Re: [Idr] I-D Action: draft-ietf-idr-deprecate-as-set-confed-set-01.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 04 November 2019 03:45 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21F7C1209B4; Sun, 3 Nov 2019 19:45:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iLdItlRewG-2; Sun, 3 Nov 2019 19:45:11 -0800 (PST)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on20725.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d04::725]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCF3D1208DE; Sun, 3 Nov 2019 19:45:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TMvtS8H/a5nI4jFRZ9DHQF+ORrWcBbgohgtG3yWDjDQFwkxkHkLgcFkpUjHCFb6b9t3zJZE8Wu2L8lqunxPxFgYIRcUV6kc9xqFV11qHF605fCWbKEI0Asc/lGW9XFs46IlFttTK+ancaeCsAf68BsaGrC5+pB2q2bICx361eL++o+Z0aNTEm4bbkdMlK2lS8P3dErCkhpDXq3w9Y2DKiDYbSlHh15OTOSshBba4pElH3idRyjJUbaiAYbhRST4H1tfz49nbYXBWPfU5M8VbJXWQZ5GaPFIRjIrTypwMdFSUZddPk+bv/Hj23vwrji6atdS3F/rX/mj8gUFYiC6GwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0L4CllKN98/YTeeZnc5Z2/EudIn7A18WFHFYQP6Lzgk=; b=MrV9rVIsznBSB5nhkkwVnBZivwobGdoUFG2DpE1gDQTsZ+huw8kLHZRPuGJmvyOcb3UxrdNPM1xyh4Lw7n4u0C1/WDnq9UNTwbagFjcPkh3UNxEvrfLaSOm95BV3KjN2txGKIkIks7yuD+CldEJWy4s5EqEWY5NNoQJvQkOKn8x1fAbHvSkS+L4tFXGUmca6IpRcHln1cMd3zuYQnR1KMNS834kEiK0dFSVojj0gq1FmHskMsvPvhSOMs8pdaU0ZAs6BWGZDI942F44uU/A9qcq5PKZlUL1IOGSpaxjpYAJP723gH27K6fRLH6/ns1lebYTUnx1neJNLU3pJOwACVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0L4CllKN98/YTeeZnc5Z2/EudIn7A18WFHFYQP6Lzgk=; b=el1IqhT7EokfZEc+HFjWqCRWVr7AQclgp6p+UUAxj6+QDsqftZjZKJvuJYeNihnnLF/nPp0mKkyIN5Yuxma+i3o16BYOlg2ZJrho1jvKpiREiekeZsFH5IbpktsTbF9FiDkWO5uc5OowACYd5py0nDX7uBTb57UGNk8UxXKPGe8=
Received: from BN6PR09MB1331.namprd09.prod.outlook.com (10.172.21.141) by BN6PR09MB1395.namprd09.prod.outlook.com (10.172.23.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Mon, 4 Nov 2019 03:45:07 +0000
Received: from BN6PR09MB1331.namprd09.prod.outlook.com ([fe80::181a:59eb:8812:1c84]) by BN6PR09MB1331.namprd09.prod.outlook.com ([fe80::181a:59eb:8812:1c84%7]) with mapi id 15.20.2408.024; Mon, 4 Nov 2019 03:45:07 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Jeffrey Haas <jhaas@pfrc.org>, john heasley <heas@shrubbery.net>
CC: IDR <idr@ietf.org>, "draft-ietf-idr-deprecate-as-set-confed-set@ietf.org" <draft-ietf-idr-deprecate-as-set-confed-set@ietf.org>
Thread-Topic: [Idr] I-D Action: draft-ietf-idr-deprecate-as-set-confed-set-01.txt
Thread-Index: AQHVjluVoTpoC+/qz0m2Y+VpQuzaA6dyJcOAgAg9gCw=
Date: Mon, 4 Nov 2019 03:45:06 +0000
Message-ID: <BN6PR09MB13310C894E01C67E7E4DC761847F0@BN6PR09MB1331.namprd09.prod.outlook.com>
References: <BN6PR09MB13317B7AD6F4229F5E00FDD284610@BN6PR09MB1331.namprd09.prod.outlook.com>, <20191029213844.GC10145@pfrc.org>
In-Reply-To: <20191029213844.GC10145@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [132.163.220.245]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b483732a-13ea-48e2-18c3-08d760d962a1
x-ms-traffictypediagnostic: BN6PR09MB1395:|BN6PR09MB1395:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN6PR09MB1395D64A859CC05ACFD4FBA3847F0@BN6PR09MB1395.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0211965D06
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(366004)(376002)(396003)(39850400004)(346002)(189003)(199004)(478600001)(71190400001)(71200400001)(6436002)(7736002)(3846002)(2906002)(6116002)(316002)(66476007)(99286004)(54906003)(81166006)(26005)(81156014)(66556008)(305945005)(74316002)(55016002)(9686003)(6306002)(66946007)(91956017)(66066001)(76116006)(229853002)(7696005)(8936002)(110136005)(64756008)(66446008)(186003)(486006)(8676002)(4326008)(6506007)(6246003)(966005)(5660300002)(14444005)(86362001)(256004)(76176011)(102836004)(52536014)(33656002)(14454004)(25786009)(11346002)(446003)(476003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR09MB1395; H:BN6PR09MB1331.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CUoPydqxdYno05CwP9Jig+3qKuu3M2opoUOXiqw952WP7gF1OPjBW1+XrtvGpdg7Y9cLrTGurwsmOfL2L0B3Q2cd7+JX4rHCFy/ZBZPj18U708MTOVX0n8AdY45xxguBqvoExBH/zJnPHktLzPq9ARvSaWOD8fAifIJN6ikGe1649PQJYhn3eRJMfXxgow0XyPqDdGxpbhWcOwg3X8SZ4fJRiXbmSbPLIBmV7xrRjH7s4mVr2tyRL5oSSE5s3xOV7F5EAEJbENiIX8QgVqtmgqoi0skkSdk6DZTsODtrBNgNRglBMxsS3IbSBcC0hB80N8G6Ld7VhldCnomEPqIFoBlhAlW49igoqs+0V4G9Bh5wET2xH8HcAO4V3QzoEmrg4w3mWGe8qc75PDLkwS13xIkTBHeTK5XS7lofx6CpWdhUMDLwXb3ZZztl3FUucv9I3Fbxbf/0xMQfd/LMtbEz9pG1WD8xhsUbnwQ32RinRGI=
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: b483732a-13ea-48e2-18c3-08d760d962a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2019 03:45:07.0651 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: N4ZhRK2le7ViSDvuDg3CsW30Rmi826ysNI1biazA+nl8sZDMYopWyzzDz7plUh0JWLD84qOAez8/rN9gWnuRNA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR09MB1395
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/fcafNbuvgdyl302Ptxfey2D011w>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-deprecate-as-set-confed-set-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 03:45:18 -0000

