IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-wang-idr-bgp-error-enhance-00.txt

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Fri, 12 November 2021 00:42 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 344903A0DE0 for <idr@ietfa.amsl.com>; Thu, 11 Nov 2021 16:42:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.618
X-Spam-Level:
X-Spam-Status: No, score=-9.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Gmk55qLB; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=RBQwNzlQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cj_NIpRS54-G for <idr@ietfa.amsl.com>; Thu, 11 Nov 2021 16:42:41 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62B2B3A0DD9 for <idr@ietf.org>; Thu, 11 Nov 2021 16:42:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10258; q=dns/txt; s=iport; t=1636677761; x=1637887361; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=esuE3lOAt58IB0hdc16v6GDIkh+Rp0Hx5NxBInXG7HQ=; b=Gmk55qLBpCUD4OckZsqHDQX1d+fHJ42fGSygn8QGeS4rvlqUcwGoAvDg 8PLXQbhr5LbgIRyRWvjSsSB1wRF3e62S+RsOhiXxSS6ciiwK2gnQcdL3V ftVYlopoMYaah3bLjjBeoe+926i1KRbRLzJ8/muf+bCnZn0aUQYYLBtoB s=;
IronPort-PHdr: A9a23:RquYsBU4tlK/9+P3nLSdInGtkUDV8K36AWYlg6HPw5pCcaWmqpLlOkGXpfBgl0TAUoiT7fVYw/HXvKbtVS1lg96BvXkOfYYKW0oDjsMbzAAlCdSOXEv8KvOiZicmHcNEAVli+XzzMUVcFMvkIVPIpXjn5j8JERK5Pg1wdYzI
IronPort-Data: A9a23:7pDL9aMOqURLhjHvrR1llcFynXyQoLVcMsEvi/4bfWQNrUom0mcDnDYfCm/SbK2MYjCgedAnOY3k80IF75HWyYI1GXM5pCpnJ55oRWUpJjg4wn8dtEp+F+WbJK5cx5hYOoaowPwcFCeG/070a+G59xGQ6InRLlbCIL+cUsxObVcMpBcJ0XqPqsZh6mJaqYHR7zCl4bsel/bi1GqNgFaYBI67B5Wr83uDtNyq0N8RU8dXifpj5DcynFFNZH4TyD3YEpf2fmVUNrbSq+fr1rq1+CbS+A0gT4r/1L36aUYNBLXVOGBiiFIPBPPk2UcE93d0i/prXBYfQR8/ZzGhndB8yclfnZexUgwueKbLnYzxVjEITX4hZPQapeCvzX+X9Jb7I1f9W2Hryfh0EGksNJYK5+UxB2xSndQVLjsNYxarn+uyx7u/Vu5qi9g8K9PoJ8UUvXQI5TDVF94nTIzNBaLQ6rdlMJ0Y7ixVNezVa8xcYj11YVGZOVtEO0wcD9Q1m+LAu5U2SBUAwHr9mEb9yzG7INRN7YXQ
IronPort-HdrOrdr: A9a23:7Vv+K6xIpseOkAZ5oX+pKrPxjuskLtp133Aq2lEZdPULSK2lfpGV8sjziyWatN9IYgBepTiBUJPwJk80hqQFn7X5Wo3SHTUO2VHYYr2KiLGD/9SOIVyEygcw79YET0E6MqyNMbEYt7e73ODbKadb/DDvysnB7o2yowYPPGNXguNbnnpE422gYytLrXx9dOIE/e2nl7N6TlSbCBAqR/X+IkNAc/nIptXNmp6jSwUBHQQb5A6Hii7twKLmEjCDty1uEA9n8PMHyyzoggb57qKsv7WQ0RnHzVLe6JxQhZ/I1sZDPsqRkcIYQw+cyDpAJb4RHoFqjgpF591H22xa1uUkZC1QZvib3kmhOl1dZyGdgzUIngxesEMKgmXo8EcL6faJNA7STfAx376wtnDimhYdVBYW6tMX44vRjeslMTrQ2Cv6/NTGTBdsiw69pmcji/caizhFXZIZc6I5l/1TwKp5KuZKIMvB0vFsLACuNrCq2N9GNVeBK3zJtGhmx9KhGnw1AxedW0AH/siYySJfknx1x1YRgJV3pAZOyLstD51fo+jUOKVhk79DCscQcKJmHe8EBc+