Re: [Idr] Question about BGP Large Communities

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Wed, 05 February 2020 02:03 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02C76120152; Tue, 4 Feb 2020 18:03:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.497
X-Spam-Level:
X-Spam-Status: No, score=-14.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BODY_ENHANCEMENT=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Ye+3Yd88; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=S6TAC4iX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rx-1qz3CK5SR; Tue, 4 Feb 2020 18:03:01 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC62112006E; Tue, 4 Feb 2020 18:03:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19874; q=dns/txt; s=iport; t=1580868180; x=1582077780; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=iK5sWqF7haEwHSiDe0IEb38XLgYfvVPf5ZtMyeci02c=; b=Ye+3Yd88HyW4T5uucAmLYBvQac3kK6G+ePJK2aVu6SWISLYgAdht3hwb VZkM37iT+5RL/LIQD0i9JRjoX9+L0k6Kx42VgRcOzhRpb6WkPN+KEmemA WrJYLupcjdGIpOWZtJ7KSMDw5FoB3iLZEOf07GDEqQfn9h5AOdzejGRda 8=;
IronPort-PHdr: 9a23:K2mLGBFVQ9dV04Suo1f3h51GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e4w3Q3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNVcejNkO2QkpAcqLE0r+efzqYi0mDuxJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C9AABFITpe/5JdJa1lGwEBAQEBAQEFAQEBEQEBAwMBAQGBagMBAQELAYEkL1AFbFggBAsqCoQLg0YDiwKCX4lhiUyEYoFCgRADVAkBAQEMAQEtAgEBhEACF4IgJDcGDgIDDQEBBAEBAQIBBQRthTcMhWYBAQEBAgESEQoTAQE3AQsEAgEIEQQBAQEnAwICAh8RFAkIAQEEDgUIGoMFgX1NAw4gAaFHAoE5iGJ1gTKCfwEBBYUxDQuCDAmBOAGMIRqBQT+BEAFHgkw+ghuBewESASMVDxCCWjKCLJBXhWGJeY5yRAqCO5IZhEWbCI5hiw+QCwIEAgQFAg4BAQWBaCNncXAVgydQGA2OHQeDbIpTdAKBJ4pggSIBgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.70,404,1574121600"; d="scan'208,217";a="716793649"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Feb 2020 02:02:59 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 01522wFp030311 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 5 Feb 2020 02:02:59 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 4 Feb 2020 20:02:58 -0600
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 4 Feb 2020 20:02:57 -0600
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 4 Feb 2020 20:02:57 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mSDteqZkjX5uP3MFw3crDFjdlda1azhp1vIIAdtIoVgn1N1llqNheAQITl2hG9UgPTf+2xYZsHovPFCPJYpePlzU/DXXLuag/7y4z1KcYBUEnNmSYVKsP2kjVtBhtslFuCe96dhpX3JnRGx4c+O4iYrSiuBs6Xhyw9fCU2QdyiTNSyYiA9sJW9hrCDkYJNxQNda0hzC0fLfI3ZnwSRbiS4x7bBjgWmaQOsEKiKmn5pAhuAX9aSw07HIYg6sRcbNLUNHxaAwodN7dRrYXSx0mftR7+9/NmkHv3zx97bNx12oVxWfs0V39BI/+JgIkZGZGFVQA2BGUhGCvC/h9x6shrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iK5sWqF7haEwHSiDe0IEb38XLgYfvVPf5ZtMyeci02c=; b=S5bYBjqaj63n5H0z5ypMQonqI5+blGSuspQwjr3crAeLC/R6Jb9BRxhhBn3J92gMkD7T+iOCb0koyTbQbGofbW+mVohmfw8NFu+zBsd2hNf1RO4wq/E7+pLUW5yOsL+HS3ZJJlcfa6alO1y137k/XQniI4YPYjp+tR63yn6ZOzlbI2MBAyu6O30C+MRNRfINLIndovihnvMIFZj+9JuI8ShTgfdUxL6Ax1KhNsMOr/ulRS9Exke7/m5H3YP9puqT4ant7lKOpNYpBeDI+B3U/zN3K41irG4h+18L2FpkX2lsOSJcmToDqW03AC/ewxtlVPr3yL/uugmhECWAcq3/fA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iK5sWqF7haEwHSiDe0IEb38XLgYfvVPf5ZtMyeci02c=; b=S6TAC4iXSPjJxr1dLc2Ts7N8sTkYSlE5dbqwf1FALxcmgbufpS8u/iexU8M34e6C+xAGkDTtbj8miebiYoKhWiiz8T2MhEvOUftnRx5gSsVe7E0CUPDnf477NBGYtH8xcEOd1ixfvZT80BEZMgdoIhWdHr6VeOiI6y+laeOEo+c=
