Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt

Robert Raszuk <robert@raszuk.net> Wed, 12 May 2021 21:50 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE3623A1792 for <idr@ietfa.amsl.com>; Wed, 12 May 2021 14:50:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xj9P5fUSTehi for <idr@ietfa.amsl.com>; Wed, 12 May 2021 14:50:28 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D16353A3DFD for <idr@ietf.org>; Wed, 12 May 2021 14:33:44 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 131so6027576ljj.3 for <idr@ietf.org>; Wed, 12 May 2021 14:33:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wSuGbubbR3wrkTR7w7X2zlezF1ALbk8q9ZFeAPHXYQk=; b=Hbo6MM+v2sAZdrFchEpQj8guHbfXzWHXIVMO/4ait5JU5nXFOf2VqLRmqHMF6zsKsj q0yDRgS99bQq2QdzocQsVh2qX+xX1kQGEqEWUBk4Q6oS+IVatvQCV8j59ninqAYHl7TN uVl2fBbeWprCXEEp8Fbg90C5viCLGTy7uQLYA4TS2Pvub+hWJ+7QOx9+x1GViEzsCOQy cd9b7ybs2euBX4z4lyUcspFd18t+16dg43RFdKLpTR4j5pG9AwdYtl8T+J62uUI/M8SP tKUHjmJoeyzMITdNnGEQQkNNNIcklHcXsRz06/2sYrJAIcYIXAnP38NOHE21JnN7tSZS BszQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wSuGbubbR3wrkTR7w7X2zlezF1ALbk8q9ZFeAPHXYQk=; b=fPMF3xPU7nV4EFxAIk2Ac0Nucl0gsoyhW+CtwtBsSCeriQxPbBUz14h2uId6B3Kq3q pdbWaReFlD2SY9PRqrTl1EKgMgWKI1nretyoHM0UR9CBX9zF2KbFHfP56uySGktV9bPN /4Ed7nzEoZr7vjcyd3WN9LMZjNEw2zyM3JANKwnwlsKe6vt3X6m9fQqrAH8iKmPXPwla zuLLfeOAfEQk1tq9Xcr15Lu37HOVjpPJfVsOlQEwhQ6OI91YT0Sm+VrhWTuFwemguvX/ iYRYUXB0ztdy6BaOqxEjXYslUJsSWuzKT3vrlRuA8R6yCQg61Qo9fDfu7VwhINgT1BCL Hulw==
X-Gm-Message-State: AOAM530I28Y6jIxgn28AtxUzBY3ZfOFB1jbVmsZdQgwx4Fjo7q0yC24U zGzFixf7zFARPmR1z/U/l8FX3jqEGbbU4Er4GKMw0w==
X-Google-Smtp-Source: ABdhPJym08Owpgu6iWxB3C2ws867/BykDDbuboW6SxrCvJIjAX6UwyZgqwpKp8/1m3UhgogclAqh5XUi8UxJ1X8CkPI=
X-Received: by 2002:a2e:b4c6:: with SMTP id r6mr30389722ljm.37.1620855221671; Wed, 12 May 2021 14:33:41 -0700 (PDT)
MIME-Version: 1.0
References: <161843563034.11054.13811966622190622752@ietfa.amsl.com> <CAOj+MMH=cCgtn7cL=HvOjQOMH1B9tmjOYOT04jXE9oky4SuevQ@mail.gmail.com> <YHhJTB51/joiz9Pg@snel> <CAOj+MMEFOGm=hCQcZNAUoN8vsPeVT3gqnjsQihUMJo4AOObZfw@mail.gmail.com> <CALxNLBhtQDDo9Dn7vBAZx+RbVwJ5BSbZfRS1wGStt_k7C2nPuQ@mail.gmail.com> <CAOj+MMHDPGt30deY6KtC+E-5eD9Q8cRtrL-xydLhsNic7KBdSw@mail.gmail.com> <CALxNLBi5Borzgr6ntRZHu0P6dnEcoZ8pk7=JKKfRhNcUbv873w@mail.gmail.com> <CABNhwV2mUP2f8sKdqOEde35U6a5idY+XGWNf0G2rzheRULhmmw@mail.gmail.com> <BYAPR11MB3207A318E89779FDBE4F1EDFC0529@BYAPR11MB3207.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3207A318E89779FDBE4F1EDFC0529@BYAPR11MB3207.namprd11.prod.outlook.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Wed, 12 May 2021 23:33:30 +0200
Message-ID: <CAOj+MMGpsLcdPynRWOiUK6-8Gx+MtwtPyOBLJDW8EsXknWXJ1w@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, Melchior Aelmans <melchior@aelmans.eu>, "idr@ietf. org" <idr@ietf.org>, Melchior Aelmans <maelmans@juniper.net>
Content-Type: multipart/alternative; boundary="000000000000b8673205c228c348"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/hIiYph8YCHWqud-AZpLpsU1iMr8>
Subject: Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 21:50:34 -0000