6EHbETx7AOH+bZV7nCKYEMXTQrIOf2sR42Mi6PJgTiJcikpXIV11V8WY0ZkL1EMWLmIZG9xjcKV/NFQgFCvsurqSRloeMMYYDABfzPmzGyfHQ0cn3KverL8qOBA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BSAAAXt41h/5RdJa1aHAEBAQEBAQcBARIBAQQEAQFAgUUHAQELAYFRIy4Hd1o3MYgOA4RZYIUOgwIDkCqKYoEuFIERA1QLAQEBDQEBKg0KBAEBhQQCglwCJTQJDgECBAEBARIBAQUBAQECAQYEgREThWgNhkIBAQEBAgEBARAoBgEBLAsBCwQCAQgRBAEBAR4QJwsdCAIEDgUIAREIglCCVQMOIQEOoG0BgToCih94gTOBAYIIAQEGBASBNgEDAg5Bgn8YgjUJgToBgwuIc4ItJxyBSUSBFUOCZz6CWAsBAQEBAYEjIAEbMIMdgi6OdgprBgIsEBwKBBQvDgEBBBADCTsCHh0tBgIbAikDHQcFD6t2kVOBJAqDOIpQlE4Vg2yBSoopigaNR5YUH4IhijSGfoxeJA0BhQECBAIEBQIOAQEGgWE7gVlwFRohgmkJSBkPjiAJAxaDUIUUhUkBdAI2AgYLAQEDCY90AQE
X-IronPort-AV: E=Sophos;i="5.87,227,1631577600"; d="scan'208";a="867711457"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Nov 2021 00:42:39 +0000
Received: from mail.cisco.com (xbe-rcd-006.cisco.com [173.37.102.21]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 1AC0gdji006243 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 12 Nov 2021 00:42:39 GMT
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xbe-rcd-006.cisco.com (173.37.102.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 11 Nov 2021 18:42:39 -0600
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 11 Nov 2021 18:42:38 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Thu, 11 Nov 2021 18:42:38 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BxTh2lc1YwO/jE4loHZLYIJ0EiLiHaoh0DUXWauMN6Z+JTUCD8DMY8F7VtAsTN/TPCVPfKh3hN4Q9Ft52J6YNghGniVCde5NIvlcYYGAqgsGC+LKd0gMoDvEOU3jQxmta4IDe9HNZtFe5Wf8HY2IcSp9LZw6H932GxD0T28hp/qIFWzC8K7HhoZCX+ZIiyclULwLZWda3/GsvJb8h4UEa4z4yXwotRaCZjMiY9HAoN++adJup8MTEcBExSAyPdlb0IKbyqnURncmMvicqMNN52e22MTBGHRPdnD7tuN90Khv4o+R9LYi84TA2WilGpAvR65xyp9Gy3NlpUQasWGIKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=60yv6HkogdqIPUQ7YD6zYji189EZsg4yV6iKBZ9JcaA=; b=lzg5akzYMQmIdW0nEwAcUhdLArcUYOCTZbrd3f4OpKpYOvcyRPu4pxDCH0bhn1PDtO8Nm0SR94EVXYwKfp5mXf4JdEi88cQN60598hfAb0l1mRyqyYs31p6I9by88kx1maLiknU5vSiX3hyOWP+DpTvUvufeAL4CZ8UQsxYvX/9vCPEY5cdXfTW1t1ME7HYuu1iEdqftLyv2SyT54nA+YmHod4AyMXgebN/JUSAHimQMW5HAG7jrJadl7bFYQIy6KctW05DVOQkRoxdvvl1fI+fBc2RSDrcwe+XIKxK8KYVoEOAb4fL4GMg0pfw1bCk3msQEAbf0GlEr/qCxOZts1A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=60yv6HkogdqIPUQ7YD6zYji189EZsg4yV6iKBZ9JcaA=; b=RBQwNzlQlggZ4XPU083BO3TbOMmFt+VzHwRWI/ztZZFlMYNLQkJ1zyGq4RBnVHZa74cSp+o3t11jhFzx/PwZ4MfLFPzeru3m4LJ2kvbBoVBF9ZPN1wpVNmfJxM/ugdbynOh81ws2QvF4yC3WwPwoidebxKjgn0ghOwoWcm5CuI0=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB3800.namprd11.prod.outlook.com (2603:10b6:a03:f5::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Fri, 12 Nov 2021 00:42:37 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e559:d4e6:163c:b1ae]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e559:d4e6:163c:b1ae%6]) with mapi id 15.20.4669.016; Fri, 12 Nov 2021 00:42:37 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "idr@ietf. org" <idr@ietf.org>
CC: Enke Chen <enchen@paloaltonetworks.com>, Robert Raszuk <robert@raszuk.net>
Thread-Topic: [Idr] I-D Action: draft-wang-idr-bgp-error-enhance-00.txt
Thread-Index: AQHXyN3OwuaNtmZnBkCUBx9j4zp72qv94n8AgAE9qWA=
Date: Fri, 12 Nov 2021 00:42:36 +0000
Message-ID: <BYAPR11MB320751C57DBA2EF6180F17AEC0959@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <163507718592.16183.4414540420076189232@ietfa.amsl.com> <CAOj+MMG=Ve+_BuOGY6tAU-CjY5GUg2uEHPtXO_HeSVFsBdDerQ@mail.gmail.com> <CANJ8pZ-M1Si_BgTCxz3kpyTpDP3nvMz5qH=akkk2EpnppFB+7w@mail.gmail.com>
In-Reply-To: <CANJ8pZ-M1Si_BgTCxz3kpyTpDP3nvMz5qH=akkk2EpnppFB+7w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5c9bca18-5250-401a-8b73-08d9a57552e3
x-ms-traffictypediagnostic: BYAPR11MB3800:
x-microsoft-antispam-prvs: <BYAPR11MB3800A2A8D24DD78B9B2FBC03C0959@BYAPR11MB3800.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kil7l29Jjy5czChTezzm0afC3kOgYGsuock74Aw4uUoBfvipBX7Lq/P7aLAuZZCHjzlAg5WFFbaxwbz5N5FgK0yD98KP0VLtTpEPqWVdiRDPd7foQ2ORfZ53caA6rm9eKjCi8M77gRIMeF5Z+IYaYF5sNJO2wH11u7tdOSAynTvtNsdZiojo9/IgzqmqDF3zYqPtj8EpdmgKqyTTADjj9Ec5HvWn7Ci3/sIFnrDGnCAu833kDoPiIgJWmWwkEa85YpPiLIqV3tbvQtxs/tb9vp+7bS1DW/6l5kHFiCVBuzS0zY9WYWB1i8X0fuEE2FFhY+RwyaQXmeG9lXKMBxbuB1HXEgYYRpEy847+sWFLaBHgeBQRu0dJYVlfYkxjvzeT06MZ9MybUjX24WAIow6b3bb1+v9mDqfn4WUpAXksoVMcJCZbbimtk+uAQUDMqLJO1PO6JiQt9ixjFQIy1SbWeo/UBfZ9HDfiGpVV7aaBRhnQ+kkucnyp+UnV6B+2fO9KYvk1mgb8O++JMeRkI0XFxMuksEgTZl+LEQ7iqkaMrgKegrKSSOcrGkQJlT4q4G3Yhom08UTonHYpi7uUVk92IKaIHVWhT+DluJAslcdoFfkq7HMUanYLWyv7GAZHJfRwB8SIdAgXRdi6iZcIukEwmfj6lqqHHqddzRJ2yyoz9q84kkqny6R7aHV0ljKIT/cKq3iiN/HdJrylx83bArjPKEvurFZ+d7qrZ/Ek2s+4lJOpcSSdH4ZwKgfBI/KMWdMLI9PhQz1mc8IRiQWlAq2ieI3t6O1vTQCX7uCTIoCYm/UdBkpQihf2eQ3gTbaCZey1cNCv3kzu0WQ0mkfW+UTP2Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(71200400001)(9686003)(38070700005)(5660300002)(4001150100001)(966005)(186003)(4326008)(8676002)(52536014)(8936002)(66556008)(86362001)(6916009)(55016002)(66574015)(6506007)(83380400001)(2906002)(64756008)(66446008)(76116006)(66476007