Re: [Idr] One week extension to WGLC for draft-ietf-idr-large-community

Robert Raszuk <robert@raszuk.net> Tue, 15 November 2016 18:09 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B03D612940D for <idr@ietfa.amsl.com>; Tue, 15 Nov 2016 10:09:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aeJniaz1qkum for <idr@ietfa.amsl.com>; Tue, 15 Nov 2016 10:09:07 -0800 (PST)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE4411293E4 for <idr@ietf.org>; Tue, 15 Nov 2016 10:09:06 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id g23so183675427wme.1 for <idr@ietf.org>; Tue, 15 Nov 2016 10:09:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=lRAeLXLDtg/uS/Q8l5akSA3mLYY+ApKIHiiwXB1pnns=; b=PygbZoCR3SYNIiKb3h9otKPLPbJvbYFQ3/tQ3CBSdlyRIPGJlL6qQpZnQqluIHpWtk oFPPRsCx7UjRdhtWvqKxA59iE/HkjnPtLaVOnMFdKZN1JMz1/2k/hJhL7QTP9BFA/pUg fYUMaEugmQpVL8B+zIC4MrQk+oVDYQlNNyNZHvn/WIfssUCXLxuhFmLyMj2SCLyC/5yP B9Bp5IdEtcQNDNhiSeSzoVboWByHhhu8/6Wd4DbhMlLD0DFxqAJOQkHZ+KiZ3MLvezA/ TA8fKkmtrPPC83FUSihbkP7FOt6r9JUL9Bv0MHG7mJnL64jFav83OWYn1+o8TzbOQnna xKQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=lRAeLXLDtg/uS/Q8l5akSA3mLYY+ApKIHiiwXB1pnns=; b=FX4ZYAKpasMSQA30bW49UvIniuiQL9RP50a6wvH5CVONrWobWG+UHNgQk+cMVyrtNd gYU0oUzaX/UU6NxMt5ToU3zmFcw2uKrPvYyss30LMLaDtfriiGouq1ylcEYphCjjWPo2 v+v8iiSSa2HlDKwAOAChvxFYzjHur9sSVIBM/WwJH+BaSwE/gcVt/QSqz+wFEwzj7+yL qqLLGYUWmc2JZS6EnGZ/tHEFC224fdCNotUh4USh69qcX5wZyRlHfs3Q+Z2LL6rIJNvA mCuoOEgZYpurE5SW6moYea0odfbVTXIzjLBOgcYtvjNiw/BbrjL6x9iIguGWxcI+voFn 0fTg==
X-Gm-Message-State: ABUngve1MVT3gsKTe7mHOrEekW5RGeGjkhgvw/DZ6DqaI3/4bEZMaveLfBpF6slNiELp9WOqVjb/UAcNAkDCAg==
X-Received: by 10.28.196.207 with SMTP id u198mr5064487wmf.102.1479233345343; Tue, 15 Nov 2016 10:09:05 -0800 (PST)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.80.137.69 with HTTP; Tue, 15 Nov 2016 10:09:03 -0800 (PST)
Received: by 10.80.137.69 with HTTP; Tue, 15 Nov 2016 10:09:03 -0800 (PST)
In-Reply-To: <a23c2ece-591d-8089-db71-67a3b28802c3@i3d.net>
References: <FDA477F5-0F7A-449B-9C3F-7453FE8CB716@juniper.net> <C7D1A165-A9E5-4C9D-BC8F-1F5BB14C192F@juniper.net> <27701_1479159582_582A2F1E_27701_6903_1_53C29892C857584299CBF5D05346208A1EC77FE1@OPEXCLILM21.corporate.adroot.infra.ftgroup> <736EA2CC-3DD1-4F14-96ED-2916E62F6F02@cisco.com> <26709_1479217575_582B11A7_26709_12999_1_53C29892C857584299CBF5D05346208A1EC79584@OPEXCLILM21.corporate.adroot.infra.ftgroup> <CA+b+ER=SEcEFW4OxMx8qTxjpu1eyzKFH0TxshsoTS3oz6MvFBw@mail.gmail.com> <a23c2ece-591d-8089-db71-67a3b28802c3@i3d.net>
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 15 Nov 2016 19:09:03 +0100
X-Google-Sender-Auth: ny4ui185QxVAXOlTF5Fkrg2XhOY
Message-ID: <CA+b+ERn6pk4pRTDObhWTe5NerfBRUUvJT7CjM+B1qVLA420LUQ@mail.gmail.com>
To: "i3D. net - Martijn Schmidt" <martijnschmidt@i3d.net>
Content-Type: multipart/related; boundary="94eb2c1930f416f34705415ada9b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/cWJra2cNAVzKElauq0K4igvBHjk>
Cc: bruno.decraene@orange.com, idr wg <idr@ietf.org>
Subject: Re: [Idr] One week extension to WGLC for draft-ietf-idr-large-community
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2016 18:09:11 -0000

And what stops you from having a bit smarter clauses where you regex match
on exactly one, two or N occurences of a given community string anywhere in
your received community list following different local PREPEND action ???

