IETF Logo Mail Archive

[Idr] Error handling in draft-ietf-bess-evpn-igmp-mld-proxy-05

John Scudder <jgs@juniper.net> Sat, 30 May 2020 01:37 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D1213A12EA; Fri, 29 May 2020 18:37:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=eCSQuJ6g; dkim=pass (1024-bit key) header.d=juniper.net header.b=ans/6wIo
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQ8t_p9tfB6K; Fri, 29 May 2020 18:37:02 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91FBB3A131B; Fri, 29 May 2020 18:36:56 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04U1XrpF022876; Fri, 29 May 2020 18:36:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=PPS1017; bh=6QIKWW0b2JYkmasUszXs+kbA2waR0f65ofGak0KbqIE=; b=eCSQuJ6gXXUVOxNaYGhPKMi7NOJSX13Ka/1+djc1F8XJRmyaRQpWva80lzzZwJLyv/cA 4Wf/ikf32p/HMtymO0iy+vay4oZnAXciYeDKaEfw80LyOYVHILobpN2ufy8JCmxxqTKv uZ2HR/eEZeb/Cs41ROwGLVkiyKnBEeYp7TAId1YSnr7UGm3j6TULx8RwOOZSqx3ofv30 i4F3IkA7qOxMa045bhuqpw0V+NDrBVSztXreuz3RBwfK5g4Ip7y4Cc4LHwGQuSSb4sDD 7f0+66BiSgpkccczy/gwExtERkaykktG5HIewcVRECnrgFG/CZC/FHa6tRA4+nIoCpOt IQ==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx0a-00273201.pphosted.com with ESMTP id 319jr9nt37-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 18:36:56 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZbpVvCFoBw7fGK/orSRHuTR0t4YqK6y8v3E/W3qXWklpyDA2D4CYIHgYI+h42Wj4sxESrRdRsWtMPSJBFpcn+ElosUaAEfb38tlHvaOaw1usgCSuFeXBxf95JFIMjn+DD2kLkWhFbyJmO9E9fEnK2tArh4ms69i0/cVlRYK17ZLxplx4yWpTn/9tjouGA7fYYoYoq0jMVDUPSlGOne7ezZPlGO2OgWzgoWLrysqGzkvNKZU4sPu1zPeUD/oIHYY8DwnptPmhOdRnn0FGzH6iBUynFp9rufqUg0B0sCNBjzF6QUs+u0FSyc7oFLETtOmVOd5L0BuvISiKbPq3Qj2o3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6QIKWW0b2JYkmasUszXs+kbA2waR0f65ofGak0KbqIE=; b=Je7J8wr3z4306mEU7MeHZfeknL38KaJ1cr30Mq61YYgdfdVQeIxm8cobcTzrZ3CKQkcPXTDdbbVYSJNfmKlU1lwi8YA7LR4GFvd1kYpaNTEhmUD7RwZD3oL8J3taBO8+bfsQiaO6jNve8ObfMD1uqOEwWkBTF7rjJmSB8QxgKBM1LpPoALkBAnwpflxUJuUolUDFvrN+PuStIFcAa0+AqkQNdeZbxjc88Eun/eT3hIPKtxtBUNcxBSIiCvGCB3IERdIbCiRe9pn/F1b+wuALDeQFqrYwolSXuklP908uhOc2k8s2tcA2JZkrf64iX3jZj24tFEnlb8KSEDjFG6ke5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6QIKWW0b2JYkmasUszXs+kbA2waR0f65ofGak0KbqIE=; b=ans/6wIo5scyW3NZ4WkRJetC9GSVdFxQJR1iEyG3hLZsbZZJ5Vqq8TjyqiQv6dSSa1O22WuSc87XJLhgv2SleTIyQZozkDa0XTCnARfKIkHoFomTpuRBxqxIwqCDMiLo3FTuhWKwymqfktGrM7g10uGez/8JkBBsA3Xc2gmrjPA=
Received: from BL0PR05MB5076.namprd05.prod.outlook.com (2603:10b6:208:83::12) by BL0PR05MB4866.namprd05.prod.outlook.com (2603:10b6:208:57::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.7; Sat, 30 May 2020 01:36:51 +0000
Received: from BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::499e:c613:2d2:b09f]) by BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::499e:c613:2d2:b09f%7]) with mapi id 15.20.3045.018; Sat, 30 May 2020 01:36:51 +0000
From: John Scudder <jgs@juniper.net>
To: "draft-ietf-bess-evpn-igmp-mld-proxy@ietf.org" <draft-ietf-bess-evpn-igmp-mld-proxy@ietf.org>
