IETF Logo Mail Archive

Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW

Zhuangshunwan <zhuangshunwan@huawei.com> Tue, 10 August 2021 02:01 UTC

Return-Path: <zhuangshunwan@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 648923A223F; Mon, 9 Aug 2021 19:01:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGSdBmmXjL2c; Mon, 9 Aug 2021 19:00:57 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ABF63A21C0; Mon, 9 Aug 2021 19:00:55 -0700 (PDT)
Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4GkGPG520Gz6D8pL; Tue, 10 Aug 2021 10:00:18 +0800 (CST)
Received: from kwepeml100005.china.huawei.com (7.221.188.221) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Tue, 10 Aug 2021 04:00:46 +0200
Received: from kwepeml500004.china.huawei.com (7.221.188.141) by kwepeml100005.china.huawei.com (7.221.188.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Tue, 10 Aug 2021 10:00:44 +0800
Received: from kwepeml500004.china.huawei.com ([7.221.188.141]) by kwepeml500004.china.huawei.com ([7.221.188.141]) with mapi id 15.01.2176.012; Tue, 10 Aug 2021 10:00:44 +0800
From: Zhuangshunwan <zhuangshunwan@huawei.com>
To: Zhuangshunwan <zhuangshunwan@huawei.com>, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
CC: IDR <idr@ietf.org>, GROW WG <grow@ietf.org>
Thread-Topic: some questions from {RC, LC, EC} analysis presentation in GROW
Thread-Index: AQHXiHXG0T0iPqYYLk6NCjnOwJ+5gatinG8AgADwG9OAB9cbw4AAmMdAgAAJGXA=
Date: Tue, 10 Aug 2021 02:00:44 +0000
Message-ID: <050d15a552964948a04bb21b0c912080@huawei.com>
References: <SA1PR09MB8142ADE02512DB13887086AC84F09@SA1PR09MB8142.namprd09.prod.outlook.com>, <76c169816a174f4c8907af0e8b64b932@huawei.com>, <SA1PR09MB8142D8366448EDD90909FDEC84F19@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB8142699ECB6700439DC4D32A84F69@SA1PR09MB8142.namprd09.prod.outlook.com> <a618abaf2b1f41419aabd03c8b16aa20@huawei.com>
In-Reply-To: <a618abaf2b1f41419aabd03c8b16aa20@huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.152.178]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/plGFxM9nRAQjhTfCowhrukAH13g>
Subject: Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 02:01:11 -0000

Sorry, there is a typo, 263:666 should be 2603:666.

-----Original Message-----
From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Zhuangshunwan
Sent: Tuesday, August 10, 2021 9:57 AM
To: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>
Cc: IDR <idr@ietf.org>; GROW WG <grow@ietf.org>
Subject: Re: [Idr] some questions from {RC, LC, EC} analysis presentation in GROW

Hi Sriram,

Thanks for your great job! Your work has given me a very in-depth understanding of the propagation behavior of BGP community attributes on the Internet.
Regarding " Total # Unique {Prefix, RC = 3356:9999} ; 28", why is the number only 28? It may be that the mask of black hole routes is usually greater than 24 (for IPv4 prefixes), preventing such routes from spreading widely on the Internet?
If the answer to the above question is "yes", then if other communities "ASN:666" are widespread in the wild, then such "ASN:666" may not be a black hole community attribute too? As far as I know, the other two examples are 263:666 and 5511:666.

Regards,
Shunwan

-----Original Message-----
From: Sriram, Kotikalapudi (Fed) [mailto:kotikalapudi.sriram@nist.gov] 
Sent: Tuesday, August 10, 2021 1:07 AM
To: Zhuangshunwan <zhuangshunwan@huawei.com>
Cc: Jeffrey Haas <jhaas@pfrc.org>; GROW WG <grow@ietf.org>; IDR <idr@ietf.org>
Subject: Re: some questions from {RC, LC, EC} analysis presentation in GROW

I have heard back from Lumen/Level3 and they have confirmed the following: 

remarks:        prefix type communities
remarks:        --------------------------------------------------------
remarks:        3356:123 - Customer route
remarks:        3356:666 - Peer route

They also stated, “The 123 and 666 communities are announced to our customers intentionally.”

