[Idr] AD Review of draft-ietf-idr-wide-bgp-communities-08
Alvaro Retana <aretana.ietf@gmail.com> Fri, 23 December 2022 11:37 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07E6CC14CE36; Fri, 23 Dec 2022 03:37:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RL7HUh2W5DrY; Fri, 23 Dec 2022 03:37:41 -0800 (PST)
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12F57C14CE34; Fri, 23 Dec 2022 03:37:38 -0800 (PST)
Received: by mail-pg1-x52f.google.com with SMTP id w37so3163686pga.5; Fri, 23 Dec 2022 03:37:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:from:from:to:cc:subject:date:message-id:reply-to; bh=8zs9wK4LNbhRaieAZUe96DmJB4xSL8RdkkM3uHy90Yc=; b=me3iideDCaNxcAsmZA4YF606x2VZYnmLFcQqSXjFV2P44225UqoavXSD9qS3cjZaW5 /qu68ybd9Iku0A4nFoV/YoPmKXe7G34euGcW3cDVsq925pegq+IvLZgTTBMBRVia6fbU G/sj/LbCRUAvTNJ5SquHUCs5neOaYTclIGr4yuYtbETMQ1ny1h9C+h0uxMYyFZBfWooi Q2KkeSNmzogPvsjry9cx4Arto3bKJVmnCmz4BVcqeG2F7S0gW1TPnwgssENBc27uURON W8KRie6b5IrsxRYZuTPSfRL2/8sItGxgmGKiohhmihR0LRDZlcYPjtZ5GnsweoVgDp6N fGGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=8zs9wK4LNbhRaieAZUe96DmJB4xSL8RdkkM3uHy90Yc=; b=tVUXNH9nJcwZNB+T5oxH/6urkZbKuFD9sWoH255CZDYNlzoqOvowYKYgl6XqYoHviG n7C0TwqVOd2xoiMUfw9siNiytZUWkvQLudPLRZ1SVGO2Y1BwxR9NJCmbmg2FFo48clgz rTG3Z9FUZsg/amdtxaPRsq8SSqkwyNXxx++Z7GZKq2VwEO+SP9eHQfPlHhTCHgNW7jOT oZH4wLDbT+T9TP+GIuWalr/0VYmwkvBMGfxhjaSTX6tFwxUnMRpNQKAmfjk+dBnKLz7p qcRiZ5dYq/EKvATWaB3wjqMFirZuaH4f5x5eFT9xBIoCxGN6w3CfTSK69p3/hB1F0+po Awiw==
X-Gm-Message-State: AFqh2krpt+DknDxLToBOM7nBNwbaL2wdNPU5qQf2cRpHys+moqkOlZ2s 55rVxW2El2hDe31TGxiIPGhmh8LAUJNddl7YN+ad0go0Kck=
X-Google-Smtp-Source: AMrXdXv1KxbD74mxbhGQGPMnyu/BsC7pCyr6bx4VbDBHhiUkw4aNE3xQWlU+zdXLTyRx+jas/WnvO9e/korIpTzOt20=
X-Received: by 2002:aa7:8653:0:b0:562:7f16:7407 with SMTP id a19-20020aa78653000000b005627f167407mr634105pfo.15.1671795456074; Fri, 23 Dec 2022 03:37:36 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 23 Dec 2022 05:37:35 -0600
From: Alvaro Retana <aretana.ietf@gmail.com>
MIME-Version: 1.0
Date: Fri, 23 Dec 2022 05:37:35 -0600
Message-ID: <CAMMESsw_kC_V-7px1xNbgxsinWW0RFUrugDmu2ziF8ioxqxCRQ@mail.gmail.com>
To: draft-ietf-idr-wide-bgp-communities@ietf.org
Cc: Keyur Patel <keyur@arrcus.com>, idr-chairs@ietf.org, idr@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Gw7FWmYORZwKP72vxck2WXCWGF0>
Subject: [Idr] AD Review of draft-ietf-idr-wide-bgp-communities-08
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2022 11:37:45 -0000
Dear authors: Thank you for your continued efforts with this document! I have many comments (see inline) that I will want to see addressed before starting the IETF Last Call. (1) In general, I found that the naming is not consistent across the document. For example, "BGP Wide Community", "Wide Community", "Wide community", and "side community" are all used. The same treatment applies to the name of the TLVs, Atoms, etc. I mentioned this below, but may have missed several occurrences. Please take a look. (2) Should this document be marked as replacing draft-ietf-idr-registered-wide- bgp-communities? I know draft-ietf-idr-registered-wide-bgp-communities and draft-ietf-idr-wide-bgp-communities were both adopted at about the same time... Besides my notes, please also address Warren's review [1]. Thanks! Alvaro. [1] https://mailarchive.ietf.org/arch/msg/idr/aW8XfPljF0YlrptpXPWf9bj96w4/ [Line numbers from idnits.] 2 IDR Working Group R. Raszuk, Ed. 3 Internet-Draft Individual 4 Intended status: Standards Track J. Haas, Ed. 5 Expires: 12 January 2023 Juniper Networks 6 A. Lange, Ed. 7 Nokia 8 B. Decraene, Ed. 9 Orange 10 S. Amante 11 Apple, Inc. 12 P. Jakma 13 Huawei Ireland Research Centre 14 11 July 2022 [major] Shepherd/Chairs: There are more than the recommended number of authors in the front page (rfc7322). Please work to reduce the list to 5 (or less). Some are already identified as Editors. Others can be added to the Contributors section. ... 19 Abstract ... 28 This document defines a new encoding which will enhance and simplify 29 what can be accomplished today with the use of BGP communities. The 30 most important addition this specification makes over currently 31 defined BGP communities is the ability to specify and advertise an 32 operator's parameters for execution It also provides an extensible 33 platform for any future community encoding requirements. [nit] Suggestion> This document defines a new encoding that enhances and simplifies what can be accomplished with BGP communities. This specification's most important addition is the ability to specify and advertise an operator's parameters for execution. It also provides an extensible platform for any future community encoding requirements. 35 Requirements Language 37 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 38 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 39 document are to be interpreted as described in RFC 2119 [RFC2119]. [major] Use the template from rfc8174. ... 128 1. Introduction ... 