Received: from MWHPR11MB1901.namprd11.prod.outlook.com (10.175.54.12) by MWHPR11MB1840.namprd11.prod.outlook.com (10.175.55.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.26; Wed, 5 Feb 2020 02:02:56 +0000
Received: from MWHPR11MB1901.namprd11.prod.outlook.com ([fe80::5109:65e6:5d:db41]) by MWHPR11MB1901.namprd11.prod.outlook.com ([fe80::5109:65e6:5d:db41%3]) with mapi id 15.20.2707.020; Wed, 5 Feb 2020 02:02:56 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
CC: John Heasly <heas@shrubbery.net>, "idr@ietf.org" <idr@ietf.org>, "grow@ietf.org" <grow@ietf.org>
Thread-Topic: Question about BGP Large Communities
Thread-Index: AdXbeNI4t0SppYFnSky8PqLGmuct1gAIu5NAAASXzAAAA08B8AACkBOAAACpoRA=
Date: Wed, 05 Feb 2020 02:02:56 +0000
Message-ID: <MWHPR11MB19018E354D89D83551027175C0020@MWHPR11MB1901.namprd11.prod.outlook.com>
References: <DM6PR09MB54489301E52DD711E031400984030@DM6PR09MB5448.namprd09.prod.outlook.com> <BN6PR11MB1890AA431F63030DFE310902C0030@BN6PR11MB1890.namprd11.prod.outlook.com> <20200204225458.GB57481@shrubbery.net> <DM6PR09MB544817A892B1F331E972DF9384020@DM6PR09MB5448.namprd09.prod.outlook.com> <CAH1iCioM0L5X2L3RDHE_G-G1VP5p6p0XW=5v02hjwwhOcezkzQ@mail.gmail.com>
In-Reply-To: <CAH1iCioM0L5X2L3RDHE_G-G1VP5p6p0XW=5v02hjwwhOcezkzQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com;
x-originating-ip: [128.107.241.189]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d2164cee-cd6e-40b7-212e-08d7a9df84e1
x-ms-traffictypediagnostic: MWHPR11MB1840:
x-microsoft-antispam-prvs: <MWHPR11MB18408D8B826BE841AE204AE1C0020@MWHPR11MB1840.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0304E36CA3
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(136003)(396003)(366004)(39860400002)(199004)(189003)(186003)(4326008)(7696005)(26005)(66446008)(66556008)(76116006)(64756008)(52536014)(66476007)(66946007)(5660300002)(86362001)(81166006)(8936002)(81156014)(8676002)(55016002)(53546011)(33656002)(478600001)(71200400001)(9686003)(110136005)(54906003)(316002)(6506007)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1840; H:MWHPR11MB1901.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xfCv94MR3W07CQDatGtPtKhsh4vQXRqjZLe/pxbgm83P87dWtto8PqZ9dB96GhEvgGLeu8A18ihtm0ha58kAPOXumJbl2dhmbd9/9tInac1pihApBXG/+jdgU3ouzC7Y8SrgpptCDw/FWnCN3QTE0LxRgu7Beo9pCHJbia71xgwRM4ZRlpeFlDwtRfPWQv/BpRobl5Bh1TIsSeRB0/Kih1/i/8653lmcyd/ZvgP4EwRW0zRhZzyoQ9yFYNLZ5Gsqu9WHxXkd4157Zc9zpMIhjbDQxt4RCl4CRkP6G8Dyl41/MAcxUrPXEdfUy7FP1EI83UDtzhqHGpLJqMfRzRKEOpFCmkVpNy5zi4YU4bo/quVrx39kOMrT2il0EnKVuAYtpwL5nu0mbHn5FxZKBqzqssSs0QNQrDXoIA6LHlhBFhbxdzRPV0i8f0oQ367t8P+M
x-ms-exchange-antispam-messagedata: pjapuwFV7xpxfSdlHD1K9l7G8pTRITn/iQOi1r41X0C4ohTlV1/sDhW6vUhhKq6ODC1BFJO8AMP0gVf+Ll00RsIt0umVyOlTu4/t5h1ilqXGHXkLVgk4bKhMozREMEnJjREKlRCk8B9wQhEyMLkEVA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR11MB19018E354D89D83551027175C0020MWHPR11MB1901namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d2164cee-cd6e-40b7-212e-08d7a9df84e1
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Feb 2020 02:02:56.5923 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Tj7UgPvxxeCggzZ2rytATSC8PME2ckYBH77bikpXijrUJu0jIB2jRclqs9MVseH905zK7kb74Va655WGVVXCOw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1840
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/HVVVMf37L2KdZPy1vOxe-ahEfuc>
Subject: Re: [Idr] Question about BGP Large Communities
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2020 02:03:04 -0000

Private ASNs are 4,200,000,000 upwards.
I am requesting a block just below that > 4,000,000,000.

