IETF Logo Mail Archive

Re: [Idr] draft-dong-idr-node-target-ext-comm-05.txt - WG Adoption and IPR call (9/27 to 10/11/2022)

Robert Raszuk <robert@raszuk.net> Sat, 22 October 2022 13:14 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2D9DC14F743 for <idr@ietfa.amsl.com>; Sat, 22 Oct 2022 06:14:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4sjE9oVxCuAO for <idr@ietfa.amsl.com>; Sat, 22 Oct 2022 06:14:39 -0700 (PDT)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D629C1524D6 for <idr@ietf.org>; Sat, 22 Oct 2022 06:14:22 -0700 (PDT)
Received: by mail-ed1-x534.google.com with SMTP id b12so15466381edd.6 for <idr@ietf.org>; Sat, 22 Oct 2022 06:14:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6IMwVVdRi8Dn7qlrrPcVsVYlm0x3oKBs6zoxdeZEjIQ=; b=DOw46W8BlPhNfDa5geSZqVYlACcb7a2tqsxxTLIXxzdHf44DKpO91ZuiJHmRw4FUs2 E5Rzmoc37FAo4H9hGOk9bby4fiCmUvHnaf9upNJ4FuHmFQHATIibsL7edDyfJP5c/cmR MlcOMGfCHgF/9p3r3mkO7yTR3bRk3XrdD1FRvRCKAihwWANbfxPNFJo3eMzKNF/G8jcS itSagHHQjCvqQZEvEwoFjRDI+L6cnAEeii/LbgtJnTZWkQjl6L/0ElNVI3PvAD5lvk6H N0DeU3aOgKFkjhNiQwC0osPgknczH8ZEouVFbZabuKA/3xj3WsZxBMlWNHJZcPUX61OX Ow/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6IMwVVdRi8Dn7qlrrPcVsVYlm0x3oKBs6zoxdeZEjIQ=; b=Fd519iHCFZ0aHZ3/o14lxJaOVbV2lmEEICq05pBUmoZAKPbwidBAJ86cuiHGLKD43y z+os3sK/MMf73XuzCb2FkctD6D3m3CPwxc7pU7I27llLw27cOgcNGdlO49Fdrlw9CSLw oFeldLPbrFtknqEfAMK27knvLdny+1OsqFu5vc1Sq//q3FrjmS3MfRvjp5mvjjZJjW7i oOlhx0nARKMF3z5Q1lFIY12QwAva24l/cj80eA3DP8YvfifNMXbahHKy+nH96hvUrv+Q taRAfVz/6HULArFYojvQNn1qW6VR8eL8986jEPm5HHvhMCab7AY9ZuiL5XxI0msHO6Pf /oGQ==
X-Gm-Message-State: ACrzQf2B7KzDnJjXSSs11XxZcqLQKzsFquBpHRY+qZucQj3tch3Xsu1f AEdMFUqAwMciNG88T5PThqnblj0IKnkt3kyaXq8izg==
X-Google-Smtp-Source: AMsMyM6SDlAcl6G1gmfhZTFmEWAUY2htmsLdC8/nbn6RjEdig4pu2vuyv8Ez9kFzqQG8kwCmF40l8QUZmVRPaIpNBcE=
X-Received: by 2002:a17:906:fe45:b0:788:15a5:7495 with SMTP id wz5-20020a170906fe4500b0078815a57495mr20161147ejb.633.1666444460356; Sat, 22 Oct 2022 06:14:20 -0700 (PDT)
MIME-Version: 1.0
References: <028ECC42-2021-4D00-9B31-B323F2480DAA@gmail.com> <Y0mJ2CJQbUbf6pzO@Space.Net> <20221014182353.GF2066@pfrc.org> <CAOj+MMGr3X58yCoR9uLXmoNUtk4b+=00o2JB9tEKpENTU6M6Yw@mail.gmail.com> <20221019214126.GB10497@pfrc.org> <CAOj+MMHafWNKaDBfcvdVKz7RoX4eFxkk2KjVvqN9vS=2+vNeGw@mail.gmail.com> <20221019222746.GD10497@pfrc.org> <CAOj+MMEstWKm+xoWBRFJjJW-vhX_4BKerWCt94GiQT+W5tELPA@mail.gmail.com> <20221020204232.GD19035@pfrc.org> <CAOj+MMFAkrq4bTyx-Gf4ivfBetnaH0bSJo34wmyXwXL5nQEWxg@mail.gmail.com> <20221020210047.GA25483@pfrc.org> <CAOj+MMHtk5hJ17K_7e5MjGLxKbTP2mCoAZ0z085PV+5VzmaPrw@mail.gmail.com> <m28rl9dvsn.wl-randy@psg.com> <0D810195-CFC6-43C6-84F7-609CAA4B3C7F@pfrc.org> <CAOj+MMFw+2uTs19jHTOF9kaQRog_m9nW4L+4gLkB0c7k9Mi1+A@mail.gmail.com> <9953B13E-DC91-4A10-92E0-317629571656@pfrc.org> <CAOj+MMHqsdvq2zFGkYsbN_vGo8ZE2aSJwfOPmhWD6Ef4ss7GsQ@mail.gmail.com> <7DFC7626-D838-44F7-9414-4DE5254CCA73@pfrc.org> <CAOj+MMFPrBx38UKNUZduDRo9oyZye+CNPBSwqhdRgji6ePSEug@mail.gmail.com>
In-Reply-To: <CAOj+MMFPrBx38UKNUZduDRo9oyZye+CNPBSwqhdRgji6ePSEug@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Sat, 22 Oct 2022 15:15:15 +0200
Message-ID: <CAOj+MMGt21v+s9CTz64tv3LJ+x14AXUP4xCOyVyp1fKSZ9A2EQ@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Randy Bush <randy@psg.com>, Gert Doering <gert@space.net>, idr <idr@ietf.org>, Sue Hares <shares@ndzh.com>, "Dongjie (Jimmy)" <jie.dong=40huawei.com@dmarc.ietf.org>, "Van De Velde, Gunter \\(Nokia - BE/Antwerp\\)" <gunter.van_de_velde@nokia.com>
Content-Type: multipart/alternative; boundary="000000000000190b0e05eb9f56a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/uMvNHZdV0wxiikITA7OExfwwnjk>
Subject: Re: [Idr] draft-dong-idr-node-target-ext-comm-05.txt - WG Adoption and IPR call (9/27 to 10/11/2022)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Oct 2022 13:14:43 -0000