145 The authors believe that defining a new BGP Path Attribute, with the 146 ability to contain locally defined parameters will enhance the 147 current level of network policies, as well as simplify BGP policy 148 management. The proposed encoding will also facilitate the delivery 149 of new network services without the need to define a new BGP 150 extension for each new application. [minor] "The authors believe..." This document is the product of the WG... s/The authors believe that defining a new BGP Path Attribute/The definition of a new BGP Path Attribute [nit] Some of the claims (in this paragraph, for example) are written in future tense (will enhance...will facilitate), but this specification is the present. Consider "enhances...facilitates...". 152 When defining any new type of tool there is always a unique 153 opportunity to specify a subset of well recognized behaviors. Lists 154 of the current most commonly used BGP communities, as well as 155 creation of a new registry for future definitions will be described 156 in an extension-specific document. [minor] It seems that this paragraph may have been overtaken by events: there's no "extension-specific document", the registries are created here, etc.. ... 166 2.1. BGP Community Container Common Header ... 177 The BGP Community Container Common Header is defined in Section 3.1 178 and contains following encoding: [minor] Please keep the description/specification of the encoding in §3.1. No need to specify/describe things more than once (and with different words). 180 Container Type: 181 Container Type 1, BGP Wide Community is defined in this document. 183 Flags: 184 Flags control common behavior including the transitivity of the 185 Container. 187 Length: 188 Length of the Container contents. [] The description in §3.1 is more complete than this. Adding partial descriptions may result in confusion. 190 2.2. Community Containers 192 This document defines one Community Container with the following 193 encoding: [minor] Please keep the description/specification of the encoding in §4. No need to specify/describe things more than once (and with different words). ... 230 3. BGP Community Container Attribute ... 235 The BGP Community Container attribute is an optional, transitive BGP 236 attribute, and may be present only once in the BGP UPDATE message. [major] What should a receiver do if the attribute is present more than once? [major] Allowing only one Community Container doesn't permit the ability to create both local *and* external policies for a given prefix. All BGP Wide Communities would either be transitive or not. If transitive, any local policy would be propagated. There is a mention (in §10.1) of the ability to remove unwanted received communities, but the document says nothing about controlling the advertisement by filtering. Should this functionality exist? Please add some text. ... 242 3.1. BGP Community Container Attribute Common Header 244 Containers always start with the following common header: 246 0 1 2 3 247 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 249 | Type | Flags |C|T| Reserved | 250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 | Length | 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 Figure 1: Common container header 256 This document defines container type 1. See the Section 11 for 257 information on additional type registration policies. [minor] Just to confirm: the definition in this section applies to all types, not just type 1, is that correct? If so, it would be nice if the specification of the common header was presented first, including the general description of *all* fields. This sentence (add a pointer to Section 4) should then be placed at the end of the section. 259 +======+=======+==================================================+ 260 | Bit | Value | Meaning | 261 +======+=======+==================================================+ 262 | T | 0 | Not Transitive across administrative boundaries. | 263 +------+-------+--------------------------------------------------+ 264 | | 1 | Transitive across AS/administrative boundaries. | 265 +------+-------+--------------------------------------------------+ 266 | C | 0 | Not transitive across confederation boundaries. | 267 +------+-------+--------------------------------------------------+ 268 | | 1 | Transitive across confederation boundaries. | 269 +------+-------+--------------------------------------------------+ 270 | 3..7 | - | RESERVED - MUST be zero when originated and | 271 | | | SHOULD be ignored upon receipt. | 272 +------+-------+--------------------------------------------------+ [major] Should IANA manage the potential allocation of the reserved bits? If so, please include the request for a new registry in §11. ... 278 Bit 0 (T bit) Transitivity bit: 280 When not set (value 0), the community in the container is 281 transitive across AS boundaries, but not across an administrative 282 boundary. [major] "transitive across AS boundaries, but not across an administrative boundary" This definition is confusing, specially for the case where the "administrative boundary" is defined as only containing the local AS -- the texts seems to contradict itself: transitive across AS boundaries, but not "this" AS boundary. Please clarify. 284 When set (value 1), the community in the container is transitive 285 across all ASes. An administrative boundary, in this sense, is an 286 arbitrary set of connected ASes, possibly under control of a 287 single entity. How such an administrative boundary is determined 288 is out of the scope of this document. [major] Please pull out the definition of an "administrative boundary" from the description of the bit being set. Should it be defined in terms of an "administrative domain" (mentioned in §9.2) instead? 