I think the above info is good from the point of view of our measurements. We no longer treat 3356:666 as a Blackhole community. So, we separate them from other ASN:666. We look at the propagation of 3356:666 and 3356:123. Both are meant to start at AS 3356 and are expected to propagate down the customer cone (according to the info from Lumen/Level3 above). We do observe very substantial numbers of 3356:666 and 3356:123:

RIB data (RouteViews3, 2021-07-15.0000):
Total # Unique {Prefix, RC = 3356:666} ; 509900 Total # Unique {Prefix, RC = 3356:123} ; 399567 Total # Unique {Prefix, RC = 3356:9999} ; 28

This is somewhat along the lines of what Jeff was also requesting: measure the propagation against known applications. So, there are about 510K Unique {Prefix, RC = 3356:666} and 400K Unique {Prefix, RC = 3356:123}. They are observed propagating multiple hops starting from AS 3356 (we’ll update the slides with this distribution). Hopefully, much of this propagation is down the customer cone as expected. We don't know if some of them are route leaks, but we can try to check that as part of further investigation.

Any further thoughts/comments?

Sriram   
------------------------------------------

________________________________________
From: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>
Sent: Wednesday, August 4, 2021 12:58 PM
To: Zhuangshunwan; Sriram, Kotikalapudi (Fed); GROW WG
Cc: IDR
Subject: Re: some questions from {RC, LC, EC} analysis presentation in GROW

Hi Shunwan,

Yes, that is a curious thing ... it seems peculiar and specific to AS 3356.
I have started a discussion on NANOG about 3356:666, 3356:9999, etc.
Please take a look:
https://mailman.nanog.org/pipermail/nanog/2021-August/thread.html#214447 

Only AS 3356 may be an outlier. Most other AS operators use ASN:666 or WKC 65535:666 for Blackhole Community:
https://www.google.com/search?q=BGP+community+%3A666&rlz=1C1GCEV_enUS847US847&oq=BGP+community+%3A666&aqs=chrome..69i57j69i64.9798j1j15&sourceid=chrome&ie=UTF-8&safe=active&ssui=on 

Also, we'll check -- on slide 12 of my GROW presentation -- out of the roughly 265K count of unique {Prefix, AS Path, RC = Any:666}, how many are with 3356:666. I will let you know.

Sriram

________________________________________
From: GROW <grow-bounces@ietf.org> on behalf of Zhuangshunwan <zhuangshunwan@huawei.com>
Sent: Tuesday, August 3, 2021 10:37 PM
To: Sriram, Kotikalapudi (Fed); GROW WG
Cc: IDR
Subject: Re: [GROW] some questions from {RC, LC, EC} analysis presentation in GROW

Hi Sriram,

The community attribute example 3356:666 on page 10 may not match the actual function.
"
Example: AS path = 25160 3356 12956 6147 and RC = 3356:666  This means that the client is at AS 6147 (origin AS) and AS 3356 is the RTBH provider  AS Distance to RTBH provider = 2  Propagation (#hops): The Blackhole Community propagated 3 hops in this case (AS 6147 to AS 25160) "

According to https://onestep.net/communities/as3356/
...
--------------------------------------------------------
prefix type communities
--------------------------------------------------------
3356:123 - Customer route
3356:666 - Peer route
--------------------------------------------------------
...
--------------------------------------------------------
customer traffic engineering communities - Blackhole
--------------------------------------------------------
3356:9999 - blackhole (discard) traffic

Traffic destined for any prefixes tagged with this community will be discarded at ingress to the Level 3 network. The prefix must be one permitted by the customer's existing ingress BGP filter.
For some router vendors the peering
must be changed to an eBGP multihop session on the Level
3 side of the connection.
...

Regards,
Shunwan

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email