IETF Logo Mail Archive

Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?

Robert Raszuk <robert@raszuk.net> Tue, 29 September 2020 15:24 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 849353A0EB4 for <idr@ietfa.amsl.com>; Tue, 29 Sep 2020 08:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvO_t-U8gDGf for <idr@ietfa.amsl.com>; Tue, 29 Sep 2020 08:24:13 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8BA53A0EAD for <idr@ietf.org>; Tue, 29 Sep 2020 08:24:12 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id l17so6763688edq.12 for <idr@ietf.org>; Tue, 29 Sep 2020 08:24:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DNlw7t1f3xNl06EVfOdI9ZsPSjuJtl1ruJ/WLVGFRtQ=; b=VYvXZMGkLYH443M4yyv/9RQ9eouf9Khj4kEvlBxuu6PuCkPBq/VoEa3i9hCCM9T1Bm Ue/xxSTHc1cz7co+JYzO6E7Q0YbSQNlz8OSQ0w8Z9rY5Y8OOBeIs5p2vnowtxVnyr19p nGG/HZUVwedePtSj0ONiOuGxCSXyybc3n7ZkbdBKw8bvF6Uwo+/WZpQ1EH5nGTuAPRea kN3QdWX9yZC+ArhX+LLtEraChR3vJlGF2XkJm1yHFNDb/1+9+uF8PxLI/8xeNETbp8QC lKAtsSsPUMt9TDae0zUlBSQ0k8/f5zKnvCcXeR5bIctHqTX8vys5pRZyFik8WN+7Q0hc ixyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DNlw7t1f3xNl06EVfOdI9ZsPSjuJtl1ruJ/WLVGFRtQ=; b=DAftfyXYY5gAEECeDT0yrGMDh5VrRbGQ3QdLsv+JXcH0isiIroKrmbfxJKT0avyRV1 D88QLjuYahiiQK+55jCddUfDJgRSKJ+I3h/iTj7B0hnWjm8nBRv/2ixOc1nKGdhHQ69V 1eN74yt77SHiGa3MVwRIw0OS4W3NUVEn9Pyse+WLmSgoVlvP38gd4uLRJVsUR91L2HGH dr+4BVdvxpCKE+StYri3joo//+8/pNPVWm5cxk8K0qBeOXL3nLhNdt/9Opt4DNi6RKId wRbY8mxN4w6/8miJQySyLDIhuIn5F6pBIgifHsu0gtNw7EkbhQ/XwPSkfjEXOHml8lkp KVSA==
X-Gm-Message-State: AOAM530bp4QZYPHFB9F6DfL6AZONli135StKnmuJhsDnyVefTVzUc+dA mG11cqgQDfySlVdgug5ni329/wi+AsLfqc9mohnMxg==
X-Google-Smtp-Source: ABdhPJy7jBO+0N0XPmhLyaw+uozTUV6Ei3yG0HVUtd44eBJp0DIIegLYiZCwhEX8eEhHhD1IX9kRdrc543gz/JRJ1So=
X-Received: by 2002:a05:6402:3c8:: with SMTP id t8mr3747199edw.266.1601393051117; Tue, 29 Sep 2020 08:24:11 -0700 (PDT)
MIME-Version: 1.0
References: <303E54F6-833A-4458-B3E6-DE90E7CA121B@juniper.net> <22341_1601052988_5F6E213C_22341_268_1_53C29892C857584299CBF5D05346208A48F82C17@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <DEE76A95-339B-433C-BD46-AD0243F72FBE@juniper.net> <3366_1601300732_5F71E8FC_3366_6_3_53C29892C857584299CBF5D05346208A48F86028@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <21B4E52C-38F4-4C94-985C-8C1DF88F4A92@juniper.net> <CAMMESsxG+ASdax1USizop-1bzYELcSdvND-f3RNEJ78zDUPrng@mail.gmail.com> <A9128F3D-948E-4F22-B000-7B470AFAC219@tix.at> <CAOj+MMESP=1EtTcuptE9xdyb+g36kDiD4sH6wSLezeZX74v2vw@mail.gmail.com> <BYAPR11MB32079E5730B9B170C1ADF7E1C0350@BYAPR11MB3207.namprd11.prod.outlook.com> <CAOj+MMFrFhwF1D=j1KS5wJXzc-ULEA6Ne-n296LYvit5fKUB+w@mail.gmail.com> <57A5696C-4AD1-46E3-85C8-21867D821A3D@juniper.net>
In-Reply-To: <57A5696C-4AD1-46E3-85C8-21867D821A3D@juniper.net>
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 29 Sep 2020 17:24:00 +0200
Message-ID: <CAOj+MMENOtZ2tEJYRUq8EXizJNZ75+r3YWFDp7yOBka_hgj-UA@mail.gmail.com>
To: John Scudder <jgs@juniper.net>
Cc: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, Christoph Loibl <c@tix.at>, "idr@ietf. org" <idr@ietf.org>, "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>, Hares Susan <shares@ndzh.com>
Content-Type: multipart/alternative; boundary="000000000000f53e3a05b0755f4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/kkX8RnMox8L-J5GYUSlyYi5emnQ>
Subject: Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 15:24:16 -0000

Hi John,

I admit I have missed that change or even if I noticed it apparently I did
not realize the magnitude and consequences this change brings.