290 Bit 1 (C bit) Confederation bit: 292 The confederation bit is used to manage the propagation scope of a 293 given BGP Wide Community across confederation boundaries. [minor] s/given BGP Wide Community/given container The Wide Community is just one type. [minor] Please add a Normative reference to rfc3065. 295 When not set (value 0) community is not transitive across 296 confederation sub-AS boundary. When set (value of 1) indicates 297 that community in a given container is transitive across 298 confederation boundary. [major] "confederation sub-AS" rfc3065 talks about a Member-AS, not a sub-AS. Please be consistent with existing terminology. [major] A "confederation sub-AS boundary" and "confederation boundary" are used apparently to mean the same thing. But I don't think they do. Specifically, a "confederation boundary" seems to imply exiting a confederation, which is different from advertising something from one Member-AS to another. Please clarify. [major] What about the interaction between the T and C bits? Specifically, if the T bit is set ("transitive across all ASes") and the C bit is not set ("not transitive across confederation sub-AS boundary"). A Member-AS is an AS, so it would fit in the description of "all ASes". ... 303 The Length field represents the total length in octets of a given 304 container's contents. [major] ...not including the common header, right? Given that it could be interpreted that the container starts with the header, it may be worth clarifying. ... 329 4.1. Community Value 331 Community Value: 4 octets [major] §11.5 uses "Community Type". 333 The Community Value indicates what set of actions a router is 334 requested to take upon reception of a route containing this 335 community. The semantics of this value depend on whether this is a 336 private/local community or IANA registered. 338 When the high order bit of the Community Value field - I - is set, 339 the value is IANA Registered and has a well defined meaning with 340 underlying semantics. See the documentation for each Registered BGP 341 Wide Community for its semantics and validation requirements. 343 When the high order bit of the Community Value field is clear, the 344 value is Locally defined and has semantics solely within the control 345 of the AS defining that community. The Context AS Number provides 346 the namespace in which this Community Value is interpreted. It is 347 that AS's responsibility to provide the semantics and validation 348 requirements for the BGP Wide Community. 350 See Section 11.5 for code point space partitioning. [major] Given how the ranges are allocated, the definition of the I bit is not providing any additional information. It is also not correct to say that it indicates that the value is "IANA Registered and has a well defined meaning with underlying semantics" for two reasons: (1) values in the experimental range are not recorded by IANA, and (2) there may be undefined values... It may be too late to remove the I bit -- and simply let the 32-bit field reflect the value. [The suggestion below doesn't use it.] [major] "...clear, the value is Locally defined and has semantics solely within the control of the AS defining that community." This phrase seems to indicate a willingness for the Wide Community to not be propagated outside the Context AS, or only be used inside it, or maybe both. Should there be a scope indicated with the T and C bits if this type of Community Value is used? What should a router do if the Context ASN doesn't correspond to the local ASN? Are there special considerations for confederations? [This question is related to the filtering question above.] [major] What should a receiver do if it encounters an unknown Community Value? [] Suggestion> The Community Value indicates what set of actions a router is requested to take upon reception of a route containing this community. All new BGP Wide Community Values MUST be defined with specific semantics and validation requirements. Some Community Values are reserved for Private or Experimental Use (Section 11.5). When these values are used, the Context AS Number provides the namespace in which this Community Value is interpreted. The definition of the semantics and validation requirements and their communication are out of scope. [Text about scoping and handling of the Context ASN.] [Text about handling of unknown values.] 352 4.2. Source AS Number ... 356 The Autonomous System number indicates the AS originating this BGP 357 Wide Community. [major] Should this field always have a value? If so, please Normatively indicate so. What should a receiver do if the field is empty (zero)? Should there be any additional verification -- for example, comparing the AS_PATH to the Source ASN? 359 4.3. Context AS Number ... 363 This identifies the AS that provides the semantics to interpret this 364 Community. [major] It is clear from above that this field should be considered when a Private/Experimental value is used. But, what about when registered values are used? Please indicate what should be done (I assume ignore, but better to be explicit). [major] Should the Context and Source ASNs always match? If locally defined Community Values are to be used locally, then that should be the case, right? When would it be ok for the values to not match? 