Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)

<bruno.decraene@orange.com> Mon, 16 November 2015 16:24 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A11021A21A7 for <idr@ietfa.amsl.com>; Mon, 16 Nov 2015 08:24:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.483
X-Spam-Level:
X-Spam-Status: No, score=-2.483 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQXoe3QH6r1Y for <idr@ietfa.amsl.com>; Mon, 16 Nov 2015 08:24:44 -0800 (PST)
Received: from relais-inet.orange.com (relais-nor34.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D90E1A00F0 for <idr@ietf.org>; Mon, 16 Nov 2015 08:24:38 -0800 (PST)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr20.francetelecom.fr (ESMTP service) with ESMTP id B7BC340088; Mon, 16 Nov 2015 17:24:36 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.27]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 7CC311A0054; Mon, 16 Nov 2015 17:24:36 +0100 (CET)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM7C.corporate.adroot.infra.ftgroup ([fe80::8007:17b:c3b4:d68b%19]) with mapi id 14.03.0248.002; Mon, 16 Nov 2015 17:24:36 +0100
From: <bruno.decraene@orange.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Thread-Topic: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
Thread-Index: AQHQfOJEbzqBqbwli0WLinaFdrSzRp5/NkAAgCBzp+A=
Date: Mon, 16 Nov 2015 16:24:36 +0000
Message-ID: <30646_1447691076_564A0344_30646_2291_1_53C29892C857584299CBF5D05346208A0F6BC240@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <015e01d07ba1$0042bff0$00c83fd0$@ndzh.com> <25797_1429696420_55376FA4_25797_3139_1_53C29892C857584299CBF5D05346208A0EBAA545@PEXCVZYM11.corporate.adroot.infra.ftgroup> <D24E929A.E0D85%aretana@cisco.com>
In-Reply-To: <D24E929A.E0D85%aretana@cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A0F6BC240OPEXCLILM21corp_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/syIL8VU7Zc6Icb5FWQHfvyeTrAQ>
Cc: "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2015 16:24:52 -0000

Hi Alvaro,

Thanks for considering my comments.
Looks good to me, except one point regarding the security consideration. Then I also have some further comments.

--
>>§6.  Security Considerations

[...]
>> a) by default, this mechanism is activated.
>> b) non compliant implementation will accept and pass transitive Opaque community (0x03)

>> a+ b): anyone in the Internet can influence the routing in my AS; which is not acceptable.

> Yes, you're right.  We added considerations to turn it off by default.

I've only seen "MUST not propagate by default" which is not something this document can enforce on non-compliant ASBR. Hence some non compliant ASBR will accept this Cost  Community from unstrusted source/AS and propagate it within the AS.
IMO, we need that by defaut, the cost community MUST NOT affect the BGP decision process.


"Furthermore, all

   transitive Cost Communities received across an Autonomous System

   boundary without explicit configuration MUST be stripped off the BGP

   update, and ignored during the Decision Process."


Transitive and non-transitive (MUST be stripped off) (As RFC 4360 does not specify to remove non-transitive community received over eBGP.)
---

OLD: If the high-order bit is set, the Cost in the Cost Community
         may replace the value of a path attribute at a specific step in
         the Decision Process, but not the attribute itself.
NEW: If the high-order bit is set, the Cost in the Cost Community
         replace the value of a path attribute at a specific step in
         the Decision Process, but not the attribute itself.

---

"   Multiple Cost Communities may indicate the same POI.  All the Cost

   Communities for a specific POI MUST be considered starting with the

   one(s) with the lowest Community-ID. "

By "lowest Community-ID" it's not clear to me whether the high order bit (indicating _after_ or _instead_ the related BGP attribute) is taken into account or not (i.e. should be masked before the comparison).
IMHO I would favor not taking this bit into account as, a priori, I don't see a reason to give preference to POI _after_.  In which case, as a related comment, IMHO the first figure of section 3, should indicate this high order bit as a separate field.
Regardless of your choice, IMO the expected behavior should be explicitly stated.


"All the Cost Communities for a specific POI MUST be considered"

I'm not sure I would consider comparable "POI X & High-Order bit 1" with "POI X & High-Order bit 0". To me, looks like nearly equally different than POI X and POI X+1.


--

"   Routes that do not contain the Cost Community (for a valid,

   particular POI),or a Community-ID present in a route from another

   peer, MUST be considered to have the default Cost"

"(for a valid, particular POI" + and high-order bit of the community-ID.

Thanks,
Regards,
Bruno


From: Alvaro Retana (aretana) [mailto:aretana@cisco.com]
Sent: Monday, October 26, 2015 5:59 PM
To: DECRAENE Bruno IMT/OLN
Cc: idr@ietf.org; Susan Hares
Subject: Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)

On 4/22/15, 3:53 AM, "Idr on behalf of bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>" <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org> on behalf of bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>> wrote:

Bruno:

Hi!  Sorry for the long delay..

Since we missed the ID deadline, I'm attaching what will be version -07 and the diffs..along with specific answers to your comments below.

Thanks!!

Alvaro.


Hi all,

Please find below some comments on the document:

§ Abstract
*) "It is cumbersome (if at all possible) for the end user to define policies that will select, after partial comparison, a path based on subjective local (domain and/or node) criteria."
IMHO the sentence may be reworded. e.g. using a more factual/neutral orientation. (Alternatively, the document would need to elaborate on how much "cumbersome"/"impossible" is saved by using this new tool. (definitely not all IMO)).

