IETF Logo Mail Archive

Re: [Idr] [EXTERNAL] Re: draft-ietf-rtgwg-net2cloud-problem-statement description on BGP error valid? (was RE: WG adoption call for draft-abraitis-bgp-version-capability-08, to end September 25

Robert Raszuk <robert@raszuk.net> Tue, 17 January 2023 17:00 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DE3EC1524CF for <idr@ietfa.amsl.com>; Tue, 17 Jan 2023 09:00:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.995
X-Spam-Level:
X-Spam-Status: No, score=-6.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVd-xnLg4yiL for <idr@ietfa.amsl.com>; Tue, 17 Jan 2023 09:00:06 -0800 (PST)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D94CDC15257C for <idr@ietf.org>; Tue, 17 Jan 2023 08:59:40 -0800 (PST)
Received: by mail-wr1-x42f.google.com with SMTP id z5so30223783wrt.6 for <idr@ietf.org>; Tue, 17 Jan 2023 08:59:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=brQcL/P/NtwbTbkZRfnpiYoQFIyriIxgjeHXzJoLCqU=; b=E8zhu1mw0It3AJkTY4gkks9rdr0zKuh/wF5R0ie8MgbpLlWYJr8pbxSm1d+TOaysPO 342Gcy5GqcwF84SalBCNesokOIIs3HPFKOGfm4AfAckMR8h2XOafmzl/AO8vWmET7iLr FaTZXuEjilb7/PiThclVVot7FY6P+AfEdGfhKo/wn/VQwKla+b+YD89R4kbmBhSkrQ+8 8dwbqNmOO14bNp5Sxz7V4ZBuMTMmU2R5mFHAXBfyhkQuegavdHodPVFCzZ5FAt1OdF/C sMmvD/TF2b1Fpdpw86uI/lAN/RBA2ZAd0O7+WQ28S7+lk4hk5FyqaTe3Ovtv7ZbBma9u 2VCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=brQcL/P/NtwbTbkZRfnpiYoQFIyriIxgjeHXzJoLCqU=; b=j86UuuJ2Qb7GhgELSTf0oWziHW0Ztjoej66WbakHPuBkHJB2aNtCsy5zTzbH6vOM9j GpqDCl1BJpvUX6ZF6DW6E2+IB6ZqVxugLAd/GOOmFqA/CAihKRDQnM7MeWlg7V46qJ5A VZu+4HVeMwvy104pO2k8R1tloTBXhD1x/4rVbTf5Qv8KJNCx114LN6Gt7pLUao/BVuLm +qgx00Cbo9xozGYDXOz5EUxyi5MEpNKOcSt5ba10Wo4WQAVgmaaRW9gkjKoVW9N1bW2T 3xvRP9zVOD6+gA6QoHh4BDVU7P240qpbq0joL2DAgoz2gmPXFy/Cd/ND1iKfpeNmhQXT H7QA==
X-Gm-Message-State: AFqh2koQy+DB2CHwbzkaeCm8XfHGEAbIuMFii3l1mSMAEVTFg9KoL0Bz ZpRDYFcgSOdyTMKkVdwt1AKu/QwhD+9AEzkJLccf0lcWmLVNFw==
X-Google-Smtp-Source: AMrXdXvfkXFUp2qlGQIKGzuUyeUmge3VFuHXPtZm4CaaS9jMkgyuAyNhHKGwi8OmHDSnG54tnlaHLffsQgsOZh4cSlY=
X-Received: by 2002:a5d:5745:0:b0:2bd:bbbf:aaf0 with SMTP id q5-20020a5d5745000000b002bdbbbfaaf0mr177575wrw.230.1673974779025; Tue, 17 Jan 2023 08:59:39 -0800 (PST)
