IETF Logo Mail Archive

Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Wed, 07 October 2020 00:36 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B22F33A1579 for <idr@ietfa.amsl.com>; Tue, 6 Oct 2020 17:36:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=laRW4xwK; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=WWvVOHoP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gg96HTkiCmgu for <idr@ietfa.amsl.com>; Tue, 6 Oct 2020 17:36:19 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2D83A1563 for <idr@ietf.org>; Tue, 6 Oct 2020 17:36:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5325; q=dns/txt; s=iport; t=1602030979; x=1603240579; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=BO0/qBgwN3L5ShsGXNTaxMk84R9SYFsFCZ5ZcfxgyFU=; b=laRW4xwKvX8PBJONFz7qrn5Qer/0y3LRZmw0aDfoQ/ttJP9eZok30b8w iTYjx8EFabHZI2Zq4qRcF4Axw4AHj9aNACMSocG+xoDo8IR+jYw7LegCB 3FSVVR8KE11EzTdJ+SVpqYlIZbww8T9pdx4qNxNxukyKgncVSYvJex9To 4=;
X-IPAS-Result: A0ADCgA5DX1f/4cNJK1dAx4BAQsSDECDISMuB3BZLyyIAwONcooRjmqCUwNVCwEBAQ0BARgNCAIEAQGESgKCBwIlOBMCAwEBAQMCAwEBAQEFAQEBAgEGBG2FXAyFcgEBAQECAQEBECgGAQEsCwEEBwQCAQgRAwEBAQEeECEGCx0IAgQBDQUIARIHgwWCSwMOIAEOnWsCgTmIYXSBNIMBAQEFgTMBAwIOQYMbDQuCEAmBOIJyhHGBPoQSG4FBP4ERQ4JNPoIaNwsBAQEBAQGBMyofERWDA4ItkBumZlIKgmiIf4ZZhgGFLYMRgSmIWpQTkxaKb4Jqgx+PIAIEAgQFAg4BAQWBayOBV3AVGiGCaQlHFwINjh+DcYUUhUEBdAI1AgYKAQEDCXyLB4JFAQE
IronPort-PHdr: 9a23:CkzNlxDZibmXT61sNOT3UyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qw00g3KQIDS8fMCjefK4OjsWm0FtJCGtn1KMJlBTAQMhshemQs8SNWEBkv2IL+PDWQ6Ec1OWUUj8yS9Nk5YS8XjYlTIozu04CJBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oahusqgCEvcgNiowkIaE0mRY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.77,344,1596499200"; d="scan'208";a="548570364"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Oct 2020 00:36:18 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 0970aI52026819 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 7 Oct 2020 00:36:18 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 6 Oct 2020 19:36:18 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 6 Oct 2020 20:36:17 -0400
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 6 Oct 2020 20:36:17 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iZ2Qpy9myNYmrwVKpfMOtVlBJT1kDxPRWZ7FxKY469IkYmFO0Rip9A+P6JO/W5m9pC2ErcbGcJi2Qw0CnUhjOOec7z8KSa9ux71pWGzaPqRa4sSaUM2VkGMSipx6uoTHYHfw4vqfvj9W9Zx37DgY4bBs5nhIMow131UA/LxGaWwmagIBU9AX2s1tS0yuk+Y42LqBFERdCLxLdgFY5YiCT3yPaquH4xs2H8XwUo7kkoPHtYgHI9HxkqK6ayzMZpBdquQZW5n09e90LYVI5YqOzGYzUSLqyWJ6WZxUEDPYhFPDIDUTY2bsp5Ruod9zmwdjFxSS89BIdbfNcGVT2y7MSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GRfAJ1FQYtpQj3AUx3nGyuJWFNy2IfArBPFcdfNdCqI=; b=HjBqBAexr8IMGhwEpvl++5ML0KEuWA7FXhYSQkAVZ10rDeTdnueYwgkr5omt//9wlT61tEqCTQHO8HjY+0BnTnZQanQIMAE1bubLrqXQ7FqZnB62zp87837hpCE/I1R+o0ks9pSc5wPvZ6FG+hIrx8ck4UbOL0DxXa2Vgrfmnp/1Z6mhcCxqusp1IEstHfsazIobb6asMhvmZwD0yx2rxndpsZgMBiyRGrmNWs80tYSBTuL6h++18c9AjV+UoZrGrLOs9oinhq9tWLbMi0VcGg+6m6wJ2SkDruxoxTxu5GXKTIRmnOfTShlWw+177wZcRMgfmmcaxMkAFpK48ieACA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GRfAJ1FQYtpQj3AUx3nGyuJWFNy2IfArBPFcdfNdCqI=; b=WWvVOHoP2dyz1IJP3HneMQ1UQrLuyc8ji+tgZyyM6yFpjj0xQ5ktuZCLM3DRe/LjRTiCEfu95DfnMjoN+fObPKvf+RvHWa2zU3cEnIg9bEZX9bFian9gnlYx5mSw9E60GytAVInvt2Esc1iS8QwofLNOSs5QkYZtd+5w0vNIvLg=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BY5PR11MB4193.namprd11.prod.outlook.com (2603:10b6:a03:1c8::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.39; Wed, 7 Oct 2020 00:36:16 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::718c:ac63:d72e:f3c9]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::718c:ac63:d72e:f3c9%4]) with mapi id 15.20.3433.044; Wed, 7 Oct 2020 00:36:16 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Warren Kumari <warren@kumari.net>, Gyan Mishra <hayabusagsm@gmail.com>