IMHO it would be a fine change for FSv2 however I am quite sceptical for
rolling it into 5575bis.

Many thx,
R.


On Tue, Sep 29, 2020 at 5:20 PM John Scudder <jgs@juniper.net> wrote:

> Hi Robert,
>
> You are right that RFC 5575 is very clear about that decision:
>
>    We define a "Flow Specification" NLRI type that may include several
>    components such as destination prefix, source prefix, protocol,
>    ports, etc.  This NLRI is treated as an opaque bit string prefix by
>    BGP.  Each bit string identifies a key to a database entry with which
>    a set of attributes can be associated.
>
>
> It’s also true that rfc5575bis retracts it. Appendix B makes it clear this
> wasn’t an accident:
>
>       Section 1 <https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-26#section-1> introduces the Flow Specification NLRI.  In [RFC5575 <https://tools.ietf.org/html/rfc5575>]
>       this NLRI was defined as an opaque-key in BGPs database.  This
>       specification has removed all references to an opaque-key
>       property.  BGP implementations are able to understand the NLRI
>       encoding.
>
>
> I haven’t gone back to check, but given that this was made so explicit in
> the draft, I’m going to suppose that it was discussed in the WG before the
> WGLC concluded, so I’m not very excited to re-litigate it.
>
> I do think that it would be good to commence work on FSv2 soon, while we
> still have this experience fresh in our minds.
>
> —John
>
> On Sep 29, 2020, at 2:57 AM, Robert Raszuk <robert@raszuk.net> wrote:
>
>
>
> Hi Jakob,
>
> > Flowspec does not AFAIK have any such NLRI... yet.
>
> I am not quite sure what are you trying to say above.
>
> Today in RFC5575 NLRI is clearly defined as a numeric value with a given
> length. It was by design not parsable by BGP. The entire NLRI is a key.
>
> So updates and withdraws processing happens on the key as defined.
>
> Now if we start to parse that value (except maybe for validation which I
> am also now pretty sceptical about) and dissecting part of that calling
> some types to be a key and some not - at min IMHO we should use different
> SAFI not to create complete deployment issues.
>
> Many thx,
> R.
>
>
> On Tue, Sep 29, 2020 at 1:23 AM Jakob Heitz (jheitz) <jheitz@cisco.com>
> wrote:
>
>> Also to consider that in BGP, there are several examples of NLRI
>>
>> where the NLRI key is not the whole NLRI, starting with RFC 3107,
>>
>> where the label is not part of the key.
>>
>>
>>
>> A speaker that receives an update with an unknown NLRI does not
>>
>> know if that unknown NLRI servers to withdraw a (seemingly)
>>
>> different unknown NLRI, if the parts that are different are not
>>
>> key material.
>>
>>
>>
>> Therefore, a BGP speaker must always be able to completely
>>
>> parse and understand received NLRI.
>>
>>
>>
>> Flowspec does not AFAIK have any such NLRI... yet.
>>
>>
>>
>> Regards,
>>
>> Jakob.
>>
>>
>>
>> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of *Robert Raszuk
>> *Sent:* Monday, September 28, 2020 1:44 PM
>> *To:* Christoph Loibl <c@tix.at>
>> *Cc:* idr@ietf. org <idr@ietf.org>; draft-ietf-idr-rfc5575bis@ietf.org;
>> John Scudder <jgs=40juniper.net@dmarc.ietf.org>;
>> bruno.decraene@orange.com; Hares Susan <shares@ndzh.com>
>> *Subject:* Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth
>> fixing?
>>
>>
>>
>> All,
>>
>>
>>
>> To me the real question is if we really should validate the content of
>> NLRI or just make sure that NLRI boundaries meet BGP MP_REACH
>> definition and treat NLRI values completely opaque to BGP (as per original
>> RFC5575).
>>
>>
>>
>> If NLRI is really malformed resulting in MP_REACH attribute being
>> malformed I do not see that much harm in session reset.
>>
>>
>>
>> But if we dive into each atomic type parsing of the NLRI value itself at
>> each BGP speaker talking SAFI 133/134 I think this is going to be a mess.
>>
>>
>>
>> Best,
>>
>> R.
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Sep 28, 2020 at 9:41 PM Christoph Loibl <c@tix.at> wrote:
>>
>> Hi,
>>
>>
>>
>> I do not really want to repeat the whole discussion here (seems that we
>> are going in circles) if not needed. I think that we agreed that if the
>> NLRI is malformed the only option is to reset (+send notification) the
>> session (even if we consider rfc7606). And from draft-rfc5575bis it is
