
908 0x00000001-0x7FFFFFFF : Available for private/local use.
909 0x80000000 : Reserved.
910 0x80000001-0xFFFFFEFF : First Come, First Served for
911 registered use.
912 0xFFFFFF00-0xFFFFFFFE : Experimental.
913 0xFFFFFFFF : Reserved.

[major] The Registration Policies, per rfc8126, should be:

"Available for private/local use." = Private Use

"First Come, First Served for registered use" = First Come First Served

[] Note that Private Use and Experimental Use are similar in that IANA
doesn't keep track of them and there's no restriction on their use.
This means that, unless specified in this document (§4.1), a Private
Use Community Values cannot be constrained to local use.

OTOH, there's an opportunity to clarify the expectations of an
experiment. From rfc8126:

4.2. Experimental Use

Experimental Use is similar to Private Use, but with the purpose
being to facilitate experimentation. See [RFC3692] for details.
IANA does not record assignments from registries or ranges with this
policy (and therefore there is no need for IANA to review them) and
assignments are not generally useful for broad interoperability.
Unless the registry explicitly allows it, it is not appropriate for
documents to select explicit values from registries or ranges with
this policy. Specific experiments will select a value to use during
the experiment.

When code points are set aside for Experimental Use, it's important
to make clear any expected restrictions on experimental scope. For
example, say whether it's acceptable to run experiments using those
code points over the open Internet or whether such experiments should
be confined to more closed environments. See [RFC6994] for an
example of such considerations.

915 11.6. Registered Type 1 BGP Wide Community Optional Sub-Types
...
931 Name Type Value
932 ---- ----------
933 Targets 1
934 Exclude Targets 2
935 Parameters 3

[major] The specification in §4.4.* uses an extended name: BGP Wide
Community Target(s) TLV, for example. Please be consistent.

[EoR -08]

[Idr] AD Review of draft-ietf-idr-wide-bgp-commun… Alvaro Retana
Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Alvaro Retana
Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Alvaro Retana
Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
[Idr] draft-ietf-idr-wide-bgp-communities-11 Robert Raszuk
Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Alvaro Retana