MIME-Version: 1.0
References: <C3B4F29D-7C8D-4911-B140-286B7B8DA97B@pfrc.org> <CAOj+MMGmSBDwbxvSZ_x+j7NtCHRFFFvcCEKGJ0Wpis_OU26cLA@mail.gmail.com> <CABNhwV3qwCT8=8R+HTi1DFhbRN=FwHMF4XvQVowQwz=pb2U-nA@mail.gmail.com> <CAOj+MMG-5TT2sEnZVMabP1wA=gBNH0g9zkpoM9LWL7XFnh2aEQ@mail.gmail.com> <CABNhwV2H8Y7pthkWtJsDUN7ZscjGvc+v2XdpZ5CcG2ot9TBBog@mail.gmail.com> <CO1PR13MB492093DC7492BFD14A47C97B85C29@CO1PR13MB4920.namprd13.prod.outlook.com> <CABNhwV2UL0ruFeJwfwPnP7OWO9qCpHw3ubWNF7BoQQUEYEgZRw@mail.gmail.com> <CO1PR13MB4920CBF456034CE08D70691385C19@CO1PR13MB4920.namprd13.prod.outlook.com> <20230116192152.GA19126@pfrc.org> <CAOj+MMFAkworqATpiykEMKbntTt7z5kFMOiMNhvj1Z6EG9UAcQ@mail.gmail.com> <20230116194512.GA20268@pfrc.org> <CO1PR13MB4920BB58AF4420592AAD118785C19@CO1PR13MB4920.namprd13.prod.outlook.com> <CAOj+MMEGuECX3+d3GXr20GUjQoZoOoeiEn33J6Hf64dUN2pbMQ@mail.gmail.com> <CO1PR13MB49203BFEC56F4F760E229BB985C19@CO1PR13MB4920.namprd13.prod.outlook.com> <CAOj+MMHtGWt7rTmsW753uCeem+ckaGN94qM_-yH44h_6abS+=A@mail.gmail.com> <DM4PR21MB3584C8D70DF92091C3BCCFEDA3C19@DM4PR21MB3584.namprd21.prod.outlook.com> <CAOj+MMHPC8LVEK3OKk8r_oYbh7w00GQV_86wiLf_iq7=rQzW2w@mail.gmail.com> <CO1PR13MB4920C1513C2768B2D74E863985C69@CO1PR13MB4920.namprd13.prod.outlook.com>
In-Reply-To: <CO1PR13MB4920C1513C2768B2D74E863985C69@CO1PR13MB4920.namprd13.prod.outlook.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 17 Jan 2023 17:59:28 +0100
Message-ID: <CAOj+MMEdLVQmUkUyQo=MV7oO8pbfD-DhTr2yJAC7wLD4-cM_OA@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: Kausik Majumdar <kmajumdar@microsoft.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "idr@ietf.org" <idr@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000112ca705f278a02a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/kQXFrpOiRMz_r4MR8mXPgI_yCNk>
Subject: Re: [Idr] [EXTERNAL] Re: draft-ietf-rtgwg-net2cloud-problem-statement description on BGP error valid? (was RE: WG adoption call for draft-abraitis-bgp-version-capability-08, to end September 25
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2023 17:00:10 -0000