Expanded matches for communities have been supported for years.

Thx,
R.

On Nov 15, 2016 11:28 PM, "i3D.net - Martijn Schmidt" <
martijnschmidt@i3d.net> wrote:

> Hi Robert,
>
> Route-maps don't work that way in today's router software, every clause is
> evaluated once and then the route-map execution either stops (if no
> continue statement is given) or proceeds to the next clause (if a continue
> statement is given). Either way, the community will only be matched once
> even if it's been tagged twice on the same prefix.
>
> Best regards,
> Martijn
>
> On 11/15/2016 03:19 PM, Robert Raszuk wrote:
>
> Hi Bruno,
>
> Since I was going to ask the same question let me provide an example:
>
> AS1 ---- AS2 ---- AS3 ---- peer_X
>
> AS3 publishes community with action if I receive this community I will
> PREPEND my AS# one time towards my peer X.
>
> Now AS1 comes with a need for such prepend on PI prefix P. Then AS2 for
> perhaps completely different reason also comes up with idea to hint AS3 to
> execute prepend on the same very prefix P.
>
> So AS3 is receiving the two communities which both are valid and truely
> intended. Why we would drop it ?
>
> I admit when the topic came up originally the major concern to me was to
> prevent stuffing community with N identical sets of values by same AS.
>
> But even this case can be legitimate. Let's consider that said AS2  needs
> prepend by 2 to some prefixes and AS3 offers *only* community of single
> PREPEND. Why not adding it twice to such selected prefixes not be a way to
> signal such requirement ?
>
> Regards,
> R.
>
> On Nov 15, 2016 10:46 PM, <bruno.decraene@orange.com> wrote:
>
>> TL;DR: I'm fine with -08 (MUST NOT send, MUST de-duplicate). I'm not fine
>> with -06, unless some text is added, because it may open different
>> interpretation.
>>
>> > From: Jakob Heitz (jheitz) [mailto:jheitz@cisco.com]  > Sent: Tuesday,
>> November 15, 2016 12:00 AM
>> >
>>  > Receipt of a duplicate MUST NOT trigger any error handling. It is not
>> a protocol error. It
>>  > MUST NOT cause treat-as-withdraw and MUST NOT cause attribute discard.
>> Simply
>>  > deleting the duplicate is enough. Even a log of the deletion is noise.
>> Log it if you must, but
>>  > my code does not. This is consistent with legacy community handling.
>>  >
>>  > Therefore, I support SHOULD.
>>
>> If you believe that this is not an error, there is no need for specific
>> action, not to mention trying to correct the .... error. ("SHOULD remove
>> the duplicate" is trying to correct it).
>>
>> Taking a step back, I think that what we really must specify, is whether
>> a community received N times, MUST be considered as received N times or 1
>> time, because this impacts the meaning, hence the interop. e.g. if the
>> community means prepend one, does sending it N times means prepend N or
>> prepend 1)
>> >From the current text, it seems that people want to only have the
>> community interpreted once. (which is a restriction of what we could do).
