IETF Logo Mail Archive

Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 23 November 2017 01:05 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48A691200E5; Wed, 22 Nov 2017 17:05:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.531
X-Spam-Level:
X-Spam-Status: No, score=-12.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QFXqLLxFjJIf; Wed, 22 Nov 2017 17:05:05 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DE321200CF; Wed, 22 Nov 2017 17:05:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=55347; q=dns/txt; s=iport; t=1511399105; x=1512608705; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=pBDsrlaOFOyEjI6soB4msP36PBzTcd4qrQfbXpDUhlM=; b=Lmm+PcTeSKejx4vUP2rpIIkRYmhM6SzBxDhUjSEsO1/1ECk1Ep6JqvWn SJASKS083c9EGgoUcN3ukHbdJRqsRWDIg4FSGmc/LyUabliqgxuO5oqSK hyZmTK4N8r/VcIqsomWP/PDGMsDUM96K5oZroKBlXaYXEGtvTdzXpsraq 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DuAQCmHRZa/4kNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYJKRC5mbieDf5kzgX2IXY4Igg4DChgBCYF3gyICGoUGQBcBAQEBAQEBAQFrKIUeAQEBBAEBGAkkJwsQAgEIEQMBAQEhAQYDAgICHwYLFAkIAgQOBRSIHASBCkwDFRCoeIIngz+DdgMKgz8BAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYM6ggeBVYFpKYMCgmtagTA9CRaCXzGCMgWKQI5kiF89AodwiCGEeYIWhgyLK4o2gj87iFoCERkBgTkBIAE3FIFhehVJLQGCNhOCEDkcGYFOdwEBAQGIcAElB4IZAQEB
X-IronPort-AV: E=Sophos;i="5.44,438,1505779200"; d="scan'208,217";a="313580646"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 01:05:03 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id vAN153UR007007 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 23 Nov 2017 01:05:03 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 22 Nov 2017 19:05:02 -0600
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Wed, 22 Nov 2017 19:05:02 -0600
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Robert Raszuk <robert@raszuk.net>
CC: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>, idr wg <idr@ietf.org>, "idr-ads@ietf.org" <idr-ads@ietf.org>, Idr <idr-bounces@ietf.org>, Thomas Mangin <thomas.mangin@exa.net.uk>, Randy Bush <randy@psg.com>
Thread-Topic: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)
Thread-Index: AdNcB5lUqir6ZylBRUe7xuFnWiyeYQG3eYqAAAg/8gAAAS+JgAAAPKYAAAK34gAAABCKgAAChkQAAAJHFYAABIDZoAAEYC2AAAx+mpAAGMb1gP//5mEA//++cLuAAJH5AP//1Z3PgABnUID//7Q1Nw==
Date: Thu, 23 Nov 2017 01:05:02 +0000
Message-ID: <78E497F6-068D-449D-8D9E-13EC37C39A08@cisco.com>
References: <000901d35c08$3f12d950$bd388bf0$@ndzh.com> <B61C3B8F-1168-4EB1-8D8E-88C4BF28B3AA@exa.net.uk> <CA+b+ER=1sHhAqhOc2VipzZMB+Zsxk8n+8cNUshkjPw_A9k9E-A@mail.gmail.com> <39049A8C-6D47-4251-AF87-342F68DDE8AE@exa.net.uk> <CA+b+ER=ANs15BEmRKeqneVHNcTSCsGDMVDQgFV4OucwPSWcLgw@mail.gmail.com> <CACWOCC9Yde99EbhLrveCtoUVSZWiP=sL=k69zrGBeNj5AjCGFQ@mail.gmail.com> <CA+b+ERk_2XZ_Y3EqSjNAbSi1ZqKhD2oThrRR2EOJzckQ41GijA@mail.gmail.com> <CACWOCC-EfzOYdUrHAWQN10LBzofySrKRADc6Zq-dyca1o0DPvw@mail.gmail.com> <CA+b+ER=ppm1N2wnMrPxxS_Nug2EaETBkW5gASTVZ2UKKq0aZJA@mail.gmail.com> <976743ea96934039a85fa74415b45862@XCH-ALN-014.cisco.com> <CA+b+ERmpEghcndHKM+WKKxg1V8ufTwg=xqb0J5jNowZHj2OwAQ@mail.gmail.com> <88d5df779a344b588745108c771d3145@XCH-ALN-014.cisco.com> <deae6e85c3ff47a6bbcac176eb91bd3e@XCH-ALN-014.cisco.com> <F0EAF2D4-656D-48BD-830B-DC2E8B862813@nist.gov> <A0106E1A-272D-4E1D-A0F3-E3531D583AA3@cisco.com> <1D2FD437-0EEF-4FF6-9853-C09E7EEA2A15@nist.gov> <2B92A151-5A78-46EE-8A46-C09603A37219@cisco.com>, <CA+b+ERkq2NWr5K7wDOafS52+pbKETpGH+5vMXUbGgCGCA0QBEw@mail.gmail.com>
In-Reply-To: <CA+b+ERkq2NWr5K7wDOafS52+pbKETpGH+5vMXUbGgCGCA0QBEw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_78E497F6068D449D8D9E13EC37C39A08ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/eZDrPnGgtsssUexYH0qQrR9h3j4>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 01:05:08 -0000

