Re: [Idr] Choice of Large vs. Extended Community for Route Leaks Solution

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Fri, 02 April 2021 16:51 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 922763A1CEC; Fri, 2 Apr 2021 09:51:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BODY_ENHANCEMENT=0.001, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6TACj2IrwWFM; Fri, 2 Apr 2021 09:51:37 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2093.outbound.protection.outlook.com [40.107.91.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 707FE3A1CEB; Fri, 2 Apr 2021 09:51:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cfD9dI6X2Ls6qWaPGqKuQXcZFWfCOktIAyntHELtPI2hYfLRUMCvqRbGmsyXLoIN3ruw3IPMfUALnc0G2GhTNdRAQPPrGaB/XsMezZ5rbIdvp3e9vzCWJluH1kF/0oKicz1TiOgKTCL3xJ6WI08DYGw52pioL3fi2pwJMil/Zt29SZMAbWZrFy6t4WaV8+l67whY4digU5azByTLmZ5iKstoj8mF6cao9C4yOoHDutDRyot0SbJugo7IC3bUZ7IbwjaEbqKbiUdW2v/WPp0gKNB65ei4jnsjUGy5XnGfQJxdXGpcH6sEjbDVyKyS8OmxehQy2Y0x+7QOLkynOnCVDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ntouu9bnfNIcitkHVastkdfD1Z8O3fdqPyQgob28VA4=; b=gmtt/qhlIlmFlwlK/vRD08U24FhG4uGH+MB7FR+2Vk0m1kYNdfSxzYBThf2Et0bg7kWpbxAirsqjxdCt7yRcSBRER1GICvcv0y9ZBFZ+ik2FWoRhHEHhUeNpzsJ29CrGLVBa9IktIAhaRa0sxnAD2Zk/mkWEDjq6ssO8WBKMinXU1N8AyQzWAbNKfsPylm5h6MSdrAi+ARnRyJGLKHYzp7XJZwdFv67RDRgEYtoOM3ICJCCM/cJZmav5CLh9W68+Z/L4hE3EYwWlV0u05R56hk5Zi7NniU5iclmY5YIPWEOKGQKAddfwzBB/cbOS1ikuW7jS5beVnG72HM7QwsKO9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ntouu9bnfNIcitkHVastkdfD1Z8O3fdqPyQgob28VA4=; b=PqEAiGZMZktceTzZWIheCor/a0/wf08vzJHFUNb4qen2yNZH/6kCYX7gzud8GqZ2tzd9VA8zU6qDsyl7NI4drsDKRsRpP8YhsASkeTv3Fj3LCvQnhdjJ8l7nl5H/paUFz27Ek9tS4JU3dcS4QHGSIwExxXWR+D9UfbUJjbQCb+M=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB8736.namprd09.prod.outlook.com (2603:10b6:806:17b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.27; Fri, 2 Apr 2021 16:51:35 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::54a1:82da:6cd9:a9b3]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::54a1:82da:6cd9:a9b3%7]) with mapi id 15.20.3999.029; Fri, 2 Apr 2021 16:51:34 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
CC: Jeffrey Haas <jhaas@pfrc.org>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>, "draft-heitz-idr-wklc@ietf.org" <draft-heitz-idr-wklc@ietf.org>, "grow@ietf.org" <grow@ietf.org>, "a.e.azimov@gmail.com" <a.e.azimov@gmail.com>, Brian Dickson <brian.peter.dickson@gmail.com>