>>
>> If so, it seems to never make sense to send the same value multiple
>> times. So it seems clearer to completely forbid it (MUST NOT) rather than
>> leaving the option to re-open the discussion latter or consider how the
>> receiver need to react to "keep the meaning" intended by the originator.
>> Especially since some combination seems to make less sense. e.g. "SHOULD
>> NOT be sent, SHOULD be removed" where we are opening the option to send
>> duplicate, but we don't define how such duplicate will propagate, so the
>> originator has even less reason to try an innovative unspecified behavior.
>>
>> Now, if we have "MUST NOT be sent", then I think that this is an error
>> condition if we receive duplicate. And I see 3 options:
>> a) leave them all, (i.e. no correction) but specify that N times as the
>> same value that 1 time.
>> b) try to stop the error, by correcting it (i.e. "remove duplicate") but
>> that seem to assume that the error is on the sending side, while the error
>> could in fact be on the receiving side. It's bothers me a little that this
>> point had never been discussed by the WG, especially since for the receiver
>> (coder), there is a clear bias in favor of trusting itself (himself). While
>> we had real world example where the error was on the receiving side or at
>> least not on the sending side (e.g. error due to code point collision, e.g.
>> VPN extended community 0x010a, and more recently attributes in
>> draft-ietf-idr-deprecate-30-31-129)
>> c) try to stop the error, with no assumption on the source of the error,
>> by withdrawing the error (Attribute discard or Treat-As-Withdraw). Would be
>> TAW in our case.
>>
>> I had suggested "treat-as-withdraw" as a provocation to trigger the
>> discussion, which had never happened. But personally I don't care much on
>> the action, provided that the interpretation is not ambiguous. e.g. MUST be
>> considered as received 1 time.
>>
>> Again, I fine with latest version (-08). I'm less fine with the -06
>> version, especially as the behavior on the receiving side is not strictly
>> defined and may not be interoperable (-06 allows keeping duplicate while
>> not defining its meaning)
>>
>> Thanks,
>> --Bruno
>>
>>  > Thanks,
>>  > Jakob.
>>  >
>>  >
>>  > > On Nov 15, 2016, at 6:39 AM, "bruno.decraene@orange.com"
>>  > <bruno.decraene@orange.com> wrote:
>>  > >
>>  > > John, Sue,
>>  > >
>>  > >> From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of John G.
>> Scudder  > Sent: Monday,
>>  > November 14, 2016 7:50 PM
>>  > >>
>>  > >> In my role as co-chair:
>>  > >>
>>  > >>> On Nov 14, 2016, at 6:10 PM, John G. Scudder <jgs@juniper.net>
>> wrote:
>>  > >>> Please raise any objections by November 21. In this case, silence
>> will be taken as
>>  > >> consent assuming you've already supported publication.
>>  > >>
>>  > >> Given there's debate regarding the SHOULD/MUST change, I think it's
>> not appropriate
>>  > to
>>  > >> assume silence gives consent to the change. So, I take that back
>> and expect we will
>>  > judge
>>  > >> consensus for this item in the usual way.
>>  > >
>>  > > 1) I support the "MUST".
>>  > > In addition to the reasons already provided, IMHO, I would say that
>> this also seems
>>  > aligned with RFC 7606. (but I would prefer not to re-open the 7606
>> error handling debate).
>>  > >
>>  > > 2) If "MUST" is kept, on a side note,
>>  > >
>>  > > - I'm less sure about the "silently" part of "MUST silently" as I'm
>> not sure why logging
>>  > the error should be considered as a protocol violation. (and 7606 was
>> rather calling for
>>  > logging the error). So I would propose to remove "silently.
>>  > >
>>  > > - If we now have ' Duplicate BGP Large Community values MUST NOT be
>> transmitted.',
>>  > receiving a duplicate is a clear protocol error. In the general case,
>> it's difficult to know
>>  > whether the error is on the sending side or the receiving side.