>> clear that we are talking about a malformed NLRI:
>>
>>
>>
>>    A NLRI value not encoded as specified specified here is considered
>>
>>    malformed and error handling according to Section 10 is performed.
>>
>>
>>
>> -> I think that adding the small term that John suggested is sufficient.
>>
>>
>>
>> Cheers Christoph
>>
>>
>>
>> --
>> Christoph Loibl
>> c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at
>> <https://urldefense.com/v3/__http://www.nextlayer.at__;!!NEt6yMaO-gk!X4eMxV72EsYddrA45y5RcVvdurOK06WI3jav90JT_G28wjdKzOfMHr3s65ZeQA$>
>>
>>
>>
>>
>>
>>
>>
>> On 28.09.2020, at 21:16, Alvaro Retana <aretana.ietf@gmail.com> wrote:
>>
>>
>>
>> [Explicitly adding Jeff to the To list.]
>>
>>
>>
>> Hi!
>>
>>
>>
>> During my AD review there was a discussion on the list about this point,
>> and whether we could avoid resetting the session.  Jeff presented some
>> examples and, I think, made a very convincing case of why we really can’t:
>> even if we can look at the length, we would still be guessing.
>>
>>
>>
>> I think this is one of the messages:
>> https://mailarchive.ietf.org/arch/msg/idr/FHC-Vz26LZfam-o5Y-9-WSrEm2g/
>> <https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/idr/FHC-Vz26LZfam-o5Y-9-WSrEm2g/__;!!NEt6yMaO-gk!X4eMxV72EsYddrA45y5RcVvdurOK06WI3jav90JT_G28wjdKzOfMHr29g9EyWw$>
>>
>>
>>
>>
>> Jeff: if you get a chance, please chime in.
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Alvaro.
>>
>>
>>
>> On September 28, 2020 at 2:16:38 PM, John Scudder (
>> jgs=40juniper.net@dmarc.ietf.org) wrote:
>>
>>
>>
>> I think that is the right thing, too: FS uses T,V and not T,L,V for its
>> component types, the lengths are implicit. So, if my parser encounters an
>> unknown type code it is impossible for me to know how to skip over that
>> type code. At that point, parsing breaks down.
>>
>> [Bruno] I had in mind the higher level of hierarchy:
>>
>>
>>
>>    The NLRI field of the MP_REACH_NLRI and MP_UNREACH_NLRI is encoded as
>>
>>    one or more 2-tuples of the form <length, NLRI value>.  It consists
>>
>>    of a 1- or 2-octet length field followed by a variable-length NLRI
>>
>>    value.  The length is expressed in octets.
>>
>>
>>
>>                      +-------------------------------+
>>
>>                      |    length (0xnn or 0xfnnn)    |
>>
>>                      +-------------------------------+
>>
>>                      |    NLRI value   (variable)    |
>>
>>                      +-------------------------------+
>>
>>
>>
>>                 Figure 1: Flow Specification NLRI for IPv4
>>
>>
>>
>> At this level, assuming that the NLRI value is found semantically
>> incorrect, it seems to me that one could:
>>
>> -          Skip this NLRI (thanks to the ‘length’ field) and continue
>> with the next NLRI
>>
>> -          Read the ‘NLRI value’ as an opaque data, and treat this NLRI
>> as withdraw. (In the context of the discussion, this NLRI would never had
>> been accepted, so ‘treat-as-withdraw’  could even be replaced with
>> ‘ignore’. But I’m _*not*_ calling for this).
>>
>> Hence it seems to me that treat-as-withdraw is technically possible.
>>
>>
>>
>> Fair enough. It’s a little unfortunate that the draft contains this
>> ambiguity; in retrospect it would have been better to be explicit about the
>> error-handling strategy chosen rather than simply referencing RFC 7606.
>> Whether or not we want to respin the draft in order to clarify it, is a
>> question for the WG. If we were to make a change, it could potentially be
>> the addition of this sentence, in Section 10:
>>
>>
>>
>>    Error handling according to [RFC7606 <https://urldefense.com/v3/__https://tools.ietf.org/html/rfc7606__;!!NEt6yMaO-gk!X4eMxV72EsYddrA45y5RcVvdurOK06WI3jav90JT_G28wjdKzOfMHr00REP3-Q$>] and [RFC4760 <https://urldefense.com/v3/__https://tools.ietf.org/html/rfc4760__;!!NEt6yMaO-gk!X4eMxV72EsYddrA45y5RcVvdurOK06WI3jav90JT_G28wjdKzOfMHr324tDOCw$>] applies to this
>>
>>    specification. *Notably, an NLRI that is found to be semantically*
>>
>>    *incorrect (for example due to an unknown component type) MUST be*
>>
>>    *handled using the “treat-as-withdraw” strategy (which in this case,*
>>
>>    *it** must be noted, works out to be the same as skipping over the NLRI).*
>>
>>
>>
>>
>

v2.23.0 | Report a Bug | By Email