366 4.4. BGP Wide Community TLVs ... 382 Sub-Type: 383 The sub-type of the BGP Wide Community TLV. A given Sub-Type 384 MUST NOT appear more than once. [nit] These are not sub-TLVs... Just a nit. [major] What should a receiver do if a given TLV appears more than once? ... 392 4.4.1. Sub-Type 1, BGP Wide Community Target(s) TLV [minor] Even if only one Target can be configured, should the name of this TLV be generalized by using "Targets" (and not "Target(s)"? It would make the text clearer. ... 398 BGP Wide Community Targets define the matching criteria for the 399 community. A given wide community may have a number of targets to 400 which it applies. The semantics of these targets will vary on a per- 401 community basis. Depending on the definition of the community, 402 targets may be optional. [nit] s/wide community/Wide Community/g Most of the text used the capitalized version. Please be consistent. 404 Wide Community Targets consist of a series of Atoms that have "match 405 any" semantics. Thus, if any given target matches per the semantics 406 of that Atom for the community, the community is considered to match 407 and the action defined by the community should be executed. [nit] s/Wide Community Targets/BGP Wide Community Targets [minor] It may just be me, but I had to look up what "match any" referred to. ... 411 If the semantics of a given Atom is undefined for the community in 412 question, this Atom MUST be ignored. [major] If reuse is possible, what does it mean for an Atom to be "undefined for the community"? Does this sentence require that new Community Values mention which Atoms are applicable (defined) to them? And that if a document defines a new Atom it then has to list all the applicable Communities? ... 419 4.4.2. Sub-Type 2, BGP Wide Community Exclude Target(s) TLV 421 The BGP Wide Community Exclude Target(s) TLV (Sub-Type 2) contains a 422 list of Atoms. [minor] A "list of Atoms" seems to be, well, a list of Atoms...instead of "series of Atom TLVs", as the specification in §4.4.1 says. Please be consistent and precise in the specification. 424 Wide Community Exclude Targets define criteria by which the community 425 is considered to NOT match. Depending on the semantics of the BGP 426 Wide Community, Exclude Target(s) may be optional. [nit] s/Wide Community Exclude Targets/BGP Wide Community Exclude Targets [major] "NOT" is not an rfc2119 keyword and will require to be written in lowercase -- even if the intent is to add emphasis. ... 439 If the BGP Wide Community Target(s) TLV and the BGP Wide Community 440 Exclude Target(s) TLV have conflicting semantics, priority MUST be 441 given to the Wide Community Exclude Target(s) TLV. [major] "conflicting semantics...priority MUST be given" I think you may mean "conflicting results" (or something like that) as the semantics (include vs exclude) are already conflicting. To be clear, I mean that the Targets TLV matched on a set of targets, but the Exclude Targets TLV also matches on the same. Is that an example of that you mean? If so, then it seems to me that the result is to ignore the matches from the Targets TLV and act (exclude) on the matched from the Exclude Targets TLV. I'm sure there must be a succinct way of specifying the behavior clearly. All this comes from the fact that "priority" implies (to me) that the Targets may be considered *after* the Exclude Targets. ... 449 4.4.3. Sub-Type 3, BGP Wide Community Parameter(s) TLV 451 The BGP Wide Community Parameter(s) TLV (Sub-Type 3) contains a list 452 of Atoms. [] "list of Atoms" -- the mention below of "an ordered set of Atom sub-TLVs" is a better description. ... 461 Care must be taken when using Atoms with list semantics. If the 462 desired behavior is a single or limited number of instances of that 463 type, this should be documented as part of the use case of that BGP 464 Wide Community. [major] "should be documented" Other mentions of documentation requirements use MUST, but this one uses a non-normative statement. Why the difference? Should this mention be Normative too? ... 478 4.4.4. Usage 480 The detailed interpretation of the targets or parameters SHALL be 481 provided when describing given community type in a separate document 482 or when locally defined by an operator. [] This section seems to just be a restatement of the requirements listed above. Please remove it. 484 5. BGP Community Container Atoms ... 504 The Type field contains a value of 1-254. The values 0 and 255 are 505 reserved for future use. The TLV types are to be assigned and 506 maintained by IANA registry; see Section 11.2. [major] No need to include any IANA-related text here. ... 512 Supported format of the TLVs can be: [minor] These are the defined TLVs, but other may be (eventually) supported. In any case, if the Atoms are defined in the following sections it seems redundant to list them here. 514 Type 1: Autonomous System Number List. 515 Type 2: IPv4 Prefix (1 octet prefix length + prefix) List. 516 Type 3: IPv6 Prefix (1 octet prefix length + prefix) List. [major] The TLVs are called "IPvx Prefix List" -- no patenthesis for clarification. ... 