>> (Although the receiving side
>>  > will typically consider that he is (obviously always) right, hence the
>> sender must be in
>>  > error). Given that large community has an impact on route preference
>> or selection, this
>>  > may call for "treat-as-withdraw"...
>>  > > I already hear the objection that "both value are the same hence it
>> has no influence",
>>  > but it's the receiver which claims that both value are the same. If
>> the error is on the
>>  > receiving side, possibly both values were sent as different. (e.g.
>> oops, the test was only
>>  > considering the first 64 bits. And the error had never been detected
>> so far, because the
>>  > first 64 bits had been different during testing, or the duplicate
>> silently removed))
>>  > >
>>  > > --Bruno
>>  > >
>>  > >> (The same would apply to the canonical
>>  > >> representation item if there were to be debate about it.)
>>  > >>
>>  > >> --John
>>  > >> _______________________________________________
>>  > >> Idr mailing list
>>  > >> Idr@ietf.org
>>  > >> https://www.ietf.org/mailman/listinfo/idr
>>  > >
>>  > >
>>  > ____________________________________________________________
>> _____________
>>  > ________________________________________________
>>  > >
>>  > > Ce message et ses pieces jointes peuvent contenir des informations
>> confidentielles ou
>>  > privilegiees et ne doivent donc
>>  > > pas etre diffuses, exploites ou copies sans autorisation. Si vous
>> avez recu ce message
>>  > par erreur, veuillez le signaler
>>  > > a l'expediteur et le detruire ainsi que les pieces jointes. Les
>> messages electroniques
>>  > etant susceptibles d'alteration,
>>  > > Orange decline toute responsabilite si ce message a ete altere,
>> deforme ou falsifie.
>>  > Merci.
>>  > >
>>  > > This message and its attachments may contain confidential or
>> privileged information
>>  > that may be protected by law;
>>  > > they should not be distributed, used or copied without authorisation.
>>  > > If you have received this email in error, please notify the sender
>> and delete this
>>  > message and its attachments.
>>  > > As emails may be altered, Orange is not liable for messages that
>> have been modified,
>>  > changed or falsified.
>>  > > Thank you.
>>  > >
>>  > > _______________________________________________
>>  > > Idr mailing list
>>  > > Idr@ietf.org
>>  > > https://www.ietf.org/mailman/listinfo/idr
>>
>> ____________________________________________________________
>> _____________________________________________________________
>>
>> Ce message et ses pieces jointes peuvent contenir des informations
>> confidentielles ou privilegiees et ne doivent donc
>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez
>> recu ce message par erreur, veuillez le signaler
>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
>> electroniques etant susceptibles d'alteration,
>> Orange decline toute responsabilite si ce message a ete altere, deforme
>> ou falsifie. Merci.
>>
>> This message and its attachments may contain confidential or privileged
>> information that may be protected by law;
>> they should not be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and
>> delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have
>> been modified, changed or falsified.
>> Thank you.
>>
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>>
>
>
> _______________________________________________
> Idr mailing listIdr@ietf.orghttps://www.ietf.org/mailman/listinfo/idr
>
>
> --
> Met vriendelijke groet / Kindest regards,
> Martijn Schmidt
>
>
> [image: i3D.net performance hosting]
> *Martijn Schmidt | Network Architect*
> Email: martijnschmidt@i3d.net <//martijnschmidt@i3d.net> | Tel: +31 10
> 8900070
>
> *i3D.net B.V. | Global Backbone AS49544*
> Van Nelleweg 1, 3044 BC Rotterdam, The Netherlands
> VAT: NL 8202.63.886.B01
>
> Website
> <http://www.i3d.net/?utm_source=emailsignature&utm_medium=email&utm_campaign=home>
> | Case Studies
> <http://www.i3d.net/partners/?utm_source=emailsignature&utm_medium=email&utm_campaign=case-studies>
> | LinkedIn <https://www.linkedin.com/company/i3d-net>
>
>