Re: [Idr] AD Review of draft-ietf-idr-bgp-extended-messages-20

Enke Chen <enkechen@cisco.com> Mon, 06 March 2017 20:22 UTC

Return-Path: <enkechen@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 450811299DC; Mon, 6 Mar 2017 12:22:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHheRA5HjUQb; Mon, 6 Mar 2017 12:22:27 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4923A1299D4; Mon, 6 Mar 2017 12:22:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8087; q=dns/txt; s=iport; t=1488831747; x=1490041347; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=Pcn3JSPRew81HgSzQJQJNuTYjE8bDScpuUiyQVbb4ok=; b=a14onAHCG9upVHMuaUingN+0vWmjPauQkHUroAjGbG0Rwae+6p6ZkeKl HoPJ5/OqxEqoNkuK/vD01ox0GyvVZqdQN/stKZmArHb42tTZU9OKidaGp SY+YFBVcf1BNHao1Bpcn8gq62muaD8ScHpTeNdQa3tV++KJ0Wq+jhSiDw 0=;
X-IronPort-AV: E=Sophos;i="5.35,255,1484006400"; d="scan'208";a="393350929"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2017 20:22:26 +0000
Received: from [10.41.60.248] ([10.41.60.248]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id v26KMPbj001853; Mon, 6 Mar 2017 20:22:25 GMT
To: Jeffrey Haas <jhaas@pfrc.org>, "Alvaro Retana (aretana)" <aretana@cisco.com>
References: <DAEE98CC-8483-499E-B71C-FE4C6FC15A4A@cisco.com> <20170228210627.GB17448@pfrc.org>
From: Enke Chen <enkechen@cisco.com>
Message-ID: <3eb4d853-1d44-6250-c70a-26f60eac39e6@cisco.com>
Date: Mon, 6 Mar 2017 12:22:24 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <20170228210627.GB17448@pfrc.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/O32bsS8ptIHI6B1r3CNrBOplbUM>
Cc: "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "draft-ietf-idr-bgp-extended-messages@ietf.org" <draft-ietf-idr-bgp-extended-messages@ietf.org>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-extended-messages-20
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 20:22:29 -0000

Hi, Folks:

I see benefits and no drawbacks for the "BGP-Extended Message Capability" to cover
all the message types, that is, requiring a speaker that advertises the capability
to be able to receiving large messages of any type.  While the requirement for the
large message is driven by the UPDATE message, other messages (such as NOTIFICATION
or OPEN) can potentially exceed the 4K message size as well. It is better to deal with
this issue once.

Clearly a large UPDATE message may require a large NOTIFICATION message, e.g., for
carrying a malformed attribute.

Regarding the OPEN message, as BGP capabilities are carried inside the OPEN message
and a number of capabilities are AFI/SAFI specific and thus have the "multiplier"
effect on the message size, potentially the OPEN message may exceed the message size
in the future. This "extended message capability" can be used in a couple of ways to
deal with the large OPEN message if the capability is made to mean support for all
message types:

   o A speaker can remember the capability from its previous OPEN, and infer that
     the large message is most likely supported over the current session, and send
     the large OPEN message if needed. (It can back off from sending the large OPEN
     based on NOTIFICATION message.)

   o A speaker can send a normal OPEN, and once it determines from the received
     OPEN message that the large message capability is supported by the remote
     speaker, the speaker can close the connection and start with a large OPEN.

Admittedly these mechanism are not as elegant as the one that bumps the BGP version.
They can be just as effective (especially the first one) in practice.

