IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

Enke Chen <enkechen@cisco.com> Fri, 07 December 2012 19:17 UTC

Return-Path: <enkechen@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E247C21F8646 for <idr@ietfa.amsl.com>; Fri, 7 Dec 2012 11:17:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5eWfkP3p-2Rh for <idr@ietfa.amsl.com>; Fri, 7 Dec 2012 11:17:22 -0800 (PST)
Received: from mtv-iport-1.cisco.com (mtv-iport-1.cisco.com [173.36.130.12]) by ietfa.amsl.com (Postfix) with ESMTP id 4E7E621F86C3 for <idr@ietf.org>; Fri, 7 Dec 2012 11:17:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4146; q=dns/txt; s=iport; t=1354907842; x=1356117442; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=t9P3ZGnuD8M+7rWfd3EHYbqwmlGZGS7Q187YyEUrjDE=; b=UhvQir9UOoBPS5zcdiJHBE5/Spd3exLbtneDhmwIKoSqo6ZKkV7nIdIO qBykabcSt3GnKjP0NbAIZfC/1cNnlZgd6lc6p9/KDc0x67vlxb/mrC1rA q2NLLiPHgr2JY0p+3NXZ+LF7J+eWnLNJ3oaHEEKDEyY0iRmTSda9VOMPv E=;
X-IronPort-AV: E=McAfee;i="5400,1158,6919"; a="62884970"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-1.cisco.com with ESMTP; 07 Dec 2012 19:17:20 +0000
Received: from [171.71.139.31] (dhcp-171-71-139-31.cisco.com [171.71.139.31]) by mtv-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id qB7JHKG6013865; Fri, 7 Dec 2012 19:17:20 GMT
Message-ID: <50C240C0.6070609@cisco.com>
Date: Fri, 07 Dec 2012 11:17:20 -0800
From: Enke Chen <enkechen@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: Chris Hall <chris.hall@highwayman.com>
References: <20121121191321.6164.6887.idtracker@ietfa.amsl.com> <50AD2986.90705@cisco.com> <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com>
In-Reply-To: <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 19:17:23 -0000

Hi, Chris:

On 12/6/12 5:21 AM, Chris Hall wrote:
> I've been trying to adjust the error handling in Quagga bgpd to follow
> this draft, without success.
>
> If an update message arrives and there is a problem with one or more
> significant attributes, then if (and only if) *all* the NLRI in the
> update can be identified, then treat-as-withdraw is an excellent
> alternative to crashing the entire session.
>
> This much is clear, and clearly a step forward.  If only it were
> possible to "parse" attributes individually....
>
> ....but since it is not: when faced with a broken set of attributes, I
> do not see how the receiver can be certain that it has correctly and
> completely identified all NLRI.
>
> RFC4271 allows for an update to contain any and all combinations of
> vanilla IPv4 Unicast NLRI (reachable and/or unreachable) and MP NLRI
> (also reachable and/or unreachable).  Given that one broken attribute
> may obscure following ones, the receiver can be certain that it has
> correctly and completely identified all NLRI if, and only if, it has
> extracted *both* a complete MP_REACH_NLRI *and* a complete
> MP_UNREACH_NLRI attribute.  Otherwise, the receiver must, in effect,
> prove a negative: that one or both attributes were not sent.
>
> The draft acknowledges the issue, and requires that "the MP_REACH_NLRI
> or MP_UNREACH_NLRI attribute (if present) SHALL be encoded as the very
> first path attribute" (should that be "and/or" rather than "or" ?).
> How is the receiver to know that the sender is following this new rule
> ?  Can it simply assume that to be the case ?  Apparently the answers
> are: it cannot and may not, in that order -- since the draft also says
> "... MUST still be prepared to receive these fields in any position".

When parsing the path attributes, the receiver knows definitely whether 
the MP_REACH_NLRI or MP_UNREACH_NLRI attribute is the very first path 
attribute.

If it is the first path attribute, life would be better w.r.t the error 
handling. If it is not (as is the case with the old code), it can be 
tricky and disruptive.  The situation will progressively improve with 
the continuous rollout of new code.

Another practical detail that helps error handling in some cases is that 
vendors are not encoding multiple NLRI fields in one UPDATE message (as 
least I am not aware of any that does).

-- Enke

>
> If the receiver cannot know (or simply assume) that the new rule is
> being followed, then given a broken set of attributes:
>
>    * if there are vanilla IPv4 NLRI:
>
>       - can it be assumed that there are no MP NLRI
>         if none can be extracted ?
>
>    * if there are no vanilla IPv4 NLRI:
>
>       - can it be assumed that if MP_REACH_NLRI can be
>         extracted then there will be no MP_UNREACH_NLRI ?
>
>       - if the only attribute is MP_UNREACH_NLRI then
>         everything is fine.
>
>         But if any other attribute is present, if no
>         MP_REACH_NLRI can be extracted, should the
>         receiver assume that one is missing (hidden by
>         a broken attribute) ?
>
>         The answer to that appears, currently, to be yes.
>         But that excludes, forever, the ability to attach
>         extra information to a withdraw update.
>
>       - if neither MP_REACH_NLRI nor MP_UNREACH_NLRI
>         can be extracted, can it be assumed that this
>         is an empty UPDATE ?  Or is this a session-
>         crashing-error ?
>
> Of course, if the session is only carrying vanilla IPv4 Unicast, life
> is easy.
>
> But otherwise, it seems to me that in order to make use of the
> "treat-as-withdraw" mechanism, the receiver of a broken set of
> attributes has to make some significant assumptions about the
> behaviour of the sender.  I do not know which, if any, of those
> assumptions it is safe to make.
>
> I am, of course, assuming that having received a broken UPDATE, it is
> *essential* to avoid continuing with the session unless *all* NLRI
> referred to in that UPDATE have been "treated-as-withdraw".
>
> Chris
>

v2.23.0 | Report a Bug | By Email