Re: [Idr] Warren Kumari's Discuss on draft-ietf-idr-bgp-gr-notification-15: (with DISCUSS)
"UTTARO, JAMES" <ju1738@att.com> Tue, 22 May 2018 22:03 UTC
Return-Path: <ju1738@att.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37AB012783A; Tue, 22 May 2018 15:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.61
X-Spam-Level:
X-Spam-Status: No, score=-0.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SB7qMuwX61K4; Tue, 22 May 2018 15:02:57 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7148612778D; Tue, 22 May 2018 15:02:57 -0700 (PDT)
Received: from pps.filterd (m0049287.ppops.net [127.0.0.1]) by m0049287.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id w4MLvBR7015628; Tue, 22 May 2018 18:02:57 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049287.ppops.net-00191d01. with ESMTP id 2j4tv28yad-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 22 May 2018 18:02:56 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w4MM2tEE024937; Tue, 22 May 2018 18:02:55 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [135.66.87.50]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w4MM2qhX024927; Tue, 22 May 2018 18:02:53 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [127.0.0.1]) by zlp27128.vci.att.com (Service) with ESMTP id D675940006B6; Tue, 22 May 2018 22:02:52 +0000 (GMT)
Received: from MISOUT7MSGHUBAC.ITServices.sbc.com (unknown [130.9.129.147]) by zlp27128.vci.att.com (Service) with ESMTPS id BDC5C40006A1; Tue, 22 May 2018 22:02:52 +0000 (GMT)
Received: from MISOUT7MSGUSRCD.ITServices.sbc.com ([169.254.4.144]) by MISOUT7MSGHUBAC.ITServices.sbc.com ([130.9.129.147]) with mapi id 14.03.0389.001; Tue, 22 May 2018 18:02:52 -0400
From: "UTTARO, JAMES" <ju1738@att.com>
To: Robert Raszuk <robert@raszuk.net>, Warren Kumari <warren@kumari.net>
CC: idr wg <idr@ietf.org>, "draft-ietf-idr-bgp-gr-notification@ietf.org" <draft-ietf-idr-bgp-gr-notification@ietf.org>, The IESG <iesg@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>
Thread-Topic: [Idr] Warren Kumari's Discuss on draft-ietf-idr-bgp-gr-notification-15: (with DISCUSS)
Thread-Index: AQHT8f4s0Y8VvO7ax0yXKF1YvOjqZKQ8YgUA///eG5A=
Date: Tue, 22 May 2018 22:02:51 +0000
Message-ID: <B17A6910EEDD1F45980687268941550F3674DB87@MISOUT7MSGUSRCD.ITServices.sbc.com>
References: <152701518391.31181.3562126455441179002.idtracker@ietfa.amsl.com> <CA+b+ERkBEWQwR-CiKvMYcSZhWsm82ukFtENRS8ek6oRnVoXy7A@mail.gmail.com>
In-Reply-To: <CA+b+ERkBEWQwR-CiKvMYcSZhWsm82ukFtENRS8ek6oRnVoXy7A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.234.105]
Content-Type: multipart/alternative; boundary="_000_B17A6910EEDD1F45980687268941550F3674DB87MISOUT7MSGUSRCD_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-22_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805220221
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/q3dcM5MFuhjNkX2k6g1B8rBaHhA>
Subject: Re: [Idr] Warren Kumari's Discuss on draft-ietf-idr-bgp-gr-notification-15: (with DISCUSS)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 May 2018 22:03:01 -0000
There were a number of scenarios where the control plane could be compromised. It is important to be aware that the intention here was for services that were configuration i.e VPLS/BGP ( Kompella ), FlowSpec and “staler” services i.e L3VPN where an operator would prefer a degree of incorrectness as opposed to a total outage..
I am speaking from a perspective of AT&T’s network.
a) RR Plane Failure – AT&T runs a large L3VPN network, the amount of state easily reaches into the tens of millions. To accommodate this state I employed an architecture/design that disseminates the state across multiple planes of RRs with a given VPN’s routes spread across the planes. Assuming each plane accommodates ~1M routes the risk to a significant outage where an entire plane is compromised would be the percentage of that VPNs routes on that given plane. The planes are made of gear from multiple vendors but we have seen an ill formed message from a bad actor take out an entire plane.
b) Isolation – Geography in different parts of the world may cause a part of the network to be disconnected from the control plane. I have seen this in Africa, Asia and the states. As an ex… If my RR pair is in Atlanta and provides control plane for Florida a loss of the Atl RRs will cause an intra-FLA failure.. So a BGP/VPWS circuit between Miami and Tampa would be compromised by the loss of the Atl RRs. One may suggest that the answer is simple and one can simple increase the densification of RRs. Of course it would be RR pair * Planes for a given service. This is a poor tradeoff that will be incremental in nature
At the end of the day BGP is used for far more than originally envisioned with many “configuration” applications ( FlowSpec, BGP/VPLS ), reporting applications ( BGP-LS …. ).. BGP Persistence provides a simple method to maintain forwarding and leaves it to the discretion of the operator in terms of stale time, services etc….