CC: "bess@ietf.org" <bess@ietf.org>, "idr@ietf. org" <idr@ietf.org>
Thread-Topic: Error handling in draft-ietf-bess-evpn-igmp-mld-proxy-05
Thread-Index: AQHWNiLKpUuHpPn66kmSE9kqhSvXjw==
Date: Sat, 30 May 2020 01:36:51 +0000
Message-ID: <41C37C05-E8E6-4928-923A-C3E46616CF06@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d429fcc4-fff7-46c8-1f06-08d80439ed8e
x-ms-traffictypediagnostic: BL0PR05MB4866:
x-microsoft-antispam-prvs: <BL0PR05MB486655D5CEAA802C65BC2F0BAA8C0@BL0PR05MB4866.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 041963B986
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JW0sL/dgajYhBC6grcIl/604B7zK+5kEclFxHXzCzdZ/195Fg3PwDXIRogHVoeYXtjVAEDtiH/hnsOSM68Q4FNDCLS1h1N1kyeaQLXNgUSdY4PQ8Rwtf5l3iH80aeBParNo1Ci+C8KmRYYUaxM2sRS4qQHgiFJxat/b6Ctoslgcn0Xorth7fjxSw3RSyv+uJ1IprzXgGNYNqyfWjX4DHEpjqB4Obml9dESYTRvRPqhGlYHrSEGgNlzwV3PuYX2e4QP0EOrJHhjvMvgC303tZ0DjDL8FhYjZAQqSNjA4yjxD8ZTcTCRy3MNbVG/hKgN2V7iNu0A+uE+TYmq6FKiK2jLeuskkNHzCOIcsTxHo1cDF6EGQZSgZ+HKGPWYNQrCTuGMQGM3KJkBqZgz2o2UvgHg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5076.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(346002)(396003)(376002)(366004)(6512007)(478600001)(54906003)(83380400001)(36756003)(2616005)(71200400001)(66574014)(166002)(26005)(4326008)(186003)(8936002)(66446008)(64756008)(66556008)(66476007)(86362001)(316002)(450100002)(76116006)(66946007)(33656002)(5660300002)(6506007)(6486002)(6916009)(8676002)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 77MbWWjLQ2gFRud0k/63vQqesYCxr3wbGDQSGtcwVEm5X39xVHhyvFfmqm0GA/Ia+FrzoZcFu7uq5Ls+ybKyU21QwEw8LG4hqrIrJYcpWEvzGh8vVrgpk/qrDQOeXiueiP48MaCY0mKnub1I9qCaw1rSDsATJEJj1mWItNe9t3FVp0jId6INZTRufWDLOl4XaxcH5qAtKUa9tXH0HjQpubLsiutGTtYw2xvoWDPU38XQQOW/a7/UwOG6FOU4ey3EShynPi0KJfR895+fGcHc2mUmQ7GQDxcGjuluH6FmiAqO3FSX1cZ/fHbk1znn0ThJEwwBUfoZeYelccZ7lZ7zprEY0nbRDKFhOwu8AVYk+yeietzobqoS9YxTQX0vtxwJ60h9YFeTSI+7XwzQPnd0u98Yyb9A+UFiHsamnFkKMmPWE3cZ+qAQ9rfjDTqem6974Bh7pDr6Wrcg0/okw8n0HNmZQZVYU/wFaXEOY1qQ9cKsx9u0jkgy06LjDVz0fQaK
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_41C37C05E8E64928923AC3E46616CF06junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: d429fcc4-fff7-46c8-1f06-08d80439ed8e
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2020 01:36:51.6787 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l2ImCsYPJJmx52DCcWjgalA48W9XJGOCnqaBqFCzIpFUGGDDaVE/5fpQ1nPrFanW
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB4866
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-29_13:2020-05-28, 2020-05-29 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 suspectscore=0 phishscore=0 mlxlogscore=999 mlxscore=0 bulkscore=0 priorityscore=1501 clxscore=1011 lowpriorityscore=0 adultscore=0 impostorscore=0 cotscore=-2147483648 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005300009
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/MAaGGEeRPc1zz7qj-s4g2FFZDts>
Subject: [Idr] Error handling in draft-ietf-bess-evpn-igmp-mld-proxy-05
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 May 2020 01:37:11 -0000

