Re: [Idr] AD Review of draft-ietf-idr-bgp-gr-notification-13

<bruno.decraene@orange.com> Fri, 06 April 2018 14:13 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93681250B8; Fri, 6 Apr 2018 07:13:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLD6X98Uj1Pe; Fri, 6 Apr 2018 07:13:26 -0700 (PDT)
Received: from orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DF5E1201FA; Fri, 6 Apr 2018 07:13:26 -0700 (PDT)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr24.francetelecom.fr (ESMTP service) with ESMTP id 7B4EF409E2; Fri, 6 Apr 2018 16:13:24 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.72]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 415C01A008F; Fri, 6 Apr 2018 16:13:24 +0200 (CEST)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541%19]) with mapi id 14.03.0382.000; Fri, 6 Apr 2018 16:13:23 +0200
From: <bruno.decraene@orange.com>
To: Job Snijders <job@ntt.net>
CC: "John G. Scudder" <jgs@juniper.net>, Alvaro Retana <aretana.ietf@gmail.com>, "draft-ietf-idr-bgp-gr-notification@ietf.org" <draft-ietf-idr-bgp-gr-notification@ietf.org>, "draft-snijders-idr-rfc8203bis@ietf.org" <draft-snijders-idr-rfc8203bis@ietf.org>, "idr@ietf. org" <idr@ietf.org>
Thread-Topic: [Idr] AD Review of draft-ietf-idr-bgp-gr-notification-13
Thread-Index: AQHTza4dPVH0g7eUOkyqTNQwp1P0FaPzwYSA
Date: Fri, 6 Apr 2018 14:13:23 +0000
Message-ID: <25525_1523024004_5AC78084_25525_378_1_53C29892C857584299CBF5D05346208A47A00EFD@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <CAMMESszAe0avmcX0X95uOwRu29cTvbx_t7ewBwU-Hig20SD9pg@mail.gmail.com> <03AE36E3-F18B-4F34-9A6C-242AA1CAB4EC@juniper.net> <6421_1523004902_5AC735E6_6421_491_1_53C29892C857584299CBF5D05346208A47A0060A@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20180406134926.GD49550@vurt.meerval.net>
In-Reply-To: <20180406134926.GD49550@vurt.meerval.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.4]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/eg9IdYsOmTU4ZXyY6S1Bi3V_Wmw>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-gr-notification-13
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 14:13:30 -0000

Hi Job,


> From: Job Snijders [mailto:job@ntt.net]  > Sent: Friday, April 06, 2018 3:49 PM
> On Fri, Apr 06, 2018 at 08:55:01AM +0000, bruno.decraene@orange.com wrote:
 > > Hi John, Job, all
 > >
 > > Hijacking the thread with a remotely related comment.
 > 
 > Yes, you are. You raise valid points, thank you.
 > 
 > What would you suggest as a solution?

In general, any option allowing the use of both solutions works for me.


For the first point, I proposed two, which are not exclusive.
Regarding, draft-snijders-idr-rfc8203bis the easiest path seems to be

OLD:
   If a BGP speaker decides to terminate its session with a BGP
   neighbor, and it sends a NOTIFICATION message with the Error Code
   "Cease" and Error Subcode "Administrative Shutdown" or
   "Administrative Reset" [RFC4486],

NEW:
   If a BGP speaker decides to terminate its session with a BGP
   neighbor, and it sends a NOTIFICATION message with the Error Code
   "Cease" and Error Subcode "Administrative Shutdown" or
   "Administrative Reset" [RFC4486],
   eventually encapsulated in the data field of the "Hard Reset message" [draft-ietf-idr-bgp-gr-notification] 
 


For the second point, we may want to define a general rule. But for draft-snijders-idr-rfc8203bis the easiest path seems to be

OLD:
   The Cease NOTIFICATION message with a Shutdown Communication is
   encoded as below:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Error code 6  |    Subcode    |    Length     |     ...       \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               /
   \                                                               \
   /                 ... Shutdown Communication ...                /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 1

   Subcode:  the Error Subcode value MUST be one of the following
      values: 2 ("Administrative Shutdown") or 4 ("Administrative
      Reset").



NEW:
   The Shutdown Communication is encoded in the data portion of the NOTIFICATION message, immediately following the Error Code and Sub Code.
 If [draft-ietf-idr-bgp-gr-notification] is used, it's encoded following the _second_ (Error Code, Sub Code) pair. The Shutdown Communication has the following format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Length     |     ...       \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               /
   \                                                               \
   /                 ... Shutdown Communication String...                /
   \                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 1



But really, it's up to you.