Hi Linda,

Nope things are getting mixed here.

Jeff's point was: Use Type 2 as most BGP stacks already support type 2 and
count on what is written in the RFC5492 which is a permit to receive a new
BGP Capability and silently drop it.

IMHO this is a bad idea to receive something and not tell the sender that
we do not understand it.

His point against using any other Type of BGP OPEN Optional Parameter was
that it is not deployed hence will result per current RFC4271 rules to drop
the session when received. Note that other then GR handling such drop is
only at the initial session establishment phase so not harmful too much if
sender can retry without it after receiving NOTIFICATION.

For this very functionality of sending peer's OS, BGP version, perhaps also
other "nice to have" information it may be much easier to simply reuse our
BGP Operational Message draft and do it once for all. Then we can clearly
specify as definition of that new message that signalling unsupported types
within it would not result in BGP sessions going down. Yet peer will know
that the other side did not understood the language.

Kind regards,
R.





On Tue, Jan 17, 2023 at 5:47 PM Linda Dunbar <linda.dunbar@futurewei.com>
wrote:

> Robert,
>
>
>
> Jeff Haas said in his Jan 16 email (attached)
>
>
>
> *“John Scudder made most of the arguments I'd be supporting.  This is
> optional, and capabilities say you should be ignoring things you don't
> understand anyway.  Why force the implementation to hang up the session?”*
>
>
>
> Do you need BGP profile to achieve continuing the BGP session when
> receiving the unrecognized “optional capability” in BGP Open message?
>
>
>
> Linda
>
>
>
> *From:* Robert Raszuk <robert@raszuk.net>
> *Sent:* Monday, January 16, 2023 6:14 PM
> *To:* Kausik Majumdar <kmajumdar@microsoft.com>
> *Cc:* Linda Dunbar <linda.dunbar@futurewei.com>; idr-chairs@ietf.org;
> idr@ietf.org; rtgwg@ietf.org
> *Subject:* Re: [EXTERNAL] Re: [Idr]
> draft-ietf-rtgwg-net2cloud-problem-statement description on BGP error
> valid? (was RE: WG adoption call for
> draft-abraitis-bgp-version-capability-08, to end September 25
>
>
>
>
>
> > Can we use our current Draft to update and describe the best practices
> for the mitigation?
>
>
>
> I don't think that the Informational draft in RTGWG can be used to make
> any modifications to any BGP Message Error Handling.
>
>
>
> > As the scope of the document is to characterize the network-related
> problems that Enterprises
>
> > face today when interconnecting their branch offices with dynamic
> workloads in the Cloud DCs
>
> > and the mitigation practices, it might be useful to recommend /capture
> mitigation practices for the
>
> > Section 3.1 BGP Errors Handling.
>
>
>
> The problem is that we do not have a separate BGP "version/profile" for
> interconnecting branch offices with Cloud DCs.
>
>
>
> That means that we can not customize core BGP protocol operation to be
> optimal to such deployment space.
>
>
>
> - - -
>
>
>
> I think that if we would go and define the notion of "BGP Profiles" -
> lot's of useful customization could be made with
>
> lowering the bar for each.
>
>
>
> I could think of few obvious such profiles already:
>
>
>
> * Internet BGP IPv4/IPv6 Profile
>
> * Intradomain Routing Profile
>
> * Data Center BGP Profile
>
> * Private Overlay Transport BGP Profile
>
>
>
> Now the obvious challenge is to maximize the code reuse while at the same
> time achieve profile isolation/separation.
>
>
>
> Regards,
> Robert
>
>
>
>
>
> On Tue, Jan 17, 2023 at 12:25 AM Kausik Majumdar <kmajumdar@microsoft.com>
> wrote:
>
> Hi Robert, Sue, IDR Chairs, et. all,
>
>
>
> Can we use our current Draft to update and describe the best practices for
> the mitigation? As the scope of the document is to characterize the
> network-related problems that Enterprises face today when interconnecting
> their branch offices with dynamic workloads in the Cloud DCs and the
> mitigation practices, it might be useful to recommend /capture mitigation
> practices for the Section 3.1 BGP Errors Handling.
>
>
>
> *3.1 <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-rtgwg-net2cloud-problem-statement-18%23section-3.1&data=05%7C01%7Clinda.dunbar%40futurewei.com%7C938968be009a4538691708daf81fc400%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638095112586296054%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JUI%2B2dMjbQKtkZhfXZyYSSmgYVfDuVS5uo7OydiIt8k%3D&reserved=0>. Increased BGP errors and Mitigation Methods*
>
>
> -----------------------------------------------------------------------------------------------------
>
> Abstract
>
>
>
>    This document describes the network-related problems enterprises
>
>    face today when interconnecting their branch offices with dynamic
>
>    workloads in third-party data centers (a.k.a. Cloud DCs) and some
>
>    mitigation practices.
>
>
> ­-----------------------------------------------------------------------------------------------------
>
>
>
>
>
> Regards,
>
> Kausik
>
>
>
>
>
> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of *Robert Raszuk
> *Sent:* Monday, January 16, 2023 2:03 PM
> *To:* Linda Dunbar <linda.dunbar@futurewei.com>
> *Cc:* idr@ietf.org; rtgwg@ietf.org
> *Subject:* [EXTERNAL] Re: [Idr]
> draft-ietf-rtgwg-net2cloud-problem-statement description on BGP error
> valid? (was RE: WG adoption call for