Jakob,

Spot on.

That is why I mentioned that the very same max-prefix when applied
pre-policy vs post-policy can have a different value.

But I guess this is implementation thing not so much an IETF draft one.

Thx,
R.

On Wed, May 12, 2021 at 11:26 PM Jakob Heitz (jheitz) <jheitz@cisco.com>
wrote:

> The reason to terminate the session is illustrated in:
>
>
> https://datatracker.ietf.org/meeting/104/materials/slides-104-grow-bgp-maximum-prefix-limits-00
>
>
>
> Suppose you have a customer whose prefix advertisements vary somewhat,
>
> so you give him a decent margin. Suppose you set max-prefix to 1000
>
> and on a fateful day he advertises 200 prefixes.
>
> You have some good inbound filters for him, but not perfect, again,
>
> because the prefixes he advertises vary somewhat.
>
> Now, on this day, he leaks the internet to you and you manage to filter
> most of it out,
>
> but several routes sneak past your filter and leak.
>
> Those that sneak past your filter are not enough to trip your max-prefix
> of 1000.
>
> If you have a pre-policy max-prefix of, say, 10000, that will easily catch
> the leak
>
> and you could terminate the session to stop the leak.
>
>
>
> Regards,
>
> Jakob.
>
>
>
> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of * Gyan Mishra
> *Sent:* Wednesday, May 12, 2021 12:20 AM
> *To:* Melchior Aelmans <melchior@aelmans.eu>
> *Cc:* idr@ietf. org <idr@ietf.org>rg>; Melchior Aelmans <maelmans@juniper.net>et>;
> Robert Raszuk <robert@raszuk.net>
> *Subject:* Re: [Idr] I-D Action: draft-sas-idr-maxprefix-inbound-02.txt
>
>
>
>
>
> After thinking about it I agree that that the prefix pre and post can
> definitely be different.  The pre policy is a copy of the adj-rib-in stored
> separately in memory so the limit values can definitely be different. In
> such case as the pre policy is pre inbound filter so it can have a very
> high water mark for maximum prefix, and the post policy would have the
> maximum prefix exact value to trigger the neighbor being clamped down. In
> general the trigger event peer being clamped down would happen on the post
> policy adj-rib-in as that value would always be lower then the pre policy
> adj-rib-in.  In that respect thought I can’t see a scenario where the pre
> policy maximum prefix would take down the peer over the post policy maximum
> prefix.  That being said I am not sure we really need a pre policy maximum
> prefix.
>
>
>
> I understand the reason behind it to save on memory copy of tbt ash-rib-in
> but I don’t think the action that the peer must be taken down if pre policy
> maximum is exceeded if the post policy is not exceeded.  The post policy
> the control plane rib is programmed into hardware for forwarding so there
> is more impact to resources both control and data plane for post policy as
> opposed to pre policy is control plane copy and also is not advertised to
> other peers as well as are pre policy prefixes.  Much less impact if pre
> policy is exceeded.
>
>
>
> I think the case where a peer advertisement went from 100k to 2M and the
> pre policy was set to
>
> 1M and the post policy was set to 100k and 100k was received in this case
> if it was a Must to clamp down the peer due to pre policy being exceeded
> where post policy was not exceeded  I don’t think that’s a good idea as is
> impacting.  I think for pre policy maybe only a warning should be allowed
> but not clamping down the peer.
>
>
>
> Gyan
>
>
>
>
>
> On Tue, May 11, 2021 at 12:13 PM Melchior Aelmans <melchior@aelmans.eu>
> wrote:
>
> Ack Robert, thanks for confirming.
>
>
>
> Cheers,
>
> Melchior
>
>
>
> On Tue, May 11, 2021 at 3:51 PM Robert Raszuk <robert@raszuk.net> wrote:
