Re: [Idr] Bug in draft-ietf-idr-rfc5575bis, worth fixing? Fri, 25 September 2020 16:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CE0703A0FEC; Fri, 25 Sep 2020 09:56:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.117
X-Spam-Status: No, score=-2.117 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gJ6R8qY8g5m2; Fri, 25 Sep 2020 09:56:30 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2BA173A0FEB; Fri, 25 Sep 2020 09:56:30 -0700 (PDT)
Received: from (unknown [xx.xx.xx.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (ESMTP service) with ESMTPS id 4BydNX583Xz5wjv; Fri, 25 Sep 2020 18:56:28 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=ORANGE001; t=1601052988; bh=6NEfn7Lb0E6IxeV1DwgtbBX+9laELeSQ0eZTsevm3q4=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=lfByDapJydbBP9dasijE3+6LjWdiLG0A+B+LVwhyxSSmu26qjywpK8C/YeTpZ8z6A qUq6tUm6UKvJUYig3m1EsevfOdtVhpWB8XQE5rqQ37N5FUcxML9Xxr4M1onfp9jjzy QxhNAhW7CbjruWTaOwddr0jID4ILmaV7KJmLik5lbKyfOhjkBR8F9U/X7FgK0AfdvQ 884NwMERsJPTOPq5BXyMuhkIT2b0JM2B65YY/72fPOBwCF9x0CcxL/FQFdc+bbxGft nHwrpp+Av+AFiE17Z/AEFR/SHiMo5iV7jvQvPMqjMcthm67SzJ6n+K2pbZevlEqihd HivfkOjGOJe3g==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (ESMTP service) with ESMTPS id 4BydNX3td0zCqkv; Fri, 25 Sep 2020 18:56:28 +0200 (CEST)
To: John Scudder <>, "idr@ietf. org" <>
CC: "" <>, Hares Susan <>
Thread-Topic: Bug in draft-ietf-idr-rfc5575bis, worth fixing?
Thread-Index: AQHWke6R/vziZzLJCEG5MAjI/j3hKql5VnFQ
Date: Fri, 25 Sep 2020 16:56:27 +0000
Message-ID: <22341_1601052988_5F6E213C_22341_268_1_53C29892C857584299CBF5D05346208A48F82C17@OPEXCAUBM43.corporate.adroot.infra.ftgroup>
References: <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A48F82C17OPEXCAUBM43corp_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Idr] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 25 Sep 2020 16:56:33 -0000

Hi John, all,

Thanks for the careful review.
Please see inline [Bruno]

From: Idr [] On Behalf Of John Scudder
Sent: Wednesday, September 23, 2020 11:15 PM
To: idr@ietf. org <>

Hi All,

I’m a little concerned about a change I failed to notice earlier in 5575bis. Version 17 had this paragraph in Section 4.2:

   All combinations of component types within a single NLRI are allowed,

   even if the combination makes no sense from a semantical perspective.

   If a given component type within a prefix in unknown, the prefix in

   question cannot be used for traffic filtering purposes by the

   receiver.  Since a Flow Specification has the semantics of a logical

   AND of all components, if a component is FALSE, by definition it

   cannot be applied.  However, for the purposes of BGP route

   propagation, this prefix should still be transmitted since BGP route

   distribution is independent on NLRI semantics.

Version 18 removed the paragraph. I believe it was removed because of good and reasonable concerns about the “prefix should still be transmitted” part. But, it appears we threw out the baby with the bathwater: the final version of the draft has nothing that corresponds to the underlined part. It is underspecified with respect to what should be done with unknown component types. The closest it comes is this paragraph in Section 4.2 of version 26:

   A NLRI value not encoded as specified specified here is considered

   malformed and error handling according to Section 10<> is performed.

But I think this falls well short of being either clear or unambiguous, because what does “as specified here” mean exactly?
[Bruno] In general, I favour interop and clear spec and IMHO, the fact that you ask the question is an indication that the text is not clear enough.
However, I would not want to mess with this document as this stage; so please see the below comments as discussions/info. Especially since I’m not familiar with FS so I may be missing something obvious.

I’d like to open a discussion of whether the WG agrees that this is a bug and if so, whether it’s concerning enough to request a last-minute patch to the document, which is currently with the RFC Editor, so it’s almost an RFC. I think the least intrusive fix would be to insert the clause “including an NLRI that contains an unknown component type”, as in:

   A NLRI value not encoded as specified here,

   including an NLRI that contains an unknown component type,

   is considered

   malformed and error handling according to Section 10<> is performed.

Just as a side note, “error handling according to Section 10” points us to RFCs 7606 and 4760, which end up telling us to reset the session if the NLRI is malformed.

[Bruno] Thanks for providing the full picture and hence the importance of the point.
_IMHO_, RFC 7606 calls for session reset as a ‘last’  resort error handling behaviour.
8.  Guidance for Authors of BGP Specifications
The "treat-as-withdraw" approach is generally preferred and the "session reset" approach is discouraged.

Treat-as-withdraw cannot be performed when the NLRI can’t be found in the update, or the NLRI can’t be effectively withdrawn typically because the peer won’t accept it in the withdraw (e.g. and IPv4 address of 5 octets). Or (my reading) we feel that the received NLRI seem so wrong that what we read may not be what was intended to be send. IOW, there is an error in the syntax.

IHMO, RFC 7606 specifies “session reset” when the MP_REACH_NLRI attribute is malformed or the NLRI is syntactically incorrect.

I’m not familiar with FS, but so far, I don’t feel that an unknown component type in FS:
- prevents the “treat-as-withdraw” approach.
- matches the RFC 7606 description of a syntactically incorrect NLRI field

Also, I don’t see capability negotiation so how is the sender supposed to know the list of component types which is supported by the receiver?

Finally, I’d like to also point to another text from RFC 7606, which I think is relevant for this rfc5575bis discussion.
8.  Guidance for Authors of BGP Specifications
   of BGP documents are also reminded to review the discussion of
   optional transitive attributes in the first paragraph of the
   Introduction of this document.


Until we get a chance to discuss this, I’ve sent a note to the RFC Editor asking them to hold publication.



P.S.: The version 26 text also has a proofreading error, “specified specified”. But I assume the RFC Editor would fix that anyway.


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.