IETF Logo Mail Archive

Re: [Idr] comment on draft-ietf-idr-bgp-extended-messages

li zhenqiang <li_zhenqiang@hotmail.com> Fri, 09 June 2017 03:11 UTC

Return-Path: <li_zhenqiang@hotmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D588129408; Thu, 8 Jun 2017 20:11:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.874
X-Spam-Level:
X-Spam-Status: No, score=0.874 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vn63Rmq_lou2; Thu, 8 Jun 2017 20:11:48 -0700 (PDT)
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-oln040092253075.outbound.protection.outlook.com [40.92.253.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEFFB128CDB; Thu, 8 Jun 2017 20:11:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Hjz1dINOftiSeIcxDzo3+LnCGp2qxGRwwc+7zDeRhhI=; b=RvKyy4gG3BsbjuCZ2X0V4QB+coSsDoPDccS21KR2swEYjb1x0BS49S9uuhn13nBxSRPbJGLgI+/0x6JzeX/iQrpp0o3t/V/pj6EXakprEfvaL9raGigPhr0CjDIIIvs27j3a4ILuLmrow8nh4+QFtyLSiJVtx1f8YyJ/g1cAmHBW2XsMJ7ZdCSYF4K9WuF/Jll2W4UIAO4OMfkSFmSxT/aJCQ3NnriF8gDKkJY1oMOxgwfbxE5G5rCTKTRh5f2Khujhxg4tFnvvzDzj/i6Z13hc1R2YRRiCIxmxub2QFXIhTgZNGpt7oXeMBSkoAU340mSz0ggYFufj9yZVBQOGz+w==
Received: from HK2APC01FT040.eop-APC01.prod.protection.outlook.com (10.152.248.52) by HK2APC01HT030.eop-APC01.prod.protection.outlook.com (10.152.248.246) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1143.11; Fri, 9 Jun 2017 03:11:44 +0000
Received: from HK2PR0601MB1361.apcprd06.prod.outlook.com (10.152.248.54) by HK2APC01FT040.mail.protection.outlook.com (10.152.249.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1143.11 via Frontend Transport; Fri, 9 Jun 2017 03:11:44 +0000
Received: from HK2PR0601MB1361.apcprd06.prod.outlook.com ([fe80::2115:a445:9d1f:b88b]) by HK2PR0601MB1361.apcprd06.prod.outlook.com ([fe80::2115:a445:9d1f:b88b%14]) with mapi id 15.01.1157.012; Fri, 9 Jun 2017 03:11:44 +0000
From: li zhenqiang <li_zhenqiang@hotmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, robert <robert@raszuk.net>, nick <nick@foobar.org>
CC: idr <idr@ietf.org>, "draft-ietf-idr-bgp-extended-messages.all" <draft-ietf-idr-bgp-extended-messages.all@ietf.org>
Thread-Topic: RE: [Idr] comment on draft-ietf-idr-bgp-extended-messages
Thread-Index: AQHS4BevexCH10TLJ0yOlljFBaXnJQ==
Date: Fri, 09 Jun 2017 03:11:44 +0000
Message-ID: <HK2PR0601MB1361CA9C0691BBF70A6C3368FCCE0@HK2PR0601MB1361.apcprd06.prod.outlook.com>
References: <HK2PR0601MB1361016F598133FDC59C8E1DFCC90@HK2PR0601MB1361.apcprd06.prod.outlook.com>, <CA+b+ERmYh5sqFmRwkMDk5JJjxc=YopmRJ76Z6BSXwnZikv1oCQ@mail.gmail.com>, <CA+b+ERkVAFh0n24+dL4LNq2DJaubtW8oeNYg4iTJ1kqpsUQ57Q@mail.gmail.com>, <HK2PR0601MB136122AB1E4A260A382374BDFCC90@HK2PR0601MB1361.apcprd06.prod.outlook.com>, <ab7797b7a44d45beb0076bde474658e3@XCH-ALN-014.cisco.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=hotmail.com;
x-incomingtopheadermarker: OriginalChecksum:BC7CB7D09E625009AEB27414ACD1BEE67120BD31F90AEF6F3AE9CF96AEFA2780; UpperCasedChecksum:E5F54647F4DF27942C4A17A281877CF3F560EBAA07F73A1EB719588A793BF247; SizeAsReceived:7724; Count:45
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [+DzmD9aVQwUmO2/KO2WoLbY7Hou54SuB]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HK2APC01HT030; 24:QGYpharEhuKM+fjW9JLFvMv1fboG7bzgWKwKTPaJpltBFe7NHf8OrcWpYDYQ0TYkGxsJ/gwTZofk32UP4Cw9+UfFVgDNR3nHOwq4/yRNthc=; 7:4MQbDsOvTVtBpMcukn5Hw24+0TZtlGnxa1srDvaO3ZJN1OJS4gslH9RCcVP8kciY4Irbmmj5C1Gel2Fe1Su0M1ySH+ZhbLV4sMCxNpDjV72zbpqUM0nrOmqLiI27cRWeypJGr9O5Rsus9+O7NVGfK7AVqIUIZtBYOWJTFvukBh0aGws5+hArRQlyfOvJ9xrol3m3C/ibQ/cDsT1ghlmgi95n3HrcfQMaMMFYTfSFuvmbspzkYGfUeNjyhPqVJSAYT72DyuDvyTewaW8ZG49/4tFsA/L1L9nzEV87eoVS1dsGWLlfp6yF5cSCTiQGO0Sx
x-incomingheadercount: 45
x-eopattributedmessage: 0
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:HK2APC01HT030; H:HK2PR0601MB1361.apcprd06.prod.outlook.com; FPR:; SPF:None; LANG:en;
x-ms-traffictypediagnostic: HK2APC01HT030:
x-ms-office365-filtering-correlation-id: 0fd18b83-b98a-4ebe-87f8-08d4aee54020
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322274)(1603101448)(1601125374)(1701031045); SRVR:HK2APC01HT030;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:HK2APC01HT030; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:HK2APC01HT030;
x-forefront-prvs: 03333C607F
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_HK2PR0601MB1361CA9C0691BBF70A6C3368FCCE0HK2PR0601MB1361_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2017 03:11:44.0825 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT030
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/i0lp22Qlcpsz4iOGgcdyYqqm4po>
Subject: Re: [Idr] comment on draft-ietf-idr-bgp-extended-messages
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2017 03:11:50 -0000