CC: idr <idr@ietf.org>
Thread-Topic: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt
Thread-Index: AQHWly6A32DhZmAOu02pzKjpozV6f6mBRFwAgAnJBgCAAEGUwA==
Date: Wed, 07 Oct 2020 00:36:16 +0000
Message-ID: <BYAPR11MB3207B145F225CFB222942C0BC00A0@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <160147241917.18722.10402627847451321205@ietfa.amsl.com> <CALxNLBj0Y6yLa963_6zGgiLJNyhGikRrDMB4ySSVUD3T-o6nog@mail.gmail.com> <CABNhwV2isC3o2h2nr45RTnMhRRrDe1nuyyrj9z611_rOYEL_Eg@mail.gmail.com> <CAHw9_iLRX9sYOw+Tyb9PO0_N6ZHqmW8B+SkOArXyY12qOEXqww@mail.gmail.com>
In-Reply-To: <CAHw9_iLRX9sYOw+Tyb9PO0_N6ZHqmW8B+SkOArXyY12qOEXqww@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: kumari.net; dkim=none (message not signed) header.d=none;kumari.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:4a3:1f38:ea7d:9e8c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e46011d5-6743-46db-b852-08d86a590072
x-ms-traffictypediagnostic: BY5PR11MB4193:
x-microsoft-antispam-prvs: <BY5PR11MB4193D9434910F8D2B19023BDC00A0@BY5PR11MB4193.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4502;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RI0v4rjlB9SPYERTVT84PE1nBNK9z+H3EKQ+irxQPTIgmFfFQU40CDGiH4BUExgsGd51I615ggHAnFS3mtWH7us0Uu/ROcqceLGQLJI9RaTSp03C1cmcKkrezfB/xhql5d4tk+LCRcgkol1EBoX4ECJ/5kaNNatOoYQ/nzYTnl/jGkmNsR8i9MjGafk14bcU4CKgPCUY4/nc8ZxJjVR3HZV3rDX6XUxAOumYsEz0vnKWts4xGK1q+UgKb/imuRAojUccXrb4djOX9Lv+2wcBanEv+gKEqvng3vyjz99JuKQn2YPF3MgIf8NBVVnqyN9EmZKums7uVL/cozKnxrhUN9kfsYhpfYWpRMmvAkiWq3I3S8Y8SRkQdQbSSphAOrBg7T+pkikuzLcJrovFDT9Qlw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(376002)(39860400002)(136003)(346002)(366004)(66446008)(66946007)(66476007)(76116006)(83080400001)(66574015)(52536014)(66556008)(316002)(8676002)(71200400001)(8936002)(2906002)(55016002)(186003)(83380400001)(966005)(33656002)(5660300002)(7696005)(64756008)(6506007)(53546011)(478600001)(9686003)(86362001)(4326008)(110136005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: FZUT9RVRTpqRAaw5BXW4I9KFsJdAjCFIU9hrJt7j7JSiaoQb8sNQbsdwSeYi8w7bXiFPhqIpNIx7aIgneRMI+HyWcf6REwbqZpdZdOYv8rZFA5reqvjd329/WEjNIAMir3ite4rNTDCl16a96A6WndsmfqFQqGpIFS8QRDxIarhPQwrO1cRmIFCaiSlKnb32wJiZkuiyXYt03ER2y4yjPzP1CnYiE+K9Tv8k4yZCxSzJDutTvhLIb35sskXZUif2fN0U6jgwiz2ajNxZ+5kH306iJ5Zz8qgD0xBEMpHjPKii7PEfdfrYFmiUg+9REq2KI2bYNdQU8vmEAZFwgaKNXab7UICzOm/zlNR78Fz2nw/SgMEU/bFqItd6JXuIwpPkhPBlK6BCccLADhLfmkHSFXgPaINFh//Da2s1Pu+ALT5ZPXhb9C7CRlCyZxGW9I1cWNFmcVaXq4LQ+FhCF3QTjmHZMo3sO88dl6UvTOF53A+8cZqHrNDdZD6B0/xrMjKnxtgY1hACHSksZ8gfFdqjLJnK4dBIygjMchCYXxYbOQgRZpEVOFakpyRKJDsehsRBqxa2Id89o0Lbhl1lzlWi0LzkozCM+lcNZ11qn+oTm8GKXQzRuyrGUQjRWSKyODwiLzc+GRW9x6/CcGGn3j4AJluzi3V+/sZ/nA+pPRZNq8hlUroqaZDGDYt4UK1/xL3xL/IsV6vsydPQv6+HoFnucQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e46011d5-6743-46db-b852-08d86a590072
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2020 00:36:16.3378 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yiXOJ0kA68q1EsH3Mi+uJl6l18imY4h/e7DegOoUaIcJQxbn6jslORq5bPPXPsSuwxS8Lz4PszNJqQvXFSYavQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4193
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/_ZSRWia-AjA8LJo-HUmH891oxkU>
Subject: Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 00:36:22 -0000

