[Idr] Warren Kumari's Discuss on draft-ietf-idr-bgp-gr-notification-15: (with DISCUSS)

[Warren Kumari <warren@kumari.net>]

Warren Kumari has entered the following ballot position for
draft-ietf-idr-bgp-gr-notification-15: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-gr-notification/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

I'm sure that this has already been discussed somewhere, and that I'll be able
to quickly clear my DISCUSS once pointed at it, but: "To put an upper bound on
the amount of time a router retains the stale routes, an implementation MUST
support a (configurable) timer, called the "stale timer", that imposes this
upper bound. A suggested default value for the stale timer is 180 seconds. An
implementation MAY provide the option to disable the timer (i.e., to provide an
infinite retention time) but MUST NOT do so by default."

The "infinite retention time" part of this makes me deeply uncomfortable -- I
can see a good reason for the stale timer, and the default "feels" fine to me,
but having an infinite retention time (or, really anything over 10 to 15
minutes) feels like a really dangerous idea, and that it will come back and
bite.

I'm hoping that I'm missing something obvious, but can you please explain under
what conditions an infinite retention policy makes sense? It seems like there
would be multiple opportunities for blackholing traffic with this.