[Idr] Bug in draft-ietf-idr-rfc5575bis, worth fixing?

John Scudder <jgs@juniper.net> Wed, 23 September 2020 21:15 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 120CF3A1516; Wed, 23 Sep 2020 14:15:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.803
X-Spam-Level:
X-Spam-Status: No, score=-4.803 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=ZR+xazKP; dkim=pass (1024-bit key) header.d=juniper.net header.b=YOweQFc9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wy87v3KFh2hI; Wed, 23 Sep 2020 14:14:59 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE8773A1515; Wed, 23 Sep 2020 14:14:58 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08NLDBtY029767; Wed, 23 Sep 2020 14:14:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=PPS1017; bh=VBrBuQCJGrlJDevxO5YIG7II2NKUgRgb6bTwb0CuyRg=; b=ZR+xazKPaAn8nMo+O2NTKUdtBWLABMgDF4IoMIca+RnKHDtfYE502csn2XTAkCOvzAMC vuKMHwNL3ETub342yapRFoOuzjldFC7CvP1pnPfapkK9fy+o6sctX3Bkuvs+Uyk5zjpR ibsL1fIlZPCxtlb1y1U8lZgiggWWYcXGOrwtGjxNW3KuZtKB20r+r4VIJL31JTlM7Pyb 7HiI4sN4daPViTJ5LXWiRgRn8oMACNSzpagGBh7mHqydPHUHFvKImz8K9BdUCMWsNg5v DxcV8nA82nPb8Uel/rjEselxTpkZmz+UJbp+N8vp3iwSEL+7gqpAI6NG1cqf8RxiP7rt HA==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2176.outbound.protection.outlook.com [104.47.55.176]) by mx0b-00273201.pphosted.com with ESMTP id 33r6sa0v27-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 23 Sep 2020 14:14:50 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VgIEQxwBmksHmmJPuQnd5QkxHaWvrl711Ig0BjXpXam1di6MfrC6HyLcnPhdRD9u6qNIqVHl2RXPxmm7UcHQiNQZCkO1SniEkfyRET+95UHYB8iUpZa1y+OYZzngx5oBLVsTaw76MWgCPffVw9zL0y2Cvcw/8ERlWuO48r6LBv3DvVM8Mw4Djb5RGKuY4Fl+YXt01yzozbf7EpBtdjrmI8Lv8MxtZL6dhOGwMnNmJWuTz/ZzJQs4suY5BiL4tgzvIAKdjP3CgfKJNoXZ/dJwRIYQB2l6l4S99/7wU9VkuGwGfV78biOI+9K8viZedoXkqHjwp7mrwtNLWxto7uVNVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VBrBuQCJGrlJDevxO5YIG7II2NKUgRgb6bTwb0CuyRg=; b=G1huFxuAebtn1EZuBjFzl1eHgSQpGHBQXRaz0RPbTDVULlhimjHs+MWPkK36YXa8bQeuZ+UqzRpGWP7fjUF7esP05cpxUQsZvPGByFt5+hz4WejzqwjaRbnODv+cnKFQ2R7PmF0BozijHIkf6LpfpsfBKrUzo4fnmKBUt3wMxcg1VttBQ6PRk7Btyi2CD3uEmHvu6LjKJD4UQofuLwUqaV+HlHIPNBoz4J4rbqmKmn5q2PyZbej4dM3AIFrnyDqXr/nq81vWvleGFImQ5SjMJATL4PN1ZIrWdGK9hijUqN6zdI3ckkRFt+glybgdI9IgMO5f0aQ8KpYDC3pwh3eqpg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VBrBuQCJGrlJDevxO5YIG7II2NKUgRgb6bTwb0CuyRg=; b=YOweQFc9QHkyqz5yNGdym+K5CAKNe4DMczDcaDtvYcjcVMGZu7wPtFlLctcdluzaeYnGoJRS693y25I+gqExV03TbL14mJw9lufITwXi/TXGfCQZ82Afgkkpw0NnyeQcvXgJh+EHTm5KDEDFPqT1vz2SV8uoW3B02cpOtPx6RvM=
Received: from BL0PR05MB5076.namprd05.prod.outlook.com (2603:10b6:208:83::12) by MN2PR05MB6909.namprd05.prod.outlook.com (2603:10b6:208:18d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.17; Wed, 23 Sep 2020 21:14:47 +0000
Received: from BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::e542:8237:ac48:ef5c]) by BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::e542:8237:ac48:ef5c%7]) with mapi id 15.20.3412.020; Wed, 23 Sep 2020 21:14:47 +0000
From: John Scudder <jgs@juniper.net>
To: "idr@ietf. org" <idr@ietf.org>
CC: "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>, Alvaro Retana <aretana.ietf@gmail.com>, "Dongjie (Jimmy)" <jie.dong@huawei.com>, Hares Susan <shares@ndzh.com>
Thread-Topic: Bug in draft-ietf-idr-rfc5575bis, worth fixing?
Thread-Index: AQHWke6R/vziZzLJCEG5MAjI/j3hKg==
Date: Wed, 23 Sep 2020 21:14:47 +0000
Message-ID: <303E54F6-833A-4458-B3E6-DE90E7CA121B@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [163.116.133.117]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ea2b9537-305d-452d-3845-08d86005b3b6
x-ms-traffictypediagnostic: MN2PR05MB6909:
x-microsoft-antispam-prvs: <MN2PR05MB69094DEF493987FEB158FC6AAA380@MN2PR05MB6909.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 65pVaEagGbTbXXIEejOpmPSb5+MFJsdESOfCcwgyf92jJ19Zmi+3gfSZVHLXbfhyARc/Kbz660zRq1lr8P64B9cZXcm4nHE8hRl4kP8rX0g1SX9TsrCspXvob60cq6KHttqGN7TjP+wLudfSuVqGdZf0EWo3ZlR7Z2wEF5zch4FtgF5ZVT1p/9WEFWWS4R+h6i14yu/V9KP26Ht6/RKMys2rCPXlPgreI0G9KrCeF0ilBx4jrJ5nxc9eRoQ+KK/bguLd+Oh2DW7sPZeTowQfshnYCeNsAKCXpZOqU6ezH494jTekGgEOyjJKzzqsg9lZtqE8ZuvFyHc0uxO6lbRlNUlR+PCghjVbt6W58Nx5hfsXpegvw1huzznFM+Wh4sApdiM8QSkoOnQzN9javq7WpI5enzbafGuBQ9QqmZGPZ+eLb4xBHhb7Zi1FuIWRwCaCo9Rsn5cRe0mWWj/QRTkPmg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5076.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(376002)(346002)(396003)(366004)(8676002)(478600001)(6486002)(76116006)(91956017)(4326008)(86362001)(5660300002)(64756008)(166002)(66446008)(316002)(33656002)(8936002)(83380400001)(6916009)(2616005)(66476007)(6512007)(71200400001)(66946007)(54906003)(36756003)(66556008)(186003)(26005)(2906002)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 34mFTxx7UfBXCdVbWfkUsgMltD/T+Ns3+5hA7QWmvwqwky4VjuBv1ePOLTgSAOeN2oWLWBvgZJJHj1ULzGMwVo5yof6739fVs/VAfhdaJJhXLnPhuYonZ/k1IfN79qlQPaRrHJoJ40Nnnh6eF3iLJV+YVTxVH6Jt2KqKZvDMLcbt4EGCakqqH6FO89kWynej0dlysS/M+31uiWbcjUIJA+CuMjwshfj0MQuQpHncNv2rjy0OyzCikwtnv74DbsQCRXayKkptGinDm0guPTeOBe0w45GUvBS2RIBwkcewvFTnDnZhF4yOEiwikR3GbDvIm2YH1C1Mp/xZWeAgmZxHmGH0VXTIrc9dkGqquoWPG6rkI0CZnAJWUz6NPlSAo1XAl2VcUwip6L6tQzR/Lvq8uME6l0FFlgRvyRJVac67odwEPdtgnB66aDjcNDw+hS2jECLZSzHVDZgMI1BCmV0c4kGbdbLFdDax0pO40q1kKqlmmtv9pS1h376r0Qjxmsz9Mb8SXdiH/ZZN2/z5XhoZtfV58cKhbGqODYpevCHfdNTm5ubvhwphLs6iSgRUemTmratsUC7XpUlgkec5iHY6541K7RbIug7uob+2IrXiAkj+cBwBq2+PY9ekKRZkJ7md0J5Vfm0VAIQ8io4d3bBsXQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_303E54F6833A4458B3E6DE90E7CA121Bjunipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5076.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ea2b9537-305d-452d-3845-08d86005b3b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2020 21:14:47.7642 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QROnrKLkh763mJLOgYY0m3eePYHTy6G/+MEamlXUkOccE+ZvdcxODNMzrDRKxbFy
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR05MB6909
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-23_16:2020-09-23, 2020-09-23 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 impostorscore=0 mlxlogscore=970 lowpriorityscore=0 spamscore=0 mlxscore=0 malwarescore=0 phishscore=0 adultscore=0 suspectscore=0 clxscore=1015 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009230161
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/OVzgwIDTL_zR4ivErQiWb7jpLuw>
Subject: [Idr] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 21:15:01 -0000