Thread-Topic: Choice of Large vs. Extended Community for Route Leaks Solution
Thread-Index: AQHXJjlK5mSz8dfqZEmidVsO6NqPaKqeqMUAgAFpqA6AAAvOeoAAqtR9gACl8Ag=
Date: Fri, 2 Apr 2021 16:51:34 +0000
Message-ID: <SA1PR09MB8142D52BCD17970570487385847A9@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB814269138AEE1567CEED703B847C9@SA1PR09MB8142.namprd09.prod.outlook.com>, <CAH1iCip6WaQFaBM2DAjf++vW3WTm_NHmXvLTgOhpTdpRdFKigg@mail.gmail.com>, <SA1PR09MB814297F9B9C36DA958E0D5D8847B9@SA1PR09MB8142.namprd09.prod.outlook.com>, <SA1PR09MB8142ED974B87179E45BA7585847B9@SA1PR09MB8142.namprd09.prod.outlook.com>, <53C9F13E-91A6-4856-AB50-DDEDF50E90D8@cisco.com>
In-Reply-To: <53C9F13E-91A6-4856-AB50-DDEDF50E90D8@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.152.52]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a096db2a-e246-47ca-80d3-08d8f5f79349
x-ms-traffictypediagnostic: SA1PR09MB8736:
x-microsoft-antispam-prvs: <SA1PR09MB873685F2BD71991749BF6595847A9@SA1PR09MB8736.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Z8T62LXx+92LQoP5Q5nn8ubA8sWwT/+IIgUxJ9JnQxo1Zftao+qjzP2ZekQKJs51vmYnzGhY1mT16kb+zfc/XGSXhx/ClZB4eZbALKFh96mGbxw+V2vP0J7e8RKt/O5DeUl5tmyEq1STDzzbC4GOf0kGiR85yeHqI7R3B/Ek+ArOH2kx7PKxsW2/wiE3KvM6UhR4w0dnG7SqBV/3ant/vbCMqjVFVaZGU0NAlM/PoiN9QHKkuuFh8iqyszVuF2mDPGatOoskuEHAvMBgL+qk6chyVkhOULfLEb7Qz1OzKDm9Q2J0+Pgj0PQ22f2rG/2x10DysgGfmqdb2RjHWsSttNJWUI6X5puuF09F0vx1+P+WwDPqiLn4NrwAgeV1UAf0/fUUmFBBam9z+MgWpaIWTZccDp+vkCxRtoPqdfNPcCadBaoiBsy82uLSfxYDQA7ldJtSbnmg6CJIb6kasmRTCP9zKRg0WJZ8+ze2nRgp2ZgcEA7qOk8Oy6xXRysJ5g4Dbpp4aHVyaHrFoa27zD5/QlRO6KCZqfDn+ItAy0v3O/yGSdUCEM4pxoAy7BlLDrzAcfdbHUTx8lho7pmNt8Xpb5SiSk5IZE1eRMWLh9dkwoKbPdNRdTQA88JVa9NMXyP4rVQ5vHt2+bT1k9vkVnzI1j4A7IOs1auu6H00DAtpJ9WzD3TgieR6kiiwJzsWp2NAHDC7MNMyFAmjIhREq8fthE/J88vghN3/29mLOSDxGB3M5ZeO4TbMoLgtyUBkNvX+
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(396003)(366004)(39860400002)(136003)(966005)(8676002)(66556008)(7696005)(5660300002)(478600001)(2906002)(76116006)(38100700001)(66476007)(8936002)(6506007)(53546011)(6916009)(91956017)(86362001)(83380400001)(45080400002)(4326008)(316002)(54906003)(33656002)(52536014)(71200400001)(55016002)(66446008)(26005)(66946007)(64756008)(186003)(9686003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?RFRhREdOaElBejhRZVBQb0kyc1RRazJXMXlHZmFMWHJtaHc5QUl6dSs2N3NE?= =?utf-8?B?andvR3NYNndhZEFxZFEvWnkxeVZ4TS82VUJyMGYrU2l3VWEyanRhOWEwQ1Jw?