Yes.

OLD
   The BGP specification defines a Decision Process for installation of
   routes into the Loc-RIB.  This process takes into account an
   extensive series of path attributes, which can be manipulated to
   indicate preference for specific paths.  It is cumbersome (if at all
   possible) for the end user to define policies that will select, after
   partial comparison, a path based on subjective local (domain and/or
   node) criteria.

NEW
   The BGP specification describes a Decision Process for selecting the
   best route.  This process uses a series of steps, made up of path
   attributes and other values, to first determine the Degree of
   Preference of a route and later as tie breakers.  While existing
   mechanisms may achieve some of the same results described in this
   document, they can only do so through extensive configuration such as
   matching communities to explicit policy and/or route preference
   configurations present on each BGP speaker within their
   administrative domain (autonomous system).  Implementing some
   specific fine grained policies through such mechanisms is cumbersome,
   if even possible.





§3.  The BGP Cost Community
*) "The Point of Insertion sub-field contains the value of the path attribute *after* which this community MUST be considered during the best path selection process."
- My reading of "value of the path attribute" is http://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml#bgp-parameters-2  Is this correct? Probably not as the IANA section of this draft propose a new/different registry for POI.

We put in a new sentence to clarify:

         This document creates a new Cost Community Point of Insertion
         Registry (Section 7.1) that includes the relevant path
         attributes and these other values.


 *) "The high-order bit is reserved to indicate that the Cost Community MUST replace the path attribute specified by the Point of Insertion during the best path selection process."
"reserved" does not seem to be the best word given that the bit is not reserved (for future use) but specified in this document.

s/is reserved to indicate/indicates


 *) "Multiple Cost Communities may indicate the same Point of Insertion.  In this case, the Cost Community with the lowest Community-ID is considered first."
Multiple cost communities may be received with the same Point of Insertion and the same Community-ID. Please specific which one is to be taken or the error handling.

The same Community-ID is OK as long as it comes from different peers - in the end the winner should be the one with the lowest cost.

OLD>
   Multiple Cost Communities may indicate the same Point of Insertion.
   In this case, the Cost Community with the lowest Community-ID is
   considered first.  In other words, all the Cost Communities for a
   specific Point of Insertion MUST be considered, starting with the one
   with the lowest Community-ID.


NEW>
   Multiple Cost Communities may indicate the same POI.  All the Cost
   Communities for a specific POI MUST be considered starting with the
   one(s) with the lowest Community-ID.  If multiple Cost Communities,
   for the same POI, with the same Community-ID are received for the
   same route from the same peer, then all except the one with the
   lowest Cost MUST be silently ignored.


§ 5.  Deployment Considerations
*) "It is important that a  consistent path selection process be maintained across the local  Autonomous System to avoid potential routing loops."
How much important?
Given the (below) use of a few SHOULD (vs MUST) there is no real assurance that no routing loops will form:
- "If a BGP speaker receives a path that contains the Cost Community, it SHOULD consider its value at the Point of Insertion specified, when  calculating the best path"
- "if the Cost Community is used, all the nodes in the AS that may have to consider this new community at any Point of Insertion SHOULD be  aware of the mechanisms described in this document."

IMO, either :s/SHOULD/MUST in the 2 above sentence, or the document must discuss the conditions which are safe and the ones which are not.

*) "be  aware of the mechanisms described in this document" is not enough. It also needs to support the specific POI used.

Obviously avoiding loops is very important. ;-)

We also added some additional text.

NEW
   The mechanisms described in this document may be used to modify the
   Decision Process arbitrarily.  It is important that a consistent
   Decision Process be maintained across the local Autonomous System to
   avoid potential routing loops.  In other words, all the nodes in the
   AS that may have to consider the Cost Community at any POI MUST
   support the mechanisms described in this document.

   Any mechanism which allows the modification of the Decision Process
   is capable of forming persistent routing loops in the control plane.
   Network administrators deploying the Cost Community MUST ensure that
   each impacted router in the network supports them, including the POIs
   deployed within their network.  This is similar in scope to a network
   administrator who uses communities [RFC1997] combined with filters or
   other policies to modify the Decision Process of BGP speakers.
   Consistency must be enforced at an administrative level.


§6.  Security Considerations

*) "This document introduces no new security concerns to BGP or other specifications referenced in this document."
Really?? That sentence would rather make me feel that this document is not ready for RFC publication.
IMO a real consideration of the security aspects should be done.

e.g. (for free):
a) by default, this mechanism is activated.
b) non compliant implementation will accept and pass transitive Opaque community (0x03)


a)      + b): anyone in the Internet can influence the routing in my AS; which is not acceptable.

Yes, you're right.  We added considerations to turn it off by default.


§ 7.  IANA Considerations
"Some of the values in this new registry match the values assigned in the BGP Path Attributes registry [BGP_PAR].  It is RECOMMENDED that an effort be made to assign the same values in both tables when applicable."
If this is the goal
- both allocation policies should probably be the same.
- IMHO the draft should comment on the POI value already assigned to BGP attribute. Should they be considered "reserved" of free to use as "non applicable"?
- it could be discussed that POI 129 "IGP_COST" may best match BG Attribute 3 NEXT_HOP

We decided to completely decouple the two registries.


 § Appendix A.  Cost Community Point of Insertion Registry
*) It looks like this whole section should be in the IANA section, rather than an appendix.

Yes, we moved it.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorization.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified.
Thank you.