526 In the following sections defining the different Atoms, validation 527 rules for the Length of the Atom will be presented. If the Length of 528 the Atom does not match the rules for that Atom, it SHALL be 529 considered malformed. (See Section 8.) [nit] The first sentence seems to be missing something... Suggestion> The following sections define the Atoms and the validation rules for their Length. 531 In general, Atoms of List type have the semantics of sets. Duplicate 532 entries SHOULD NOT be present and MAY be removed by a BGP Speaker 533 propagating the Lists. The presence of duplicate entries have no 534 additional semantics. [major] "SHOULD NOT be present" This phrase brings up the question of when is it ok to include duplicate entries...but I think that the statement should not be normative. Suggestion> In general, Atoms of List type have the semantics of sets. The presence of duplicate entries have no additional semantics, and they MAY be removed by a BGP Speaker propagating the Lists. 536 5.1. Atom Type 1, The Autonomous System Number List 538 This Atom represents a list of Autonomous System numbers, each 4 539 octets in size. When encoding two-octet ASes, the first two octets 540 of this four-octet value MUST be filled with zeros. The minimum 541 Length of this Atom is 4 octets. The Length MUST be a multiple of 4. [major] "When encoding two-octet ASes, the first two octets of this four-octet value MUST be filled with zeros." This encoding is already in the base spec (rfc6793 formally Updated rfc4271) so it doesn't need to be specified here again. Note also that the specification of the Source/Context ASN doesn't include this behavior specification -- it is not needed there either because it is part of the base spec. 543 Two special values are reserved for the Autonomous System Atoms: [major] "values are reserved" In general, the concept of reserving values carries the impression that they have been set aside in a registry. That is not the case here. Suggestion> When used in an Autonomous System Number List Atom, the following values have special meaning: ... 548 5.2. Atom Types 2 and 3, The IPv4 and IPv6 Prefix Lists 550 This Atom represents a list of IPv4 or IPv6 prefixes. IPv4 and IPv6 551 Prefix Atom values are encoded in the same format used by BGP NLRI in 552 Section 4.3 of [RFC4271]. [minor] s/This Atom represents/These Atoms represent [minor] s/IPv4 and IPv6 Prefix Atom/IPv4 and IPv6 Prefix List Atom [minor] s/encoded in the same format used by BGP NLRI in Section 4.3 of [RFC4271]./encoded as specified for the BGP NLRI in Section 4.3 of [RFC4271]. ... 562 The Prefix Length for IPv4 prefixes MUST be in the range of 0..32. 564 The Prefix Length for IPv6 prefixes MUST be in the range of 0..128. [major] If using the same specification from rfc4271 there's no need to respecify the behavior here. 566 The Length field must be able to accommodate the list of prefixes 567 according to the encoding rules. If the Length cannot fully 568 accommodate the required number of octets to encode the Prefix Length 569 and the Prefix, the Atom SHALL be considered malformed. (See section 570 Section 8 [major] "Length cannot fully accommodate the required number of octets" Without knowing upfront the number of prefixes in the list, how can it be determined that the Length is wrong? If just one prefix is included then there's no issue, but more than one can result in the next value (or Atom) being overrun/underrun. The length of the NLRI is not explicitly encoded in an UPDATE, but rfc4271 offers a way to calculate it. In this case, a calculation (if possible) could be used to asses the validity of the Length. ... 589 5.5. Atom Type 6, The Neighbor Class List 591 The Neighbor Class list Atom represents a list of Neighbor classes, 592 each 4 octets in size. Neighbor class currently can contain three 593 values: 595 Peer (1): 596 This class is typically applied to sessions where a transit-free 597 relationship exists between two providers. 599 Customer (2): 600 This class is typically applied to sessions where the remote end 601 of the session is operated by a customer. 603 Upstream (3): 604 This class is typically applied to sessions where the remote end 605 of the session is operated by a network from which you receive 606 transit routes. [major] RFC9234 defined the concept of a Role, which seems to align with the Neighbor Classes defined here. Why wasn't that work reused? ... 611 5.6. Atom Type 7, The User-defined Class List ... 619 Examples of User-defined Class properties include geography (East, 620 West), continent (North America, Asia, Europe), etc. Similar to the 621 [RFC1997] BGP Communities, it is necessary that the Context AS 622 provide a registry of the value and the semantics of a given 623 community. [minor] Add: "; how this is done is out of scope" ... 642 6. Well Known Standard BGP Communities 644 According to RFC 1997, as well as IANA's Well-Known BGP Communities 645 registry, the following BGP communities are defined to have global 646 significance: 648 0xFFFF0000 planned-shut [draft-francois-bgp-gshut] 649 0xFFFFFF01 NO_EXPORT [RFC1997] 650 0xFFFFFF02 NO_ADVERTISE [RFC1997] 651 0xFFFFFF03 NO_EXPORT_SUBCONFED [RFC1997] 652 0xFFFFFF04 NOPEER [RFC3765] [major] There are more communities listed in the registry. Instead of listing them, a reference to the registry may be more appropriate. 