Thanks,
Kind regards,
--Bruno


 > Kind regards,
 > 
 > Job
 > 
 > 
 > > draft-ietf-idr-bgp-gr-notification and RFC8203/draft-snijders-idr-rfc8203bis-01 seems to ignore
 > each other and as a result seems incompatible.
 > >
 > >
 > > 1)     It’s not crystal clear whether the use of RFC8203 is allowed with draft-ietf-idr-bgp-gr-
 > notification given that with the latter, such NOTIFICATION message would be send with Error
 > Code “Cease” and Error Subcode “Hard Reset” which is not covered by RFC 8203:
 > >
 > >
 > >
 > > “   If a BGP speaker decides to terminate its session with a BGP
 > >    neighbor, and it sends a NOTIFICATION message with the Error Code
 > >    "Cease" and Error Subcode "Administrative Shutdown" or
 > >    "Administrative Reset" [RFC4486<https://tools.ietf.org/html/rfc4486>]6>], it MAY include an UTF-8
 > encoded
 > >    string.  ”
 > > https://tools.ietf.org/html/draft-snijders-idr-rfc8203bis-01#section-2
 > >
 > > So either RFC8203/draft-snijders-idr-rfc8203bis-01 needs to cover both cases. Or draft-ietf-idr-
 > bgp-gr-notification needs to state that the Hard Reset encapsulation behave as per the
 > encapsulated Error Code, in all protocol aspects (but X, Y).
 > >
 > >
 > >
 > > 2)     In which order is the Notification data field highjacked?
 > >
 > > https://tools.ietf.org/html/draft-snijders-idr-rfc8203bis-01#section-2  says:
 > >
 > >    The Cease NOTIFICATION message with a Shutdown Communication is
 > >    encoded as below:
 > >
 > >     0                   1                   2                   3
 > >     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 > >    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 > >    | Error code 6  |    Subcode    |    Length     |     ...       \
 > >    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               /
 > >    \                                                               \
 > >    /                 ... Shutdown Communication ...                /
 > >    \                                                               \
 > >    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 > >
 > >
 > >
 > >
 > > https://tools.ietf.org/html/draft-ietf-idr-bgp-gr-notification-13#section-3.1 says:
 > >
 > > 3.1<https://tools.ietf.org/html/draft-ietf-idr-bgp-gr-notification-13#section-3.1>.1>.  Sending a Hard
 > Reset
 > >
 > >
 > >    A Hard Reset message is used to indicate to a peer with which the
 > >    Graceful Notification flag has been exchanged, that the session is to
 > >    be fully terminated.
 > >
 > >    When sending a Hard Reset, the data portion of the NOTIFICATION is
 > >    encoded as follows:
 > >
 > >        +--------+--------+--------
 > >        | ErrCode| Subcode| Data
 > >        +--------+--------+--------
 > >
 > >
 > >
 > > Given that no TLV encoding has been introduced, if both spec are enabled, should we first
 > encode the encapsulated Code or the shutdown communication? (I would personally assume the
 > former but fortunately my opinion is not normative)
 > >
 > >
 > > Thanks,
 > > Regards,
 > > --Bruno
 > >
 > > From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of John G. Scudder
 > > Sent: Tuesday, April 03, 2018 10:03 PM
 > > To: Alvaro Retana; idr@ietf. org
 > > Cc: idr-chairs@ietf.org; draft-ietf-idr-bgp-gr-notification@ietf.org
 > > Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-gr-notification-13
 > >
 > > Hi WG,
 > >
 > > As co-chair, I want to point out that the AD asked the WG for comments ("I want to ask the WG
 > to consider..."). Since Alvaro asked more than three months ago and nobody answered, maybe
 > nobody has anything to say -- as he points out ("[After I wrote the text above…] I found that some
 > of the points have been discussed on the list already"), this topic was beaten to death in March
 > 2017 (https://www.ietf.org/mail-archive/web/idr/current/msg17679.html and the following thread,
 > specifically in the context of session culling which Alvaro brings up). Also, for reference the original
 > WGLC all the way back in May 2014 is here: https://www.ietf.org/mail-
 > archive/web/idr/current/msg13202.html.
 > >
 > > However, maybe some people have just missed Alvaro's request, so if you have comments you
 > want considered, please send them by April 10. I will follow up myself (with cu-author hat).
 > >
 > > Thanks,
 > >
 > > --John
 > >
 > > On Dec 7, 2017, at 4:11 PM, Alvaro Retana
 > <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>> wrote:
 > >
 > > Dear authors:
 > >
 > > I just finished reading this document — I have some comments, please see the list below.
 > >
 > > I understand the intent of this document: instead of resetting a BGP session when a
 > NOTIFICATION is received, use Graceful Restart; if the session is going to *really* be reset, then
 > use the new Hard Reset sub-code.  That makes sense to me…but, is that the only code/sub-code
 > for which it makes sense to do a hard reset?  The NOTIFICATION has always had the “stigma” of
 > being something bad, so much that we (idr/IETF) have even worked on ways to reduce its use
 > (rfc7606, for example).  I want to ask the WG to consider whether other code/sub-code
 > NOTIFICATION combinations should also result in a hard reset.  I think there are several cases, for
 > example:
 > >
 > > (1) rfc4486 (Subcodes for BGP Cease Notification Message) defines “Administrative Shutdown”
 > ("a BGP speaker decides to administratively shut down its peering with a neighbor”).  It seems to
