IETF Logo Mail Archive

[Idr] Re: draft-tantsura-idr-unreachability-safi-00.txt

Donatas Abraitis <donatas.abraitis@gmail.com> Wed, 12 November 2025 08:36 UTC

Return-Path: <donatas.abraitis@gmail.com>
X-Original-To: idr@mail2.ietf.org
Delivered-To: idr@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1739A87F39C6 for <idr@mail2.ietf.org>; Wed, 12 Nov 2025 00:36:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.855
X-Spam-Level:
X-Spam-Status: No, score=-0.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWp0t6CA-Kwa for <idr@mail2.ietf.org>; Wed, 12 Nov 2025 00:36:33 -0800 (PST)
Received: from mail-yx1-xb12a.google.com (mail-yx1-xb12a.google.com [IPv6:2607:f8b0:4864:20::b12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5A14787F39B4 for <idr@ietf.org>; Wed, 12 Nov 2025 00:36:33 -0800 (PST)
Received: by mail-yx1-xb12a.google.com with SMTP id 956f58d0204a3-640b4a05c1cso581243d50.3 for <idr@ietf.org>; Wed, 12 Nov 2025 00:36:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762936593; x=1763541393; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xxYdoYE5ad48zVUNoEdwGpX4jT3nHE00DaSwgBt9aHM=; b=USubx20jzCtgyqDrY1XVJFY/5z3+Bp7LhAX/pfK24bleEvMjZynsAHbfjXt3IOnhpW w0smSc1eRppV8MZqjO/LPH7SXaAEpDkb6KjHxIDEg2CxoTvU1Zucbu2ojJmF/YzNNLgF fWXw8uE589II8DsY2czlRd6ByLVMmhpKOskt1/EaVIpS/iYNKsDImHPBcA41S3VYurU3 GQPCFIsP94A9p3CYid3P5h6vzzbPPOoaVo8S6Vg4uKv0FA1hVNrPrEEgLDL9+7Gn1xpW mloBJXKYenIlZhK7cRQQKeT9ir16ovPki2SH6TtbDrSCY7cnFMY/Fp1p0zM6mi3D354t JQNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762936593; x=1763541393; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=xxYdoYE5ad48zVUNoEdwGpX4jT3nHE00DaSwgBt9aHM=; b=JW6eYbYL0b8iiYdUAFY/3qVMNzvMfR8BmvQ1H1c9ycjJPtlj8PW5G6eFaamR5Fw/8F 3BYUWSrwpnwwkuz5xM33LJhTZFpAr93I7Sdqc+jigFwZew702k1fWkLi9due6XEsLyxI PcI4fS6Jz0M3TFYibGceAIL/R63Cw9kxzlHRr2gYICI3CZ0vbazcM5Sms3PPyZntlhYf 2W471/62BiPrUJ346jEChWBrWrvR/xYn1AFkRGAhbKhS6sdlgBlpUgNsmyRzTKY0QqcJ otAlfH3lXqCWTEwInt+ODyjLu406zTqL1YsTIbdeDejCxBYMOQ9nTl+0Wo6LUe2Kl69H qFkA==
X-Forwarded-Encrypted: i=1; AJvYcCWZ7yHazlrVjDFW08uflQqUKxQxAuz2UwLXuiYEePmuJDMpoSF6IU8yxKRLS7ZMzDRdpLM=@ietf.org
X-Gm-Message-State: AOJu0Yy9+w5dbc40Tfqc2ooMhZ2RHCLY2EmHheDYqGgOb3z3UwIMmKP3 jyOm978Hk59Ko39fJCC1yL6f3T8UHx0CRf6VmgEfZA/k9vj8wzdbYqg4nmK+q3QXuE8Eom2sKKZ yxhKGtn4NQ8Rrc6dKpugof5j85qgxQoM=
X-Gm-Gg: ASbGncvSDRvIzRGZ00LWwgumuFozcIAsNJrcbl242o3s6U/WJvHRGtXXvviz7sBUMSu C1uO24mrIZaV3ci8nDGORYkLnTWCuoEXe/zLIdB+trpXsbeddqaafiHnu3LEQKvad4ju5gOX3kV +0S4+j5jDuTBfC7DuMyA76ih8zbLSvYyz8HSW6gDDNVE0nzk3aKux5tBUaNGDN61dLVTOLF4ZWj 1FkAXnOmEAJ+KqDWbaT+vBxEl5RhsltmLC2x3tFDSWUFQaLBuTbDprMABr+
X-Google-Smtp-Source: AGHT+IGzyPrq+LQYgbxmC+DCeevctpMGOV4Djz1vUeO5bpm/dhTzaymeZrqtZ14cl0TaD0mhx/AHLeb2pTJptg9mf/I=
X-Received: by 2002:a05:690e:250d:10b0:63f:b56e:74c6 with SMTP id 956f58d0204a3-64101aaf5b1mr1573406d50.19.1762936592615; Wed, 12 Nov 2025 00:36:32 -0800 (PST)
MIME-Version: 1.0
References: <176289545153.2257004.4439438509549182676@dt-datatracker-5df8666cb-7l4w5> <CAOj+MME5n29iF7y8PR3GMJq=Eq+FcWOFBP18wHBpx2pEpNhjvg@mail.gmail.com> <e9fe8192d7b94263bb7555f5cb83d877@huawei.com>
In-Reply-To: <e9fe8192d7b94263bb7555f5cb83d877@huawei.com>
From: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Wed, 12 Nov 2025 10:36:21 +0200
X-Gm-Features: AWmQ_bnF2lVCcx8PCfjxpW3KN0Np8rrjTrC7SlmpFoc61P4mXl1Zh9iCdTFp1-c
Message-ID: <CAPF+HwUGiRdChS+sg_gQUUr7wLD4u3-QD-67y=yCiVBs_uZBVw@mail.gmail.com>
To: gengnan <gengnan=40huawei.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005d4ef4064361a913"
Message-ID-Hash: B3477FXQHEY3CQ6X3N5RVMUUON74N4TT
X-Message-ID-Hash: B3477FXQHEY3CQ6X3N5RVMUUON74N4TT
X-MailFrom: donatas.abraitis@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-idr.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Robert Raszuk <robert@raszuk.net>, "idr@ietf. org" <idr@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Idr] Re: draft-tantsura-idr-unreachability-safi-00.txt
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ZS8HPSY7RCsFKx3_QcQWIZ_nSVo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>