Thanks.  -- Enke

On 2/28/17 1:06 PM, Jeffrey Haas wrote:
> Alvaro,
> 
> I'm not speaking for the authors.  However, a few comments on your writeup:
> 
> On Thu, Feb 23, 2017 at 07:17:05PM +0000, Alvaro Retana (aretana) wrote:
>> M1. Section 4. (Operation): “An implementation that supports the BGP
>> Extended Messages MUST be prepared to receive an UPDATE message that is
>> larger than 4096 bytes.“  Only UPDATEs?  I know that the most likely case
>> for exceeding the 4k size is an UPDATE, but why are the other messages not
>> considered?  
> 
> The fundamental issue is with regards to not only the basic behavior of RFC 4271 
> and its earlier RFC 1771 but also to BGP Versioning.
> 
> Those RFCs set the expectation that version 4 of BGP will have at most a 4k
> packet size.  Capability advertisement, an extension on top of BGP, isn't a
> required feature - although it's certainly very common these days.
> 
> Thus, for backward compatibility reasons, OPEN messages must be no bigger
> than 4k if we're still BGP-4.
> 
> I don't think there's an argument for larger KEEPALIVE messages. :-)
> 
> Similarly, the NOTIFICATION with no restrictions for version compatibility
> reasons.  *However*, once BGP has reached the Established state, it is
> possible for it to send longer NOTIFICATION messages, if we permitted it and
> the feature was duly negotiated.  This is probably not the best idea because
> it will still be necessary to be able to deal with an old speaker in such
> cases.  
> 
> Also, most implementations don't dump that much information in the
> NOTIFICATION Data section.  Putting sufficient semantics on the content
> would start to get messy.  We don't want XML or backtrace over that message.
> 
> The case for UPDATE is clear.
> 
> The remaining message with some potential motivation is ROUTE-REFRESH.  The
> basic refresh message is likely to be able to hold AFI/SAFI sets for some
> time.  The ORF feature that is built upon refresh already deals with sending
> its filters over the course of multiple messages.  So, there's not a lot of
> motivation.
> 
> And that's the messages we have so far.  While I can see new messages being
> defined that may want it, I don't think there's a strong argument for it
> today.
> 
>> Also, what does “prepared to receive”
>> mean, and how can “MUST be prepared to receive” be enforced?  Given the
>> discussion in Section 5 (Error Handling), you might want to add something
>> like “…even if the Capability is not advertised”.
> 
> If the capability hasn't been negotiated, then the expectation is that it's
> a PDU error and the session should be dropped.  See prior comments about BGP
> versioning.
> 
>> M2. Section 5 (Error Handling).  “A BGP speaker that has the ability to
>> use extended messages but has not advertised the BGP Extended Messages
>> capability, presumably due to configuration, SHOULD NOT accept an extended
>> message.  A speaker MAY implement a more liberal policy and accept
>> extended messages even from a peer that has not advertised the
>> capability.”  This paragraph troubles me a lot because it is in direct
>> contraction with Section 3: “A peer which does not advertise this
>> capability MUST NOT send BGP Extended Messages, and BGP Extended Messages
>> MUST NOT be sent to it.”.  However, I think that John Scudder’s reasoning
>> [3] makes sense ("keep the session up at (almost) all costs", and there’s
>> clear precedence in the WG) for the case where the sender did advertise
>> the Capability, but I’m not convinced on the case where it didn’t – please
>> include something like John’s explanation in the text.
> 
> John can own this one.  I find the case a little weaker.  It vaguely makes
> me want a probe message to verify that I can indeed get a full-sized PDU
> through.
> 
>> M5. Section 5 (Error Handling).  “The inconsistency between the local and
>> remote BGP speakers MUST be reported via syslog and/or SNMP.”   SNMP?
>> AFAIK, there’s no object that can report this inconsistency since there’s
>> no NOTIFICATION generated.  In the proposed text by Gunter Van De Velde
>> [4], SNMP and syslog were mentioned as examples – I suggest you follow
>> that path (no need for all the “flowery language”) and just reference
>> mechanisms by example to avoid having to point at how it would be done.
> 
> IMO, "brought to the attention of the operator.  Example mechanisms might
> include syslog or SNMP notifications."
> 
> While you're correct that no IETF standard MIB object covers such a
> scenario, we shouldn't be proscriptive about some vendor deciding they want
> it in their enterprise implementation.
> 
> At some point, we need similar boilerplate language for yang notifications.
> 
>> M7. What about transition/migration/partial deployment?  What should the
>> behavior be if, for example, an Extended Message UPDATE is received from a
>> peer, but can’t be propagated to others because they don’t support
>> Extended Messages (think route reflectors or simple eBGP -> iBGP)??  There
>> should be some guidance for the general case (i.e. when the total size is
>>> 4k due simply to the total amount of information, and not because a
>> single attribute, for example, is really big), and some requirements
>> looking forward to potential new messages/attributes that specifically
>> rely on Extended Messages.
> 
> I'm not sure such guidance belongs in this document.  We already have
> scenarios wherein normal protocol machinery can result in messages that are
> too large.  The expected behavior is "treat as withdraw" to the next
> downstream, similar to the BGP Error handling RFC.
> 
> Examples of this include AS_PATH or CLUSTER_LIST attributes needing to add a
> new entry on a full PDU.
> 
>> M7.2. What should the default be for this extension?  Should it be enabled by default or not?
> 
> IMO, there are good reasons to not turn it on for existing BGP deployments
> but alternatively good reasons once the extension is widely enough present
> in a given topology.  The latter example includes bgpsec.
> 
> -- Jeff
> 
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>