Or at least add some warning text to the option to the effect of:

If the max-prefix limit causes excess prefixes not to be announced
rather than a session termination, then the prefixes that are not announced
are unknown. Differing unknown sets of prefixes not being advertised
by multiple routers can cause forwarding loops.

Or specify the option for session non-termination for external BGP sessions only.

Regards,
Jakob.

-----Original Message-----
From: Idr <idr-bounces@ietf.org> On Behalf Of Warren Kumari
Sent: Tuesday, October 6, 2020 1:19 PM
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: idr <idr@ietf.org>
Subject: Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt

<no hats>
On Wed, Sep 30, 2020 at 10:53 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:
>
> Hi Authors
>
>
> Would it be possible to modify the action so that we have the option to not disconnect the peer and allow the peer to remain UP state but clip the routes above the upper limit and provide this option for both inbound and outbound directions.

Errrr... how sure are you that this is the behavior that you *want*?
If you have tripped the max-prefixes limit it's almost always:
1: things have been slowly growing over time, you've tripped your
warning limit. The right thing to do here is carefully look at the
prefixes, make sure they are what you expect, and bump it up by a bit.
2: you've just borked your filters and are now trying to leak full
tables to your peers. The right thing to do here is tear the session
down and go do penance...

I strongly suggest taking this question to GROW / NOGs before adding a
"send as many as you can and then start filtering" option; tripping
the hard limit should be the same as a circuit breaker, not a
resistor.

W

> This was the PE resources are not impacted as well as the customer peer still remains in an Up state.
>
> Thanks
>
> Gyan
>
> On Wed, Sep 30, 2020 at 9:34 AM Melchior Aelmans <melchior@aelmans.eu> wrote:
>>
>> Hi IDR,
>>
>> As suggested in earlier WG meetings (both in GROW and IDR) we have split the Maximum Prefix Limits draft into Maximum Prefix Limits Outbound and Maximum Prefix Limits Inbound.
>> The authors are looking for your feedback and input on both.
>>
>> Thanks,
>> Melchior
>>
>> ---------- Forwarded message ---------
>> From: <internet-drafts@ietf.org>
>> Date: Wed, Sep 30, 2020 at 3:27 PM
>> Subject: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt
>> To: <i-d-announce@ietf.org>
>>
>>
>>
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>>
>>
>>
>>
>>
>>
>>         Title           : Revised BGP Maximum Prefix Limits Outbound
>>
>>
>>         Authors         : Melchior Aelmans
>>
>>
>>                           Massimiliano Stucchi
>>
>>
>>                           Job Snijders
>>
>>
>>         Filename        : draft-sas-idr-maxprefix-outbound-00.txt
>>
>>
>>         Pages           : 9
>>
>>
>>         Date            : 2020-09-30
>>
>>
>>
>>
>>
>> Abstract:
>>
>>
>>    This document updates RFC4271 by adding a control mechanism which
>>
>>
>>    limits the negative impact of outbound route leaks (RFC7908) in order
>>
>>
>>    to prevent resource exhaustion in Border Gateway Protocol (BGP)
>>
>>
>>    implementations.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> The IETF datatracker status page for this draft is:
>>
>>
>> https://datatracker.ietf.org/doc/draft-sas-idr-maxprefix-outbound/
>>
>>
>>
>>
>>
>> There are also htmlized versions available at:
>>
>>
>> https://tools.ietf.org/html/draft-sas-idr-maxprefix-outbound-00
>>
>>
>> https://datatracker.ietf.org/doc/html/draft-sas-idr-maxprefix-outbound-00
>>
>>
>>
>>
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>>
>>
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>>
>>
>>
>>
>> Internet-Drafts are also available by anonymous FTP at:
>>
>>
>> ftp://ftp.ietf.org/internet-drafts/
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>>
>> I-D-Announce mailing list
>>
>>
>> I-D-Announce@ietf.org
>>
>>
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>>
>>
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>>
>>
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>>
>>
>>
>>
>> _______________________________________________
>>
>> Idr mailing list
>>
>> Idr@ietf.org
>>
>> https://www.ietf.org/mailman/listinfo/idr
>>
> --
>
>
> Gyan Mishra
>
> Network Solutions Architect
>
> M 301 502-1347
> 13101 Columbia Pike
> Silver Spring, MD
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email