Re: [Idr] Bug in RFC 7911 (add-paths) and tie-breaking

Claudio Jeker <cjeker@diehard.n-r-g.com> Fri, 25 June 2021 08:50 UTC

Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A88573A0ADA for <idr@ietfa.amsl.com>; Fri, 25 Jun 2021 01:50:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.195
X-Spam-Level:
X-Spam-Status: No, score=-4.195 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsDpqStf3hhP for <idr@ietfa.amsl.com>; Fri, 25 Jun 2021 01:50:21 -0700 (PDT)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 239013A0AD7 for <idr@ietf.org>; Fri, 25 Jun 2021 01:50:20 -0700 (PDT)
Received: (qmail 97757 invoked by uid 1000); 25 Jun 2021 08:43:38 -0000
Date: Fri, 25 Jun 2021 10:43:38 +0200
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: "Jakob Heitz \(jheitz\)" <jheitz=40cisco.com@dmarc.ietf.org>
Cc: Robert Raszuk <robert@raszuk.net>, John Scudder <jgs=40juniper.net@dmarc.ietf.org>, "dwalton76@gmail.com" <dwalton76@gmail.com>, "idr@ietf. org" <idr@ietf.org>
Message-ID: <20210625084338.GC31038@diehard.n-r-g.com>
References: <F689CF63-236D-401D-9C8E-AC1C39CDE772@juniper.net> <CAOj+MMHg1f2rFNHZLM-j7Jx-ji_zWLhesmrNdS5LWfsNk_x9sw@mail.gmail.com> <BYAPR11MB3207351F5FA437DD807E576BC0079@BYAPR11MB3207.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BYAPR11MB3207351F5FA437DD807E576BC0079@BYAPR11MB3207.namprd11.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/lPwZxtHuPNGD34L39EwhvywPEkk>
Subject: Re: [Idr] Bug in RFC 7911 (add-paths) and tie-breaking
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2021 08:50:26 -0000

On Thu, Jun 24, 2021 at 10:20:05PM +0000, Jakob Heitz (jheitz) wrote:
> Then the code would have to compute the attribute length for each path,
> carry it along and pass it to the bestpath compare function.
> For what? To increase convergence time?
> Because simple byte length will not be good enough and people will start
> arguing that
> an extended community is just as valuable as a regular community and
> count the number of communities
> rather than bytes and then the tunnel attribute is longer and on and on.
> I vote for path-id.

I agree, also the total attribute length can be equal if e.g. if one path
uses 3 communities and the other has one large-community. Checking on
attribute length is not a good tie-breaker.

In my opinion the check is here to select between two equal path that are
sent from the same peer. Because of this it makes sense to use path_id as
a tie-breaker. Since path-id is the one thing that distinguishes these two
paths.

-- 
:wq Claudio
 
> Regards,
> Jakob.
> 
> From: Idr <idr-bounces@ietf.org> On Behalf Of Robert Raszuk
> Sent: Thursday, June 24, 2021 1:40 PM
> To: John Scudder <jgs=40juniper.net@dmarc.ietf.org>
> Cc: dwalton76@gmail.com; idr@ietf. org <idr@ietf.org>
> Subject: Re: [Idr] Bug in RFC 7911 (add-paths) and tie-breaking
> 
> John,
> 
> > because it’s technically possible to receive two routes for the same destination, from the same peer, with different path-id, and with all tie-break metrics the same
> 
> While this is not about risk of loops, those paths may possibly contain different optional attributes otherwise they would be rather duplicates.
> 
> More specifically one of them may contain additional optional attributes while the other may not.
> 
> Perhaps with add-paths while we are at this discussion it may make sense to choose the path with a longer list of BGP path attributes as such path may be more useful to receivers.
> 
> Only then when the number of such attributes  is the same fall to path_id as tie-break.
> 
> Thx,
> Robert
> 
> 
> On Thu, Jun 24, 2021 at 8:15 PM John Scudder <jgs=40juniper.net@dmarc.ietf.org<mailto:40juniper.net@dmarc.ietf.org>> wrote:
> Hi Folks,
> 
> Claudio recently pointed out a bug in RFC 7911 to the authors, and we thought we should let the WG know. The gist of the bug is that the tie-breaking process is underspecified, because it’s technically possible to receive two routes for the same destination, from the same peer, with different path-id, and with all tie-break metrics the same (all the way down to peer address). My guess — but it’s only a guess, I haven’t checked — is that implementations may mostly have chosen to prefer the first path received.[*] But the only thing we can say with confidence is “it’s underspecified and therefore implementation-dependent.”
> 
> When I worked through this, my conclusion was that whatever option an implementation chooses should be safe, since by definition the paths are equivalent all the way down. I don’t see a way to form a loop even if every router in the network makes arbitrary — and conflicting — choices in this situation, since by definition of IGP distance, if a given router A makes an arbitrary choice, none of its neighbors when presented with the same set of routes will make a conflicting arbitrary choice, since the options are:
> 
> - The peer is closer to both destinations, in which case it can make any choice it wants, the traffic will not loop back to A,
> - The peer is further from both destinations, in which case it can make any choice it wants, the traffic will not loop back from A,
> - The peer is closer to one and further from the other destination, in which case it isn’t faced with a dilemma, it will choose the closer (and the traffic won’t go back towards A).
> 
> I guess if you’re in a network that doesn’t have IGP distances at all (maybe everything is static routed?) or if IGP distances don’t follow the usual rules of IGP “physics”, then you could create a problem. But those are pathological cases where we’d expect BGP not to work very well anyway.
> 
> Claudio suggested that path-id would be a good final tie-break; that makes sense to me. We could do a quick update to 7911 to standardize this new tie-break, we could do a bis of 7911 to include the new tie-break, or we could just leave things as they are, relying on my argument above that says there is no strong need to standardize a tie-break since any choice is OK.
> 
> For the moment, this is just an FYI for the WG. Thanks very much to Claudio for pointing out the bug!
> 
> —John
> 
> [*] You may notice that it’s possible to have two such paths packed into the same update in some circumstances, which makes the choice even more arbitrary since it’s pretty notional to say one has arrived before the other.
> _______________________________________________
> Idr mailing list
> Idr@ietf.org<mailto:Idr@ietf.org>
> https://www.ietf.org/mailman/listinfo/idr

> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr