IETF Logo Mail Archive

Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Robert Raszuk <robert@raszuk.net> Thu, 23 November 2017 09:18 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 664FC1242EA; Thu, 23 Nov 2017 01:18:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.41
X-Spam-Level:
X-Spam-Status: No, score=-0.41 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K1rqat6qxZkR; Thu, 23 Nov 2017 01:17:58 -0800 (PST)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69E50126B7E; Thu, 23 Nov 2017 01:17:57 -0800 (PST)
Received: by mail-wm0-x229.google.com with SMTP id x63so15023552wmf.4; Thu, 23 Nov 2017 01:17:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=6vLck+VFnBslWaCy08D6CEdZYjBzfrikW+niqaZ2Nmc=; b=QG3rXmE5VASoNROQ/WO+gTE7NiQ+Lu0Ti2ECcKyLT0iPwErmEC/teEDLd0pTVeFpEH OOzPtZQD3lCgodfOYk2SofklIf0uXGtChoEGjQRcblFjil0vx9NNe+rUob6tn+P6zrfP xqspmDAhFwtUf7j3Z6TKZ7hgoGeJ8Kqi6KwRKtoJjnFB40Q89jpxUpop75R4zN0J0BcF xaobzfctnCFQuoJl/z39nKH3WYwbQQ6trZP0EXSUkn04n5mQ88kiLM2dfFJCbxRwMy8T 05XSujEVtS9YpV5qtz1jGNUzal8esa2aR8uzwIlfquRJX+TZZJ5AMHkmXtxmRZofXoMn BM6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=6vLck+VFnBslWaCy08D6CEdZYjBzfrikW+niqaZ2Nmc=; b=MFpjhknV9cJnDb3zj8crYVSqt2nc0r4YpxevAL1C2tZzz4+Zf7qCroaRArgmcu7de3 anTept4OiXEcGlU3oB07NnxY4Ru/P0Y/ZLrGRlEitHjgSMsxVdkoSXkUxQFf6tQ9SsTe AJeVz0htdygWDiK8/APYQ6WEQtYnRs6Q8YCA1TDdDeThoJXmMeklj3sMokFJLi/PvIXr p0kOP6ht7PSBAWxtzY6aOuJ27AZp7yQLtHUymYs8EUZ0SkG7NE6dGljM/YrNDX3uJCOm yKN0O/zBqTYrHQbMElCCfghOOqe5n+38+MXKKCKMS34uGNg3CxCdi0aiJqsL06X4vMfv 1pMw==
X-Gm-Message-State: AJaThX559OOx6Fm3N8ZG+wiZPpZZgnchTWra1O8CkZ1BvGIjZ13uboxT 60byrzv+Lw60/v5+Hmc/eiLJv6W5yDSBRMAVvoicNdJK
X-Google-Smtp-Source: AGs4zMZ+71SSeR9ca2y5QMTVQQOsgmv1scCwYCsDniQTLirVUNqtW/b0qbDHyp7ByV7AvRrBvYcmKaZTY/+e67taWGQ=
X-Received: by 10.28.215.194 with SMTP id o185mr6151847wmg.105.1511428675522; Thu, 23 Nov 2017 01:17:55 -0800 (PST)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.28.54.217 with HTTP; Thu, 23 Nov 2017 01:17:54 -0800 (PST)
In-Reply-To: <78E497F6-068D-449D-8D9E-13EC37C39A08@cisco.com>
References: <000901d35c08$3f12d950$bd388bf0$@ndzh.com> <B61C3B8F-1168-4EB1-8D8E-88C4BF28B3AA@exa.net.uk> <CA+b+ER=1sHhAqhOc2VipzZMB+Zsxk8n+8cNUshkjPw_A9k9E-A@mail.gmail.com> <39049A8C-6D47-4251-AF87-342F68DDE8AE@exa.net.uk> <CA+b+ER=ANs15BEmRKeqneVHNcTSCsGDMVDQgFV4OucwPSWcLgw@mail.gmail.com> <CACWOCC9Yde99EbhLrveCtoUVSZWiP=sL=k69zrGBeNj5AjCGFQ@mail.gmail.com> <CA+b+ERk_2XZ_Y3EqSjNAbSi1ZqKhD2oThrRR2EOJzckQ41GijA@mail.gmail.com> <CACWOCC-EfzOYdUrHAWQN10LBzofySrKRADc6Zq-dyca1o0DPvw@mail.gmail.com> <CA+b+ER=ppm1N2wnMrPxxS_Nug2EaETBkW5gASTVZ2UKKq0aZJA@mail.gmail.com> <976743ea96934039a85fa74415b45862@XCH-ALN-014.cisco.com> <CA+b+ERmpEghcndHKM+WKKxg1V8ufTwg=xqb0J5jNowZHj2OwAQ@mail.gmail.com> <88d5df779a344b588745108c771d3145@XCH-ALN-014.cisco.com> <deae6e85c3ff47a6bbcac176eb91bd3e@XCH-ALN-014.cisco.com> <F0EAF2D4-656D-48BD-830B-DC2E8B862813@nist.gov> <A0106E1A-272D-4E1D-A0F3-E3531D583AA3@cisco.com> <1D2FD437-0EEF-4FF6-9853-C09E7EEA2A15@nist.gov> <2B92A151-5A78-46EE-8A46-C09603A37219@cisco.com> <CA+b+ERkq2NWr5K7wDOafS52+pbKETpGH+5vMXUbGgCGCA0QBEw@mail.gmail.com> <78E497F6-068D-449D-8D9E-13EC37C39A08@cisco.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 23 Nov 2017 10:17:54 +0100
X-Google-Sender-Auth: b2SFHIGKXM0uoxgQUMJFt2wC64M
Message-ID: <CA+b+ERks=EPwUV_dDoeon3=8ja-B4pGnJ-BoMADvwWDszo18Cg@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Cc: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>, idr wg <idr@ietf.org>, "idr-ads@ietf.org" <idr-ads@ietf.org>, Idr <idr-bounces@ietf.org>, Thomas Mangin <thomas.mangin@exa.net.uk>, Randy Bush <randy@psg.com>
Content-Type: multipart/alternative; boundary="001a114685924ed61c055ea2e92c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/jeOmgiahemomr4OQ5ehhOiUBoFE>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 09:18:02 -0000