Jeff,

Thank you for a careful review and comments.
Sorry for the delay in responding. My comments inline below.
I have uploaded version -02 draft with suggested changes from you
and John Heasley; so you may look at the diff file as well in datatracker:
https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-deprecate-as-set-confed-set-02 

> 
> Sriram,
> 
> Comments somewhat out of order from the diff:
> 
> Section 4:
> While well intentioned, this is clumsy in terms of a mandate on how BGP-next
> is authored.  BGP is all about incremental deployment and thus just like we
> can't simply "pretend this doesn't exist" for current code, the same will be
> true for future code.
> 
> Suggested text:
> 
> This document deprecates the AS_SET (type 1)  AS_PATH segment type from
> RFC
> 4271.  BGP Speakers conforming to this document SHOULD NOT* send BGP
> Update
> messages containing this AS_SET type.  Upon receipt, BGP Speakers
> conforming
> to this document should use the "Treat-as-withdraw" error handling behavior
> as per RFC 7606.
> 
> (and similar text for confed-set)
> 
> * The case here is SHOULD NOT rather than MUST NOT because you're
> providing
> the option for a knob to let the old behavior work.

Agree with you except we need to have “MUST NOT” for 
locally generated (initiated) updates with AS_SET. 
And it is “SHOULD NOT” for receipt and forwarding as you suggest.

I have tweaked the text (per your suggestion for the most part) 
in the updated -02 draft as follows: 

   “This document deprecates the AS_SET (type 1) AS_PATH segment type
   from [RFC4271].  BGP speakers conforming to this document (i.e.,
   conformant BGP speakers) MUST NOT locally generate BGP UPDATE
   messages containing AS_SET.  Conformant BGP speakers SHOULD NOT send
   BGP UPDATE messages containing AS_SET.  Upon receipt of such
   messages, conformant BGP speakers SHOULD use the "Treat-as-withdraw"
   error handling behavior as per [RFC7606].”

Yes, similar wording change has been made for confed-set. 

