Re: [Idr] Question about the magic bits resulting in 179

Brian Dickson <brian.peter.dickson@gmail.com> Mon, 06 April 2020 21:43 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8E773A0CCF for <idr@ietfa.amsl.com>; Mon, 6 Apr 2020 14:43:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AeHX_E-9IVnH for <idr@ietfa.amsl.com>; Mon, 6 Apr 2020 14:43:48 -0700 (PDT)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E823D3A0CD2 for <idr@ietf.org>; Mon, 6 Apr 2020 14:43:47 -0700 (PDT)
Received: by mail-vs1-xe34.google.com with SMTP id x206so892539vsx.5 for <idr@ietf.org>; Mon, 06 Apr 2020 14:43:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Nn4kCGK3yCWqs1Ch1TGUHgUxDA1kR6bFMH7eaRibCrw=; b=uOClql6Oczx/ync3M9TWlQmN1fuH51fIOT7NpgDvROpm4AaEmssUk7SIqkBBOabi+I ALxhk7qcgo9EOMXqznjNkfCEdmCsehYttjFrLIUae6ATj86UsQDkp0X1OAjn4qE2jdap r7WBe2o4/6KPjGAwWNWX9GkhdjORR1JD2VSeDJveLyWtUhXOwtmrCFZKL8oA++tU0j0j 4y70USkN+sdERn/4vFeKp+3AhKKe6gXXOGp+bvE3t7xKgBhTgDZYDsDnuzyjxvxLArBu zflZs+5u1NPGKh4EgReuHc0gT6pVr1oHKAKRBRDcnRIHpY6VaU4Px1ovmWIpJvuFm9sK HxDQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Nn4kCGK3yCWqs1Ch1TGUHgUxDA1kR6bFMH7eaRibCrw=; b=MBHYVjv/mUKBfc/tuWUuzHMdDZS8I3xD3fJCrcgbhwlk40CFRCSbIOGcOhtI/7Tjxo 6PSbCraSc/hnwie7EPTmeIW6Eh7VlbcDne2+t7FsXtLW6zir7rX9c+d03vtN8KIi91+h q7x7pvviVLsYyCQWwkpoB6vVb6iV7jOGh/uzdpvteDgR/J/9FEsMk3uoxSbX5bY1uyPi H4+5G6MLg1+6XDkCTUwQhzTiLfKZ6zWtz6w4OpjhOfMLCsI+kcRFOsYSIfbTnqH9gg6R 4PqBGI0MM4kziGoVqUNNHNLK9MGsSPaV0pyQX0NLR/RWYQ6BCbGdpcRzfNfgQ6X3wXy1 ocbA==
X-Gm-Message-State: AGi0PuYOjebmDbAS90kb4NVutDTen113fttv4fQ0zbxDLnID2BalpizB Y+cJPaj//79/+r7w0fMqrmvvbiNaQdoUG0uOAUo=
X-Google-Smtp-Source: APiQypLv/N6+DNqZE0U+YVBwGe5rQI2iwCOXFxU6gVvYoz29YKek9zCAKOIHsq2EQmPwZ73lm8y+gpxLp7tMOf/nrhs=
X-Received: by 2002:a67:770f:: with SMTP id s15mr1561936vsc.199.1586209426181; Mon, 06 Apr 2020 14:43:46 -0700 (PDT)
MIME-Version: 1.0
References: <20200406151801.55d2550c@p50.localdomain>
In-Reply-To: <20200406151801.55d2550c@p50.localdomain>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Mon, 6 Apr 2020 14:43:34 -0700
Message-ID: <CAH1iCirLUPfsfj7JuvOHbpuy9oCx5=2ewm-eOYwT8uuKkEwvYg@mail.gmail.com>
To: John Kristoff <jtk@depaul.edu>
Cc: IETF IDR <idr@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000631be005a2a62928"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/obXURaSWTXWxm_NwyemED2uhJgw>
Subject: Re: [Idr] Question about the magic bits resulting in 179
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 21:43:57 -0000

On Mon, Apr 6, 2020 at 1:18 PM John Kristoff <jtk@depaul.edu> wrote:

> Friends,
>
> In many software BGP implementations (e.g. BIRD, FRR, GoBGP) the BGP
> listening process and remote peer may be specified with a port other
> than 179. However, in hardware-based routers such as Cisco and Juniper,
> when I went to use a non-standard port on one of them, I noticed no
> such knob to change the default port.  It had never really occurred to
> me this was a big deal before, but now it seems sort of unusual given
> that practically all Internet services these days permit non-default
> port usage.  Note, it really is not important why I or anyone would
> want to do this, it really is beside the point.
>
> When I asked some other operators about this I got a lot of push back
> such as questioning the motive, suggesting this is nonsensical, and
> that is would not be BGP.
>
> The last idea I'd like to pose as a question to this group and use the
> resulting consensus as something that might be reference material for my
> operator friends that I think are essentially wrong.  :-)
>
> From my reading of IETF RFC 4271 - A Border Gateway Protocol 4 (BGP-4),
> 179 support is clearly required for an implementation following the
> specification. From section 8.2.1:
>
>   A BGP implementation MUST connect to and listen on TCP port 179 for
>   incoming connections in addition to trying to connect to peers.
>
> However, the requirement that an operator must use port 179 seems less
> strict and as far as I can tell is ultimately a local decision if an
> implementation support changing it. In the Administrative Events
> sections there is this (sorry for extensive quoting, but context is
> required):
>
>       Event 14: TcpConnection_Valid
>
>          Definition: Event indicating the local system reception of a
>                      TCP connection request with a valid source IP
>                      address, TCP port, destination IP address, and TCP
>                      Port.  The definition of invalid source and invalid
>                      destination IP address is determined by the
>                      implementation.
>
>                      BGP's destination port SHOULD be port 179, as
>                      defined by IANA.
>
>                      TCP connection request is denoted by the local
>                      system receiving a TCP SYN.
>
> Furthermore, from an unfinished draft-ietf-idr-bgp-issues-06
> summarizing discussion when the RFC was being finished I found this
> that drew consensus:
>
>    Sue replied that this is local policy and is implementation
>    dependent.  Siva agreed regarding the source port & IP address, but
>    disagreed about the destination port.  He argued that we need to know
>    the destination port for interoperability.
>
>    Sue asked Siva to provide some text.
>
>    After a long lull, Sue replied with:
>
>    I would like to keep the current text of "Should" in the following
>    text "BGP's destination port SHOULD be port 179 as defined by IANA."
>
>    Should indicates that it normally should be 179.  If an
>    implementation allows for an alternative TCP port, it is still valid
>    as the "MUST" is not indicated.
>
> That seems to clearly allow for an implementation or operator to use
> a port other than 179 if they choose to, and there is nothing that would
> constitute this as somehow invalid BGP or particularly wrong, if not
> uncommon or unusual. Fair assessment?
>
>
I think the distinction is between "implementation" and "operator".
An implementation MUST default to 179, and an operator SHOULD use 179 (but
clearly can agree with another party or internally to use anything else).

There may also be implementations with hard-coded (ASIC) guts for special
handling of TCP port 179 (e.g. special QoS-like handling to ensure BGP
traffic is prioritized by hardware.)

Hope this is helpful.

Brian



>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>