Hi Authors,

I noticed the following text about error handling in -05:

       When a PE receives an EVPN SMET route for a given (*,G), it
       compares the received version flags from the route with its per-
       PE stored version flags.  If the PE finds that a version flag
       associated with the (*,G) for the remote PE is reset, then the PE
       MUST generate IGMP Leave for that (*,G) toward its local
       interface (if any) attached to the multicast router for that
       multicast group.  It should be noted that the received EVPN route
       SHOULD at least have one version flag set.  If all version flags
       are reset, it is an error because the PE should have received an
       EVPN route withdraw for the last version flag.  Error MUST be
       considered as BGP error and SHOULD be handled as per [RFC7606].

...

   When a router that receives a BGP Update that contains the Selective
   Multicast Route flag with its Partial bit set (Not following this
   specification) determines that the route is malformed, the router
   SHOULD treat this Update as malformed .  Error MUST be considered as
   BGP error and SHOULD be discarded as per [RFC7606].  An
   implementation SHOULD provide debugging facilities to permit issues
   caused by a malformed join sync route to be diagnosed.  At a minimum,
   such facilities MUST include logging an error when such an route is
   detected.

(And there are several more similar paragraphs, I won’t repeat them all.)

Thank you for adding text about error handling! I have a few questions and comments about it.

1. You restrict the second quoted text to only apply when Partial is set. What is the required behavior when Partial is not set but the route is malformed? Unless you specify something else, the action would be to reset the session, but even if that’s what you want, you should say so, to be clear.

2. … But I’m confused about the Partial bit. Everything in your document relates to NLRI, carried in the existing MP_REACH_NLRI and MP_UNREACH_NLRI attributes. The encoding of these attributes doesn’t include any kind of per-NLRI Partial bit, it’s a per-path attribute thing. Since these two attributes are non-transitive, the Partial bit can never be set on them (it’s specifically excluded in RFC 4271). In short, there’s no such thing as a “Selective Multicast Route flag with its Partial bit” set OR cleared, a route doesn’t HAVE a Partial bit.

3. Come to think of it, I can’t even figure out what the “Selective Multicast Route flag” is. I confess I haven’t done a close reading of the document, but I did try to work it out, and I can’t. Is it a flag? Is it a route? Is it a typo? Inquiring minds want to know!

4. You say “discarded as per [RFC7606]” or “handled as per [RFC7606]” but 7606 doesn’t provide just a single strategy, it provides four options (https://tools.ietf.org/html/rfc7606#page-5), namely session reset, AFI/SAFI disable, treat-as-withdraw, and attribute discard. I’m guessing you mean treat-as-withdraw; in any case, you need to be specific about the behavior you want.

Just as a reminder, RFC 7606, in section 3(j), points out that the NLRI need to be successfully parsed for treat-as-withdraw to work, and if the NLRI can’t be parsed, session reset still has to be used. I guess you must be assuming the NLRI could be malformed in such a way as to still allow the key to be extracted from them, otherwise there’s no way to do treat-as-withdraw to them. As far as I can tell from a skim, only a malformed flags field would qualify for this, everything else is part of the key, right? I think you’ll need to spell this out, see also point 5 below.

5. You say what to do if it’s determined a route is malformed, but for the most part you don’t say what criteria are used to make that determination. RFC 7606 section 8 (https://tools.ietf.org/html/rfc7606#page-15) asks you to please be more specific, it also provides a lot of examples of specificity in its earlier sections. Since you aren’t specifying a new attribute, the section technically doesn’t apply to you, but nonetheless I think the guidance is relevant:

   A document that specifies a new BGP attribute MUST provide specifics
   regarding what constitutes an error for that attribute and how that
   error is to be handled.

6. I do notice this text too:

   Suppose a PE receives a particular IGMP Join Synch or IGMP Leave
   Synch route, say R1, and suppose that R1 carries an ES-Import RT that
   is one of the PE's Import RTs.  If R1 has no EVI-RT EC, or has more
   than one EVI-RT EC, the PE MUST apply the "treat-as-withdraw"
   procedure of [RFC7606].

This is perfect, thank you! It names a specific error handling strategy. The error condition is spelled out clearly and it’s also helpful that the error condition relates to attributes that aren’t NLRI, so we can be confident that the NLRI are well-formed, thus we can find the key to enable us to know what to withdraw.

Regards,

—John

v2.23.0 | Report a Bug | By Email