I’m happy to add a sentence to the effect of:
The size of individual BGP path attributes MUST be small enough that they can fit into a BGP UPDATE message of 4096 octets. If a BGP feature requires a path attribute to be longer, then the required size of the path attribute MUST be specified in the RFC of the feature requiring it.

Thanks,
Jakob.


On Nov 22, 2017, at 3:36 PM, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:

Hi Jakob,

You are very correct. But the way to address this point (and yes it would be great to address it) is to include in this current draft (a WG document after all) sections pertaining to each current BGP Attribute and its maximum size in the extended message. I think this is what was also Olivier's main point - not that your observations were wrong - they just did not fit with the current way documents are progressed.

Or as I suggested add one line to the current spec stating that current attributes MUST not be extended in size unless a new specific RFC will allow for it as provide interop between 4k/65K boundary rules for each such attribute.

Just placing those on implementation report wiki (while not being part of the document) is not part of the IDR process I am afraid. Besides even if someone reports it works today you have zero guarantees that it will work the same way tomorrow unless it is clearly spelled out in the RFC given implementation claims to support.

Thx,
R.

On Thu, Nov 23, 2017 at 12:26 AM, Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>> wrote:
If router A follows this draft, then it can quite legitimately send an update with 16000 communities. If router B cannot receive and process it, then it’s broken.

If path attribute size is not addressed, then this draft will cause inoperable implementations. As such, it is not fit for standardization. Either we assume the maximum possible size for all attributes or specify shorter maximum sizes. Anything less leads to failure to interoperate.

Oliver, what maximum sizes does your implementation support?
You can put those sizes into the wiki.

Thanks,
Jakob.


On Nov 22, 2017, at 11:58 AM, Borchert, Oliver (Fed) <oliver.borchert@nist.gov<mailto:oliver.borchert@nist.gov>> wrote:

To my understanding the wiki should state compliance with the draft in question and not particular BGP attributes.

The draft is about the capability of sending and receiving updates larger than 4K and how to handle if the capability is not propagated, as well as the “5 mile view” on what to do if an update would exceed the newly proposed max length of 64K, it is not about performance issues etc.

To me the added questions in the wiki are more about the capability to process individual attributes that might become large. This is outside the scope of the draft in question.

It seems to me that what you try to solve is not compliance with the draft, it is more about the capability of particular implementations on how to deal with larger updates and this might change with memory, CPU, quality of implementation, etc. but has nothing to do with the draft in question.

In case there are issues with attributes getting too large and therefore causing issues to BGP itself, then I believe the RFC’s dealing with these attributes should be updated.

Again, I believe this is out of scope of this draft and I do not see any need to have these questions in the wiki.

Oliver

From: "Jakob Heitz (jheitz)" <jheitz@cisco.com<mailto:jheitz@cisco.com>>
Date: Wednesday, November 22, 2017 at 12:16 PM
To: Oliver Borchert <oliver.borchert@nist.gov<mailto:oliver.borchert@nist.gov>>
Cc: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>, idr wg <idr@ietf.org<mailto:idr@ietf.org>>, "idr-ads@ietf.org<mailto:idr-ads@ietf.org>" <idr-ads@ietf.org<mailto:idr-ads@ietf.org>>, Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>, Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>, Randy Bush <randy@psg.com<mailto:randy@psg.com>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Larger message implies larger path attributes. You may answer “no” for the parts with which you do not comply.

If the implied path attribute sizes are too large, then we need to be explicit about the maximum sizes for each attribute in the draft. Please suggest reasonable maximum sizes.
Thanks,
Jakob.

On Nov 22, 2017, at 7:10 AM, Borchert, Oliver (Fed) <oliver.borchert@nist.gov<mailto:oliver.borchert@nist.gov>> wrote:
Jakob,

I looked into the added questions for the compliance report you added on the wiki.
I am not quite sure that these added questions do apply for a compliance of the requested draft. These do more apply to features used within BGP that might result in larger BGP messages.
And here the draft has a clear message in the last paragraph of section 3:

“It is RECOMMENDED that BGP protocol developers and implementers are
  conservative in their application and use of Extended Messages.”

Therefore, they would more apply to proper functioning of implemented BGP features rather than the extended message itself. I do not believe that these new questions do apply here.