Thanks,
Jim Uttaro
From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Robert Raszuk
Sent: Tuesday, May 22, 2018 3:17 PM
To: Warren Kumari <warren@kumari.net>
Cc: idr wg <idr@ietf.org>; draft-ietf-idr-bgp-gr-notification@ietf.org; The IESG <iesg@ietf.org>; idr-chairs@ietf.org
Subject: Re: [Idr] Warren Kumari's Discuss on draft-ietf-idr-bgp-gr-notification-15: (with DISCUSS)
Hi Warren,
To understand this proposal a little lecture of document which was proposed before this one and which in fact triggered this extension can be helpful:
https://tools.ietf.org/html/draft-uttaro-idr-bgp-persistence-03<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Duttaro-2Didr-2Dbgp-2Dpersistence-2D03&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=955eCkzPnHmGvjeK4BONsl3__kIMKUbrTFi3nkBzyjM&s=Mfi0hMnnFb0vEnycEIXjQgmkfYxT-y3LnpZJ3cFmKzk&e=>
Effectively here authors propose to allow BGP speaker to run in a headless mode indefinitely. The root of the idea was born when pure control plane single vendor RRs go down for hours and otherwise healthy PEs running in healthy network stop serving 1000s of VPN customers.
I think at this stage I will refrain from stating an opinion on it. All I can say is that operators today can use so many other dangerous knobs in various address families of BGP that adding this configuration flexibility to GR stale timer option here will rather not make it much worse :)
Kind regards,
Robert.
On Tue, May 22, 2018 at 8:53 PM, Warren Kumari <warren@kumari.net<mailto:warren@kumari.net>> wrote:
Warren Kumari has entered the following ballot position for
draft-ietf-idr-bgp-gr-notification-15: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_iesg_statement_discuss-2Dcriteria.html&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=955eCkzPnHmGvjeK4BONsl3__kIMKUbrTFi3nkBzyjM&s=3Tbh94yAZspqlfRQHR4YPGTsgU-hJEpeMUuPOkEaZPQ&e=>
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-gr-notification/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Didr-2Dbgp-2Dgr-2Dnotification_&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=955eCkzPnHmGvjeK4BONsl3__kIMKUbrTFi3nkBzyjM&s=kYoC7D2UM0o-LWBCEFUaHYVXhS82I2AZeROv52MtJec&e=>
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
I'm sure that this has already been discussed somewhere, and that I'll be able
to quickly clear my DISCUSS once pointed at it, but: "To put an upper bound on
the amount of time a router retains the stale routes, an implementation MUST
support a (configurable) timer, called the "stale timer", that imposes this
upper bound. A suggested default value for the stale timer is 180 seconds. An
implementation MAY provide the option to disable the timer (i.e., to provide an
infinite retention time) but MUST NOT do so by default."
The "infinite retention time" part of this makes me deeply uncomfortable -- I
can see a good reason for the stale timer, and the default "feels" fine to me,
but having an infinite retention time (or, really anything over 10 to 15
minutes) feels like a really dangerous idea, and that it will come back and
bite.
I'm hoping that I'm missing something obvious, but can you please explain under
what conditions an infinite retention policy makes sense? It seems like there
would be multiple opportunities for blackholing traffic with this.
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=955eCkzPnHmGvjeK4BONsl3__kIMKUbrTFi3nkBzyjM&s=ieg4cO4Kawle23szINir4SwrtTBmGKMSsylYY6gy9qk&e=>
- [Idr] Warren Kumari's Discuss on draft-ietf-idr-b… Warren Kumari
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Robert Raszuk
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Jeffrey Haas
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Robert Raszuk
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Jeffrey Haas
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… heasley
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Warren Kumari
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… UTTARO, JAMES
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… UTTARO, JAMES
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… bruno.decraene
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Warren Kumari
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… bruno.decraene
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Susan Hares
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… bruno.decraene
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Alvaro Retana
- Re: [Idr] Warren Kumari's Discuss on draft-ietf-i… Susan Hares