= =?utf-8?B?c1NQOExLSkFwbUdhT0llWlQ1eWRWMnpJYnJOZVdDR1hGNEUyMU9hQW5nQ2dy?= =?utf-8?B?NHJjeTVqcWl6eUhwc1oyQVRlV3VPRGZ4eCtLVlRwQ0ZlQzlWeU9oaUFVeWJG?= =?utf-8?B?WXV3a0VMRzVCK3h0NDQxd1I0MjJRVnFRSTdtbkM3L1RNSXJYaThXWWlSb3Vn?= =?utf-8?B?czdoZEVSSGhud0pxMmxZUUhQQWFQNVNPOENiSFVGTlQ4a3lLeFJIUEkrOW9Y?= =?utf-8?B?TEZoZldxVXFBT1NlQjhNSWN6Q2NGWU11dHhHUTM5T0xyd0lkRHR1cEtmTDUy?= =?utf-8?B?YTlQOTRMTnk1aGlqTm5QRG1kQ05OYmFuRDZQeDAwTlp0M3lUTUdocS9GNzhS?= =?utf-8?B?bWNyUm13TzBDclMyTUlaVklxTmVtdENEL3o4MWI0OU94bHp5T1pGZnRaejlu?= =?utf-8?B?bE53V21sQWxtdDJxTFI4UDZCcWhXZXFkWkZackxnWFBDbmNveEc4bkkzVkRs?= =?utf-8?B?UVByNWZxd1hoOGNGZjRlcEV3ZDlPV2NwOEN3NXprTmowZjlqa25MM0ZQTWo5?= =?utf-8?B?aUl0VllMa1VtMDFCMy9KK2JBYko0SmkyZk0wY2tZOTcyTFRjMUIvUW5OaWt4?= =?utf-8?B?Q0tKUkdKRGo1eFU1TWw3Q3VobVVDRldJSExQeGR6YlA5OVU2aGt1MDM4Q0Ur?= =?utf-8?B?SmwwYzQzMENpRHYvVElwQS9tU1Q3bjh5N2xJVWlOLzZCNThxdFpBdHUwZGMw?= =?utf-8?B?blNsVndPQ3ljd1RmMEc4bDV1UVVnemcyK0FheXhjN2I0ZVIzb2ROcXlob0gv?= =?utf-8?B?YjJCYXFRb0l3Q2NqR3B6d2wyYkdtZDB5SDdFZURFb0hmTnRYZHNCUU5hdGlr?= =?utf-8?B?SU92aEN5ZVlDa2VBQys3OWNTT3h3b0p0M01OTnpGMEs1aU5sbS9tdFlFZENz?= =?utf-8?B?bFBEOHJIU05kM051TUFiUkFsSStJNVpNclFIUWNxcW9za3FiZ2wwQnd4Yllz?= =?utf-8?B?empzYVhFODVjdjc2WHR1c2tsZ0NUSjBLalRnSGtBeEllVHMrQ0czRk52Tzda?= =?utf-8?B?Y1drL3FyVlliZzVhcVYwTlp2dHJZREVkM1hDMjdvY3RjS3pVK1R4emNxb0pv?= =?utf-8?B?R3lKSVRUSGUvTk5qUzF0OUFTSnk4Y0tOZHkzTzJHZERUQnNIM1NIVS8yRmx4?= =?utf-8?B?NnNoSXpWUXdPZFVaSXh6aENZL0dNUFBVVFJLcEZHN1ZiU2FBVmhBSW45dFdQ?= =?utf-8?B?cElTNUVFYzNhN3pZK0VCcThaQXMxckZmRFNMSU9aazhzRnM4MVlsZktEc0N2?= =?utf-8?B?RnJuSlZVdE4zUXJnanN1V09iUHdZcTN5cEx2czIxM3VLcFM5NGZzT2R2Y1ov?= =?utf-8?B?ZkJCSVByZVJlUDhBTU9EbE8wb1JFZDF5MklTbVdrSjVNQ3l3TEZKemo4S1gw?= =?utf-8?B?WFA2ODZibG1tV3JRQWJuR2J2d2xVZSthL2RSUmhtV3oxV1ZqTEhpTUI3UmVy?= =?utf-8?B?OXJuZ01XbjlPQm5ROE5iZmdlTTV5NXJMTnlRVG53NTBEUmFia25YdExnNHVX?= =?utf-8?B?K2JZWjlXbmtBbkhJQXdxNUZ3WWVXMFNkNUx3cHZlcUxjZk5PLzdBTXd0eStM?= =?utf-8?B?azhveFVHL0cxQlFFRU43NVdydm9IU3VRVlYzMEFoeE8zTWFRQlJCdkdRRU8r?= =?utf-8?Q?8q4CAeJ8HJw8qfzRB8=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a096db2a-e246-47ca-80d3-08d8f5f79349
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2021 16:51:34.8221 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB8736
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/UJb07O1Xp_K1Zg1223D4ji3vKlg>
Subject: Re: [Idr] Choice of Large vs. Extended Community for Route Leaks Solution
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Apr 2021 16:51:43 -0000