)(66946007)(53546011)(33656002)(316002)(7696005)(508600001)(38100700002)(122000001)(54906003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rkwt57oca1676GfXbTF1cVyZ56AAyDWHL529MgVYzKA8vUFNxfw8GBUNAskddIPXSIGEo4slpEc8Ud7HJgytQ5uwWIDHwJkFptMG0XgFiOhnfQGmn+7GQlAqLc4Wh0g/k4P72ZNleD8A5lLmwkiJ3RzIrjrL9UTGe8PNqNSxtNnaFHHpdokXnyYzufWdbgGAM+03HUQs4kO3whrZJvvOIllyC4Oda3+RQTt0SO1bEXX4EDb1+GMnDkhDSAwfM03eBk0esi286bjegc/OAW4EkrGf325D9h6sOtW10/MFKmvrSQ6zEk5P3Xdyno2ruI1qqzBC187CaEhdJzaN3PRPix96yWmfspYKQz9EzOFiHEEGYDozgrjYxQphBoAGLxJogen3JZdkUUGQsf4L/BcYurgtYY7kzkNMFSes16stWwmb/1UW57vnuTC5WFw3a7ZncUOlKJ0oxCD8kX0PhFcKsmIXITsRF3DO/WzqACM4t/hk1wpD9bSXPT/S6R08+ty80pg5D3BCC94ZqW0Ki5FBDl40HZFuPHZBNldiGxahdM2V+4wN4ldhXoKN5ysia3oFjhTzHT6OyseGVP0wtfRBryksP01M+OuiMpipgf5k+xdt3/LKmaDdBi4PRiiOuSFUYckhsakbG4k9BQ8HGApgLnzUpywhw+eCV4tw+rjPpe2fRzG9CgSQSHNm8ieWdn+bn+iqtOHXBK6XRB0Ca+evyUomkIeCtMtqRwPkyPrXQYo0y/6b1mKT2CTu+UsapMl8Z1nA7VnGjVYPOXFABcFLFgyz6mclPACHXR1YNnNRnZyCCDUJX6YQ3gB0DaUSndKSpgJ8lNY0spfIbRFCsHn+vkWvh0To6l6LWJZmG6suEtjwSlNb+sf72/2II5vG+F1L7/VEIB9kJrI52QXxomLEEyV1MXwQ+6qOETtgEHW/cOFINMzqJXZ6LkDfIAU2ZwLL3/CeeXgP0zRM3CW7S4X00mfXpXVkIW0pMEcoZtqnO7CcSuwMmG8whjSPVTl7L1RQQkRwV+HlYKfppoBKgHxS28/HPPlBMYA3XWWdKwV4w+T2ffSiBMy2q5cB7N8Pp9Dwk1RdX0ULVbND9waSpF3nTF60mxyb0hIT6j+DgJS7kSY94V3VvqLTo4gH8k8jqFOZ/5WRLqHNU2efnu6Hh2uAelpwZ3ms1wOHrSeN55CMqbJVKpzHFWeEQxpLMtGeI25hFwRmbq0u8BjcQpmrLHbnwMDLI2BRIDTOoNAN3ORIa4kIRuMx6muW3yplzraVGMNOQ1X6dDHztwDAOd3Iw5mmpwVyHZrKQz93bamYp1mSbyB3lLTNbZEO0JRaSA1q+vlwd/9qXqu710HLrpmpZ/f+aJt8hkfJymeLC+gsnQ3aWhxU2ALL61k9M6PyBkgZxylNJx4NFaxpiCUUtURKq42OTAt/IplJNpZSNlp39qmBZfhP9NTfpIfPwz9V2MBj1xkWLmeOG+kFKUqf6bgJAJ8MD8GHFmaBbFshM9E7qkNI2Cz/LjX2tHDfo3vIMIx9+QB/jsfWiUR09nvIMQmKjRC8wFuggWJDjA9d0etAoynr/K/8Bnc076f3DRxujZLJhuM4ylL3P1wLvf3rhVyWaTOBTcuxFly+wMgkKjfMYkgfNgDSPo0DxWvMlAGUItd1qCutiG00d8rioY7jwA+CN+96KA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5c9bca18-5250-401a-8b73-08d9a57552e3
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2021 00:42:36.8057 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YEccEz/OGcVBng2RSGVbPkjYkEjv77MRPvdv2RfJTDaUnIxnzO1nqGf+EA1qLy/nIU+HL9bS4+wvjcPnxZ7NKw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3800
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.21, xbe-rcd-006.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/f8hxB1cFO4-nJtJRigxO8uvY07I>
Subject: Re: [Idr] I-D Action: draft-wang-idr-bgp-error-enhance-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 00:42:47 -0000