Hi All,

I’m a little concerned about a change I failed to notice earlier in 5575bis. Version 17 had this paragraph in Section 4.2:


   All combinations of component types within a single NLRI are allowed,
   even if the combination makes no sense from a semantical perspective.
   If a given component type within a prefix in unknown, the prefix in
   question cannot be used for traffic filtering purposes by the
   receiver.  Since a Flow Specification has the semantics of a logical
   AND of all components, if a component is FALSE, by definition it
   cannot be applied.  However, for the purposes of BGP route
   propagation, this prefix should still be transmitted since BGP route
   distribution is independent on NLRI semantics.


Version 18 removed the paragraph. I believe it was removed because of good and reasonable concerns about the “prefix should still be transmitted” part. But, it appears we threw out the baby with the bathwater: the final version of the draft has nothing that corresponds to the underlined part. It is underspecified with respect to what should be done with unknown component types. The closest it comes is this paragraph in Section 4.2 of version 26:


   A NLRI value not encoded as specified specified here is considered
   malformed and error handling according to Section 10<https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-26#section-10> is performed.


But I think this falls well short of being either clear or unambiguous, because what does “as specified here” mean exactly?

I’d like to open a discussion of whether the WG agrees that this is a bug and if so, whether it’s concerning enough to request a last-minute patch to the document, which is currently with the RFC Editor, so it’s almost an RFC. I think the least intrusive fix would be to insert the clause “including an NLRI that contains an unknown component type”, as in:


   A NLRI value not encoded as specified here,

   including an NLRI that contains an unknown component type,

   is considered
   malformed and error handling according to Section 10<https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-26#section-10> is performed.


Just as a side note, “error handling according to Section 10” points us to RFCs 7606 and 4760, which end up telling us to reset the session if the NLRI is malformed.

Until we get a chance to discuss this, I’ve sent a note to the RFC Editor asking them to hold publication.

Thanks,

—John

P.S.: The version 26 text also has a proofreading error, “specified specified”. But I assume the RFC Editor would fix that anyway.