IETF Logo Mail Archive

Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)

"Alvaro Retana (aretana)" <aretana@cisco.com> Mon, 26 October 2015 16:59 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFF751B2F7E for <idr@ietfa.amsl.com>; Mon, 26 Oct 2015 09:59:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.542
X-Spam-Level:
X-Spam-Status: No, score=-1.542 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_BODY=1.157, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, T_HTML_ATTACH=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sW5ZACL6e7PS for <idr@ietfa.amsl.com>; Mon, 26 Oct 2015 09:59:18 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88D2D1B4390 for <idr@ietf.org>; Mon, 26 Oct 2015 09:59:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=325823; q=dns/txt; s=iport; t=1445878757; x=1447088357; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Dw/1sMcdcVniySIR9mq0FJt8EvSRIWZeDesetavkuZE=; b=iU/q4JiDe7mpUATMxUol1C0Y3HXNzzUl23b6WFLacYvR5XWzWJieNElM D2k82ojj1nJ0K0UJD/4i/OQzv+QTZ0GQZAspdmak0I/p5WsxDMXHQByX8 /YJhiw00rL0weTl4q9VPA3oQ397UGJnshR+XRxanPK19g2+cM/Awsv8Yi c=;
X-Files: draft-ietf-idr-custom-decision-07.txt, Diff_Cost_Community_06_to-07.htm : 22778, 183846
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CfBACwWi5W/5JdJa3OIgICAQI
X-IronPort-AV: E=Sophos;i="5.20,201,1444694400"; d="htm'217?txt'217?scan'217,208,217";a="202096831"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Oct 2015 16:59:17 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id t9QGxG9Y026108 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 26 Oct 2015 16:59:16 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 26 Oct 2015 11:58:52 -0500
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.000; Mon, 26 Oct 2015 11:58:53 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>
Thread-Topic: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
Thread-Index: AQHQfOJEbzqBqbwli0WLinaFdrSzRp5/NkAA
Date: Mon, 26 Oct 2015 16:58:53 +0000
Message-ID: <D24E929A.E0D85%aretana@cisco.com>
References: <015e01d07ba1$0042bff0$00c83fd0$@ndzh.com> <25797_1429696420_55376FA4_25797_3139_1_53C29892C857584299CBF5D05346208A0EBAA545@PEXCVZYM11.corporate.adroot.infra.ftgroup>
In-Reply-To: <25797_1429696420_55376FA4_25797_3139_1_53C29892C857584299CBF5D05346208A0EBAA545@PEXCVZYM11.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.15.3]
Content-Type: multipart/mixed; boundary="_005_D24E929AE0D85aretanaciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/PFdXOXzTs2ZggdV7e-2yS59x6_M>
Cc: "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 16:59:29 -0000

On 4/22/15, 3:53 AM, "Idr on behalf of bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>" <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org> on behalf of bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>> wrote:

Bruno:

Hi!  Sorry for the long delay..

Since we missed the ID deadline, I'm attaching what will be version –07 and the diffs..along with specific answers to your comments below.

Thanks!!

Alvaro.


Hi all,

Please find below some comments on the document:

§ Abstract
*) “It is cumbersome (if at all possible) for the end user to define policies that will select, after partial comparison, a path based on subjective local (domain and/or node) criteria.”
IMHO the sentence may be reworded. e.g. using a more factual/neutral orientation. (Alternatively, the document would need to elaborate on how much “cumbersome”/”impossible” is saved by using this new tool. (definitely not all IMO)).

Yes.

OLD
   The BGP specification defines a Decision Process for installation of
   routes into the Loc-RIB.  This process takes into account an
   extensive series of path attributes, which can be manipulated to
   indicate preference for specific paths.  It is cumbersome (if at all
   possible) for the end user to define policies that will select, after
   partial comparison, a path based on subjective local (domain and/or
   node) criteria.

NEW
   The BGP specification describes a Decision Process for selecting the
   best route.  This process uses a series of steps, made up of path
   attributes and other values, to first determine the Degree of
   Preference of a route and later as tie breakers.  While existing
   mechanisms may achieve some of the same results described in this
   document, they can only do so through extensive configuration such as
   matching communities to explicit policy and/or route preference
   configurations present on each BGP speaker within their
   administrative domain (autonomous system).  Implementing some
   specific fine grained policies through such mechanisms is cumbersome,
   if even possible.