There is another consideration.
Black holes.
A router that incorrectly withdraws can be mitigated by redundant routes.
A router that incorrectly advertises cannot be mitigated against.
It will spread a corrupted route around the network and cause black holes.
Redundancy is ineffective against black holes.
This is especially disruptive in a Clos network, because of the dense connectivity.
A rogue route from just one router can disrupt the whole fabric.

For this reason, I say, if you cannot be sure of the prefix, then kill the session.
It is a fallacy to try to keep faulty equipment partially working at all costs.
If in doubt, kill it.

Specifically:
---
3.1.  Prefix Length Error

If the length is wrong, it may be a previous length that was wrong
and the bytes being interpreted as a length field are actually
something else. Bottom line, the whole NLRI field cannot be trusted.

---
3.2.  Appears More Than Once

How do you know which one is wrong?
I could accept treating all of them as withdraw assuming they
can be parsed correctly.

---
4.2.  MP_REACH_NLRI

If the nexthop length is wrong, I could accept to parse the prefixes
and if the MP_REACH_NLRI is otherwise not in error, threat all
the prefixes as withdraw. To ignore would risk advertising incorrect routes.

Regards,
Jakob.


-----Original Message-----
From: Idr <idr-bounces@ietf.org> On Behalf Of Enke Chen
Sent: Wednesday, November 10, 2021 9:08 PM
To: Robert Raszuk <robert@raszuk.net>
Cc: idr@ietf. org <idr@ietf.org>
Subject: Re: [Idr] I-D Action: draft-wang-idr-bgp-error-enhance-00.txt

Hi, Folks:

I have several comments on the draft, and some of them are similar to
Robert's.  More specifically,

---
On 3.1: Prefix Length Error:

>>
   According to [RFC7606], when a NLRI/UNLRI or MP_REACH_NLRI/
   MP_REACH_UNLRI with invalid length, eg, IPv4 Prefix length is more
   than 32, we must drop this Prefix and ignore the following Prefixes.
   We may keep the prefixes we have parsed correctly before.
>>

This is not correct.  Regarding NLRI parsing, RFC 7606 does not relax the
error handling specified in RFC 4271:

   The NLRI field in the UPDATE message is checked for syntactic
   validity.  If the field is syntactically incorrect, then the Error
   Subcode MUST be set to Invalid Network Field.

In RFC 7606, we have clarified the "Syntactic Correctness of NLRI Fields"
in Sect. 5.3, and also emphasized the fundamental requirement or using
"treat-as-withdraw":

    o j. Finally, we observe that in order to use the approach of "treat-
       as-withdraw", the entire NLRI field and/or the MP_REACH_NLRI and
       MP_UNREACH_NLRI attributes need to be successfully parsed -- what
       this entails is discussed in more detail in Section 5.  If this
       is not possible, the procedures of [RFC4271] and/or [RFC4760]
       continue to apply, meaning that the "session reset" approach (or
       the "AFI/SAFI disable" approach) MUST be followed.

---
On 3.2 Appears More Than Once

    Again we want to make sure NLRIs are parsed correctly and fully.  It's
    difficult to know for sure when there are multiple MP_REACH_NLRI
    attributes or the MP_UNREACH_NLRI in one UPDATE message.

---
On 4.1 Nexthop

    As currently defined in RFC 4271, the procedure does not allow for graceful
    recovery from the error conditions, e.g,, after the duplicate
address is removed
    from an interface. There seems to be room for improvement, perhaps in a
    separate document.

---
On 4.2 MP_REACH_NLRI:

    Again, we must make sure the NLRIs are parsed correctly and fully. That
    is fundamental to the error handling specified in RFC 7606.

---
On 4.3 Prefix SID

    *If* there is an issue with the error handling in RFC 8669, then rfc8669bis
     would be more appropriate for making the correction, IMO.

---
On 4.4 Aggregator, AS4_Aggregator:

      Why does it matter?

---
On 4.5 ORIGINATOR_ID

     "Treat-as-withdraw" would be more disruptive, isn't it? That would contrary
      to the goal of the draft. I don't see a need for the change.