Thank you all for discussion and clarification.

I got the key point for my concern. BGP can use the extended message. When TCP gets the BGP message, TCP cuts the message into segments according to the MTU or MSS of its own, and then passes the segments to IP. TCP itself can not guarentee the segments it emits to the IP small enough to avoid fragmentation, because the MSS or MTU determined by the sender and receiver may be bigger than the MTU in the middle path. Path MTU is not a reliable way neither as you explained. So when fragmentation happens occasionally in practice, the operator has to do something to solve this, such as by configuring the MTU or MSS on the BGP speaker small enough to avoid IP fragmentation.

Best Regards,
________________________________
li_zhenqiang@hotmail.com

From: Jakob Heitz (jheitz)<mailto:jheitz@cisco.com>
Date: 2017-06-09 02:43
To: li zhenqiang<mailto:li_zhenqiang@hotmail.com>; robert<mailto:robert@raszuk.net>
CC: idr<mailto:idr@ietf.org>; draft-ietf-idr-bgp-extended-messages.all<mailto:draft-ietf-idr-bgp-extended-messages.all@ietf.org>
Subject: RE: Re: [Idr] comment on draft-ietf-idr-bgp-extended-messages
TCP does not create IP fragments.
TCP splits its data into correctly sized full IP packets.
If you see IP fragments in the network, then it is because of MTU mismatch.
TCP uses Path MTU detection to find the smallest MTU on its path in order to avoid fragmentation.
People often block the ICMP messages necessary for path MTU detection, so it doesn't always work well.
Regardless, the size of the IP packets is unrelated to the BGP message size.

Thanks,
Jakob.

From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of li zhenqiang
Sent: Thursday, June 08, 2017 12:14 AM
To: robert <robert@raszuk.net>
Cc: idr <idr@ietf.org>; draft-ietf-idr-bgp-extended-messages.all <draft-ietf-idr-bgp-extended-messages.all@ietf.org>
Subject: Re: [Idr] comment on draft-ietf-idr-bgp-extended-messages

Yes, TCP will retransmit the missing data. But IP fragmentation will occur again if the BGP message size isn't cut down. The receiver can't get the missing data.
This issue is specific to BGP extended message because the extended update message may be fragmented by IP when it traverses the network from the source to the destination. BGP messages don't need to be fragmented by IP have no such problem.

Best Regards,
________________________________
li_zhenqiang@hotmail.com<mailto:li_zhenqiang@hotmail.com>

From: Robert Raszuk<mailto:robert@raszuk.net>
Date: 2017-06-08 14:41
To: li zhenqiang<mailto:li_zhenqiang@hotmail.com>
CC: draft-ietf-idr-bgp-extended-messages.all<mailto:draft-ietf-idr-bgp-extended-messages.all@ietf.org>; idr wg<mailto:idr@ietf.org>
Subject: Re: [Idr] comment on draft-ietf-idr-bgp-extended-messages
Hi,

Wouldn't TCP simply retransmit missing data if drops are accidental ?

If drops are "by design" due to as you said security rules I am afraid such path is not going to carry BGP session.

//RR.




On Jun 8, 2017 07:26, "li zhenqiang" <li_zhenqiang@hotmail.com<mailto:li_zhenqiang@hotmail.com>> wrote:
Hello,

This doc, https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-extended-messages/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Didr-2Dbgp-2Dextended-2Dmessages_&d=DwMGaQ&c=IL_XqQWOjubgfqINi2jTzg&r=Xx9729xYDYoCgBDdcp1FKt5PyYd1TCoXNKhyPY8CFp8&m=plGpWzcW7ppWguHBC4w6PyEGZRLkmX7MJ1vUTVNOpZs&s=0pin7tGPbPq5n1iayUcdxrEXuvzvTPplWdQkXERikBo&e=>, extends the maximum update message size of BGP beyond 4096 bytes to 65535 bytes. My comment is about its transport. BGP is TCP based and TCP relys on IP to do fragmentation and reassembly if needed. But IP fragmented packets  may be droped by some nodes in the network due to security rules or to improve the tansport preformance.  So sometimes the BGP speakers may not receive some fragmented extended update messgaes. This deployment problem should be considered.

Best Regards,
________________________________
li_zhenqiang@hotmail.com<mailto:li_zhenqiang@hotmail.com>

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email