>
> Hi Melchior,
>
>
>
> After rethinking this I think the current text in the draft is ok.
>
>
>
> It is after all optional cfg and if vendor supports both pre and post
> policy max-prefix limit inbound the configured numbers may not need to be
> identical.
>
>
>
> Thx,
>
> R.
>
>
>
>
>
> On Tue, May 11, 2021 at 3:22 PM Melchior Aelmans <melchior@aelmans.eu>
> wrote:
>
> Hi Robert, all,
>
>
>
> First of all thanks for your feedback!
>
>
>
> The part we are confused about is that soft-reconfiguration inbound is a
> Cisco command to enable adj-RIB-In which then stores all the received
> routes. On Juniper and OpenBGPd (and possibly other implementations as
> well) adj-RIB-In is enabled by default and protected by a maximum-prefix
> limit inbound.
>
> Could you please elaborate on what you are exactly trying to describe and
> as Job suggested make suggestions for text adjustments?
>
>
>
> Thanks!
> Melchior
>
>
>
> On Thu, Apr 15, 2021 at 4:36 PM Robert Raszuk <robert@raszuk.net> wrote:
>
> Hi Job,
>
>
>
> The distinction between Per and Post policy is clear.
>
>
>
> Inbound Prefix Limit may (depending on implementation) apply to either or
> both of those processing stages.
>
>
>
> The observation I am trying to make is that IMHO soft in is not really a
> Pre Policy in a sense that you must not apply Prefix Limit to it. Otherwise
> the entire idea of soft-in becomes questionable.
>
>
>
> To me perhaps the proper way to visualize it is actually to divide Pre
> Policy into two blocks - ALL Prefixes and Pre-Policy Prefix-Limited. All
> Prefixes block would occur only when soft in is enabled. Otherwise some may
> expect or request to apply Inbound Prefix Limit before routes are stored
> when soft reconfiguration inbound is enabled.
>
>
>
> Or perhaps you actually want to do that sort of breaking that knob ?
>
>
>
> Many thx,
>
> R.
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Apr 15, 2021 at 4:10 PM Job Snijders <job@fastly.com> wrote:
>
> Dear Robert,
>
> On Thu, Apr 15, 2021 at 02:16:12PM +0200, Robert Raszuk wrote:
> > I think I have one question or suggestion.
>
> Your review is appreciated!
>
> > As you all know some implementations allow you to explicitly force BGP
> > speaker to keep (pre-policy) all routes/paths received.
> >
> > Example:
> >
> > neighbor 192.168.1.1 soft-reconfiguration inbound
> >
> > The draft does not seem to comment on this case yet if implementation
> > maintains the above behaviour at least some of the justifications for
> > the document is gone.
>
> Interesting, the draft's objective is to clarify that inbound limits can
> be applied at multiple stages of the pipeline (pre and post policy), not
> all Network Operating Systems appear to offer this (operationally
> speaking much needed) granularity, and through this draft we hope to
> clarify to implementers that it is something worth considering to add.
>
> > I think that draft should at least mention such behaviour, not force to
> > change it however put some light that if
> > configured by the operator some of the benefits of inbound prefix limit
> > will not be fully effective.
>
> What you call 'soft-reconfiguration inbound' ends up storing into what
> the draft refers to as 'Pre Policy'. (At least... that is the intention,
> it is possible the text is readable to us but not easy to understand for
> others)
>
> Do you have specific text in mind to add to the draft to clarify this?
>
> Kind regards,
>
> Job
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
> --
>
> <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions Architect *
>
> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>
> *M 301 502-1347*
>
>
>