> 
> Section 1:
> "The aggregation as described above could also create traffic engineering
> issues, because the precise path information for the component prefixes are
> not preserved."
> 
> This is rather the whole point of the "atomic aggregate" feature of BGP-4
> specs.  But it's a vestigial feature and we shouldn't fix it.  The
> underlying point is when you KNOW that it's an aggregate, and there's
> components you're not talking about, don't de-aggregate because you may do
> Bad Things to the routes in question.  The usual presumption is that the
> more specific routes are percolating far enough that this is hopefully NOT a
> problem... and good luck with that, because they might get filtered.  (This
> is one of the reasons the signaling is vestigial.)
> 
> The effective point here is that if you ARE doing any sort of filtering of
> more specifics as part of trying to be conformant with this document, we're
> hitting exactly that set of considerations.  Ideally, this wouldn't be
> important.  Practically, we have outages every few months caused because
> people deploy tools that deaggregate routes for traffic optimization
> purposes, and those de-aggregated routes get leaked.

We are not suggesting “… doing any sort of filtering of more specifics …”.
I have removed the text you’ve cited. That text is not necessary.
So, I think we are good now.  
 
> 
> The implications:
> - You have to provide an entire revised section 9.1.4 for RFC 4271.

This is no longer relevant given my response above.
However, section 9.1.4 says (in the last paragraph):
   “If a BGP speaker chooses to aggregate, then it SHOULD either include
   all ASes used to form the aggregate in an AS_SET, or add the
   ATOMIC_AGGREGATE attribute to the route.”
We could recommend changing it to:
   “If a BGP speaker chooses to aggregate, then it SHOULD 
   add the ATOMIC_AGGREGATE attribute to the route.”

> 
> Misc. open issue:
> - What do you do about "atomic aggregate?"
> - You're also deprecating appendix  F.6 of RFC 4271
> - You're modifying recommendations for appendix F.4 of RFC 4271.
> 

I think we don’t need to change anything about ATOMIC_AGGREGATE
for the purpose of this document.

Yes, we can say “deprecate appendix  F.6 of RFC 4271”.  
We can say the same about F.4 “deprecate appendix  F.4 of RFC 4271”.  
F.4 is no longer relevant when AS_SET is deprecated.

However, I think rather than get specific about such instances, 
it better to have an overarching statement. So, the draft now includes
this statement in Section 4:

   “Wherever mentions of AS_SET or AS_CONFED_SET occur in [RFC4271] and
   [RFC5065], appropriate modification or elimination of the text must
   be made in future RFCs that would replace these RFCs, consistent with
   the deprecation of AS_SET and AS_CONFED_SET.”


> Section 3:
> 
> "Network operators" is likely the wrong voicing here, even though the advice
> is to network operators.  (BGP Speakers announce routes.)
> 

I’ve updated the text that involved voicing network operators and moved it
down within the section. I think network operators can be proactive and 
not use AS_SET/AS_CONFED_SET even with current implementations.   

> The related changed text likely needs something similar to my
> recommendation for section 4 above.

Yes, the new text at the top Section 3 is:

   “BGP speakers conforming to this document (i.e., conformant BGP
   speakers) MUST NOT locally generate BGP UPDATE messages containing
   AS_SET or AS_CONFED_SET.  Conformant BGP speakers SHOULD NOT send BGP
   UPDATE messages containing AS_SET or AS_CONFED_SET.  Upon receipt of
   such messages, conformant BGP speakers SHOULD use the "Treat-as-
   withdraw" error handling behavior as per [RFC7606].”
 
> 
> :    Route aggregation that was previously performed by proxy aggregation
> :    without the use of AS_SETs is still possible under some conditions.
> :    When doing this, operators MUST form the aggregate at the border in
> :    the outbound BGP policy and omit any prefixes from the AS that the
> :    aggregate is being advertised to.  As with any change, the operator
> :    should understand the full implications of the change.
> 
> This text is very imprecise.
> 
> The following things happen in proxy aggregation:
> - The aggregated routes are not sent to the networks that provided
>   contributors.  This is a side effect of the as-set being formed.
>   + As a result, the contributing networks are expected to need the more
>     specific routes that are the aggregate contributors.
> 
> How do you do this?

I have removed the text you’ve cited. That text is not necessary
for the purpose of this draft.  

Regarding your question “How do you do this”, here is my two cents worth.
I think if AS X is aggregating (without using AS_SET) P1/24 (from cust. A), 
P2/24 (from cust. B), P3/24 (from cust. C)  and P4/24 (from cust. D) to P/22,
then AS X will announce the P/22 aggregate to its transits and later peers
(while including ATOMIC_AGGREGATE attribute in the aggregate update),
but not to the customers. AS X will announce to each of the four customers,
only the more specific prefixes contributed by the other three customers. 
In addition, RFC 4271 (sec. 9.1.4) says the following for all other ASes
(transits, peers, customers of peer, etc.) that receive the aggregate:  
 “In particular, a route that carries the
   ATOMIC_AGGREGATE attribute MUST NOT be de-aggregated.”  

I don’t think we need to put text in the document regarding the above
since it seems to be adequately covered in RFC 4271. Your take?

Sriram