Yes the proposed text addresses my concerns. I would only to it one more
sentence:

"​
The size of individual BGP path attributes MUST be small enough that they
can fit into a BGP UPDATE message of 4096 octets. If a BGP feature requires
a path attribute to be longer, then the required size of the path attribute
MUST be specified in the RFC of the feature requiring it. *Such RFC MUST
also specify the expected behavior on the boundary between peers which do
support extended message size and those which do not."*

Thx,
Robert Raszuk.



On Thu, Nov 23, 2017 at 2:05 AM, Jakob Heitz (jheitz) <jheitz@cisco.com>
wrote:

> I’m happy to add a sentence to the effect of:
> ​​
> The size of individual BGP path attributes MUST be small enough that they
> can fit into a BGP UPDATE message of 4096 octets. If a BGP feature requires
> a path attribute to be longer, then the required size of the path attribute
> MUST be specified in the RFC of the feature requiring it.
>
> Thanks,
> Jakob.
>
>
> On Nov 22, 2017, at 3:36 PM, Robert Raszuk <robert@raszuk.net> wrote:
>
> Hi Jakob,
>
> You are very correct. But the way to address this point (and yes it would
> be great to address it) is to include in this current draft (a WG document
> after all) sections pertaining to each current BGP Attribute and its
> maximum size in the extended message. I think this is what was also
> Olivier's main point - not that your observations were wrong - they just
> did not fit with the current way documents are progressed.
>
> Or as I suggested add one line to the current spec stating that current
> attributes MUST not be extended in size unless a new specific RFC will
> allow for it as provide interop between 4k/65K boundary rules for each such
> attribute.
>
> Just placing those on implementation report wiki (while not being part of
> the document) is not part of the IDR process I am afraid. Besides even if
> someone reports it works today you have zero guarantees that it will work
> the same way tomorrow unless it is clearly spelled out in the RFC given
> implementation claims to support.
>
> Thx,
> R.
>
> On Thu, Nov 23, 2017 at 12:26 AM, Jakob Heitz (jheitz) <jheitz@cisco.com>
> wrote:
>
>> If router A follows this draft, then it can quite legitimately send an
>> update with 16000 communities. If router B cannot receive and process it,
>> then it’s broken.
>>
>> If path attribute size is not addressed, then this draft will cause
>> inoperable implementations. As such, it is not fit for standardization.
>> Either we assume the maximum possible size for all attributes or specify
>> shorter maximum sizes. Anything less leads to failure to interoperate.
>>
>> Oliver, what maximum sizes does your implementation support?
>> You can put those sizes into the wiki.
>>
>> Thanks,
>> Jakob.
>>
>>
>> On Nov 22, 2017, at 11:58 AM, Borchert, Oliver (Fed) <
>> oliver.borchert@nist.gov> wrote:
>>
>> To my understanding the wiki should state compliance with the draft in
>> question and not particular BGP attributes.
>>
>>
>>
>> The draft is about the capability of sending and receiving updates larger
>> than 4K and how to handle if the capability is not propagated, as well as
>> the “5 mile view” on what to do if an update would exceed the newly
>> proposed max length of 64K, it is not about performance issues etc.
>>
>>
>>
>> To me the added questions in the wiki are more about the capability to
>> process individual attributes that might become large. This is outside the
>> scope of the draft in question.
>>
>>
>>
>> It seems to me that what you try to solve is not compliance with the
>> draft, it is more about the capability of particular implementations on how
>> to deal with larger updates and this might change with memory, CPU, quality
>> of implementation, etc. but has nothing to do with the draft in question.
>>
>>
>>
>> In case there are issues with attributes getting too large and therefore