---
On 4.6 Cluster-list

     Did we ever define zero as an invalid CLUSER_ID? I do not recall
we did that,
     and I don't see a need for doing so now.
-----

Thanks.  -- Enke

On Sun, Oct 24, 2021 at 6:47 AM Robert Raszuk <robert@raszuk.net> wrote:
>
> Dear Authors,
>
> Below are my comments after review of your proposal.
>
> 1) There is no such thing as "MP_REACH_UNLRI" ... Please swap all occurances to "MP_UNREACH_NLRI". Likewise please adjust all "UNLRI" or define a priori what you mean by this abbreviation.
>
> 2)  Section 3.1 -
>
> You say:
>
> "Then we may also try to continue parse the next update packet if we can correctly find it."
>
> I don't think this is a good suggestion for the Standards track document.
>
> 3)  Section 3.2 -
>
> I disagree with the suggestion. If a speaker is sending more than one MP_REACH_NLRI or MP_UNREACH_NLRI it should be cut out as soon as possible from causing more damage.
>
> 4) Section 4.1 -
>
> I am not sure why there is any need to enumerate the same specific special IP addresses and not to list others. For example if I receive IPv4 next hop as 127.0.0.1 is this cool ?
>
> I recommend editing this:  "f) The IP address is not a invalid ip address." I think you mean to say:  "f) The IP address is not a valid ip address."
>
> 5) Section 4.2 -
>
> I don't think this is a good suggestion.  Likewise in the case  of same prefix being present in both MP_REACH_NLRI and MP_UNREACH_NRLI suggestion to "firstly process the Prefixes in the MP_REACH_NLRI then process the Prefixes in the MP_REACH_UNLRI" is not good.
>
> 6) Section 4.3 -
>
> How can you treat it as withdraw something which is part of the "malformed prefix-SID attribute" ?
>
> 7) Sections 4.4 & 4.5 & 4.6 -
>
> Why are you suggesting again to check and detect special cases of *only* all zero addresses ? There are lot's of special IPv4 or even more IPv6 addresses to detect. I am not sure if we need to educate implementers about those in the BGP spec.
>
> Conclusion:
>
> If WG agrees that there are some valid suggestions in your proposal we should issue a RFC7606bis and not separate draft updating it like you are suggesting. So far to me like there is no substance to even go for -bis version of 7606.
>
> Yes, the BGP-4 protocol running on TCP is not bullet proof when it comes to handling bad implementations or malicious protocol attacks. Your figure 1 illustrates this well. But even with all suggestions listed there still remains lot's of attack vectors if someone has access to inject bad BGP packets to your network.
>
> I think we should consider using new transport which no longer runs on TCP and essentially not only treats all SAFIs as fully independent streams but also cut's interdependencies between all NLRI even with given SAFI.
>
> Good news is that some proposals in this direction are starting to pop-up in this WG, IMO already opening new doors for the new (hopefully much more robust) BGP version.
>
> Many thx,
> Robert
>
>
>
> On Sun, Oct 24, 2021 at 2:06 PM <internet-drafts@ietf.org> wrote:
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>>         Title           : Revised Error Handling for BGP Messages
>>         Authors         : Haibo Wang
>>                           Ming Shen
>>                           Jie Dong
>>         Filename        : draft-wang-idr-bgp-error-enhance-00.txt
>>         Pages           : 8
>>         Date            : 2021-10-24
>>
>> Abstract:
>>    This document supplements and revises RFC7606.  According to RFC
>>    7606, when an UPDATE packet received from a neighbor contains an
>>    attribute of incorrect format, the BGP session cannot be reset
>>    directly.  Instead, the BGP session must be reset based on the
>>    specific problem.  Error packets must minimize the impact on routes
>>    and do not affect the correctness of the protocol.  Different error
>>    handling methods are used.  The error handling methods include
>>    discarding attributes, withdrawing routes, disabling the address
>>    family, and resetting sessions.
>>
>>    RFC 7606 specifies the error handling methods of some existing
>>    attributes and provides guidance for error handling of new
>>    attributes.
>>
>>    This document supplements the error handling methods for common
>>    attributes that are not specified in RFC7606, and provides
>>    suggestions for revising the error handling methods for some
>>    attributes.  The general principle remains unchanged: Maintain
>>    established BGP sessions and keep valid routes updated.  However,
>>    discard or delete incorrect attributes or packets to minimize the
>>    impact on the current session.
>>
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-wang-idr-bgp-error-enhance/
>>
>> There is also an htmlized version available at:
>> https://datatracker.ietf.org/doc/html/draft-wang-idr-bgp-error-enhance-00
>>
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>>
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwICAg&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=SI6tanfZVs9gnmPKxxAheSBJdycZtcVWA5R6ub0TPz0&s=Kx7piVPCBN7qQf0IR_Ue8GQC2a_BNjdKR_7ybyNWWBc&e=

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email