IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

"Chris Hall" <chris.hall@highwayman.com> Sun, 09 December 2012 23:07 UTC

Return-Path: <chris.hall@highwayman.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B625921F8CCE for <idr@ietfa.amsl.com>; Sun, 9 Dec 2012 15:07:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.539
X-Spam-Level:
X-Spam-Status: No, score=-0.539 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_UK=1.749, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJad-UFJkT1g for <idr@ietfa.amsl.com>; Sun, 9 Dec 2012 15:07:26 -0800 (PST)
Received: from smtp.demon.co.uk (mdfmta010.mxout.tbr.inty.net [91.221.168.51]) by ietfa.amsl.com (Postfix) with ESMTP id 57D2F21F8CBD for <idr@ietf.org>; Sun, 9 Dec 2012 15:07:25 -0800 (PST)
Received: from mdfmta010.tbr.inty.net (unknown [127.0.0.1]) by mdfmta010.tbr.inty.net (Postfix) with ESMTP id 969316F83B2; Sun, 9 Dec 2012 23:07:24 +0000 (GMT)
Received: from mdfmta010.tbr.inty.net (unknown [127.0.0.1]) by mdfmta010.tbr.inty.net (Postfix) with ESMTP id 7CA886F839B; Sun, 9 Dec 2012 23:07:24 +0000 (GMT)
Received: from hestia.halldom.com (unknown [80.177.246.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mdfmta010.tbr.inty.net (Postfix) with ESMTP; Sun, 9 Dec 2012 23:07:24 +0000 (GMT)
Received: from hyperion.halldom.com ([80.177.246.170] helo=HYPERION) by hestia.halldom.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.76) (envelope-from <chris.hall@highwayman.com>) id 1Thpxz-0005fl-Dd; Sun, 09 Dec 2012 23:07:23 +0000
From: Chris Hall <chris.hall@highwayman.com>
To: 'Jakob Heitz' <jakob.heitz@ericsson.com>
References: <20121121191321.6164.6887.idtracker@ietfa.amsl.com> <50AD2986.90705@cisco.com> <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com> <8ED5B0B0F5B4854A912480C1521F973A0F4940@xmb-rcd-x13.cisco.com> <94913EE5-2864-4EE2-B474-9631430B1E22@ericsson.com> <068701cdd478$2cf01cf0$86d056d0$@highwayman.com> <CAEGVVtBy-zdLz8hVajLnuAqgzfgQHrseK4r-N9=pOZGtqV7LbA@mail.gmail.com>, <074d01cdd536$173f5830$45be0890$@highwayman.com> <9474D8DC-30FF-4C52-9504-15CBCC47E7D8@ericsson.com>
In-Reply-To: <9474D8DC-30FF-4C52-9504-15CBCC47E7D8@ericsson.com>
Date: Sun, 09 Dec 2012 23:07:17 -0000
Organization: Highwayman
Message-ID: <07df01cdd661$f28ef7c0$d7ace740$@highwayman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
thread-index: AQHwJ9rDNhpCAk7gfRWZlMlTSLUu6QFwpw6KAjDRnx0CVlUcVAFHaBeAARUnQBoBYBPk8QGjHInVAU6Z2PyXZoJSUA==
Content-Language: en-gb
X-MDF-HostID: 3
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2012 23:07:26 -0000

Jakob Heitz wrote (on Sat 08-Dec-2012 at 16:43 +0000):
> The goal of "treat as withdraw" is not to reinterpret a broken
> update message and continue the session, like nothing happened.
> 
> IMO, the goal is to limit the disruption caused by a session reset,
> while alerting a human to fix the problem that no machine can.

I guess you are suggesting that it does not then matter if a broken
UPDATE message results in some NLRI being missed, and so not
"treated-as-withdraw", and hence the receiver continues with some
invalid or out of date routes, for some time.

Clearly session-reset is a less than perfect remedy.  But in proposing
an alternative treatment, perhaps "first do no harm" is as good a
guide as any.  I think that to achieve that, one needs to be sure that
*all* NLRI in a broken update can be identified if "treat-as-withdraw"
is to be applied.  

If the intention is to "treat-as-withdraw" any NLRI which is visible,
but continue the session in any case (so, accepting the risks of
invalid or out of date routes) then I think the draft should estimate
the risks and set out a justification for this being a less-bad remedy
than session-reset.

Of course, a major issue with session-reset is that the error may well
simply be repeated, creating a ghastly cycle session-reset/restart.
It could well be better to avoiding session-reset, and continue with
some invalid or out of date routes -- or a while, defined somehow ?  I
just don't know how to demonstrate that, or how to limit the downside
of accepting that risk, etc.

"Treat-as-withdraw" is an excellent and minimally disruptive response
in those cases where all NLRI can be identified.  But it is not the
only alternative to session-reset.  If there is doubt and uncertainty
about some routes, the receiver could deem *all* routes learned from
the peer in question to be "routes-of-last-resort", which it then uses
if and only if it had nothing else, but would not advertise them to
other peers.  This is just short of a "session-reset", and avoids
falling into a cycle of session-reset/restart.

Chris

v2.23.0 | Report a Bug | By Email