§3.  The BGP Cost Community
*) “The Point of Insertion sub-field contains the value of the path attribute *after* which this community MUST be considered during the best path selection process.”
- My reading of “value of the path attribute” is http://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml#bgp-parameters-2  Is this correct? Probably not as the IANA section of this draft propose a new/different registry for POI.

We put in a new sentence to clarify:

         This document creates a new Cost Community Point of Insertion
         Registry (Section 7.1) that includes the relevant path
         attributes and these other values.


 *) “The high-order bit is reserved to indicate that the Cost Community MUST replace the path attribute specified by the Point of Insertion during the best path selection process.”
“reserved” does not seem to be the best word given that the bit is not reserved (for future use) but specified in this document.

s/is reserved to indicate/indicates


 *) “Multiple Cost Communities may indicate the same Point of Insertion.  In this case, the Cost Community with the lowest Community-ID is considered first.”
Multiple cost communities may be received with the same Point of Insertion and the same Community-ID. Please specific which one is to be taken or the error handling.

The same Community-ID is OK as long as it comes from different peers — in the end the winner should be the one with the lowest cost.

OLD>
   Multiple Cost Communities may indicate the same Point of Insertion.
   In this case, the Cost Community with the lowest Community-ID is
   considered first.  In other words, all the Cost Communities for a
   specific Point of Insertion MUST be considered, starting with the one
   with the lowest Community-ID.


NEW>
   Multiple Cost Communities may indicate the same POI.  All the Cost
   Communities for a specific POI MUST be considered starting with the
   one(s) with the lowest Community-ID.  If multiple Cost Communities,
   for the same POI, with the same Community-ID are received for the
   same route from the same peer, then all except the one with the
   lowest Cost MUST be silently ignored.


§ 5.  Deployment Considerations
*) “It is important that a  consistent path selection process be maintained across the local  Autonomous System to avoid potential routing loops.”
How much important?
Given the (below) use of a few SHOULD (vs MUST) there is no real assurance that no routing loops will form:
- “If a BGP speaker receives a path that contains the Cost Community, it SHOULD consider its value at the Point of Insertion specified, when  calculating the best path”
- “if the Cost Community is used, all the nodes in the AS that may have to consider this new community at any Point of Insertion SHOULD be  aware of the mechanisms described in this document.”

IMO, either :s/SHOULD/MUST in the 2 above sentence, or the document must discuss the conditions which are safe and the ones which are not.

*) “be  aware of the mechanisms described in this document” is not enough. It also needs to support the specific POI used.

Obviously avoiding loops is very important. ;-)

We also added some additional text.

NEW
   The mechanisms described in this document may be used to modify the
   Decision Process arbitrarily.  It is important that a consistent
   Decision Process be maintained across the local Autonomous System to
   avoid potential routing loops.  In other words, all the nodes in the
   AS that may have to consider the Cost Community at any POI MUST
   support the mechanisms described in this document.

   Any mechanism which allows the modification of the Decision Process
   is capable of forming persistent routing loops in the control plane.
   Network administrators deploying the Cost Community MUST ensure that
   each impacted router in the network supports them, including the POIs
   deployed within their network.  This is similar in scope to a network
   administrator who uses communities [RFC1997] combined with filters or
   other policies to modify the Decision Process of BGP speakers.
   Consistency must be enforced at an administrative level.


§6.  Security Considerations

*) “This document introduces no new security concerns to BGP or other specifications referenced in this document.”
Really?? That sentence would rather make me feel that this document is not ready for RFC publication.
IMO a real consideration of the security aspects should be done.

e.g. (for free):
a) by default, this mechanism is activated.
b) non compliant implementation will accept and pass transitive Opaque community (0x03)


a)      + b): anyone in the Internet can influence the routing in my AS; which is not acceptable.

Yes, you're right.  We added considerations to turn it off by default.


§ 7.  IANA Considerations
“Some of the values in this new registry match the values assigned in the BGP Path Attributes registry [BGP_PAR].  It is RECOMMENDED that an effort be made to assign the same values in both tables when applicable.”
If this is the goal
- both allocation policies should probably be the same.
- IMHO the draft should comment on the POI value already assigned to BGP attribute. Should they be considered “reserved” of free to use as “non applicable”?
- it could be discussed that POI 129 “IGP_COST” may best match BG Attribute 3 NEXT_HOP

We decided to completely decouple the two registries.


 § Appendix A.  Cost Community Point of Insertion Registry
*) It looks like this whole section should be in the IANA section, rather than an appendix.

Yes, we moved it.

v2.23.0 | Report a Bug | By Email