IETF Logo Mail Archive

Re: [Idr] Fwd: New Version Notification for draft-spaghetti-idr-bgp-sendholdtimer-05.txt

Robert Raszuk <robert@raszuk.net> Thu, 04 August 2022 16:24 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E31C15A722 for <idr@ietfa.amsl.com>; Thu, 4 Aug 2022 09:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kRBui-lNYsgY for <idr@ietfa.amsl.com>; Thu, 4 Aug 2022 09:24:10 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D69DEC138FA7 for <idr@ietf.org>; Thu, 4 Aug 2022 09:24:10 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id k26so228042ejx.5 for <idr@ietf.org>; Thu, 04 Aug 2022 09:24:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=ZfpAgch6luLjUHbpWbMxzdmIkIzyO4HBsLmvwfyVfzs=; b=X6i5qdw7Uk2rsC3hGGFKmYb93m1Y3aUNrnzbQKLQf5aZprusAs8lnrEssAplTeUMQX Wdw3V0nEfmCIUjO7jHEgOwogCWlMi2OMpoF/aBqJwQs4Qf5TakfcV/4BZ4L6dfAQSVc/ k/IBmvY0M0VebPvvVpv8fDq3Vl6WFuM604yVImm1Ylsbr6QifyUSvBwlcT+7HrBlvyF7 KMtNtIfF3QSdKe6N0lSuryu1XpgSxc2fHnwMyydePRvrIY97Rf6vOzxb/TEyH03YPT/f lc93RmGIJywwoHaghTWXGmd75mmPwLCgUDwoWL8t2VA/EJBBHcmvrkPQ1zBBl4jZIivp +Npg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=ZfpAgch6luLjUHbpWbMxzdmIkIzyO4HBsLmvwfyVfzs=; b=DogLHajJtPsudd1cgdDEZI4Sdnoxw13zBp5a8kS6ZC7uolHc3rEj7WhLe4HwL9lXAF 67iU/2CIEYWubP6xiVbVG0mm0kmzaRdLtmIsMdDOQE9f6q8NUOSUucOJLoRN694JbxUW ehY084uQ6cDM+3RGh/jpBxRVO05iwYPClW2FCq9uPVE/Z0I39JOb1oK5pZITP09SpkN3 v59oldHJ6bvOMol3CfFGPcj6dLbnVHGaf6KGZh5dQgU/4REBzn/6NM3lvpOJ4VaV1qWw 70Zfje8xivfiIBOOyxC8I24TW0ec8j5Ko435wEf/KjBFjbA0/3slg0ac2pgisAr9LqJb 1sjg==
X-Gm-Message-State: ACgBeo2lsRPgwSaUD2mjj6KjenqLiMj6qR+qVhLwasuWgbEXuBMx8fb0 MJlvlDK326O2BWclDL8bGl9v1snn7vDnk231AJyTdYskDPO/Kw==
X-Google-Smtp-Source: AA6agR5Yrt/1o7yzt/ONJvoQuweDpHhmZv51VxIEoyJwnTe9nsTJ0VF1lvLmTSXG6pb20snf22yBdmuk2oyVW61i+Ww=
X-Received: by 2002:a17:907:6096:b0:72f:1d74:b71b with SMTP id ht22-20020a170907609600b0072f1d74b71bmr2038325ejc.272.1659630248843; Thu, 04 Aug 2022 09:24:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAOj+MME7XnW7kDXL4muh4Qp1UvabQ9amUoU0Sn3h2axqKzswzA@mail.gmail.com> <77F3E1F0-486F-47DF-ABE4-EFDB9C2FB6D8@gmail.com> <CAOj+MMGR4f3eLEDZY++1m4Lpo9joG4L9OrWbeF6kREn-9a9onA@mail.gmail.com> <c6e44213-7667-0f67-71a4-634411cd102b@foobar.org> <CAOj+MMFajL6E42WCzC0ZqrfSBZjU-0B=ZzmtvCRPkuMzU8z5QA@mail.gmail.com> <Yun6e5jSb0OYZGAX@shrubbery.net> <CAOj+MMFRJr=cs+5DVOp72BVn_j3NgANwNftyj=jRbdsvPpg-wA@mail.gmail.com> <CANJ8pZ9oNvd0CGEbOQQpeZ1Sf-=ctVy8yhD0XFK-qYiE08BZUA@mail.gmail.com> <CAL=9YSX-iXEOQrERA5M_ZbG68UmgacchdODk7uwT3p0ZjLgJow@mail.gmail.com>
In-Reply-To: <CAL=9YSX-iXEOQrERA5M_ZbG68UmgacchdODk7uwT3p0ZjLgJow@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 04 Aug 2022 18:23:58 +0200
Message-ID: <CAOj+MMFTikXbAC81mU7SiUHFq==5y5k9cSMK91B5YGVfAQLEvQ@mail.gmail.com>
To: Ben Cox <ben=40benjojo.co.uk@dmarc.ietf.org>
Cc: "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000070f7d105e56cc75c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/o2WAESTJUs22PNDcKMboD33B2Ik>
Subject: Re: [Idr] Fwd: New Version Notification for draft-spaghetti-idr-bgp-sendholdtimer-05.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2022 16:24:15 -0000

Ben at all,

So we are trying to drop a session towards the BGP peer who does not
respect basic RFC4271 obligation to drop the session when HOLD TIMER
expires. That to me is already marginal (read noise corner case).