Jakob,

Thanks. I was expecting this question. We will work on a recursive path analysis to answer it. Brian's suggestion also will be considered. The data crunching may take a week or so.

My hunch was that when the AS path length is 5 or 6 or more, the ASes at the far end (most recently added) are not likely the savvy ones to be doing EC/LC but more likely the earlier ASes added the EC/LC. We'll see what the more detailed data analysis reveals.   

Sriram 

________________________________________
From: Jakob Heitz (jheitz) <jheitz@cisco.com>
Sent: Friday, April 2, 2021 2:38 AM
To: Sriram, Kotikalapudi (Fed)
Cc: Jeffrey Haas; Susan Hares; idr@ietf.org; draft-heitz-idr-wklc@ietf.org; grow@ietf.org; a.e.azimov@gmail.com; Brian Dickson
Subject: Re: Choice of Large vs. Extended Community for Route Leaks Solution

When the collector sees a route with AS-PATH length 5 with a community on it, that does not imply that the community traveled through 5 AS hops. The community could have been added at any of the ASes in the path. Where does the data show that any communities transited any AS boundaries?

Regards,
Jakob.


> On Apr 1, 2021, at 2:06 PM, Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov> wrote:
>
> There may be a knob that AS operators have for permitting transitivity, but we need to look at measurements to understand whether or not operators actually allow transitivity to EC and LC.
>
> NIST BGP measurements (thanks to my colleague Lilia Hannachi) were shared on the GROW list in May 2020:
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fgrow%2FJPD1-hhSvVXIZbUlNQ_1hmzD6IA%2F&amp;data=04%7C01%7Ckotikalapudi.sriram%40nist.gov%7C7e0ddfc991ff4aa54f9308d8f5a1e8e7%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637529423059320205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=WPgxMhjSfAx%2FueDd487sVRqVWCAYY%2FMIF51gzbf%2Bm7Q%3D&amp;reserved=0
>
> A portion is copied below. The AS path length (# unique ASes) distributions for BGP updates with Communities (Regular, Large, and Extended) are shown here. It is evident that both LC and EC propagate multiple AS hops. Mass stripping of LC or EC at the first hop is not evident.  The peak happens at AS path length 4 or 5 and that is good. That is the behavior that is helpful for route leak solution. The solution can still function even if some ASes strip. We can do some more detailed studies if needed.
>
> *********************************************************************
> RIPE-RIS: Community ANALYSIS (Collector : rrc03 From 2020-04-30 00:00 To 2020-04-30 00:55)
> *********************************************************************
> # Updates = 1075583 (Total)
> # (Regular) COMMUNITY = 859239 (79.89%)
> AS path length distribution =    1: 170 (0.02%)    2: 44803 (5.21%)    3: 141072 (16.42%)    4: 276271 (32.15%)    5: 238325 (27.74%)    6: 114158 (13.29%)    7: 31365 (3.65%)    8: 9018 (1.05%)    9: 2690 (0.31%)    10: 811 (0.09%)    11: 358 (0.04%)    12: 169 (0.02%)    13: 22 (0%)    14: 7 (0%)
>
> # LARGE_COMMUNITY = 152818 (14.21%)
> AS path length distribution =    2: 5655 (3.7%)    3: 17205 (11.26%)    4: 54372 (35.58%)    5: 45492 (29.77%)    6: 22065 (14.44%)    7: 6422 (4.2%)    8: 1068 (0.7%)    9: 397 (0.26%)    10: 71 (0.05%)    11: 35 (0.02%)    12: 26 (0.02%)    13: 6 (0%)    14: 4 (0%)
>
> # EXTENDED COMMUNITIES = 44606 (4.15%)
> AS path length distribution =    2: 2269 (5.09%)    3: 7435 (16.67%)    4: 17657 (39.58%)    5: 11600 (26.01%)    6: 3967 (8.89%)    7: 1221 (2.74%)    8: 371 (0.83%)    9: 57 (0.13%)    10: 19 (0.04%)    11: 8 (0.02%)    12: 1 (0%)    13: 1 (0%)
> *********************************************************************
>
> Sriram