[Idr] Post-Last Call Shepherd Comments for draft-ietf-idr-error-handling (was Re: Last Call Expired: <draft-ietf-idr-error-handling-18.txt>)

Rob Shakir <rjs@rob.sh> Thu, 12 March 2015 11:26 UTC

Return-Path: <rjs@rob.sh>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0C9C71A9176; Thu, 12 Mar 2015 04:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id peOy08iDTAuM; Thu, 12 Mar 2015 04:26:51 -0700 (PDT)
Received: from cappuccino.rob.sh (cappuccino.rob.sh [IPv6:2a03:9800:10:4c::cafe:b00c]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CF9B1A9170; Thu, 12 Mar 2015 04:26:49 -0700 (PDT)
Received: from [] (helo=[]) by cappuccino.rob.sh with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <rjs@rob.sh>) id 1YW1GL-0001P5-6u; Thu, 12 Mar 2015 11:26:49 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Rob Shakir <rjs@rob.sh>
In-Reply-To: <20150312070849.663.20811.idtracker@ietfa.amsl.com>
Date: Thu, 12 Mar 2015 11:26:45 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <DD0BF302-1324-4232-9854-83F187414888@rob.sh>
References: <20150312070849.663.20811.idtracker@ietfa.amsl.com>
To: "idr@ietf. org" <idr@ietf.org>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/iqwfalhbkVmHlQ66qZ-LHqF-B3s>
Cc: idr-chairs@ietf.org, draft-ietf-idr-error-handling.all@ietf.org, iesg@ietf.org, Rob Shakir <rob.shakir@bt.com>
Subject: [Idr] Post-Last Call Shepherd Comments for draft-ietf-idr-error-handling (was Re: Last Call Expired: <draft-ietf-idr-error-handling-18.txt>)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2015 11:26:54 -0000

> On 12 Mar 2015, at 07:08, DraftTracker Mail System <iesg-secretary@ietf.org> wrote:
> I-D: <draft-ietf-idr-error-handling-18.txt>
> ID Tracker URL: http://datatracker.ietf.org/doc/draft-ietf-idr-error-handling/
> IETF Last Call has ended, and the state has been changed to
> Waiting for AD Go-Ahead.

Folks, Authors,

Keeping track of the IESG comments on this draft, and some of the other feedback that’s been received from directorate reviews:

* gen-art provided some comments (you can find them at [0]) that it would be good to address.

* Stephen Farrell’s review raised a few nits (some of which are duplicate from the gen-art review.

* multiple comments about §6 of the document and particularly the rfc2119 wording have been raised. Can I suggest that we restructure this section slightly:

   Although the "treat-as-withdraw" error-handling behavior defined in
   Section 2 makes every effort to preserve BGP's correctness, we note
   that if an UPDATE received on an iBGP session is subjected to this
   treatment, inconsistent routing within the affected Autonomous System
   may result.  The consequences of inconsistent routing can include
   long-lived forwarding loops and black holes.  While lamentable, this
   issue is expected to be rare in practice, and, more importantly, is
   seen as less problematic than the session-reset behavior it replaces.
   The treat-as-withdraw mechanism is different from discarding an UPDATE
   message. The latter violates the basic BGP principle of
   incremental UPDATE, and causes invalid routes to be kept.

   Since treat-as-withdraw may result in such inconsistent routing within
   an AS, complete un-reachability or sub-optimal routing for the
   destinations whose routes are carried in an affected UPDATE message, a
   BGP speaker MUST provide debugging facilities to permit issues caused
   by a malformed UPDATE to be diagnosed. At a minimum, such facilities MUST
   include logging an error listing the NLRI involved, and containing the
   entire malformed UPDATE message.

   When such an error is logged, it is recommended that an operator
   SHOULD analyse the logged UPDATE message, and SHOULD investigate the root cause.
   Where there source of the erroneous UPDATE message is external to the
   autonomous system, or administrative domain, of the operator - we
   RECOMMEND that an operator traces the erroneous UPDATE message to the
   ingress router which sourced the routes, or received the routes
   externally - and applies a filter to prevent the routes being announced.
   This helps to maintain routing consistency in the network.

   Section 8 mentions that attribute discard should not be used in cases 
   where “the attribute in question has or may have an effect on route 
   selection.” Although all cases that specify attribute discard in this
   document do not affect route selection by default, in principle, 
   routing policies could be written that affect selection based on such
   an attribute. Operators SHOULD take care when writing such policies
   to consider the possible consequences of attribute discard. (In general,
   as long as such policies are only applied to external BGP sessions,
   correctness issues are not expected to arise.)  

  Hopefully this makes reasonable use of RFC2119 wording too. I think that if we are saying that the implementation MUST/SHOULD do something to maintain correctness then we should say that the operator SHOULD do something too! I think structuring the section into these two elements (box-behaviours followed by people-behaviours) adds some clarity.

  * Stephen also raised a point about security considerations - this seemed (to me) to relate more to security considerations of treat-as-withdraw when used as a behaviour within BGPSEC. My (personal opinion) is that this concern would be better covered in the BGPSEC documents - since this document (at the moment) does not update any document related to BGPSEC.

  * Our esteemed new AD reviewed too — thanks Alvaro. The review can be found at [1].
	* 1 & 2 - there is a request to have a summary of what RFCs are updated and how in the document. Potentially this could be added as an appendix?
	* In the security considerations section, Alvaro observes that remote withdrawal could be a new attack vector that is introduced. We should mention this, but raise the consideration that rather than causing session tear-down (which might result in isolation of an ASN).

Thanks for all the work thus far on this document — I look forward to this doc progressing further!


[0]: https://www.ietf.org/mail-archive/web/ietf/current/msg92265.html
[1]: https://www.ietf.org/mail-archive/web/idr/current/msg14113.html