IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt

Jakob Heitz <jakob.heitz@ericsson.com> Thu, 06 December 2012 18:07 UTC

Return-Path: <jakob.heitz@ericsson.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9DE21F880D for <idr@ietfa.amsl.com>; Thu, 6 Dec 2012 10:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbvL0g2g1GdK for <idr@ietfa.amsl.com>; Thu, 6 Dec 2012 10:07:50 -0800 (PST)
Received: from imr4.ericy.com (imr4.ericy.com [198.24.6.9]) by ietfa.amsl.com (Postfix) with ESMTP id 5666D21F8654 for <idr@ietf.org>; Thu, 6 Dec 2012 10:07:48 -0800 (PST)
Received: from eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) by imr4.ericy.com (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id qB6IHIgG020375; Thu, 6 Dec 2012 12:17:19 -0600
Received: from EUSAAHC003.ericsson.se (147.117.188.81) by eusaamw0712.eamcs.ericsson.se (147.117.20.181) with Microsoft SMTP Server (TLS) id 8.3.279.1; Thu, 6 Dec 2012 13:07:38 -0500
Received: from EUSAAMB109.ericsson.se ([147.117.188.126]) by EUSAAHC003.ericsson.se ([147.117.188.81]) with mapi id 14.02.0318.001; Thu, 6 Dec 2012 13:07:38 -0500
From: Jakob Heitz <jakob.heitz@ericsson.com>
To: "Saikat Ray (sairay)" <sairay@cisco.com>
Thread-Topic: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
Thread-Index: AQHNyBxqy9fEwUYlVUSnx1DosT0Aspf0/iwAgBcupYCAADNcgP//yMCq
Date: Thu, 06 Dec 2012 18:07:38 +0000
Message-ID: <94913EE5-2864-4EE2-B474-9631430B1E22@ericsson.com>
References: <20121121191321.6164.6887.idtracker@ietfa.amsl.com> <50AD2986.90705@cisco.com> <058b01cdd3b4$9f5193b0$ddf4bb10$@highwayman.com>, <8ED5B0B0F5B4854A912480C1521F973A0F4940@xmb-rcd-x13.cisco.com>
In-Reply-To: <8ED5B0B0F5B4854A912480C1521F973A0F4940@xmb-rcd-x13.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "idr@ietf.org" <idr@ietf.org>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2012 18:07:51 -0000

Some length errors will not be detected as length errors, but as misinterpretation of subsequent bytes.

You must accept receipt of any legal combinations of NLRI and attributes, even if they seem weird.

If you get a message length too long error, the most likely result will be that you misinterpret the 0xFF's as NLRI and get an NLRI length error.

--
Jakob Heitz.


On Dec 6, 2012, at 8:25 AM, "Saikat Ray (sairay)" <sairay@cisco.com> wrote:

> -----Original Message-----
> From: idr-bounces@ietf.org [mailto:idr-bounces@ietf.org] On Behalf Of Chris Hall
> Sent: Thursday, December 06, 2012 5:22 AM
> To: idr@ietf.org
> Subject: Re: [Idr] I-D Action: draft-ietf-idr-error-handling-03.txt
> 
> I've been trying to adjust the error handling in Quagga bgpd to follow this draft, without success.
> 
> If an update message arrives and there is a problem with one or more significant attributes, then if (and only if) *all* the NLRI in the update can be identified, then treat-as-withdraw is an excellent alternative to crashing the entire session.
> 
> This much is clear, and clearly a step forward.  If only it were possible to "parse" attributes individually....
> 
> [SR] In which way is the attribute "broken"? If the receiver ever thinks/knows that it has lost the sync 
>         (i.e., the knowledge of TLV to byte mapping) on the tcp stream, it must reset the session.
>         So if an attribute is broken because of any length issue, the session needs to be reset.
> 
> ....but since it is not: when faced with a broken set of attributes, I do not see how the receiver can be certain that it has correctly and completely identified all NLRI.
> 
> RFC4271 allows for an update to contain any and all combinations of vanilla IPv4 Unicast NLRI (reachable and/or unreachable) and MP NLRI (also reachable and/or unreachable).  Given that one broken attribute may obscure following ones, the receiver can be certain that it has correctly and completely identified all NLRI if, and only if, it has extracted *both* a complete MP_REACH_NLRI *and* a complete MP_UNREACH_NLRI attribute.  Otherwise, the receiver must, in effect, prove a negative: that one or both attributes were not sent.
> 
> The draft acknowledges the issue, and requires that "the MP_REACH_NLRI or MP_UNREACH_NLRI attribute (if present) SHALL be encoded as the very first path attribute" (should that be "and/or" rather than "or" ?).
> How is the receiver to know that the sender is following this new rule ?  Can it simply assume that to be the case ?  Apparently the answers
> are: it cannot and may not, in that order -- since the draft also says "... MUST still be prepared to receive these fields in any position".
> 
> If the receiver cannot know (or simply assume) that the new rule is being followed, then given a broken set of attributes:
> 
>  * if there are vanilla IPv4 NLRI:
> 
>     - can it be assumed that there are no MP NLRI
>       if none can be extracted ?
> 
>  * if there are no vanilla IPv4 NLRI:
> 
>     - can it be assumed that if MP_REACH_NLRI can be
>       extracted then there will be no MP_UNREACH_NLRI ?
> 
>     - if the only attribute is MP_UNREACH_NLRI then
>       everything is fine.
> 
>       But if any other attribute is present, if no 
>       MP_REACH_NLRI can be extracted, should the
>       receiver assume that one is missing (hidden by
>       a broken attribute) ?
> 
>       The answer to that appears, currently, to be yes.
>       But that excludes, forever, the ability to attach
>       extra information to a withdraw update.
> 
>     - if neither MP_REACH_NLRI nor MP_UNREACH_NLRI
>       can be extracted, can it be assumed that this
>       is an empty UPDATE ?  Or is this a session-
>       crashing-error ?
> 
> Of course, if the session is only carrying vanilla IPv4 Unicast, life is easy.
> 
> But otherwise, it seems to me that in order to make use of the "treat-as-withdraw" mechanism, the receiver of a broken set of attributes has to make some significant assumptions about the behaviour of the sender.  I do not know which, if any, of those assumptions it is safe to make.
> 
> I am, of course, assuming that having received a broken UPDATE, it is
> *essential* to avoid continuing with the session unless *all* NLRI referred to in that UPDATE have been "treated-as-withdraw".
> 
> Chris
> 
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email