Re: [Idr] Vendor Defaults (was Re: Review of draft-ietf-large-community-06.txt)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Mon, 07 November 2016 00:04 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BDFB1296B4 for <idr@ietfa.amsl.com>; Sun, 6 Nov 2016 16:04:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.017
X-Spam-Level:
X-Spam-Status: No, score=-16.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VtPFMOBdwReM for <idr@ietfa.amsl.com>; Sun, 6 Nov 2016 16:04:20 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F05811296B3 for <idr@ietf.org>; Sun, 6 Nov 2016 16:04:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7086; q=dns/txt; s=iport; t=1478477059; x=1479686659; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=GWPeDve+XAsUvzZHvMxi0laH6NzTDhbKZNyC8PeD2H8=; b=gQtCXbK3Izj/ffFyO4mTyk15somDaayYH0koPd3GoOT3uCsT5nZ8aaTc q9FBxa2Q7qfIiZkZ1kYG8aI3csOV3SLMg8jDT71e3j6AYVcg99NW3vsg2 +toZ5PbeYu/lXeAgwxxKeJfq0J8FSlirbkdGq+u12f2s316q+c1YNSt+X o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B1AQCixB9Y/5NdJa1dGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgnM7AQEBAQEfWHyEK4kNpjiFGoIIHgEKhXsCggk/FAECAQEBAQEBAWI?= =?us-ascii?q?ohGIBAQQBAQFrCxACAQg/BycLFBECBA4FFIhEDrJ0izsBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEXBYY+gX2CWId4gi8FlEeFYAGGNIoPkBCNKoQFAR43ehuCW4I0cod?= =?us-ascii?q?9AQEB?=
X-IronPort-AV: E=Sophos;i="5.31,603,1473120000"; d="scan'208,217";a="168088919"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Nov 2016 00:04:12 +0000
Received: from XCH-RCD-014.cisco.com (xch-rcd-014.cisco.com [173.37.102.24]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id uA704CPn021313 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Nov 2016 00:04:12 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-RCD-014.cisco.com (173.37.102.24) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sun, 6 Nov 2016 18:04:12 -0600
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1210.000; Sun, 6 Nov 2016 18:04:11 -0600
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Robert Raszuk <robert@raszuk.net>
Thread-Topic: [Idr] Vendor Defaults (was Re: Review of draft-ietf-large-community-06.txt)
Thread-Index: AQHSN546iba0WaPSYk6woE67Sz8aq6DLBUg9gAHyDwD//6OKGoAAZhSA//+kvhQ=
Date: Mon, 7 Nov 2016 00:04:11 +0000
Message-ID: <C2C26B2F-75A0-49FB-B947-4B957611A23E@cisco.com>
References: <CAH1iCiq6jNtnkta0Bt952EQ9zOKSGt=_cCySsT5XuOKuHYO2nQ@mail.gmail.com> <86860386-9C2B-4BD5-B457-2A6DA5446CF3@cisco.com> <17E646EF-4633-423B-9AC4-B53D49C90632@gmail.com> <6CAFC026-6102-42BF-97FA-779457D84ECE@cisco.com>, <CA+b+ERm5VVz520OhgXYTFOt9_M6_=MHLE9M-=1T+wnfw7RY83Q@mail.gmail.com>
In-Reply-To: <CA+b+ERm5VVz520OhgXYTFOt9_M6_=MHLE9M-=1T+wnfw7RY83Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_C2C26B2F75A049FBB9474B957611A23Eciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/uK1jnXQ9rmQWymakE0lgSLebiKQ>
Cc: "idr@ietf.org" <idr@ietf.org>
Subject: Re: [Idr] Vendor Defaults (was Re: Review of draft-ietf-large-community-06.txt)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 00:04:21 -0000

An example of unintended routing:
Both AS2914 and AS49544 use the private ASN 65501 to prepend one time.
If a route using 65501 in the community traverses both these ASes, then each AS will prepend, resulting in (likely unintended) double prepending.
https://onestep.net/communities/as2914/
https://onestep.net/communities/as49544/

Thanks,
Jakob.


On Nov 6, 2016, at 3:30 PM, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:

Hi Jakob,

Very fair and good summary !

One question: What is "unintended routing" ? Are you alluding to "churn" If so pls see my reply to previous post.

Just to reiterate ... I do recommend that whatever option gets more support it should be spelled out in the Large Community RFC such that all implementations can be consistent.

Best,
Robert


On Mon, Nov 7, 2016 at 12:25 AM, Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>> wrote:
The question:
Should Large Communities be transmitted across EBGP by default?

Note: there is a knob to change the default, so the discussion is how to act with the knob unconfigured.

Arguments to block:
1. Principle of least surprise: Do same as 1997.
2. Accidental leakage of internally used communities will cause unintended routing.

Arguments to pass:
1. Legacy code will pass it, because the attribute is transitive. Upgrade to LC aware code should do the same by default.
2. It is convenient to pass a community through your first level transit to fix a problem further upstream. A default block frustrates this effort.

The problem of accidental leakage is greater with 1997 communities, because many ISPs use private ASNs. This is as problem if a community intended for a distant ISP is interpreted by a near ISP when they use the same private ASN. This problem SHOULD disappear with Large Communities, because the need to use private ASNs no longer exists.

I would like to hear other arguments and gauge support for each case.

Thanks,
Jakob.

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr