IETF Logo Mail Archive

Re: [Idr] New Version Notification for draft-spaghetti-idr-bgp-sendholdtimer-05.txt

Jeffrey Haas <jhaas@pfrc.org> Fri, 19 August 2022 20:10 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5799EC14F744 for <idr@ietfa.amsl.com>; Fri, 19 Aug 2022 13:10:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A2Niyh01l7-o for <idr@ietfa.amsl.com>; Fri, 19 Aug 2022 13:10:42 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 1F58CC14F6E5 for <idr@ietf.org>; Fri, 19 Aug 2022 13:10:41 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 5B0111E2FB; Fri, 19 Aug 2022 16:10:41 -0400 (EDT)
Date: Fri, 19 Aug 2022 16:10:41 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Enke Chen <enchen@paloaltonetworks.com>
Cc: tom petch <ietfc@btconnect.com>, Robert Raszuk <robert@raszuk.net>, John Heasley <heas@shrubbery.net>, "idr@ietf. org" <idr@ietf.org>
Message-ID: <20220819201040.GA27543@pfrc.org>
References: <CAOj+MMEdWr4mnp0Cr9QSQ+Msfb6jHwziu=ttPGhdXUrtgtZqBw@mail.gmail.com> <Yvp3eZ4iDccWNmIR@shrubbery.net> <CAOj+MMER5fTqyyXhFB0VkL51CHKC81=DNfGeqtHqPEcAgS0LBw@mail.gmail.com> <Yvq12HOd+1HPPa/t@shrubbery.net> <CAOj+MMFNVM7TrpGGrreWufkP97X0n0W11y2eOsnss+v5irE62g@mail.gmail.com> <AM7PR07MB6248651F07184633E93B1144A06A9@AM7PR07MB6248.eurprd07.prod.outlook.com> <83BA8ED7-3ABF-4079-AFC5-F9F60CEA9668@pfrc.org> <CANJ8pZ8Xv2PXTqmtv_pg5XCcAyN=5_UQa2ab9LeDkbiuFdXUqw@mail.gmail.com> <20220819162451.GA17925@pfrc.org> <CANJ8pZ_RgU-fSKemrBDw1r1-9VnLyTPOryrOKPV0WUpLhkucCw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CANJ8pZ_RgU-fSKemrBDw1r1-9VnLyTPOryrOKPV0WUpLhkucCw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/uIT4-sJngk0tXzoPwd0egJPo3fY>
Subject: Re: [Idr] New Version Notification for draft-spaghetti-idr-bgp-sendholdtimer-05.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2022 20:10:43 -0000

Enke,

On Fri, Aug 19, 2022 at 10:24:54AM -0700, Enke Chen wrote:
> Yes, there needs to be a default value, and it should be configurable.
> That's what we recommend in the draft.

You and Robert are both pointing out that I missed the "or otherwise thirty
minutes after the BGP session is established".  That was my error.

> > Portions of the BGP FSM set timer values depending on what point we are at
> > in the FSM's execution.  It's therefore reasonable to pick a very high value
> > and always start the timer upon session startup and then potentially reduce
> > the timer after we've achieved end-of-rib.  If end-of-rib isn't going to be
> > received, that lower timer threshold may be reasonable to set after some
> > drop-dead time; alternatively just stick with the very high value.
> >
> 
> For such a corner case, IMO we should keep the solution simple.
> It seems that the key is to make the timeout value large (and
> configurable) so we don't generate false positives.

With the "or otherwise" detail I missed, what we'd be looking at according
to your procedures is 30 minutes (no end of rib), set the user timeout, and
minimally 10 minutes or 5*holdtime if larger than 10.  So, stuck state
during initial sync could linger up to 40 minutes or longer.

Is that your intent?

> > Similarly applicable to both drafts, I'm wondering if there may be benefit
> > in signaling the peer what the sendholdtimer (or equivalent tcp-user timer)
> > values are.  It's effectively a warning, and a hint to the remote peer's
> > schedulers to make sure that some amount of data is drained in a timely
> > enough fashion.  The NOTIFICATION subcode we've started discussing for
> > signaling that the sender has torn things down is the other half of this
> > equation.
> 
> The signaling mechanism for TCP user-timeout is already specified in
> RFC5482. It's optional.

I was thinking specifically of a BGP option to provide for implementations
that don't want to regularly be watching for changing TCP values.  For
example, exchanged in a capability.

Reading deeper into RFC 5482, we see some additionally interesting things:

:   In the absence of an application-specified user timeout, the TCP
:   specification [RFC0793] defines a default user timeout of 5 minutes.

... with several refinements.

This section apparently is arguing that if we're implementing base
conformant TCP that we shouldn't be getting into this problem in the first
place at the TCP layer.

Section 4.2 discussing TCP Keep-alives notes that some stacks may have
different interactions between keepalives vs. user timeout.

Time to go read some TCP code...


> > With regard to the TCP specific feature, I still have personal unease with
> > what the timer implies.  The general desire articulated by many in these
> > threads is "the peer makes progress and doesn't stay blocked forever".
> > Certainly the TCP user timeout would accomplish that.  However, the timer is
> > versus "unacknowledged data".  What this means is not "we've made no
> > progress", rather "stuff was enqueued X seconds ago and unacknowledged".
> >
> 
> The TCP user-timer applies to "un-delivered data", including both
> "unacked data" and "buffered but untransmitted data".

Understood.  Again, my unease is that the timer says "something enqueued
wasn't delivered in X time".  Do we want that, or do we simply want "this
TCP session continues to make progress?"

I suspect that answer might depend on how long the timers are.

> > I think the above illustrates a key detail the Working Group will need
> > consensus on: Do we care if we're not making progress (perhaps at all), or
> > are we willing to put a timeliness requirement on the contents?
> >
> 
> BGP only knows when the local TCP write-buffer is full, and that is
> only one specific case. There are several other cases where the TCP
> write-buffer is not full, but can also result in stale routes:
> 
>     - BGP messages are not delivered for a long time, either due to
> zero-window or lost ack.

Indeed.  And the BGP implementation is generally ignorant of what has been
enqueued to TCP vs. delivered.  So, 10 minutes of nothing but keepalives may
not be the reason to shut down the session, but 10 minutes of updates not
being delivered may be important.  Or even sooner for undelievered route
refresh messages.

> It can take a long time for the TCP buffer to be filled up when
> routing is relatively stable.
> 
> That's why I believe a solution at the BGP level would be incomplete
> and perhaps even more complex. On the other hand, TCP user-timeout is
> specifically designed to handle these cases. It's more complete and
> simpler.

As long as you're fine with the one-bit signal of "user timeout has gone
down".  That's not necessarily a clear win for some of the people who've
responded to the thread.

Perhaps zero surprise, experience in BFD has provided similar "sometimes one
bit of signaling isn't enough".  Thus, the WG needs further discussion.

-- Jeff

v2.23.0 | Report a Bug | By Email