Said that, BGPSEC-IO is a traffic generator that mainly focusses on BGPSEC updates. We did not add communities to the generated traffic and I do not intent to do so in the near future (though community contributions are welcome) – in this sense, for sending my answer is NA.
On the receiving side, as long as the BGP update in itself is well formed and within its length boundaries (4K or < 64K) there is no issue. We just dump the update either on the “floor” or screen.

With QuaggaSRx, as long as Quagga can process communities of that length, QuaggaSRx can as well. QuaggaSRx same as BGPSEC-IO do comply with the draft itself when it comes to accepting and generating > 4K updates as specified in the draft and we tested the processing and memory usage using BGPsec traffic of little less than 64 K.

Oliver

From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> on behalf of "Jakob Heitz (jheitz)" <jheitz@cisco.com<mailto:jheitz@cisco.com>>
Date: Tuesday, November 21, 2017 at 6:13 PM
To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>, "idr-ads@ietf.org<mailto:idr-ads@ietf.org>" <idr-ads@ietf.org<mailto:idr-ads@ietf.org>>, Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>, Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

1 hour ??
When I tested my large community code, I tested at the limit and over it.
There was no perceptible time for the operations.
16 times imperceptible would be a blip at the most.
The only operations that take a worrisome amount of time are regexp matches with nested wildcards.
Hmm, I should add regexp matches explicitly, because that requires to expand the communities into ascii representation in the matching engine.

Thanks,
Jakob

From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Jakob Heitz (jheitz)
Sent: Tuesday, November 21, 2017 2:58 PM
To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>; idr-ads@ietf.org<mailto:idr-ads@ietf.org>; Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>; Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Just that it does it without error.
If the numbers are too large, we should discuss reasonable limits.

Thanks,
Jakob

From: rraszuk@gmail.com<mailto:rraszuk@gmail.com> [mailto:rraszuk@gmail.com] On Behalf Of Robert Raszuk
Sent: Tuesday, November 21, 2017 2:55 PM
To: Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>>
Cc: Job Snijders <job@ntt.net<mailto:job@ntt.net>>; idr wg <idr@ietf.org<mailto:idr@ietf.org>>; idr-ads@ietf.org<mailto:idr-ads@ietf.org>; Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>; Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Hi Jakob,

I think what you added is fine, but requires a time limit.

Statement that implementation can receive, parse/validate, display in CLI or match in the policy 16K of communities all actions taking 1h each is rather not that interesting isn't it ?

Or is the indicator of spec compliance a statement that it just does not crash regardless of time it takes for execution of each stated action :) ?

Thx,
//R.





On Tue, Nov 21, 2017 at 11:38 PM, Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>> wrote:
The new update message size requires support for:
16375 communities
8187 extended communities
5458 large communities
I have not changed the as-path length, because it is already ridiculously high.
If anyone wants to talk about a maximum as-path length, please speak up.

I have added tests to the implementation report
https://trac.ietf.org/trac/idr/wiki/draft-ietf-idr-bgp-extended-implementations<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fidr%2Fwiki%2Fdraft-ietf-idr-bgp-extended-implementations&data=02%7C01%7Coliver.borchert%40nist.gov%7Cc29658d9c708468b0ccd08d5313576ee%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636469028063383089&sdata=zRFsa6v%2BqWcQo44fTcKtmbmqmFZicA495i%2BZfcA4ZSg%3D&reserved=0>
to ensure full compliance with the consequences of the draft.

Implementers, please update your compliance.

Thanks,
Jakob

From: Idr [mailto:idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>] On Behalf Of Robert Raszuk
Sent: Tuesday, November 21, 2017 10:41 AM
To: Job Snijders <job@ntt.net<mailto:job@ntt.net>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>; idr-ads@ietf.org<mailto:idr-ads@ietf.org>; Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>; Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Great !

On Tue, Nov 21, 2017 at 6:35 PM, Job Snijders <job@ntt.net<mailto:job@ntt.net>> wrote:
Robert/Randy,

About this being a default:

Old (Section 4):

A BGP speaker that is willing to send and receive BGP Extended Messages with a peer SHOULD advertise the BGP Extended Message Capability to the peer using BGP Capabilities Advertisement RFC5492].

New (Section 4)

A BGP speaker that is capable to send and receive BGP Extended Messages with a peer SHOULD advertise the BGP Extended Message Capability to the peer using BGP Capabilities Advertisement [RFC5492].


_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=02%7C01%7Coliver.borchert%40nist.gov%7Cc29658d9c708468b0ccd08d5313576ee%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636469028063383089&sdata=Bt6F5N6zA5v7GCXm7peFu06uK1TCD3sRHIVPffp%2F0O0%3D&reserved=0>

v2.23.0 | Report a Bug | By Email