>> causing issues to BGP itself, then I believe the RFC’s dealing with these
>> attributes should be updated.
>>
>>
>>
>> Again, I believe this is out of scope of this draft and I do not see any
>> need to have these questions in the wiki.
>>
>>
>>
>> Oliver
>>
>>
>>
>> *From: *"Jakob Heitz (jheitz)" <jheitz@cisco.com>
>> *Date: *Wednesday, November 22, 2017 at 12:16 PM
>> *To: *Oliver Borchert <oliver.borchert@nist.gov>
>> *Cc: *Robert Raszuk <robert@raszuk.net>, idr wg <idr@ietf.org>, "
>> idr-ads@ietf.org" <idr-ads@ietf.org>, Idr <idr-bounces@ietf.org>, Thomas
>> Mangin <thomas.mangin@exa.net.uk>, Randy Bush <randy@psg.com>
>> *Subject: *Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages
>> (11/12 to 11/26)
>>
>>
>>
>> Larger message implies larger path attributes. You may answer “no” for
>> the parts with which you do not comply.
>>
>>
>>
>> If the implied path attribute sizes are too large, then we need to be
>> explicit about the maximum sizes for each attribute in the draft. Please
>> suggest reasonable maximum sizes.
>>
>> Thanks,
>>
>> Jakob.
>>
>>
>> On Nov 22, 2017, at 7:10 AM, Borchert, Oliver (Fed) <
>> oliver.borchert@nist.gov> wrote:
>>
>> Jakob,
>>
>>
>>
>> I looked into the added questions for the compliance report you added on
>> the wiki.
>>
>> I am not quite sure that these added questions do apply for a compliance
>> of the requested draft. These do more apply to features used within BGP
>> that might result in larger BGP messages.
>>
>> And here the draft has a clear message in the last paragraph of section 3:
>>
>>
>>
>> “It is RECOMMENDED that BGP protocol developers and implementers are
>>
>>
>>   conservative in their application and use of Extended Messages.”
>>
>>
>>
>> Therefore, they would more apply to proper functioning of implemented BGP
>> features rather than the extended message itself. I do not believe that
>> these new questions do apply here.
>>
>>
>>
>> Said that, BGPSEC-IO is a traffic generator that mainly focusses on
>> BGPSEC updates. We did not add communities to the generated traffic and I
>> do not intent to do so in the near future (though community contributions
>> are welcome) – in this sense, for sending my answer is NA.
>>
>> On the receiving side, as long as the BGP update in itself is well formed
>> and within its length boundaries (4K or < 64K) there is no issue. We just
>> dump the update either on the “floor” or screen.
>>
>>
>>
>> With QuaggaSRx, as long as Quagga can process communities of that length,
>> QuaggaSRx can as well. QuaggaSRx same as BGPSEC-IO do comply with the draft
>> itself when it comes to accepting and generating > 4K updates as specified
>> in the draft and we tested the processing and memory usage using BGPsec
>> traffic of little less than 64 K.
>>
>>
>>
>> Oliver
>>
>>
>>
>> *From: *Idr <idr-bounces@ietf.org> on behalf of "Jakob Heitz (jheitz)" <
>> jheitz@cisco.com>
>> *Date: *Tuesday, November 21, 2017 at 6:13 PM
>> *To: *Robert Raszuk <robert@raszuk.net>
>> *Cc: *idr wg <idr@ietf.org>, "idr-ads@ietf.org" <idr-ads@ietf.org>, Idr <
>> idr-bounces@ietf.org>, Thomas Mangin <thomas.mangin@exa.net.uk>
>> *Subject: *Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages
>> (11/12 to 11/26)
>>
>>
>>
>> 1 hour ??
>>
>> When I tested my large community code, I tested at the limit and over it.
>>
>> There was no perceptible time for the operations.
>>
>> 16 times imperceptible would be a blip at the most.
>>
>> The only operations that take a worrisome amount of time are regexp
>> matches with nested wildcards.
>>
>> Hmm, I should add regexp matches explicitly, because that requires to
>> expand the communities into ascii representation in the matching engine.
>>
>>
>>
>> Thanks,
>>
>> Jakob
>>
>>
>>
>> *From:* Idr [mailto:idr-bounces@ietf.org <idr-bounces@ietf.org>] *On
>> Behalf Of *Jakob Heitz (jheitz)