> draft-abraitis-bgp-version-capability-08, to end September 25
>
>
>
>
>
> Any IDR WG member ... :)
>
>
>
> On Mon, Jan 16, 2023 at 10:59 PM Linda Dunbar <linda.dunbar@futurewei.com>
> wrote:
>
> Robert,
>
> Who are the “folks” responsible for making the change?
>
>
>
> Linda
>
>
>
> *From:* Robert Raszuk <robert@raszuk.net>
> *Sent:* Monday, January 16, 2023 2:32 PM
> *To:* Linda Dunbar <linda.dunbar@futurewei.com>
> *Cc:* Jeffrey Haas <jhaas@pfrc.org>; Gyan Mishra <hayabusagsm@gmail.com>;
> idr@ietf.org; rtgwg@ietf.org
> *Subject:* Re: draft-ietf-rtgwg-net2cloud-problem-statement description
> on BGP error valid? (was RE: [Idr] WG adoption call for
> draft-abraitis-bgp-version-capability-08, to end September 25
>
>
>
> Hi Linda,
>
>
>
> I see where you are going with this .. I was expecting so - thank you
> for confirming.
>
>
>
> So RFC7606 talks about BGP UPDATE Message error handling.
>
>
>
> To the best of my knowledge we do not have revised Error Handling for BGP
> OPEN Message. So I would propose you encourage folks to work on it
> before you proceed with the below section 3.1.
>
>
>
> Many thx,
>
> Robert
>
>
>
>
>
> On Mon, Jan 16, 2023 at 9:22 PM Linda Dunbar <linda.dunbar@futurewei.com>
> wrote:
>
> Robert, Jeffrey, Gyan,
>
>
>
> The reason for my question is to validate the description of the Section
> 3.1 (Increased BGP error) in the
> https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-problem-statement/
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-rtgwg-net2cloud-problem-statement%2F&data=05%7C01%7Clinda.dunbar%40futurewei.com%7C938968be009a4538691708daf81fc400%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638095112586296054%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cAnaj7s3crPbUCREIDjjd23Zb0cAGmDxF5Sm0Te4Y%2Fw%3D&reserved=0>
>
>
>
> Love to hear your comments to this description
>
> --------------------------------------------------
>
> 3.1. Increased BGP errors and Mitigation Methods
>
> Many network service providers have limited number of BGP peers and
> usually have prior negotiated peering policies with their BGP peers. Cloud
> GWs need to peer with many more parties, via private circuits or IPsec over
> public internet. Many of those peering parties may not be traditional
> network service providers. Their BGP configurations practices might not be
> consistent, and some are done by less experienced personnel. All those can
> contribute to increased BGP peering errors, such as capability mismatch,
> BGP ceasing notification, unwanted route leaks, missing Keepalives, etc.
> Capability mismatch can cause BGP sessions not established properly.
>
> If a BGP speaker receives a BGP OPEN message with the unrecognized
> Optional Parameters, an error message should be generated per RFC 4271,
> although the BGP session can be established. When receiving a BGP UPDATE
> with a malformed attribute, the revised BGP error handling procedure
> [RFC7606] should be followed instead of session resetting.
>
> Many Cloud DCs don’t support multi hop eBGP peering with external devices.
> To get around this limitation, it is necessary for enterprises GWs to
> establish IP tunnels to the Cloud GWs to form IP adjacency.
>
> Some Cloud DC eBGP peering only supports limited number of routes from
> external entities. To get around this limitation, on-premises DCs need to
> set up default routes to be exchanged with the Cloud DC eBGP peers.
>
> -----------
>
>
>
> Thank you very much
>
> Linda Dunbar
>
>
>
> -----Original Message-----
> From: Jeffrey Haas <jhaas@pfrc.org>
> Sent: Monday, January 16, 2023 1:45 PM
> To: Robert Raszuk <robert@raszuk.net>
> Cc: Linda Dunbar <linda.dunbar@futurewei.com>; Gyan Mishra <
> hayabusagsm@gmail.com>; idr@ietf.org
> Subject: Re: [Idr] WG adoption call for
> draft-abraitis-bgp-version-capability-08, to end September 25
>
>
>
> Robert,
>
>
>
> On Mon, Jan 16, 2023 at 08:28:27PM +0100, Robert Raszuk wrote:
>
> > I am afraid you are talking about BGP version while Linda is asking
>
> > about the subject draft bgp version ... Both are completely unrelated
> "versions".
>
>
>
> I'm answering Linda's literal question.  In the cited text, she is not
> asking about the new version capability.  If her intent was to ask about
> that, her text wasn't stating what she wanted to ask.
>
>
>
> > While we are here I did reread RFC4271 and I am not sure either if
>
> > there is text to mandate closing the session when new BGP OPEN
>
> > Optional Parameter is not recognized. Neither does FSM. Generating
>
> > NOTIFICATION and continue should be allowed by the spec unless I
>
> > missed some embedded mandate to close it.
>
>
>
> RFC 4271, §6.2:
>
>
>
> :    If one of the Optional Parameters in the OPEN message is not
>
> :    recognized, then the Error Subcode MUST be set to Unsupported
>
> :    Optional Parameters.
>
> :
>
> :    If one of the Optional Parameters in the OPEN message is recognized,
>
> :    but is malformed, then the Error Subcode MUST be set to 0
>
> :    (Unspecific).
>
>
>
> -- Jeff
>
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=05%7C01%7Clinda.dunbar%40futurewei.com%7C938968be009a4538691708daf81fc400%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638095112586296054%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RrjOaqOVuegtCj5bkyFKAUrmBfyl2YxQEv3sKn9RcTU%3D&reserved=0>
>
>

v2.23.0 | Report a Bug | By Email