 > me that the sender of this NOTIFICATION would not want to "follow the rules for the Receiving
 > Speaker” (as specified in Section 4).
 > >
 > > (2) rfc4486 also defines "Administrative Reset” ("a BGP speaker decides to administratively reset
 > the peering with a neighbor”); no more details are provided, but that sounds like a hard reset to me.
 > >
 > > (3) …there’s probably others...
 > >
 > > Having said all that, I note that Section 3.1. (Sending a Hard Reset) specifies the “encapsulation”
 > (for lack of a better word) of the real reason for the Hard Reset.  If the consensus is to go forward
 > with that, and not call out other exceptions, then I think that the text in 3.1 should expand more on
 > the encapsulation operation and the rationale for doing it this way, and the document should also
 > address other recent work that recommends the use of Administrative Shutdown, for example
 > draft-ietf-grow-bgp-session-culling (a BCP currently in the RFC Editor’s Queue).
 > >
 > > [After I wrote the text above…] I found that some of the points have been discussed on the list
 > already — please include some of that discussion/analysis in the document.
 > >
 > >
 > > I’ll wait until the issue above and ones marked Major (below) are addressed before starting the
 > IETF LC.
 > >
 > > Thanks!
 > >
 > > Alvaro.
 > >
 > >
 > >
 > > Major:
 > >
 > > M1. Unfortunately, rfc4724 failed to setup a registry for the Restat Flags (or the Flags for
 > Address Family), which means that anyone is able to use the bits in there (assuming the receiver
 > looks at them, of course).  Given that there are only a few bits, and to prevent conflicts, I would
 > really like to see a registry set up.  This document is already tagged to Update rfc4724, so it seems
 > like a good place to establish the registries.  [If for some reason you rather not include that
 > information here, then we can take care of it elsewhere.  IOW, this request is not a requirement.]
 > >
 > >
 > >
 > >
 > > M2. Section 4.1. (Rules for the Receiving Speaker) has me a little confused.  Are the proposed
 > changes contingent to setting the N bit?  The text starts by saying: "As part of this extension, routes
 > from the peer previously marked as stale MUST NOT be deleted, until and unless the optional
 > timer…expires…”…does that mean that the timer is no longer optional?   Then you also say: “...if
 > the Graceful Notification ("N") bit is not set in the newly received Graceful Restart Capability, no
 > new actions are triggered on the Receiving Speaker -- in particular, a clear "N” bit does not trigger
 > deletion of stale routes.”  If I understand rfc4724 correctly, stale routes could be deleted — the text
 > indicates changes in the behavior even if the N bit is not set, right?  If you are Updating this section
 > of rfc4724, what would make it crystal clear is an “OLD/NEW” notation of the text (as in, this is the
 > OLD text…and this is the NEW text…).
 > >
 > >
 > >
 > >
 > >
 > > M3. Security Considerations:  Maybe not a security issue, but something to think about.  Section
 > 4.1 says that “routes...previously marked as stale MUST NOT be deleted, until and unless the
 > optional timer...expires, or unless a Hard Reset is performed.  This supersedes the “consecutive
 > restarts” requirement…”.  Not deleting the stale routes and not making the timer mandatory could
 > result in stale routes that live forever if an attacker manages to create consecutive restarts (by
 > simply sending NOTIFICATIONS before EoR) — stale routes are ok in the short term, but may
 > point in the wrong direction eventually.  Is this an issue?  I think that it would be mitigated if the
 > timer was made mandatory (with a nice default).
 > >
 > >
 > >
 > >
 > >
 > > Minor:
 > >
 > >
 > > P1. Section 4: “...receive and send BGP NOTIFICATION messages in Graceful mode...” What is
 > “Graceful mode”?
 > >
 > >
 > >
 > >
 > >
 > > Nits:
 > >
 > > N1. In Section 2, please indicate that the first figure corresponds to the GR Capability from
 > rfc4724.
 > >
 > > N2. s/subcode is defined known as/subcode is defined as
 > >
 > > N3. s/Graceful Notification flag/Graceful Notification bit   (For consistency)
 > >
 > > N4. The operation is obviously per-AF; maybe it’s worth saying that somewhere just for
 > completeness.
 > >
 > >
 > >
 > ________________________________________________________________________________
 > _________________________________________
 > >
 > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou
 > privilegiees et ne doivent donc
 > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par
 > erreur, veuillez le signaler
 > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant
 > susceptibles d'alteration,
 > > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 > >
 > > This message and its attachments may contain confidential or privileged information that may be
 > protected by law;
 > > they should not be distributed, used or copied without authorisation.
 > > If you have received this email in error, please notify the sender and delete this message and its
 > attachments.
 > > As emails may be altered, Orange is not liable for messages that have been modified, changed
 > or falsified.
 > > Thank you.
 > >
 > 
 > > _______________________________________________
 > > Idr mailing list
 > > Idr@ietf.org
 > > https://www.ietf.org/mailman/listinfo/idr


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.