654 This document recommends for simplicity as well as for avoidance of 655 backward compatibility issues that the continued use of BGP Standard 656 Community Path Attribute, type 8, as defined in [RFC1997] and 657 [RFC3765] to distribute non-Autonomous System specific Well-Known BGP 658 Communities. [minor] Where are global vs "non-Autonomous System specific" WKCs categorized? Given that the recommendation is not Normative, would it be ok to extend it to all WKCs? 660 For the same reason, this document does not intend to obsolete the 661 currently defined and deployed BGP Extended Communities. [nit] "document does not intend" -- this document is being written now, if it didn't obsolete then there's no point in mentioning what it didn't do. [] Suggestion> A number of Well-Known BGP Communities are documented by IANA [Informative-Reference-to-the-Registy]. It is recommended to continue using the BGP Community Attribute [RFC1997] for the propagation of these Well-Known Communities. 663 7. Operational Considerations 665 Having multiple ways to propagate locally assigned BGP Communities - 666 via the use of Standard, Extended or Large BGP Communities versus the 667 use of BGP Wide Communities - may seem to potentially cause problems 668 when considering propagation of conflicting actions. However, even 669 at present, an operator may append such Communities with conflicting 670 information. [minor] Please add references. [major] This first paragraph doesn't sound like much operational guidance -- it reads: "this new container can cause problems, but you can shoot yourself in the foot already!". Perhaps, something like this might be better: Suggestion> Multiple mechanisms exist for an operator to propagate actions into the network. Besides BGP Wide Communities, an operator can use the BGP Community Attribute [rfc1997], the BGP Extended Communities Attribute [rfc4360], or the BGP Large Communities Attribute [rfc8092] to achieve similar objectives. Care should be taken when using more than one of these tools. The interaction between the different community attributes is out of the scope of this document. 672 Implementations SHOULD provide mechanisms to control the order of 673 processing and manipulation of the varying types of BGP communities. 674 With such a mechanism, operators will have the ability to control the 675 outcome of potentially conflicting actions. [major] What does "manipulation" include? [major] What about filtering? I ask because §10.2 says that "the Community Value the Source AS may provide sufficient context to strip unwanted or unexpected communities." -- but there is no corresponding requirement/recommendation for an implementation to provide that functionality. [] Perhaps put the sentence about the interaction being out of scope at the end of the second paragraph. ... 679 8.1. General Error Handling for BGP Community Containers 681 [RFC7606] "treat as withdraw" behavior is expected for any malformed 682 Community Containers or malformation of their contents. [nit] s/[RFC7606] "treat as withdraw" behavior/The "treat as withdraw" behavior [RFC7606] [major] "is expected" -- can we make this Normative? SHOULD/MUST? 684 Each Community Container type may have additional validation rules, 685 including permitted length of Atoms. Failure to conform to those 686 additional rules MUST also be treated as a malformed Community 687 Container. [] I asked several times about the behavior specified...it wasn't clear to me that the result would be to treat the container/community as malformed. Please indicate which errors should result in the behavior specified here. 689 8.2. BGP Wide Community Container Error Handling 691 If any Atom in a BGP Wide Community container's Exclude Targets TLV 692 is unrecognized, that Wide Community MUST NOT be considered a match 693 and no actions for that community should be processed. While the 694 Targets TLV is meant to be inclusive, the Exclude Targets TLV is 695 meant to be proscriptive of applying the action. [major] §4.4.1 talks about what to do if the Atom is "undefined for the community", but there's no indication of what to do in the unrecognized case. Please add text for that there. [major] In the Targets TLV case, if an unrecognized Atom is ignored (?), there may be routes that are not matched -- leaving them without action. The action (and not the logic of the match) is what is important here; for example, a Target Atom may leave out routes that should have been announced, or announced ones that shouldn't have. The same result is possible based on the Exclude Targets Atom. 697 9. Example [] Nice example! Consider moving it to an Appendix. 699 9.1. Example Type 1 Wide Community Definition ... 707 AS 64496 has established a registered set of values to use for its 708 User-defined Class: [nit] s/established a registered set/established a set ... 725 The Targets TLV MUST contain at least one entry. [major] This is an example, don't use Normative language: s/MUST/must 727 The Exclude Targets TLV MAY contain entries of the above supported 728 Atoms. [major] This is an example, don't use Normative language: s/MAY/may ... 