Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

<bruno.decraene@orange.com> Fri, 21 April 2017 09:18 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9863E129B17 for <idr@ietfa.amsl.com>; Fri, 21 Apr 2017 02:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.608
X-Spam-Level:
X-Spam-Status: No, score=-2.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, T_SPF_PERMERROR=0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohLI7mKpDDua for <idr@ietfa.amsl.com>; Fri, 21 Apr 2017 02:18:27 -0700 (PDT)
Received: from relais-inet.orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCBBD129426 for <idr@ietf.org>; Fri, 21 Apr 2017 02:18:26 -0700 (PDT)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr20.francetelecom.fr (ESMTP service) with ESMTP id 2B17B40126; Fri, 21 Apr 2017 11:18:25 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.32]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id F041E1A0064; Fri, 21 Apr 2017 11:18:24 +0200 (CEST)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM32.corporate.adroot.infra.ftgroup ([fe80::8924:188:2124:a046%19]) with mapi id 14.03.0319.002; Fri, 21 Apr 2017 11:18:24 +0200
From: <bruno.decraene@orange.com>
To: Job Snijders <job@instituut.net>
CC: John Scudder <jgs@juniper.net>, "idr@ietf.org" <idr@ietf.org>, Hares Susan <shares@ndzh.com>
Thread-Topic: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
Thread-Index: AQHSunvKFx6qnNOc8UaJCUOYEKex/KHPhBrQ
Date: Fri, 21 Apr 2017 09:18:24 +0000
Message-ID: <23291_1492766305_58F9CE61_23291_9725_1_53C29892C857584299CBF5D05346208A31CC399E@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <abe393d3-d1e4-7841-4620-38dab751765b@cisco.com> <68B29403-9AD9-4F06-9FE4-3F077E793D9F@puck.nether.net> <275cf744-1f64-bcbc-dabe-a47479921230@cisco.com> <20170420154142.lacvtplusepy3qcf@hanna.meerval.net> <b57162ec-f806-6e86-7713-58608f72c468@cisco.com> <32C0B4EE-6241-49F9-97F2-7107AC68678D@juniper.net> <e513849d-f895-0499-7bf4-5ecb24cadab7@cisco.com> <4CE4AF1E-0C80-423E-B19D-5750FCAFAD89@juniper.net> <23283_1492759950_58F9B58E_23283_375_1_53C29892C857584299CBF5D05346208A31CC352B@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20170421084638.l6pbvtznfsxnq2wy@Vurt.local>
In-Reply-To: <20170421084638.l6pbvtznfsxnq2wy@Vurt.local>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/tMYEAFbp36S7G5hcww7CX_pJ2qQ>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 09:18:29 -0000

> From: Job Snijders [mailto:job@instituut.net]  > Sent: Friday, April 21, 2017 10:47 AM
> 
 > On Fri, Apr 21, 2017 at 07:32:29AM +0000, bruno.decraene@orange.com wrote:
 > > > From: John Scudder  Sent: Thursday, April 20, 2017 11:13 PM
 > > >
 > >  > (as an individual contributor)
 > >  >
 > >  > On Apr 20, 2017, at 5:03 PM, Enke Chen <enkechen@cisco.com>; wrote:
 > >  > > It's not like the issues with software update are new :-)
 > >  >
 > >  > Yes, exactly. That's why I'm so surprised by this discussion.
 > >  >
 > >  > What I still see here is
 > >  >
 > >  > - on one hand, a worked example showing how an implementor could
 > >  > roll out the functionality without causing heartburn for users. (My
 > >  > paraphrase: expose the default in the configuration. When upgrading
 > >  > old->new, automatically create the corresponding configuration
 > >  > line(s) to configure for legacy behavior.)
 > >  >
 > >  > - on the other hand, general statements about how this is a hard problem.
 > >  >
 > >  > I find the specific worked example more convincing.
 > >
 > > Good point. Thanks for the useful contribution to the debate.
 > >
 > > a) Regarding this specific point, could the draft refer to this point.
 > > e.g. add this requirement (if this is a requirement draft, which it
 > > looks like it when reading the first sentence of section 2) or add the
 > > solution (space) (if the draft define a solution).
 > > e.g. "When the BGP speaker is upgraded to those new default behavior,
 > > existing BGP sessions, configured using the old default, must be
 > > unaffected". Or whatever text.
 > 
 > You are adding complexity and increasing inconsistency rather then
 > reducing it.

:s/adding/dealing with the

I guess that this means a "No" to my request.

 > > That is indeed the most significant deployment impact, so it's good
 > > that it can be addressed/included, rather than silently ignored.
 > >
 > > b) Still, this draft introduce new deployment impact to all network
 > > operators using EBGP, including the ones not concerned with this
 > > problem space, as provisioning tools need to be updated prior to this
 > > deployment, otherwise provisioning would fails. Plus silently fails as
 > > the session is kept up, silently ignoring the route with no feedback
 > > to the EBGP peer). Plus for each plateform, they need to selectively
 > > handle both configurations depending on the software version of this
 > > plateform.
 > 
 > So, going forward, any IDR proposal that requires a change to any
 > provision system is a no-go?
 
It's not about a no-go. It's about understanding and considering the tradeoffs.

 
 > For the record: NTT has many conditional clauses in their configuration
 > generation system to deal with configuration differences between
 > different versions of the software on the same platforms. This is
 > common. I do not believe you or anyone else operate your networks
 > without the accepting that different versions may have for example
 > different syntax.

I'm not saying that this is not possible. I'm saying that there is an impact, with associated cost and delay.
If possible, I'd prefer a solution which preserve the benefits while reducing the impacts. This requires that we all agree on the problems that we want to solve and the consequences of a proposed solution.

At the very minimum, 
"  o  A BGP speaker MAY provide a configuration option to disable the preceding behaviors, but it MUST implement them by default."
:s/MAY/MUST

But IMHO, we could discuss the "MUST implement them by default". As basically, the document is saying that the people facing the issue with their CLI, cannot even be asked to enable a one line knob in their configuration, while the document cannot even acknowledge and take into account the cost added on all other EBGP users.

Kind regards,
--Bruno
 
 > I've already stated how the failure scenario can only occur after a
 > missteps in the process, and that outages are likely to be remedied
 > swiftly and permanently. I've also contributed a case where bgp-reject
 > actually reduces the duration of outages that would otherwise be
 > caused and prolonged if an insecure mode of operation is used.
 > 
 > Kind regards,
 > 
 > Job

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.