Re: [Idr] dear diary: well-known community vs new path attribute

Job Snijders <job@ntt.net> Sat, 01 April 2017 04:00 UTC

Return-Path: <job@ntt.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC3712709D for <idr@ietfa.amsl.com>; Fri, 31 Mar 2017 21:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqy06U2XARAL for <idr@ietfa.amsl.com>; Fri, 31 Mar 2017 21:00:29 -0700 (PDT)
Received: from mail3.mlpsca01.us.to.gin.ntt.net (mail3.mlpsca01.us.to.gin.ntt.net [IPv6:2001:418:3ff:3::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA377126BFD for <idr@ietf.org>; Fri, 31 Mar 2017 21:00:29 -0700 (PDT)
Received: by mail3.mlpsca01.us.to.gin.ntt.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <job@ntt.net>) id 1cuADF-0002KT-Iu (job@us.ntt.net) for idr@ietf.org; Sat, 01 Apr 2017 04:00:29 +0000
Received: by mail-wr0-f176.google.com with SMTP id l43so119520540wre.1 for <idr@ietf.org>; Fri, 31 Mar 2017 21:00:29 -0700 (PDT)
X-Gm-Message-State: AFeK/H3ItPNYXR19HrQ7/dlMjK1OvyWMrJquBR/9tYXQni+iwEECT//3W06/WQTRMAlf0GmJC35cgP+EZDUn9g==
X-Received: by 10.223.148.35 with SMTP id 32mr5687247wrq.82.1491019227829; Fri, 31 Mar 2017 21:00:27 -0700 (PDT)
MIME-Version: 1.0
References: <20170401020136.ftbjliohoaznzqyx@dhcp-86cf.meeting.ietf.org> <CA+b+ERkB8ZBCMRODTausuj8oLvVpkCuiF-p=1C9Re0n6mKqHSQ@mail.gmail.com>
In-Reply-To: <CA+b+ERkB8ZBCMRODTausuj8oLvVpkCuiF-p=1C9Re0n6mKqHSQ@mail.gmail.com>
From: Job Snijders <job@ntt.net>
Date: Sat, 01 Apr 2017 04:00:16 +0000
X-Gmail-Original-Message-ID: <CACWOCC9cdR-g1Z8Aqp48qae1r76b-c0Jk06A21d0hAs-H9W9xQ@mail.gmail.com>
Message-ID: <CACWOCC9cdR-g1Z8Aqp48qae1r76b-c0Jk06A21d0hAs-H9W9xQ@mail.gmail.com>
To: Job Snijders <job@ntt.net>, Robert Raszuk <robert@raszuk.net>
Cc: idr wg <idr@ietf.org>
Content-Type: multipart/alternative; boundary=94eb2c0d21c26dac8a054c12f76b
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/od41pNIZz5BWdvmEloRT6woHtFA>
Subject: Re: [Idr] dear diary: well-known community vs new path attribute
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Apr 2017 04:00:32 -0000

Hi Robert,

I agree, the choice is case by case.

Kind regards,

Job

On Fri, 31 Mar 2017 at 21:17, Robert Raszuk <robert@raszuk.net> wrote:

Hello Job,

If we start to make choice between community vs attribute for each "boolean
function" based on the assumption that some folks will "_*never_ upgrade
their software*" then IDR job becomes really simple.

IDR should just manage registry of communities in 80% of its proposals and
we are done.

So while in Sriram's proposal for intra-as (if at all needed) community
will be a better choice IMO such call should be made each time on a case by
case basis depending on the extension being discussed rather then any
generic overrule.

Cheers,
Robert.

On Mar 31, 2017 21:01, "Job Snijders" <job@ntt.net> wrote:

Dear colleagues,

In today's IDR session (thank you for the orderly meeting, chairs &
secretary!) the topic of 'well-known BGP community vs BGP Path
attribute' came up, in context of having a marker to signify or signal a
route's audience [Sriram]
https://datatracker.ietf.org/meeting/98/agenda/idr/

I've come to the conclusion that we have no choice other then to use a
well-known communities for boolean functions like the ones currently on
the table.

There are a number of significant advantages to using communities, that
in my opinion outweigh the perceived benefit of introducing a new path
attribute. This is asserted from a deployment process and adoption rate
perspective. Throughout this email I'll refer to the _function_ of the
path attribute/community as "feature X". Most reasons relate to
"accelerated" deployment rates. With "accelerated" I'm referring to a
2-3 year timescale rather then 8+ years. I'll share my analysis below.

