Re: [Idr] BGP Auto-Discovery Protocol State Requirements

Jeffrey Haas <jhaas@pfrc.org> Fri, 19 March 2021 15:07 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82E643A1823 for <idr@ietfa.amsl.com>; Fri, 19 Mar 2021 08:07:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rOkVGH_Y43Ky for <idr@ietfa.amsl.com>; Fri, 19 Mar 2021 08:07:11 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 14F003A1828 for <idr@ietf.org>; Fri, 19 Mar 2021 08:07:00 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 6005E1E446; Fri, 19 Mar 2021 11:28:32 -0400 (EDT)
Date: Fri, 19 Mar 2021 11:28:32 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Robert Raszuk <robert@raszuk.net>
Cc: Tony Przygienda <tonysietf@gmail.com>, "idr@ietf.org" <idr@ietf.org>, "Acee Lindem (acee)" <acee=40cisco.com@dmarc.ietf.org>
Message-ID: <20210319152832.GP29692@pfrc.org>
References: <20210316210203.GC29692@pfrc.org> <20210318191936.GF29692@pfrc.org> <A288921D-0DB5-413D-B3E9-4DAA9334C5D3@cisco.com> <CA+wi2hNUYkmruBSq4Up4e84H__d48Phxj5TuZXh7wii0QrS3dw@mail.gmail.com> <20210319135025.GK29692@pfrc.org> <CAOj+MMGndgwqLoV_Un_1Bu3F3xPkg9ZD6=4V5FmYJgQiPD_1yw@mail.gmail.com> <20210319143448.GM29692@pfrc.org> <CAOj+MMFKqpZCyzDbGr0JzZLu7sjEw9NBQ=J9rTqDOuP+Yf1mog@mail.gmail.com> <20210319144657.GO29692@pfrc.org> <CAOj+MME8GB4jo_q3kHm1jx6E60GCHeU-pz0eYy_96BJ+ak7_Bw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAOj+MME8GB4jo_q3kHm1jx6E60GCHeU-pz0eYy_96BJ+ak7_Bw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/IpmbY0DMejDnkTOeOpxpOm4I7MI>
Subject: Re: [Idr] BGP Auto-Discovery Protocol State Requirements
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 15:07:14 -0000

On Fri, Mar 19, 2021 at 03:30:12PM +0100, Robert Raszuk wrote:
> The MD5 was in context to auto PE-CE eBGP peering on the RFC4364 VRFs. Not
> DC under the same operations.

The motivation for the broader analysis of auto configuration was to make
sure we don't have to completely reinvent this stuff a second round. :-)

> > The proposal must be able to support GTSM, or no GTSM.
> 
> Respectfully I have a different opinion.  That should be part of
> provisioning the auto peer template. Nothing to do with auto discovery.

Having it in the discovery protocol doesn't impact that if your
implementation doesn't want to use it.  It simply becomes another piece of
conflicting configuration if it doesn't.

If your configuration template doesn't have security configured, but it is
required by the auto-discovery advertiser, your implementation would try to
open a bgp session and that would fail.  Your debugging would show that you
received a discovery message, but that tcp fails to connect.  The same would
be true for GTSM.  For BFD, the BGP session may come up, and then bounce, or
not proceed into Established.

If the parameters are in the discovery message, you don't end up with such
mismatches unless you want them to be forced to a particular setting.  And
even if you have preferences about how the session comes up (e.g. require no
authentication for NSR considerations), you still have information in the
discovery that permits you to find out why the session may not be
establishing.

-- Jeff