Re: [Idr] AD Review of draft-ietf-idr-bgp-extended-messages-20

[Jeffrey Haas <jhaas@pfrc.org>]

Alvaro,

I'm not speaking for the authors.  However, a few comments on your writeup:

On Thu, Feb 23, 2017 at 07:17:05PM +0000, Alvaro Retana (aretana) wrote:
> M1. Section 4. (Operation): “An implementation that supports the BGP
> Extended Messages MUST be prepared to receive an UPDATE message that is
> larger than 4096 bytes.“  Only UPDATEs?  I know that the most likely case
> for exceeding the 4k size is an UPDATE, but why are the other messages not
> considered?  

The fundamental issue is with regards to not only the basic behavior of RFC 4271 
and its earlier RFC 1771 but also to BGP Versioning.

Those RFCs set the expectation that version 4 of BGP will have at most a 4k
packet size.  Capability advertisement, an extension on top of BGP, isn't a
required feature - although it's certainly very common these days.

Thus, for backward compatibility reasons, OPEN messages must be no bigger
than 4k if we're still BGP-4.

I don't think there's an argument for larger KEEPALIVE messages. :-)

Similarly, the NOTIFICATION with no restrictions for version compatibility
reasons.  *However*, once BGP has reached the Established state, it is
possible for it to send longer NOTIFICATION messages, if we permitted it and
the feature was duly negotiated.  This is probably not the best idea because
it will still be necessary to be able to deal with an old speaker in such
cases.  

Also, most implementations don't dump that much information in the
NOTIFICATION Data section.  Putting sufficient semantics on the content
would start to get messy.  We don't want XML or backtrace over that message.

The case for UPDATE is clear.

The remaining message with some potential motivation is ROUTE-REFRESH.  The
basic refresh message is likely to be able to hold AFI/SAFI sets for some
time.  The ORF feature that is built upon refresh already deals with sending
its filters over the course of multiple messages.  So, there's not a lot of
motivation.

And that's the messages we have so far.  While I can see new messages being
defined that may want it, I don't think there's a strong argument for it
today.

> Also, what does “prepared to receive”
> mean, and how can “MUST be prepared to receive” be enforced?  Given the
> discussion in Section 5 (Error Handling), you might want to add something
> like “…even if the Capability is not advertised”.

If the capability hasn't been negotiated, then the expectation is that it's
a PDU error and the session should be dropped.  See prior comments about BGP
versioning.

> M2. Section 5 (Error Handling).  “A BGP speaker that has the ability to
> use extended messages but has not advertised the BGP Extended Messages
> capability, presumably due to configuration, SHOULD NOT accept an extended
> message.  A speaker MAY implement a more liberal policy and accept
> extended messages even from a peer that has not advertised the
> capability.”  This paragraph troubles me a lot because it is in direct
> contraction with Section 3: “A peer which does not advertise this
> capability MUST NOT send BGP Extended Messages, and BGP Extended Messages
> MUST NOT be sent to it.”.  However, I think that John Scudder’s reasoning
> [3] makes sense ("keep the session up at (almost) all costs", and there’s
> clear precedence in the WG) for the case where the sender did advertise
> the Capability, but I’m not convinced on the case where it didn’t – please
> include something like John’s explanation in the text.

John can own this one.  I find the case a little weaker.  It vaguely makes
me want a probe message to verify that I can indeed get a full-sized PDU
through.

> M5. Section 5 (Error Handling).  “The inconsistency between the local and
> remote BGP speakers MUST be reported via syslog and/or SNMP.”   SNMP?
> AFAIK, there’s no object that can report this inconsistency since there’s
> no NOTIFICATION generated.  In the proposed text by Gunter Van De Velde
> [4], SNMP and syslog were mentioned as examples – I suggest you follow
> that path (no need for all the “flowery language”) and just reference
> mechanisms by example to avoid having to point at how it would be done.

IMO, "brought to the attention of the operator.  Example mechanisms might
include syslog or SNMP notifications."

While you're correct that no IETF standard MIB object covers such a
scenario, we shouldn't be proscriptive about some vendor deciding they want
it in their enterprise implementation.

At some point, we need similar boilerplate language for yang notifications.

> M7. What about transition/migration/partial deployment?  What should the
> behavior be if, for example, an Extended Message UPDATE is received from a
> peer, but can’t be propagated to others because they don’t support
> Extended Messages (think route reflectors or simple eBGP -> iBGP)??  There
> should be some guidance for the general case (i.e. when the total size is
> >4k due simply to the total amount of information, and not because a
> single attribute, for example, is really big), and some requirements
> looking forward to potential new messages/attributes that specifically
> rely on Extended Messages.

I'm not sure such guidance belongs in this document.  We already have
scenarios wherein normal protocol machinery can result in messages that are
too large.  The expected behavior is "treat as withdraw" to the next
downstream, similar to the BGP Error handling RFC.

Examples of this include AS_PATH or CLUSTER_LIST attributes needing to add a
new entry on a full PDU.

> M7.2. What should the default be for this extension?  Should it be enabled by default or not?

IMO, there are good reasons to not turn it on for existing BGP deployments
but alternatively good reasons once the extension is widely enough present
in a given topology.  The latter example includes bgpsec.

-- Jeff