We have to assume that there are many networks which might (from this
moment on) _never_ upgrade their software to the required newer software
to support feature X natively. There are a number of reasons why a
network might never receive the necessary software upgrades: the network
choose to continue using devices well after the End-of-Sale/Support/Life
date for economic reasons. Some networks use hardware longer then the
vendor intended, sometimes because the operator disagreed with the
vendor's view on longevity. Like some of you, I've travelled to regions
of the world where a good router, is a router without bullet holes in
it, in such cases you'll have to make things work with whatever was
loaded on there. In other cases, the vendor simply has gone bankrupt,
and the network has to make do with what is available on their sparing
shelves until the hardware is fully amortised.

With the above in mind, I'd argue that for many BGP features it is
entirely acceptable to state "upgrade your software and receive awesome
feature Y!". But in the instance of routing security, one might need to
salvage as much as one can in existing deployments, for altruistic
reasons.

I think it is fair to assume that in all cases, the BGP speakers will
support RFC 1997 BGP Communities. We can also assume that the device
supports neighbor-specific routing policy options to (at the very least)
match, and subsequently deny or permit based on the RFC 1997 community.

Another interesting (perhaps underappreciated) angle is that there are
both open source and commercial ancillary configuration management
systems on the market, which will happily manage devices which were not
upgraded to support Feature X natively. When vendor B doesn't want to
implement native support for Feature X, perhaps the ancillary third
market will support Feature X on vendor B.

A number considerations apply for well-known BGP communities in context
of route leak prevention:

- on day 0, there will be no routes tagged with the well-known
  community, likewise on day 365, there will be a small number of routes
  tagged with the well-known community.

- throughout the lifetime of feature X, the tagged routs are likely
  to be outnumbered by the untagged routes, in all contexts.

- ideally feature X can be deployed incrementally within an AS, so it
  should _add_ an extra layer of protection, rather then replace or
  hotswap an existing protection function.

- RFC 1997 communities are transitive, so Feature X must at the very
  least not be significantly hindered by the transivity, and in an ideal
  case actually benefit from the transivity property. Enforcing
  non-transivity through a RFC 2119-style "When received on EBGP, MUST
  delete" is also acceptable. Operators can manually emulate the
  non-transivity, and wait for software upgrades to do it for them.

- the presence of a well-known community on one route, cannot, and
  should not be superimposed to other routes received through the same
  BGP session. In a more general sense, a well-known community on one
  route cannot act as a semaphore for the entire session. I am not aware
  of any implementations which allow to match/act on one route and
  perform congruent manipulation of properties on a different route.

- When the well-known community for Feature X is present (aka 'true'),
  we can assume feature X for the route was enabled intentionally,
  however, in the case where it is absent, we're dealing with either an
  'unknown' or 'false'. The deny/accept logic we expect to be present
  either through manual manipulation or through

We also might be able to assume that networks looking to implement
Feature X, will do so out of their own volition, sufficiently motivated
to do so correctly. (Even though they are implementing the feature
manually!) Likewise, there will be a significant number of networks
which will not hear about Feature X for the foreseeable future, and only
receive the feature through software upgrades. In other words: network
operators whom are ignorant of Feature X until they read Release notes,
could be considered harmless. Furthermore, networks which are well
intended, might be in a position to recitfy erroneous use of the
well-known community for feature X when received across EBGP sessions.

>From my own deployment perspective, when using a BGP Community,
(disclaimer: merely stating options!) I can start deploying _right_now_,
_network-wide_ (meanwhile waiting for software upgrades to slowly start
catching up and replace my manual implementation). More importantly, I
can deploy in a heterogeneous environment where the timelines for policy
deployment and software deployment are not aligned, or with parts of the
network not even expected to receive the required software upgrade for
native support.

We haven't seen a standards track well-known community in a while, but
I'd be supportive of a well-known community RFC which demands rigorous
discipline related to the transivity, semantics, and would provide
configuration examples for those who cannot (yet) use Feature X
natively, with an agreed upon upgrade path to native support for
feature X.

As long as the benefits of using Feature X are 'egocentric' (aka
"deploying this concept helps me, and I don't need others to cooperate
with me"), and misuse of Feature X through the well-known community is
either merely self-inflicted pain, or harmless, we'll be fine.

Since Feature X is positioned in context of routing security, something
we'd probably like to see broad adoption on, I'd argue that the lowest
common denominator should be used: well-known BGP communities.

Kind regards,

Job

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr


_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr