Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW

Zhuangshunwan <zhuangshunwan@huawei.com> Wed, 04 August 2021 02:37 UTC

Return-Path: <zhuangshunwan@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B94E43A3DC3; Tue, 3 Aug 2021 19:37:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fOE7OsZgj2-C; Tue, 3 Aug 2021 19:37:33 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B8083A3DC1; Tue, 3 Aug 2021 19:37:33 -0700 (PDT)
Received: from fraeml742-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4GfbVg6rDjz6GDsp; Wed, 4 Aug 2021 10:37:15 +0800 (CST)
Received: from kwepeml500003.china.huawei.com (7.221.188.182) by fraeml742-chm.china.huawei.com (10.206.15.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Wed, 4 Aug 2021 04:37:28 +0200
Received: from kwepeml500004.china.huawei.com (7.221.188.141) by kwepeml500003.china.huawei.com (7.221.188.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Wed, 4 Aug 2021 10:37:26 +0800
Received: from kwepeml500004.china.huawei.com ([7.221.188.141]) by kwepeml500004.china.huawei.com ([7.221.188.141]) with mapi id 15.01.2176.012; Wed, 4 Aug 2021 10:37:26 +0800
From: Zhuangshunwan <zhuangshunwan@huawei.com>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram=40nist.gov@dmarc.ietf.org>, GROW WG <grow@ietf.org>
CC: IDR <idr@ietf.org>
Thread-Topic: some questions from {RC, LC, EC} analysis presentation in GROW
Thread-Index: AQHXiHXG0T0iPqYYLk6NCjnOwJ+5gatinG8A
Date: Wed, 4 Aug 2021 02:37:26 +0000
Message-ID: <76c169816a174f4c8907af0e8b64b932@huawei.com>
References: <SA1PR09MB8142ADE02512DB13887086AC84F09@SA1PR09MB8142.namprd09.prod.outlook.com>
In-Reply-To: <SA1PR09MB8142ADE02512DB13887086AC84F09@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.152.178]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/aOLzH0FFtUmkhSSP4rQbQNp36NE>
Subject: Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2021 02:37:38 -0000

Hi Sriram,

The community attribute example 3356:666 on page 10 may not match the actual function.
"
Example: AS path = 25160 3356 12956 6147 and RC = 3356:666
 This means that the client is at AS 6147 (origin AS) and AS 3356 is the RTBH provider
 AS Distance to RTBH provider = 2
 Propagation (#hops): The Blackhole Community propagated 3 hops in this case (AS 6147 to AS 25160)
"

According to https://onestep.net/communities/as3356/
...
--------------------------------------------------------
prefix type communities
--------------------------------------------------------
3356:123 - Customer route
3356:666 - Peer route
--------------------------------------------------------
...
--------------------------------------------------------
customer traffic engineering communities - Blackhole
--------------------------------------------------------
3356:9999 - blackhole (discard) traffic

Traffic destined for any prefixes tagged with this
community will be discarded at ingress to the Level 3
network. The prefix must be one permitted by the
customer's existing ingress BGP filter.
For some router vendors the peering
must be changed to an eBGP multihop session on the Level
3 side of the connection.
...

Regards,
Shunwan

-----Original Message-----
From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Sriram, Kotikalapudi (Fed)
Sent: Tuesday, August 3, 2021 11:15 PM
To: GROW WG <grow@ietf.org>
Cc: IDR <idr@ietf.org>
Subject: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW

Some questions raised at the mike or in the chat window during my GROW presentation last week on the analysis of {Regular, Large, Extended} Communities are worth a revisit. The presentation slides are here:
https://datatracker.ietf.org/meeting/111/materials/slides-111-grow-bgp-regularextendedlarge-community-analysis-01 

Comment (Jeff): Your slides have proven that stuff is being passed around in a transitive fashion. The thing that is not necessarily a clear conclusion is that service providers are willing to pass them around in a way that allows you to safely use them in a transitive fashion for any given application.  

Related comment (Ruediger): There is a need for consideration of what hygiene should be applied to the communities you are propagating. Typically, people are concerned about the hygiene of what they accept. But in a peering relationship, you as the sender are also responsible for what you are sending; you should not propagate without understanding the security [safety] implications. Today this type of hygiene is generally lacking.

Response: We welcome any ideas that may help compile RC/LC/EC application types and their propagation requirements to perform measurements against them. Also, it is good to follow Ruediger’s suggestion and have a GROW document that provides operator guidance on what hygiene to apply on the sender side so that the propagation happens safely. Having said that, our measurements focused on whether or not ASes propagate transitive communities. The results are correct in that respect. One AS in the path may not have removed the community or stopped propagating the route further, but the other ASes that propagated are indeed correctly propagating transitive stuff. When it is not participating in the specific community application, it seems correct behavior for an AS to simply pass on the transitive community to the next AS. In general, LC and RC are transitive (unless NO_EXPORT or NO_ADVERTISE is also present). Minor point: The measurements also show that non-transitive ECs do not propagate; only transitive ECs are seen propagating (slide 15). 

Question (Chris): Why is it assumed (on slide 11) that the Blackhole community is added at the origin AS? 

Response: The RTBH service is requested by the prefix owner. That is why it is assumed that it is added at the AS where the prefix is located, i.e., the origin AS. Are there legitimate circumstances where an AS that is 2 or 3 hops upstream from the prefix can make that request? 

Thanks.
Sriram

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr