Re: [Idr] I-D Action: draft-wang-idr-bgp-error-enhance-00.txt
Enke Chen <enchen@paloaltonetworks.com> Thu, 11 November 2021 05:08 UTC
Return-Path: <enchen@paloaltonetworks.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B70813A170D for <idr@ietfa.amsl.com>; Wed, 10 Nov 2021 21:08:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.117
X-Spam-Level:
X-Spam-Status: No, score=-2.117 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b=CznjP/cw; dkim=pass (2048-bit key) header.d=paloaltonetworks-com.20210112.gappssmtp.com header.b=ck/V0GMC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9KQ409_mg9q for <idr@ietfa.amsl.com>; Wed, 10 Nov 2021 21:08:23 -0800 (PST)
Received: from mx0b-00169c01.pphosted.com (mx0a-00169c01.pphosted.com [67.231.148.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4B413A169A for <idr@ietf.org>; Wed, 10 Nov 2021 21:08:23 -0800 (PST)
Received: from pps.filterd (m0045114.ppops.net [127.0.0.1]) by mx0a-00169c01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1AB1C9SV016688 for <idr@ietf.org>; Wed, 10 Nov 2021 21:08:22 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type : content-transfer-encoding; s=PPS12012017; bh=uPxG7Gn2Gs9OhlrYSWNHLpqqs39v1NsJIzPMzGYRy4A=; b=CznjP/cwY9PzMiED/JNa8k7+YHr8jHOE8R49ZCcWh71snHICTZ1NRUtBYLV59pBBPkpS vq8qmAalhNiuDtqF9wO7sz6QYj44Zir9kcsGj6Uk2BceTOfiLXC71FBV/UOyZH2dHrLw zEvpQ+/rjiaqQP5ffd/7xCme+WxvWVqh172S78ILnG2f7myFw7AoxqtbIwiukcJTJi3X GKVa+kLhImz3jAODHhK7F+twnhGxO0GI4bnefBW5UGFvys2kgPecwfBYFMTRdh8ev9he iAIF01utRDnYUnGztF7/nLzVDfbRUvbOnZdu8CCcKux+iHZuyYZa3MNOMPwElkgXdhDn LA==
Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by mx0a-00169c01.pphosted.com (PPS) with ESMTPS id 3c8bkx56cg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <idr@ietf.org>; Wed, 10 Nov 2021 21:08:21 -0800
Received: by mail-lf1-f69.google.com with SMTP id u20-20020a056512129400b0040373ffc60bso2156007lfs.15 for <idr@ietf.org>; Wed, 10 Nov 2021 21:08:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=uPxG7Gn2Gs9OhlrYSWNHLpqqs39v1NsJIzPMzGYRy4A=; b=ck/V0GMCJm+++LRbUAjyYDwzDGlVWuIyTmZoeHBgeByUKHd8Ci2Sf/SnWESZAfpRhf FyrdGw81e1rnTCXo6+7Sj4XmD0aHeQI3vH457cwGX1QHqDAVv6lAu84NvXKgS7RDxjyB mFnV9FlWPqNfIrgj7QCp79Wxn17+A9GSUZoaVNkgXeOMLsQS/c13sPEWVARPkaE7JdbS WkBHOHAj4cz3c5rVm+y/lLHnH6+sqIxXXrxSpvMdz9rDHrl+ROxFsyUjNBTQOxEmJ1CX VCiKN9HYuoJULYyASerHWXx0OzgcrQqwA/eZZ1w07Ya986qx2sbQAuwdupjteHVOdZOe n+BQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=uPxG7Gn2Gs9OhlrYSWNHLpqqs39v1NsJIzPMzGYRy4A=; b=0xAofPEoA2PkpvrrCMGJYZShk0yt/JziUh005Pz1vn99NHGLwfpTlsRH1Uf7W/knUq 0/tZcE77vyFsH7hXNR4biIulY36kAuM3Rp1hAUFPM8aMYzbSgDtwLhimMHzQ/seiXeJA bG9sKMnBXhZNuoqs93ZH+aRrIlUHiJStK9P6mxkVD9HhfccYl3J+KmjJnetzA4esnRcP S0ejm4PsUj8gSKJ3Kf42zQyHD1hFETZSkNpY/9zmqkzh58YtUd46vl74NcgRlk+BY+Ih SAQXqAp4UiIre24uikLiKYvUSxY+JCiZDwOZ37+1AFsCk4gD+PAUu2noWNe8bYT3cpmw SSCQ==
X-Gm-Message-State: AOAM531W9zEmDHU1e898HAoZT5hm40qbfdbMGx6UXvcBrgtF2R1kfDz7 y2j+BXDlHkkURUIdXg76ax/rBhJunJYIHnpGdf8Buw2qJcIAGL7niN8kMMe3ilK9q/rfY+Yg5Rp qdo4K25bkhrHhqXpyMuc=
X-Received: by 2002:a05:6512:3c9f:: with SMTP id h31mr4265350lfv.212.1636607299240; Wed, 10 Nov 2021 21:08:19 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyfFJiLOIuSQzJRqXwXpeYHeLxN+qCB0IR4ojTNa1UFgM21dmfMNTq6Y1ZscLgyNLU13xVfhNXQRxaGdiUA4Cg=
X-Received: by 2002:a05:6512:3c9f:: with SMTP id h31mr4265321lfv.212.1636607298845; Wed, 10 Nov 2021 21:08:18 -0800 (PST)
MIME-Version: 1.0
References: <163507718592.16183.4414540420076189232@ietfa.amsl.com> <CAOj+MMG=Ve+_BuOGY6tAU-CjY5GUg2uEHPtXO_HeSVFsBdDerQ@mail.gmail.com>
In-Reply-To: <CAOj+MMG=Ve+_BuOGY6tAU-CjY5GUg2uEHPtXO_HeSVFsBdDerQ@mail.gmail.com>
From: Enke Chen <enchen@paloaltonetworks.com>
Date: Wed, 10 Nov 2021 21:08:08 -0800
Message-ID: <CANJ8pZ-M1Si_BgTCxz3kpyTpDP3nvMz5qH=akkk2EpnppFB+7w@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: "Wanghaibo (Rainsword)" <rainsword.wang@huawei.com>, shenming2@huawei.com, "Dongjie (Jimmy)" <jie.dong@huawei.com>, "idr@ietf. org" <idr@ietf.org>, Enke Chen <enchen@paloaltonetworks.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-ORIG-GUID: X6c2HShSup1J8omEtR9WVJxDHZ1XmgFZ
X-Proofpoint-GUID: X6c2HShSup1J8omEtR9WVJxDHZ1XmgFZ
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-11_01,2021-11-08_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 bulkscore=0 malwarescore=0 mlxlogscore=999 clxscore=1011 lowpriorityscore=0 suspectscore=0 impostorscore=0 spamscore=0 phishscore=0 mlxscore=0 priorityscore=1501 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111110027
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/dpgxLSM4TFOsFoThizo9ucMv2Ao>
Subject: Re: [Idr] I-D Action: draft-wang-idr-bgp-error-enhance-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 05:08:29 -0000
Hi, Folks:
I have several comments on the draft, and some of them are similar to
Robert's. More specifically,
---
On 3.1: Prefix Length Error:
>>
According to [RFC7606], when a NLRI/UNLRI or MP_REACH_NLRI/
MP_REACH_UNLRI with invalid length, eg, IPv4 Prefix length is more
than 32, we must drop this Prefix and ignore the following Prefixes.
We may keep the prefixes we have parsed correctly before.
>>
This is not correct. Regarding NLRI parsing, RFC 7606 does not relax the
error handling specified in RFC 4271:
The NLRI field in the UPDATE message is checked for syntactic
validity. If the field is syntactically incorrect, then the Error
Subcode MUST be set to Invalid Network Field.
In RFC 7606, we have clarified the "Syntactic Correctness of NLRI Fields"
in Sect. 5.3, and also emphasized the fundamental requirement or using
"treat-as-withdraw":
o j. Finally, we observe that in order to use the approach of "treat-
as-withdraw", the entire NLRI field and/or the MP_REACH_NLRI and
MP_UNREACH_NLRI attributes need to be successfully parsed -- what
this entails is discussed in more detail in Section 5. If this
is not possible, the procedures of [RFC4271] and/or [RFC4760]
continue to apply, meaning that the "session reset" approach (or
the "AFI/SAFI disable" approach) MUST be followed.
---
On 3.2 Appears More Than Once
Again we want to make sure NLRIs are parsed correctly and fully. It's
difficult to know for sure when there are multiple MP_REACH_NLRI
attributes or the MP_UNREACH_NLRI in one UPDATE message.
---
On 4.1 Nexthop
As currently defined in RFC 4271, the procedure does not allow for graceful
recovery from the error conditions, e.g,, after the duplicate
address is removed
from an interface. There seems to be room for improvement, perhaps in a
separate document.
---
On 4.2 MP_REACH_NLRI:
Again, we must make sure the NLRIs are parsed correctly and fully. That
is fundamental to the error handling specified in RFC 7606.
---
On 4.3 Prefix SID
*If* there is an issue with the error handling in RFC 8669, then rfc8669bis
would be more appropriate for making the correction, IMO.
---
On 4.4 Aggregator, AS4_Aggregator:
Why does it matter?
---
On 4.5 ORIGINATOR_ID
"Treat-as-withdraw" would be more disruptive, isn't it? That would contrary
to the goal of the draft. I don't see a need for the change.
---
On 4.6 Cluster-list
Did we ever define zero as an invalid CLUSER_ID? I do not recall
we did that,
and I don't see a need for doing so now.
-----
Thanks. -- Enke
On Sun, Oct 24, 2021 at 6:47 AM Robert Raszuk <robert@raszuk.net> wrote:
>
> Dear Authors,
>
> Below are my comments after review of your proposal.
>
> 1) There is no such thing as "MP_REACH_UNLRI" ... Please swap all occurances to "MP_UNREACH_NLRI". Likewise please adjust all "UNLRI" or define a priori what you mean by this abbreviation.
>
> 2) Section 3.1 -
>
> You say:
>
> "Then we may also try to continue parse the next update packet if we can correctly find it."
>
> I don't think this is a good suggestion for the Standards track document.
>
> 3) Section 3.2 -
>
> I disagree with the suggestion. If a speaker is sending more than one MP_REACH_NLRI or MP_UNREACH_NLRI it should be cut out as soon as possible from causing more damage.
>
> 4) Section 4.1 -
>
> I am not sure why there is any need to enumerate the same specific special IP addresses and not to list others. For example if I receive IPv4 next hop as 127.0.0.1 is this cool ?
>
> I recommend editing this: "f) The IP address is not a invalid ip address." I think you mean to say: "f) The IP address is not a valid ip address."
>
> 5) Section 4.2 -
>
> I don't think this is a good suggestion. Likewise in the case of same prefix being present in both MP_REACH_NLRI and MP_UNREACH_NRLI suggestion to "firstly process the Prefixes in the MP_REACH_NLRI then process the Prefixes in the MP_REACH_UNLRI" is not good.
>
> 6) Section 4.3 -
>
> How can you treat it as withdraw something which is part of the "malformed prefix-SID attribute" ?
>
> 7) Sections 4.4 & 4.5 & 4.6 -
>
> Why are you suggesting again to check and detect special cases of *only* all zero addresses ? There are lot's of special IPv4 or even more IPv6 addresses to detect. I am not sure if we need to educate implementers about those in the BGP spec.
>
> Conclusion:
>
> If WG agrees that there are some valid suggestions in your proposal we should issue a RFC7606bis and not separate draft updating it like you are suggesting. So far to me like there is no substance to even go for -bis version of 7606.
>
> Yes, the BGP-4 protocol running on TCP is not bullet proof when it comes to handling bad implementations or malicious protocol attacks. Your figure 1 illustrates this well. But even with all suggestions listed there still remains lot's of attack vectors if someone has access to inject bad BGP packets to your network.
>
> I think we should consider using new transport which no longer runs on TCP and essentially not only treats all SAFIs as fully independent streams but also cut's interdependencies between all NLRI even with given SAFI.
>
> Good news is that some proposals in this direction are starting to pop-up in this WG, IMO already opening new doors for the new (hopefully much more robust) BGP version.
>
> Many thx,
> Robert
>
>
>
> On Sun, Oct 24, 2021 at 2:06 PM <internet-drafts@ietf.org> wrote:
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>> Title : Revised Error Handling for BGP Messages
>> Authors : Haibo Wang
>> Ming Shen
>> Jie Dong
>> Filename : draft-wang-idr-bgp-error-enhance-00.txt
>> Pages : 8
>> Date : 2021-10-24
>>
>> Abstract:
>> This document supplements and revises RFC7606. According to RFC
>> 7606, when an UPDATE packet received from a neighbor contains an
>> attribute of incorrect format, the BGP session cannot be reset
>> directly. Instead, the BGP session must be reset based on the
>> specific problem. Error packets must minimize the impact on routes
>> and do not affect the correctness of the protocol. Different error
>> handling methods are used. The error handling methods include
>> discarding attributes, withdrawing routes, disabling the address
>> family, and resetting sessions.
>>
>> RFC 7606 specifies the error handling methods of some existing
>> attributes and provides guidance for error handling of new
>> attributes.
>>
>> This document supplements the error handling methods for common
>> attributes that are not specified in RFC7606, and provides
>> suggestions for revising the error handling methods for some
>> attributes. The general principle remains unchanged: Maintain
>> established BGP sessions and keep valid routes updated. However,
>> discard or delete incorrect attributes or packets to minimize the
>> impact on the current session.
>>
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-wang-idr-bgp-error-enhance/
>>
>> There is also an htmlized version available at:
>> https://datatracker.ietf.org/doc/html/draft-wang-idr-bgp-error-enhance-00
>>
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>>
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwICAg&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=SI6tanfZVs9gnmPKxxAheSBJdycZtcVWA5R6ub0TPz0&s=Kx7piVPCBN7qQf0IR_Ue8GQC2a_BNjdKR_7ybyNWWBc&e=
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Robert Raszuk
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Wanghaibo (Rainsword)
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Enke Chen
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… bruno.decraene
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… UTTARO, JAMES
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… bruno.decraene
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Robert Raszuk
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… UTTARO, JAMES
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Wanghaibo (Rainsword)
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Jeffrey Haas
- Re: [Idr] I-D Action: draft-wang-idr-bgp-error-en… Gyan Mishra