>> *Sent:* Tuesday, November 21, 2017 2:58 PM
>> *To:* Robert Raszuk <robert@raszuk.net>
>> *Cc:* idr wg <idr@ietf.org>; idr-ads@ietf.org; Thomas Mangin <
>> thomas.mangin@exa.net.uk>; Idr <idr-bounces@ietf.org>
>> *Subject:* Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages
>> (11/12 to 11/26)
>>
>>
>>
>> Just that it does it without error.
>>
>> If the numbers are too large, we should discuss reasonable limits.
>>
>>
>>
>> Thanks,
>>
>> Jakob
>>
>>
>>
>> *From:* rraszuk@gmail.com [mailto:rraszuk@gmail.com <rraszuk@gmail.com>] *On
>> Behalf Of *Robert Raszuk
>> *Sent:* Tuesday, November 21, 2017 2:55 PM
>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>
>> *Cc:* Job Snijders <job@ntt.net>; idr wg <idr@ietf.org>; idr-ads@ietf.org;
>> Idr <idr-bounces@ietf.org>; Thomas Mangin <thomas.mangin@exa.net.uk>
>> *Subject:* Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages
>> (11/12 to 11/26)
>>
>>
>>
>> Hi Jakob,
>>
>>
>>
>> I think what you added is fine, but requires a time limit.
>>
>>
>>
>> Statement that implementation can receive, parse/validate, display in CLI
>> or match in the policy 16K of communities all actions taking 1h each is
>> rather not that interesting isn't it ?
>>
>>
>>
>> Or is the indicator of spec compliance a statement that it just does not
>> crash regardless of time it takes for execution of each stated action :) ?
>>
>>
>>
>> Thx,
>>
>> //R.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Nov 21, 2017 at 11:38 PM, Jakob Heitz (jheitz) <jheitz@cisco.com>
>> wrote:
>>
>> The new update message size requires support for:
>>
>> 16375 communities
>>
>> 8187 extended communities
>>
>> 5458 large communities
>>
>> I have not changed the as-path length, because it is already ridiculously
>> high.
>>
>> If anyone wants to talk about a maximum as-path length, please speak up.
>>
>>
>>
>> I have added tests to the implementation report
>>
>> https://trac.ietf.org/trac/idr/wiki/draft-ietf-idr-bgp-exten
>> ded-implementations
>> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fidr%2Fwiki%2Fdraft-ietf-idr-bgp-extended-implementations&data=02%7C01%7Coliver.borchert%40nist.gov%7Cc29658d9c708468b0ccd08d5313576ee%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636469028063383089&sdata=zRFsa6v%2BqWcQo44fTcKtmbmqmFZicA495i%2BZfcA4ZSg%3D&reserved=0>
>>
>> to ensure full compliance with the consequences of the draft.
>>
>>
>>
>> Implementers, please update your compliance.
>>
>>
>>
>> Thanks,
>>
>> Jakob
>>
>>
>>
>> *From:* Idr [mailto:idr-bounces@ietf.org] *On Behalf Of *Robert Raszuk
>> *Sent:* Tuesday, November 21, 2017 10:41 AM
>> *To:* Job Snijders <job@ntt.net>
>> *Cc:* idr wg <idr@ietf.org>; idr-ads@ietf.org; Idr <idr-bounces@ietf.org>;
>> Thomas Mangin <thomas.mangin@exa.net.uk>
>> *Subject:* Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages
>> (11/12 to 11/26)
>>
>>
>>
>> Great !
>>
>>
>>
>> On Tue, Nov 21, 2017 at 6:35 PM, Job Snijders <job@ntt.net> wrote:
>>
>> Robert/Randy,
>>
>>
>>
>> About this being a default:
>>
>>
>>
>> Old (Section 4):
>>
>>
>>
>> A BGP speaker that is willing to send and receive BGP Extended Messages
>> with a peer SHOULD advertise the BGP Extended Message Capability to the
>> peer using BGP Capabilities Advertisement RFC5492].
>>
>>
>>
>> New (Section 4)
>>
>>
>>
>> A BGP speaker that is capable to send and receive BGP Extended Messages
>> with a peer SHOULD advertise the BGP Extended Message Capability to the
>> peer using BGP Capabilities Advertisement [RFC5492].
>>
>>
>>
>>
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
>> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=02%7C01%7Coliver.borchert%40nist.gov%7Cc29658d9c708468b0ccd08d5313576ee%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636469028063383089&sdata=Bt6F5N6zA5v7GCXm7peFu06uK1TCD3sRHIVPffp%2F0O0%3D&reserved=0>
>>
>>
>>
>>
>

v2.23.0 | Report a Bug | By Email