Regards,
Jakob.

From: Brian Dickson <brian.peter.dickson@gmail.com>
Sent: Tuesday, February 4, 2020 5:43 PM
To: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>
Cc: John Heasly <heas@shrubbery.net>; Jakob Heitz (jheitz) <jheitz@cisco.com>; idr@ietf.org; grow@ietf.org
Subject: Re: Question about BGP Large Communities



On Tue, Feb 4, 2020 at 5:28 PM Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov<mailto:kotikalapudi.sriram@nist.gov>> wrote:
> > Does anyone want to co-author and suggest changes?
I would also be glad to participate in that effort.

I have looked at the proposals in the two drafts (Jacob and John H).
There are a few observations I would like to share.

As Alvaro pointed out, RFC 8092 says:
   This document defines the BGP Large Communities attribute as an
   optional transitive path attribute of variable length.

That means *all* BGP Large Communities are transitive. Do you agree?
RFC 8195 seems to be written in that spirit as well.

They are, by default, transitive, unless local policy is to either strip them or filter updates based on the values (or some portion out of the values, like bits 6-7).


The first 32 bits together are a Global Administrator (GA) ID.
So, it seems it would not be possible to use any part of it as data.
Otherwise, collisions (ambiguity) could happen when
other LCs use 4-octet ASNs in the Global Administrator field. Agree?

Only real ASNs have any reasonable expectation of collision protection and uniqueness, i.e. ASN values <4,000,000,000

I see Jacob's draft proposes using some portion of the first 32 bits as data.
The draft that John Heasly shared sets the first 32-bits to ASN value 0
to designate WK-LC;  so no part of the first 32-bits is data.

Another idea to consider:
Why not request IANA to assign a range of 256 or 1024 or some number (?)
of 4-byte ASN values to be allocated and used as GA ID for transitive WK-LCs?
A function (e.g., route-leak protection) that requires transitive WK-LC
will be allocated one these ASN values.
Then we don't waste any part of the first 32-bits to designate "type" of LC.

Jakob's proposal is quite reasonable.
The 32-bit ASN RFC (don't recall it offhand) reserves all values >4,000,000,000 as private values.
Reserving only those that start (binary) 111110 is a very small slice off that range, near the top but not the very top.
Having an extra 16 bits to play with, for every WKC, plus 2 bits per the T field, is plenty and very useful.
Only having two 32-bit values is overly limiting, IMHO.

Brian


That cleanly leaves 64 bits for local data (as RFC 8092 specifies)
which can accommodate two 4-byte ASNs if needed.

Sriram

> -----Original Message-----
> From: John Heasly <heas@shrubbery.net<mailto:heas@shrubbery.net>>
> Sent: Tuesday, February 4, 2020 5:55 PM
> To: Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>>
> Cc: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov<mailto:kotikalapudi.sriram@nist.gov>>; Job Snijders
> <job@ntt.net<mailto:job@ntt.net>>; Nick Hilliard <nick@foobar.org<mailto:nick@foobar.org>>; John Heasly
> <heas@shrubbery.net<mailto:heas@shrubbery.net>>; idr@ietf.org<mailto:idr@ietf.org>; grow@ietf.org<mailto:grow@ietf.org>; idr-chairs@ietf.org<mailto:idr-chairs@ietf.org>;
> grow-chairs@ietf.org<mailto:grow-chairs@ietf.org>; a.e.azimov@gmail.com<mailto:a.e.azimov@gmail.com>; Brian Dickson
> <brian.peter.dickson@gmail.com<mailto:brian.peter.dickson@gmail.com>>
> Subject: Re: Question about BGP Large Communities
>
> Tue, Feb 04, 2020 at 08:45:40PM +0000, Jakob Heitz (jheitz):
> > A set of well known large communities could be useful.
> > I have a draft that I never submitted attached to this email.
> > Does anyone want to co-author and suggest changes?
>
> Hey Jacob,
> I'd work on that with you.  Job, Morrow and I also started a draft for
> Large WKCs, but we have not submitted anything - nor made any recent
> progress.
>
> IIRC, the direction we were intending to use 0 (zero) as the ASN, then
> define local data part 1 as WKC itself, and local data part 2 to be a
> value associated.
>
> I've attached that I have written so far.  Job and Morrow may or may not
> endorse this approach at this point.
>
> -heas