739 9.2. Example Type 1 BGP Wide Community Encoding 741 In this example, the BGP Wide Community defined above is used by a 742 BGP Speaker to AS_PATH prepend BGP routes containing this community 743 AS_PATH prepend 4 TIMES when this route is to be distribute to any of 744 AS 2424, AS 8888, to peers marked as User Class Amsterdam (100) or to 745 peers marked User Class Moscow (104). However, such prepending would 746 not be done to peers that have been configured in the User Class of, 747 but not to peers of User Class New York (101), regardless of their AS 748 number. [minor] s/AS_PATH prepend BGP routes containing this community AS_PATH prepend 4 TIMES/AS_PATH prepend BGP routes containing this community 4 times [minor] s/when this route is to be distribute to any of AS 2424, AS 8888, to peers marked as/when advertising to AS 2424 or AS 8888, and to peers marked as [minor] s/been configured in the User Class of, but not to peers of User Class New York (101)/been configured in the User Class New York (101) ... 753 0 1 2 3 754 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 755 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 756 | Type (1, Wide) | Flags |0|0| Reserved(0) | 757 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 758 | Length: 53 | 759 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [] If I counted correctly, the length should be 57. 760 | Community: LOCAL PREPEND ACTION CATEGORY 1 | 761 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 762 | Source AS 64496 | 763 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 764 | Context AS 64496 | 765 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 766 | Target TLV (1)| Length: 18 | 767 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [] If I counted correctly, the length should be 22. 768 | ASN List (1) | Length: 8 | 769 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 770 | Target ASN# 2424 | 771 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 772 | Target ASN# 8888 | 773 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 774 | User List(7) | Length: 8 | 775 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 776 | Amsterdam (100) | 777 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 778 | Moscow (104) | 779 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 780 |ExcTargetTLV(2)| Length: 5 | 781 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [] If I counted correctly, the length should be 7. 782 | User List(7) | Length: 4 | 783 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 784 | New York (101) | 785 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 786 | Param TLV (3) | Length: 5 | 787 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [] If I counted correctly, the length should be 7. 788 | Integer32 (4) | Length: 4 | 789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 790 | Prepend # 4 | 791 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... 796 10.1. BGP Community Container Security Considerations 798 Transitive BGP Community Container communities could unintentionally 799 spread far from their origin. If a router receives many routes from 800 multiple sources on the Internet with different communities, it could 801 cause significant memory usage. To prevent excessive memory usage, 802 routers should be configured to strip unexpected communities from 803 received routes. [] The "far from their origin" doesn't seem to directly result in "cause significant memory usage". Maybe a better justification may be the potential impact (in terms of actions) that could result from receiving and parsing. [major] "routers should be configured to strip unexpected communities" This sounds like a good place to be Normative: MUST/SHOULD? I think that RECOMMENDED might be best. Also, given that we're talking about the Container, there may be other types which are not communities. Please generalize. 805 All the security considerations for BGP Communities [RFC1997], BGP 806 Extended Communities [RFC4360], and BGP Large Communities [RFC8092] 807 apply to BGP Community Containers. [minor] s/All the security considerations/The security considerations [minor] Put this paragraph first. [] Other work that used UTF-8 has been required to include text like this: This document uses UTF-8 encoding for the UTF-8 String Atom. There are a number of security issues with Unicode. Implementers and operators are advised to review Unicode Technical Report #36 [UTR36] to learn about these issues. UTF-8 "Shortest Form" encoding is REQUIRED to guard against the technical issues outlined in [UTR36]. An Informative reference to UTR36 should be added as follows: [UTR36] Davis, M., Ed. and M. Suignard, Ed., "Unicode Security Considerations", Unicode Technical Report #36, August 2010, <http://unicode.org/reports/tr36/>. 809 10.2. BGP Wide Community Security Considerations 811 For BGP Wide Communities, the Community Value the Source AS may 812 provide sufficient context to strip unwanted or unexpected 813 communities. [minor] s/Community Value the Source AS/Community Value and the Source AS Number [] Stripping communities ("removing" may be a better word) was also mentioned in the previous section. Repeating the recommendation made there would be appropriate. 