a) How are these types distinguished? IMO, it's easier to have a single one
(like filtered) instead of sub-reasoning. And... as a very popular do we
want to disclose this "WHY" (reasoning) to external peers?
1: Policy Blocked
2: Security Filtered

b) NLRI format...

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Prefix Length |           IPv4 Prefix (variable)              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    TLVs (variable)                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

I think it's missing ID part (if additional paths are used), or we should
say that "is't not working with add-paths"?

c) Configuration example is wrong:

router bgp 65001
  neighbor 192.0.2.1 remote-as 65002
  !
  address-family ipv4 unreachability
    neighbor 192.0.2.1 activate
    neighbor 192.0.2.1 maximum-prefix 50000
    neighbor 192.0.2.1 route-map UNREACH-IN in
    neighbor 192.0.2.1 route-map UNREACH-OUT out
  exit-address-family
  !
  address-family ipv6 unreachability
    neighbor 2001:db8::1 activate
  exit-address-family
!
route-map UNREACH-IN permit 10
  match community NO-EXPORT-UNREACH
  set local-preference 50
!

2001:db8::1 is not defined :)

d) What happens if conflicting information arrives (e.g., one peer says
“RPKI invalid”, another still advertises the prefix normally)? Like
spoofing/malforming.

e) To me it sounds like BMP-like another one complex...

f) I'm just thinking loudly if we can't have the same information encoded
in NHC (Next Hop Characteristics)... Something like:

AFI: 1
SAFI: 1
NLRI: 192.0.2.0/24
NHC:
  Type: 100 (Unreachability Status)
  Value:
    Reason: RPKI Invalid
    Timestamp: 1731423624
Path Attributes: AS_PATH, ORIGIN, etc.