Then we worry that LINUX TCP stack may have buggy implementation of
TCP_USER_TIMEOUT and instead of fixing it locally we dismiss this option.

Isn't this going a bit too far ? If the problem is real why don't we solve
it in a more elegant and broader way (broader in a sense to detect more
issues) by defining a new BGP Message - BGP PING Message. Sort of BGP level
heartbeat.

Difference from KEEPALIVE messages would be that apparently implementations
and RFC4271 decouple completely KEEPALIVE receiving from KEEPALIVE MSG and
tightening them may be a bad idea.

Long run we could use BGP PING and BFD and retire KEEPALIVEs.

So here it would allow us to go up to the BGP stack to make sure both sides
process BGP messages and respond to them. Would it solve all problems with
BGP consistency - no. But it does allow us to discover more issues between
point to point peers.

It could run slow enough ... say every 60 sec, negotiated by capability.
PING HoldTime of 180 sec could trigger session RST.

I shared this offline with some IDR WG members .. now just sharing with you
all ... It is still different from BGP OPERATIONAL MESSAGE that if we think
the issue of a stuck/buggy BGP peer is real perhaps could deserve a small
draft to document it.

Just a thought ...

Many thx,
Robert

On Thu, Aug 4, 2022 at 4:07 PM Ben Cox <ben=40benjojo.co.uk@dmarc.ietf.org>
wrote:

> One question with TCP_USER_TIMEOUT (I've yet to test it) but if we
> want to emit syslog/SNMP messages when it triggers, is there a way to
> get out of the kernel that the reason for a socket closing was
> TCP_USER_TIMEOUT and not something else?
>
> Someone also mentioned in passing that TCP_USER_TIMEOUT in Linux was
> buggy/broken until relatively recently, assuming that is the case,
> that might be a good argument alone against going that route since the
> a number of vendors using older kernels could risk someone thinking they
> have implemented the feature but instead their kernel has
> silently/loudly broken it.
>
> On Wed, Aug 3, 2022 at 8:29 PM Enke Chen <enchen@paloaltonetworks.com>
> wrote:
> >
> > > if this is just queued keepalives (no BGP churn) then depending on the
> buffer size it may take ages to fill ..
> >
> > Indeed, in that case the local BGP speaker may not know about the
> > condition (mis-behaving remote speaker / 0-window) for a long time,
> > and that's not covered by the current draft, nor the FRR BGP patch
> > based on my reading.
> >
> > To make it complete, I believe that the detection and handling of a
> > stuck peer (i.e., "data not being transmitted") should be at the
> > transport layer.  The TCP_USER_TIMEOUT option is readily available for
> > that purpose:
> >
> > https://man7.org/linux/man-pages/man7/tcp.7.html
> >
> > TCP_USER_TIMEOUT (since Linux 2.6.37)
> >               This option takes an unsigned int as an argument.  When
> >               the value is greater than 0, it specifies the maximum
> >               amount of time in milliseconds that transmitted data may
> >               remain unacknowledged, or bufferred data may remain
> >               untransmitted (due to zero window size) before TCP will
> >               forcibly close the corresponding connection and return
> >               ETIMEDOUT to the application.  If the option value is
> >               specified as 0, TCP will use the system default.
> >
> > Thanks.  -- Enke
> >
> > On Wed, Aug 3, 2022 at 2:43 AM Robert Raszuk <robert@raszuk.net> wrote:
> > >>
> > >> Even if the remote (stuck) peer does not process the FIN, the local
> > >> end will close the session and stop forwarding traffic that direction.
> > >> That is an improvement, from an operator's PoV, both for forwarding
> > >> errors and local resources.
> > >
> > >
> > > Would not the same happen when you will send keepalives *ONLY* upon
> receiving them from a peer.
> > >
> > > If both sides support it there should be no issue of stuck sessions.
> Also no new timer needed and could be knob to enable/disable it.
> > >
> > > This draft assumes that one peer is bad and the other should time out
> when it can not send. So I am asking what exactly is the trigger to fire
> that timer when BGP can not write to a TCP socket ? Is it Error 105: No
> buffer space available ? Something else ?
> > >
> > > If this is just queued keepalives (no BGP churn) then depending on the
> buffer size it may take ages to fill ...
> > >
> > > Best,
> > > R.
> > >
> > > _______________________________________________
> > > Idr mailing list
> > > Idr@ietf.org
> > >
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/idr__;!!Mt_FR42WkD9csi9Y!a0z_mWIoJi3AkiI16RqyCvoRCWwEOL3bWCHM4NpDMSNuDupNtnpKp-7CS11XhqcJqXRdfdf7CvdIHDMJt49KTA$
> >
> > _______________________________________________
> > Idr mailing list
> > Idr@ietf.org
> > https://www.ietf.org/mailman/listinfo/idr
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>

v2.23.0 | Report a Bug | By Email