Hello Jeff,

Thinking more about your exemple I am concluding that any filtering
performed on path attributes which could change without prior route
withdrawal from the src is simply not compliant with base BGP
specifications.

*RFC4271 was very clear to say: *

An UPDATE message might advertise only routes that are to be withdrawn from
service, in which case the message will not include path attributes or
Network Layer Reachability Information.

*RFC4760 is also clear: *

An UPDATE message that contains the MP_UNREACH_NLRI is not required  to
carry any other path attributes.

That means that implementations which send implicit withdrawals do not
break any BGP specifications.

*Quote from RFC4271:*

   If the UPDATE message contains a feasible route, the Adj-RIB-In will
   be updated with this route as follows: if the NLRI of the new route
   is identical to the one the route currently has stored in the Adj-
   RIB-In, then the new route SHALL replace the older route in the Adj-
   RIB-In, thus implicitly withdrawing the older route from service.

- - -

UPDATES which contain MP_UNREACH_NLRI should not be subject to any RT
filtering. I do recall some discussions on this in the past but don't
recall what conclusion was reached.

But let's note that when both MP_UNREACH_NLRI and MP_REACH_NLRI contain the
same NLRI only the latter is processed. MP_UNREACH_NLRI could be just a
protocol "hack" to bypass filters in such cases.

Bottom line I think we have enough issues just with SAFI 128 alone and RT
filtering.

Adding to this new extended community to add more filtering into iBGP  is
clearly not going to help to simplify the situation.

Thx,
R.


On Sat, Oct 22, 2022 at 12:37 AM Robert Raszuk <robert@raszuk.net> wrote:

> Jeff,
>
> Well even without RTC you have an issue if path changes on A and B keeps
> the inbound filter set to 100:100.
>
> Note that on any properties change to make it effective you need to clear
> session out. In the old days that was hard reset so no issues. These days
> this is soft reset.
>
> So what you are essentially saying is that with RT filtering (or really
> filtering of any sort on non immutable path attribute which removes a
> parameter) you can not use the implicit withdrawal concept in iBGP.  Is
> this the right conclusion ?
>
> You always must withdraw the old path then advertise the new one.
>
> Enhanced Route Refresh could help but honestly I don't think I have ever
> tested how it works with RTC or even RT inbound filtering.
>
> Thx,
> R.
>
> On Fri, Oct 21, 2022 at 10:57 PM Jeffrey Haas <jhaas@pfrc.org> wrote:
>
>>
>>
>> On Oct 21, 2022, at 4:32 PM, Robert Raszuk <robert@raszuk.net> wrote:
>>
>> Hi,
>>
>> > A has a properties change for the route
>>
>> That is why I said in the same RD case (not recommended anyway) the
>> change must be symmetric to all VRFs sourcing such route.
>>
>>
>> In the example below, the prefix does not change.  This is a single route
>> example.
>>
>> -- Jeff
>>
>>
>> Kind regards,
>> Robert.
>>
>>
>> On Fri, Oct 21, 2022 at 10:13 PM Jeffrey Haas <jhaas@pfrc.org> wrote:
>>
>>>
>>>
>>> On Oct 21, 2022, at 12:27 PM, Robert Raszuk <robert@raszuk.net> wrote:
>>>
>>>
>>>
>>>> Perhaps Robert will share whose implementation is intentionally broken
>>>> in this fashion to help shortcut that process.
>>>
>>>
>>> I do not consider implementation to be broken the moment IDR decides to
>>> use BGP as point to point configuration protocol and forces it to filter
>>> BGP UPDATES from arbitrary AFI/SAFI when propagating towards IBGP peers.
>>>
>>> For current SAFIs with unique RDs and RT based filtering nothing is
>>> broken.
>>>
>>>
>>> A peers with B with RT-C and L3VPN.
>>> B advertises to A an RT-C route that attracts route-target:100:100
>>>
>>> A theoretically filters L3VPN routes at the update-send portion of the
>>> process by dropping updates containing no matching RT-C extended
>>> communities of interest.
>>>
>>> A advertises L3VPN route RD:prefix to B with route-target:100:100 and
>>> route-target:200:200.  This matches received RT-C for route-target:100:100
>>> from B and is thus transmitted.
>>>
>>> A has a properties change for the route and needs to advertise L3VPN
>>> route RD:prefix to B with only route-target:200:200.
>>> There is no matching received RT-C route from B with this route-target.
>>>
>>> If the route is filtered, B now has stale state.
>>>
>>> If A doesn't generate a withdraw for this route, B now has stale state.
>>>
>>> Q.E.D.
>>>
>>> -- Jeff
>>>
>>>
>>

v2.23.0 | Report a Bug | By Email