IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

"Saikat Ray (sairay)" <sairay@cisco.com> Thu, 06 December 2012 16:25 UTC

Return-Path: <sairay@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A334021F86FE for <idr@ietfa.amsl.com>; Thu, 6 Dec 2012 08:25:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SjtcKvCAdvMZ for <idr@ietfa.amsl.com>; Thu, 6 Dec 2012 08:25:24 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id A36F421F875B for <idr@ietf.org>; Thu, 6 Dec 2012 08:25:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4057; q=dns/txt; s=iport; t=1354811124; x=1356020724; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=h32ww+pKnvNM+DhZdDsxwaXm8HZx5JCk7qZVtkYCBmM=; b=P1H228nNPnLwATE6yMr+GF/FycQmg/dj0OY3NMj/pd8WnFe5sOmKS+8X 2ycx6t2Yjrmp0Ar0TRGvTOMinm7LiNqhmisvvZXJ26EOdXSS9zfjNhhsg lIV5scGN0DFGkX7TKeSACl8t9lxAD3Bj3DC6q+Wui0zP/vLyyYVf0KNTT o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFAL3FwFCtJV2c/2dsb2JhbABEvioWc4IeAQEBBAEBATc0FwQCAQgRBAEBCxQJBycLFAkIAgQBEggRh3cMwjAEjDmDYmEDklCTeoJzgiI
X-IronPort-AV: E=McAfee;i="5400,1158,6917"; a="150103623"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-2.cisco.com with ESMTP; 06 Dec 2012 16:25:24 +0000
Received: from xhc-aln-x15.cisco.com (xhc-aln-x15.cisco.com [173.36.12.89]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id qB6GPOPE012106 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 6 Dec 2012 16:25:24 GMT
Received: from xmb-rcd-x13.cisco.com ([169.254.3.90]) by xhc-aln-x15.cisco.com ([173.36.12.89]) with mapi id 14.02.0318.001; Thu, 6 Dec 2012 10:25:23 -0600
From: "Saikat Ray (sairay)" <sairay@cisco.com>
To: Chris Hall <chris.hall@highwayman.com>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
Thread-Index: AQHwJ9rDNhpCAk7gfRWZlMlTSLUu6QFwpw6Kl7t2PBCAAEyvoA==
Date: Thu, 06 Dec 2012 16:25:23 +0000
Message-ID: <8ED5B0B0F5B4854A912480C1521F973A0F4940@xmb-rcd-x13.cisco.com>
References: <20121121191321.6164.6887.idtracker@ietfa.amsl.com> <50AD2986.90705@cisco.com> <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com>
In-Reply-To: <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.124.246]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2012 16:25:25 -0000

-----Original Message-----
From: idr-bounces@ietf.org [mailto:idr-bounces@ietf.org] On Behalf Of Chris Hall
Sent: Thursday, December 06, 2012 5:22 AM
To: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

I've been trying to adjust the error handling in Quagga bgpd to follow this draft, without success.

If an update message arrives and there is a problem with one or more significant attributes, then if (and only if) *all* the NLRI in the update can be identified, then treat-as-withdraw is an excellent alternative to crashing the entire session.

This much is clear, and clearly a step forward.  If only it were possible to "parse" attributes individually....

[SR] In which way is the attribute "broken"? If the receiver ever thinks/knows that it has lost the sync 
         (i.e., the knowledge of TLV to byte mapping) on the tcp stream, it must reset the session.
         So if an attribute is broken because of any length issue, the session needs to be reset.

....but since it is not: when faced with a broken set of attributes, I do not see how the receiver can be certain that it has correctly and completely identified all NLRI.

RFC4271 allows for an update to contain any and all combinations of vanilla IPv4 Unicast NLRI (reachable and/or unreachable) and MP NLRI (also reachable and/or unreachable).  Given that one broken attribute may obscure following ones, the receiver can be certain that it has correctly and completely identified all NLRI if, and only if, it has extracted *both* a complete MP_REACH_NLRI *and* a complete MP_UNREACH_NLRI attribute.  Otherwise, the receiver must, in effect, prove a negative: that one or both attributes were not sent.

The draft acknowledges the issue, and requires that "the MP_REACH_NLRI or MP_UNREACH_NLRI attribute (if present) SHALL be encoded as the very first path attribute" (should that be "and/or" rather than "or" ?).
How is the receiver to know that the sender is following this new rule ?  Can it simply assume that to be the case ?  Apparently the answers
are: it cannot and may not, in that order -- since the draft also says "... MUST still be prepared to receive these fields in any position".

If the receiver cannot know (or simply assume) that the new rule is being followed, then given a broken set of attributes:

  * if there are vanilla IPv4 NLRI:

     - can it be assumed that there are no MP NLRI
       if none can be extracted ?

  * if there are no vanilla IPv4 NLRI:

     - can it be assumed that if MP_REACH_NLRI can be
       extracted then there will be no MP_UNREACH_NLRI ?

     - if the only attribute is MP_UNREACH_NLRI then
       everything is fine.

       But if any other attribute is present, if no 
       MP_REACH_NLRI can be extracted, should the
       receiver assume that one is missing (hidden by
       a broken attribute) ?

       The answer to that appears, currently, to be yes.
       But that excludes, forever, the ability to attach
       extra information to a withdraw update.

     - if neither MP_REACH_NLRI nor MP_UNREACH_NLRI
       can be extracted, can it be assumed that this
       is an empty UPDATE ?  Or is this a session-
       crashing-error ?

Of course, if the session is only carrying vanilla IPv4 Unicast, life is easy.

But otherwise, it seems to me that in order to make use of the "treat-as-withdraw" mechanism, the receiver of a broken set of attributes has to make some significant assumptions about the behaviour of the sender.  I do not know which, if any, of those assumptions it is safe to make.

I am, of course, assuming that having received a broken UPDATE, it is
*essential* to avoid continuing with the session unless *all* NLRI referred to in that UPDATE have been "treated-as-withdraw".

Chris

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email