$0.02

On Wed, Nov 12, 2025 at 4:19 AM gengnan <gengnan=40huawei.com@dmarc.ietf.org>
wrote:

> Hi,
>
>
>
> Had a look at the draft. A question to my mind is: for what prefixes do we
> need to announce using the new proposed safi.
>
>
>
> 1. the prefixes that have been announced/propagated to a peer but now
> become to fail to pass the local policy due to policy changes?
>
> 2. the prefixes that are received from a peer but failed to pass the local
> policy, and thus will not be propagated further?
>
> 3. the prefixes that failed to pass the local policy (e.g., RPKI invalid)
> but still be propagated?
>
> 4. …
>
>
>
> Best,
>
> Nan
>
>
>
> *From:* Robert Raszuk <robert@raszuk.net>
> *Sent:* Wednesday, November 12, 2025 5:57 AM
> *To:* idr@ietf. org <idr@ietf.org>
> *Subject:* [Idr] draft-tantsura-idr-unreachability-safi-00.txt
>
>
>
> Hi,
>
>
>
> The proposal as written is just a form of a free floating idea.
>
>
>
> #1 - I would start first in providing a hook which would describe in which
> BGP PATH ATTRIBUTE of the BGP UPDATE MSG you are going to carry those NLRIs
> ... MP-REACH-NLRI ? MP-UNREACH-NLRI ?  NEW ONE ?
>
>
>
> #2 - Your justification for this work fully overlaps with already existing
> IDR WG document:
>
> https://www.ietf.org/archive/id/draft-ietf-idr-operational-message-00.txt
> Please kindly explain what gain do you see to add what you have proposed in
> the draft to BGP UPDATE MSG ?
>
>
>
> #3 - Value: 86 (to be assigned by IANA) .. That would be squatting at this
> point. Not good !
>
>
>
> #4 - I am completely not following on your list of reasons:
>
>
>
> Type 2: Unreachability Reason Code
>
>    *  Length: 2 octets
>    *  Value: Detailed reason code (registry to be established)
>    *  0: Unspecified
>    *  1: Policy Blocked
>    *  2: Security Filtered
>    *  3: RPKI Invalid
>    *  4-65535: Reserved for future use
>
>
>
> I assume you are still trying to announce your own prefix which became
> unreachable in your domain ... so what does it mean to announce it with any
> of the types like 1, 2 or 3 ?
>
>
>
> Or are you dreaming of any BGP speaker on the internet suddenly
> broadcasting to anyone in the world that he failed to install a received
> BGP prefix due to one of those listed reasons ???
>
>
>
> To me this proposal looks too raw for any consideration at this point.
>
>
>
> Regards,
>
> Robert
>
>
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Tue, Nov 11, 2025 at 10:12 PM
> Subject: I-D Action: draft-tantsura-idr-unreachability-safi-00.txt
> To: <i-d-announce@ietf.org>
>
>
>
> Internet-Draft draft-tantsura-idr-unreachability-safi-00.txt is now
> available.
>
>    Title:   BGP Unreachability Information SAFI
>    Authors: Jeff Tantsura
>             Donald Sharp
>             Vivek Venkatraman
>             Karthikeya Venkat Muppalla
>    Name:    draft-tantsura-idr-unreachability-safi-00.txt
>    Pages:   12
>    Dates:   2025-11-11
>
> Abstract:
>
>    This document defines a new BGP Subsequent Address Family Identifier
>    (SAFI) called "Unreachability Information" that allows the
>    propagation of prefix unreachability information through BGP without
>    affecting the installation or removal of routes in the Routing
>    Information Base (RIB) or Forwarding Information Base (FIB).  This
>    mechanism enables network operators to share information about
>    unreachable prefixes for monitoring, debugging, and coordination
>    purposes while maintaining complete separation from the active
>    routing plane.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-tantsura-idr-unreachability-safi/
>
> There is also an HTML version available at:
>
> https://www.ietf.org/archive/id/draft-tantsura-idr-unreachability-safi-00.html
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> I-D-Announce mailing list -- i-d-announce@ietf.org
> To unsubscribe send an email to i-d-announce-leave@ietf.org
> _______________________________________________
> Idr mailing list -- idr@ietf.org
> To unsubscribe send an email to idr-leave@ietf.org
>


-- 
Donatas

v2.40.4 | Report a Bug | By Email | System Status