IETF Logo Mail Archive

Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt

Job Snijders <job@ntt.net> Wed, 07 October 2020 10:01 UTC

Return-Path: <job@ntt.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 005243A067A for <idr@ietfa.amsl.com>; Wed, 7 Oct 2020 03:01:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AIZ7s0ZvM7dn for <idr@ietfa.amsl.com>; Wed, 7 Oct 2020 03:01:04 -0700 (PDT)
Received: from mail4.dllstx09.us.to.gin.ntt.net (mail4.dllstx09.us.to.gin.ntt.net [128.241.192.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28E393A0658 for <idr@ietf.org>; Wed, 7 Oct 2020 03:01:03 -0700 (PDT)
Received: from bench.sobornost.net (unknown [45.138.228.4]) by mail4.dllstx09.us.to.gin.ntt.net (Postfix) with ESMTPSA id 7E287EE0147; Wed, 7 Oct 2020 10:01:02 +0000 (UTC)
Received: from localhost (bench.sobornost.net [local]) by bench.sobornost.net (OpenSMTPD) with ESMTPA id 213232df; Wed, 7 Oct 2020 10:00:59 +0000 (UTC)
Date: Wed, 07 Oct 2020 10:00:59 +0000
From: Job Snijders <job@ntt.net>
To: "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>
Cc: Warren Kumari <warren@kumari.net>, Gyan Mishra <hayabusagsm@gmail.com>, idr <idr@ietf.org>
Message-ID: <20201007100059.GI36733@bench.sobornost.net>
References: <160147241917.18722.10402627847451321205@ietfa.amsl.com> <CALxNLBj0Y6yLa963_6zGgiLJNyhGikRrDMB4ySSVUD3T-o6nog@mail.gmail.com> <CABNhwV2isC3o2h2nr45RTnMhRRrDe1nuyyrj9z611_rOYEL_Eg@mail.gmail.com> <CAHw9_iLRX9sYOw+Tyb9PO0_N6ZHqmW8B+SkOArXyY12qOEXqww@mail.gmail.com> <BYAPR11MB3207B145F225CFB222942C0BC00A0@BYAPR11MB3207.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <BYAPR11MB3207B145F225CFB222942C0BC00A0@BYAPR11MB3207.namprd11.prod.outlook.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/MPcAVY_2V0qTs9aTEVcsq-LNDPs>
Subject: Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 10:01:08 -0000

Dear Jakob, Warren, Ben, Gyan, others,

I agree that for Internet routing purposes it probably is very
undesirable to keep a connection up and 'clip' when the Maximum Prefix
Limit is reached. However, RFC 4271 explicitly permits this type of
behavior, RFC 4271 Section 6.7:

    "A BGP speaker MAY support the ability to impose a
    locally-configured, upper bound on the number of address prefixes
    the speaker is willing to accept from a neighbor.  When the upper
    bound is reached, the speaker, under control of local configuration,
    either (a) discards new address prefixes from the neighbor (while
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    maintaining the BGP connection with the neighbor), or (b) terminates
    the BGP connection with the neighbor."

I think Jakob's suggestion to add warning text is the best path forward,
I don't think this *clarification* RFC is the place to undefine this
type of (potentially problematic) functionality.

