IETF Logo Mail Archive

Re: [Idr] Fwd: New Version Notification for draft-spaghetti-idr-bgp-sendholdtimer-05.txt

Jeffrey Haas <jhaas@pfrc.org> Thu, 04 August 2022 17:44 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46332C15C501 for <idr@ietfa.amsl.com>; Thu, 4 Aug 2022 10:44:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bWtPnEJIb0o5 for <idr@ietfa.amsl.com>; Thu, 4 Aug 2022 10:44:14 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 03AB4C15C502 for <idr@ietf.org>; Thu, 4 Aug 2022 10:44:13 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id AE98C1E358; Thu, 4 Aug 2022 13:44:12 -0400 (EDT)
Date: Thu, 04 Aug 2022 13:44:12 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Robert Raszuk <robert@raszuk.net>
Cc: Ben Cox <ben=40benjojo.co.uk@dmarc.ietf.org>, "idr@ietf. org" <idr@ietf.org>
Message-ID: <20220804174412.GA25076@pfrc.org>
References: <CAOj+MME7XnW7kDXL4muh4Qp1UvabQ9amUoU0Sn3h2axqKzswzA@mail.gmail.com> <77F3E1F0-486F-47DF-ABE4-EFDB9C2FB6D8@gmail.com> <CAOj+MMGR4f3eLEDZY++1m4Lpo9joG4L9OrWbeF6kREn-9a9onA@mail.gmail.com> <c6e44213-7667-0f67-71a4-634411cd102b@foobar.org> <CAOj+MMFajL6E42WCzC0ZqrfSBZjU-0B=ZzmtvCRPkuMzU8z5QA@mail.gmail.com> <Yun6e5jSb0OYZGAX@shrubbery.net> <CAOj+MMFRJr=cs+5DVOp72BVn_j3NgANwNftyj=jRbdsvPpg-wA@mail.gmail.com> <CANJ8pZ9oNvd0CGEbOQQpeZ1Sf-=ctVy8yhD0XFK-qYiE08BZUA@mail.gmail.com> <CAL=9YSX-iXEOQrERA5M_ZbG68UmgacchdODk7uwT3p0ZjLgJow@mail.gmail.com> <CAOj+MMFTikXbAC81mU7SiUHFq==5y5k9cSMK91B5YGVfAQLEvQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAOj+MMFTikXbAC81mU7SiUHFq==5y5k9cSMK91B5YGVfAQLEvQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/dRlGMT1LXIIE4qlTgki2x-X2ofY>
Subject: Re: [Idr] Fwd: New Version Notification for draft-spaghetti-idr-bgp-sendholdtimer-05.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2022 17:44:15 -0000

Robert,

On Thu, Aug 04, 2022 at 06:23:58PM +0200, Robert Raszuk wrote:
> So we are trying to drop a session towards the BGP peer who does not
> respect basic RFC4271 obligation to drop the session when HOLD TIMER
> expires. That to me is already marginal (read noise corner case).

>From the perspective of the upstream BGP Speaker, all we know is data is not
being consumed.  

>From the perspective of the downstream BGP Speaker, any number of things
could be going on:
- BGP should know that it has data and simply isn't consuming it.  (A bug in BGP.)[1]
- BGP isn't aware that that it has pending data. (A bug in the TCP stack/OS.)
- A bug exists in the TCP state between two systems and the window has
  contracted out of the control of the application.  BGP can't do anything.
  (A bug in the TCP stack, or an attack against the TCP protocol.)

The proposal at hand is that without regard as to why the downstream BGP
Speaker has gotten into this situation, there's a desire to terminate the
session.

> Then we worry that LINUX TCP stack may have buggy implementation of
> TCP_USER_TIMEOUT and instead of fixing it locally we dismiss this option.

I think obsessing over a specific current implementation is premature for an
Internet-Draft.

> Isn't this going a bit too far ? If the problem is real why don't we solve
> it in a more elegant and broader way (broader in a sense to detect more
> issues) by defining a new BGP Message - BGP PING Message. Sort of BGP level
> heartbeat.

See discussion below.

> Difference from KEEPALIVE messages would be that apparently implementations
> and RFC4271 decouple completely KEEPALIVE receiving from KEEPALIVE MSG and
> tightening them may be a bad idea.
> 
> Long run we could use BGP PING and BFD and retire KEEPALIVEs.

As much as I'm a fan of BFD, it is unlikely to become pervasive for all
situations where BGP gets used.  Also, BFD is insufficiently coupled to the
BGP session state.  By analogy, LDP still has keepalives in its TCP session
even though it has a separate hello layer.

> I shared this offline with some IDR WG members .. now just sharing with you
> all ... It is still different from BGP OPERATIONAL MESSAGE that if we think
> the issue of a stuck/buggy BGP peer is real perhaps could deserve a small
> draft to document it.

I don't think think the op message helps us here either.  The whole point is
the connection is unidirectionally stalled and the upstream wants to take
action on that.

-----

To throw a related example into the thread, my employer's implementation has
had hidden CLI knobs to throw various things into the BGP Marker field over
the years.  Such things have included timestamps or checksums and have been
useful in a unidirectional direction to help troubleshoot things during
development.

Your "ping" observation is something I'd reframe as "how do we update the
protocol to help each side to know things are being bidirectionally
consumed".  The effective state desired is:
- My current sequence number.
- Your last handled sequence number.

Yes, this resembles all of our favorite moving window protocols. :-)

Where could this go into BGP?  Ideally, a clean update to the PDU format.
As a hack?  As two uint32's embedded in the Marker, capability negotiated.

The better question, does this help the situation in question?  
In my opinion, no.

In a "ping" or "bidirectional check" mode, the general idea becomes, "I sent
you seq# X and I want to eventually see this come back to me".

To get the echo reply, the echo must first work its way from the sender's
TCP send buffer, across the network, through the receiver's TCP receive
buffer, into the BGP, then the full loop again through their send and your
receive buffers.  You'd also require a message to message to piggyback the
reply to.  When there are pending updates, it's easy.  Otherwise, you could
force another message like keepalive.

(Yes, arguably you could do a less frequent "ping", but now you're also
adding another set of optional timer procedures.)

By analogy to BFD, you're getting the result of BFD Echo mode rather than
BFD Async mode - and it's likely far longer than is desired for this use case.

-----

Side reading, some thinking on timestamping BGP updates:
https://datatracker.ietf.org/doc/html/draft-litkowski-idr-bgp-timestamp-00



-- Jeff

[1] Discussions with BGP developers over the years about various upgrade
scenarios often comes back to the fact that the holdtimer is unidirectional.
During an upgrade where the TCP and BGP RIB state is maintained, it's useful
to simply pause consuming incoming routing state and do nothing other than
send your keepalives.  The challenge for this discussion is that this
"feature" is indistinguishable from bugs observed for sessions that are
stuck for too long.

v2.23.0 | Report a Bug | By Email