Re: [Idr] IDR Chairs consensus for draft-ietf-idr-bgp-open-policy
Jeffrey Haas <jhaas@pfrc.org> Wed, 02 March 2022 12:28 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B0053A131C; Wed, 2 Mar 2022 04:28:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJmJ1MY80pS4; Wed, 2 Mar 2022 04:28:05 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id BD96A3A133F; Wed, 2 Mar 2022 04:28:04 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id A2AD51E345; Wed, 2 Mar 2022 07:28:03 -0500 (EST)
Date: Wed, 02 Mar 2022 07:28:03 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
Cc: Susan Hares <shares@ndzh.com>, Alvaro Retana <aretana.ietf@gmail.com>, "draft-ietf-idr-bgp-open-policy@ietf.org" <draft-ietf-idr-bgp-open-policy@ietf.org>, "idr@ietf.org" <idr@ietf.org>
Message-ID: <20220302122803.GA13378@pfrc.org>
References: <SA1PR09MB81425CA9AA39DB4824F6A6F184039@SA1PR09MB8142.namprd09.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <SA1PR09MB81425CA9AA39DB4824F6A6F184039@SA1PR09MB8142.namprd09.prod.outlook.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/O9MXiYh72UYujobB_jrlhO6bNCc>
Subject: Re: [Idr] IDR Chairs consensus for draft-ietf-idr-bgp-open-policy
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 12:28:07 -0000
Sriram, On Wed, Mar 02, 2022 at 01:30:07AM +0000, Sriram, Kotikalapudi (Fed) wrote: > Thank you. Per your advice, we'll update v-22 and upload v-23. It will replace the two paragraphs related to the OTC length error in v-22 with the paragraph from v-21 with the following editorial change: > > OLD text (from v-21): > > If an UPDATE is received with an OTC Attribute with a length > different from 4 octets, then the UPDATE SHALL be considered > malformed. If malformed, the UPDATE message SHALL be handled using > the approach of "treat-as-withdraw" [RFC7606]. > > NEW text (to be included in v-23): > > The OTC Attribute is considered malformed if the length value is not 4. > An UPDATE message with a malformed OTC Attribute SHALL be handled > using the approach of "treat-as-withdraw" [RFC7606]. This seems reasonable. > >If you believe citing the possible dangers of forwarding loops is necessary, > >please do so by reference to the text in RFC 7606 without attempts to restate it. > >We've found errors tend to creep into specifications when normative text is > >summarized. > > We'll add the following new text as the last paragraph in Section 5 (Additional Considerations): > > NEW text: > > Section 6 of [RFC7606] mentions the possibility of forwarding loops > with "treat-as-withdraw" error-handling in iBGP. With the use of > this error-handling approach for the OTC Attribute, the possibility > of forwarding loops in iBGP arises if the following conditions > concur: (1) the length value in the OTC Attribute is in error (i.e., > not 4) and the OTC value also has the same erroneous number of > octets, (2) the AS in consideration has a partial deployment (some > routers have not been upgraded to do OTC), and (3) the iBGP topology > and the data links between routers in the AS do not match (data > tunneling is not used to avoid the mismatch). To prevent/ > troubleshoot forwarding loops, the user is referred to the advice > offered in Section 6 of [RFC7606]. I'd suggest keeping it simple. Different suggestion: "Section 6 of [RFC7606] documents possible negative impacts of "treat-as-withdraw" behavior. Such negative impacts may include forwarding loops or blackholes. It also discusses debugging considerations related to this behavior." Don't try to re-state how we get into the situation or try to constrain circumstances that you think this may happen. As an example, any circumstance where the route gets treat-as-withdraw during iBGP can cause this issue. Using some of Bruno's discussion about multiple faults as an example, if a malformed attribute sneaks past an implementation that does open-policy on eBGP, the fault exists at that device but the penalty happens in the rest of the network. -- Jeff
- [Idr] IDR Chairs consensus for draft-ietf-idr-bgp… Jeffrey Haas
- Re: [Idr] IDR Chairs consensus for draft-ietf-idr… Sriram, Kotikalapudi (Fed)
- Re: [Idr] IDR Chairs consensus for draft-ietf-idr… Susan Hares
- Re: [Idr] IDR Chairs consensus for draft-ietf-idr… Jeffrey Haas
- Re: [Idr] IDR Chairs consensus for draft-ietf-idr… Susan Hares
- Re: [Idr] IDR Chairs consensus for draft-ietf-idr… Sriram, Kotikalapudi (Fed)
- Re: [Idr] IDR Chairs consensus for draft-ietf-idr… Susan Hares
- Re: [Idr] IDR Chairs consensus for draft-ietf-idr… Sriram, Kotikalapudi (Fed)