Kind regards,

Job

On Wed, Oct 07, 2020 at 12:36:16AM +0000, Jakob Heitz (jheitz) wrote:
> Or at least add some warning text to the option to the effect of:
> 
> If the max-prefix limit causes excess prefixes not to be announced
> rather than a session termination, then the prefixes that are not announced
> are unknown. Differing unknown sets of prefixes not being advertised
> by multiple routers can cause forwarding loops.
> 
> Or specify the option for session non-termination for external BGP sessions only.
> 
> Regards,
> Jakob.
> 
> -----Original Message-----
> From: Idr <idr-bounces@ietf.org> On Behalf Of Warren Kumari
> Sent: Tuesday, October 6, 2020 1:19 PM
> To: Gyan Mishra <hayabusagsm@gmail.com>
> Cc: idr <idr@ietf.org>
> Subject: Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt
> 
> <no hats>
> On Wed, Sep 30, 2020 at 10:53 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:
> >
> > Hi Authors
> >
> >
> > Would it be possible to modify the action so that we have the option to not disconnect the peer and allow the peer to remain UP state but clip the routes above the upper limit and provide this option for both inbound and outbound directions.
> 
> Errrr... how sure are you that this is the behavior that you *want*?
> If you have tripped the max-prefixes limit it's almost always:
> 1: things have been slowly growing over time, you've tripped your
> warning limit. The right thing to do here is carefully look at the
> prefixes, make sure they are what you expect, and bump it up by a bit.
> 2: you've just borked your filters and are now trying to leak full
> tables to your peers. The right thing to do here is tear the session
> down and go do penance...
> 
> I strongly suggest taking this question to GROW / NOGs before adding a
> "send as many as you can and then start filtering" option; tripping
> the hard limit should be the same as a circuit breaker, not a
> resistor.
> 
> W
> 
> > This was the PE resources are not impacted as well as the customer peer still remains in an Up state.
> >
> > Thanks
> >
> > Gyan
> >
> > On Wed, Sep 30, 2020 at 9:34 AM Melchior Aelmans <melchior@aelmans.eu> wrote:
> >>
> >> Hi IDR,
> >>
> >> As suggested in earlier WG meetings (both in GROW and IDR) we have split the Maximum Prefix Limits draft into Maximum Prefix Limits Outbound and Maximum Prefix Limits Inbound.
> >> The authors are looking for your feedback and input on both.
> >>
> >> Thanks,
> >> Melchior
> >>
> >> ---------- Forwarded message ---------
> >> From: <internet-drafts@ietf.org>
> >> Date: Wed, Sep 30, 2020 at 3:27 PM
> >> Subject: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt
> >> To: <i-d-announce@ietf.org>
> >>
> >>
> >>
> >>
> >>
> >> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>         Title           : Revised BGP Maximum Prefix Limits Outbound
> >>
> >>
> >>         Authors         : Melchior Aelmans
> >>
> >>
> >>                           Massimiliano Stucchi
> >>
> >>
> >>                           Job Snijders
> >>
> >>
> >>         Filename        : draft-sas-idr-maxprefix-outbound-00.txt
> >>
> >>
> >>         Pages           : 9
> >>
> >>
> >>         Date            : 2020-09-30
> >>
> >>
> >>
> >>
> >>
> >> Abstract:
> >>
> >>
> >>    This document updates RFC4271 by adding a control mechanism which
> >>
> >>
> >>    limits the negative impact of outbound route leaks (RFC7908) in order
> >>
> >>
> >>    to prevent resource exhaustion in Border Gateway Protocol (BGP)
> >>
> >>
> >>    implementations.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> The IETF datatracker status page for this draft is:
> >>
> >>
> >> https://datatracker.ietf.org/doc/draft-sas-idr-maxprefix-outbound/
> >>
> >>
> >>
> >>
> >>
> >> There are also htmlized versions available at:
> >>
> >>
> >> https://tools.ietf.org/html/draft-sas-idr-maxprefix-outbound-00
> >>
> >>
> >> https://datatracker.ietf.org/doc/html/draft-sas-idr-maxprefix-outbound-00
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> Please note that it may take a couple of minutes from the time of submission
> >>
> >>
> >> until the htmlized version and diff are available at tools.ietf.org.
> >>
> >>
> >>
> >>
> >>
> >> Internet-Drafts are also available by anonymous FTP at:
> >>
> >>
> >> ftp://ftp.ietf.org/internet-drafts/
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >>
> >>
> >> I-D-Announce mailing list
> >>
> >>
> >> I-D-Announce@ietf.org
> >>
> >>
> >> https://www.ietf.org/mailman/listinfo/i-d-announce
> >>
> >>
> >> Internet-Draft directories: http://www.ietf.org/shadow.html
> >>
> >>
> >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >>
> >> Idr mailing list
> >>
> >> Idr@ietf.org
> >>
> >> https://www.ietf.org/mailman/listinfo/idr
> >>
> > --
> >
> >
> > Gyan Mishra
> >
> > Network Solutions Architect
> >
> > M 301 502-1347
> > 13101 Columbia Pike
> > Silver Spring, MD
> >
> >
> > _______________________________________________
> > Idr mailing list
> > Idr@ietf.org
> > https://www.ietf.org/mailman/listinfo/idr
> 
> 
> 
> -- 
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf
> 
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
> 
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email