815 Given the flexibility and power offered by BGP Wide communities, it 816 is important to consider the additional possibilities allowed by 817 their definition. In particular, for locally defined BGP Wide 818 Communities, it may be wise to restrict the range of parameters. For 819 registered BGP Wide Communities, the security considerations of the 820 document defining them MUST address issues specific to those newly 821 defined Communities. [minor] "it may be wise" Can we turn this into a Normative recommendation? 823 11. IANA Considerations [major] This section requests the creation of new registries, but it doesn't indicate where they should be located. Other community-related documents have created a separate group (from the general bgp-parameters group [1]), for example: [2] and [3]. I suggest that you request a new group here too. You can then make a general statement that all the new requested registries should be located there (instead of doing so for each individual one). Also, please indicate that all the Registration Policies are per rfc8126, and add a Normative reference to it. [1] https://www.iana.org/assignments/bgp-parameters/ [2] https://www.iana.org/assignments/bgp-well-known-communities/ [3] https://www.iana.org/assignments/bgp-extended-communities/ ... 832 11.2. BGP Community Container Atoms Types ... 838 Registration procedures: 840 0x00: Reserved. 841 0x01-0x08: Defined in this document. 842 0x09-0xFE: IETF Review. 843 0xFF: Reserved. [minor] Please number all the tables in this section. [major] This table, and others in this section, mixes the registration policies and the assignments. Please create separate tables. The table indicating the Registration Policies should indicate the whole range: 0x01-0xFE: IETF Review. ... 848 Name Type Value 849 ---- ---------- 850 Autonomous System Number List 0x01 851 IPv4 Prefix list 0x02 852 IPv6 Prefix list 0x03 853 Unsigned Integer32 list 0x04 854 IEEE Floating Point Number list 0x05 855 Neighbor Class list 0x06 856 User-defined Class list 0x07 857 UTF-8 string 0x08 [major] This table, and others in this section, should have an extra column for references. For the values defined here, use "[this document]". ... 881 11.4. BGP Community Container Types ... 890 0x0000 : Reserved. 891 0x0001 : BGP Wide Community (defined in this 892 document). 893 0x0002-0x0004 : Reserved. 894 0x0005-0x00FF : IETF Review. 895 0x0100-0xFF00 : First Come, First Served. 896 0xFF01-0xFFFE : Experimental. 897 0xFFFF : Reserved. [] s/First Come, First Served/First Come First Served [] s/Experimental/Experimental Use [major] This table mixes the registration policies and the assignments. Please create separate tables. The table indicating the Registration Policies should indicate the whole range: 0x0001-0x00FF: IETF Review. A different table should then include any allocations made in this document, including a column that indicates the reference (to "[this document]"). In this case 0x0001-0x0004. BTW, why are 0x0002-0x0004 reserved? Should they be marked as deprecated? 899 11.5. Registered Type 1 BGP Wide Communities Community Types [major] §4.1 calls this field "Community Value". ... 907 0x00000000 : Reserved. 908 0x00000001-0x7FFFFFFF : Available for private/local use. 909 0x80000000 : Reserved. 910 0x80000001-0xFFFFFEFF : First Come, First Served for 911 registered use. 912 0xFFFFFF00-0xFFFFFFFE : Experimental. 913 0xFFFFFFFF : Reserved. [major] The Registration Policies, per rfc8126, should be: "Available for private/local use." = Private Use "First Come, First Served for registered use" = First Come First Served [] Note that Private Use and Experimental Use are similar in that IANA doesn't keep track of them and there's no restriction on their use. This means that, unless specified in this document (§4.1), a Private Use Community Values cannot be constrained to local use. OTOH, there's an opportunity to clarify the expectations of an experiment. From rfc8126: 4.2. Experimental Use Experimental Use is similar to Private Use, but with the purpose being to facilitate experimentation. See [RFC3692] for details. IANA does not record assignments from registries or ranges with this policy (and therefore there is no need for IANA to review them) and assignments are not generally useful for broad interoperability. Unless the registry explicitly allows it, it is not appropriate for documents to select explicit values from registries or ranges with this policy. Specific experiments will select a value to use during the experiment. When code points are set aside for Experimental Use, it's important to make clear any expected restrictions on experimental scope. For example, say whether it's acceptable to run experiments using those code points over the open Internet or whether such experiments should be confined to more closed environments. See [RFC6994] for an example of such considerations. 915 11.6. Registered Type 1 BGP Wide Community Optional Sub-Types ... 931 Name Type Value 932 ---- ---------- 933 Targets 1 934 Exclude Targets 2 935 Parameters 3 [major] The specification in §4.4.* uses an extended name: BGP Wide Community Target(s) TLV, for example. Please be consistent. [EoR -08]
- [Idr] AD Review of draft-ietf-idr-wide-bgp-commun… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Robert Raszuk
- [Idr] draft-ietf-idr-wide-bgp-communities-11 Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-wide-bgp-co… Alvaro Retana