IETF Logo Mail Archive

Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Wed, 22 November 2017 17:15 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C47C12946C; Wed, 22 Nov 2017 09:15:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.519
X-Spam-Level:
X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ld_JxRSXy9We; Wed, 22 Nov 2017 09:15:51 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81C45129469; Wed, 22 Nov 2017 09:15:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=41665; q=dns/txt; s=iport; t=1511370951; x=1512580551; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=GNyUM5RlovI5tbsVgls8mIj4eF0KvdsGmic651GQmqc=; b=V6wL73Hu22KsVAqoTdpCr4nsXSCJUAjBl7+KqcNFjkANqhVnJbpJkEiR g1WZltGM1nEHdsAr/HgaRWEG6sB66kEaTY1NHfieR9PCNtTjG0tMdNd6R +N5HrIPfO0UrX2XKvmQVWzvUN30AlmL6fMwZjy7Aguva7A4lxSUBswag+ M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DBAQAysBVa/5FdJa1cGQEBAQEBAQEBAQEBAQcBAQEBAYJKRAIsZm4ng3+ZNYF9iF2QFgMKGAEJgXeDIgIahQZCFQEBAQEBAQEBAWsohR4BAQEEAQEhSwsQAgEIEQMBAQEhAQYDAgICHwYLFAkIAgQOBRSIHAQebEwDFRCoQIInhzkDCoM/AQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWDOoIHgVWCEoMCgmtagTA9CRaCXzGCMgWKQI5kiF89AodwiCGEeYIWhgyLK4o2gj87iFoCERkBgTkBNSMUgWF6FUktAYI2E4IQORwZgU53AQEBAYkyASUHghkBAQE
X-IronPort-AV: E=Sophos;i="5.44,436,1505779200"; d="scan'208,217";a="322027825"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Nov 2017 17:15:49 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id vAMHFnJD032360 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 22 Nov 2017 17:15:49 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 22 Nov 2017 11:15:48 -0600
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Wed, 22 Nov 2017 11:15:48 -0600
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
CC: Robert Raszuk <robert@raszuk.net>, idr wg <idr@ietf.org>, "idr-ads@ietf.org" <idr-ads@ietf.org>, Idr <idr-bounces@ietf.org>, Thomas Mangin <thomas.mangin@exa.net.uk>, Randy Bush <randy@psg.com>
Thread-Topic: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)
Thread-Index: AdNcB5lUqir6ZylBRUe7xuFnWiyeYQG3eYqAAAg/8gAAAS+JgAAAPKYAAAK34gAAABCKgAAChkQAAAJHFYAABIDZoAAEYC2AAAx+mpAAGMb1gP//5mEA//++cLs=
Date: Wed, 22 Nov 2017 17:15:48 +0000
Message-ID: <A0106E1A-272D-4E1D-A0F3-E3531D583AA3@cisco.com>
References: <000901d35c08$3f12d950$bd388bf0$@ndzh.com> <B61C3B8F-1168-4EB1-8D8E-88C4BF28B3AA@exa.net.uk> <CA+b+ER=1sHhAqhOc2VipzZMB+Zsxk8n+8cNUshkjPw_A9k9E-A@mail.gmail.com> <39049A8C-6D47-4251-AF87-342F68DDE8AE@exa.net.uk> <CA+b+ER=ANs15BEmRKeqneVHNcTSCsGDMVDQgFV4OucwPSWcLgw@mail.gmail.com> <CACWOCC9Yde99EbhLrveCtoUVSZWiP=sL=k69zrGBeNj5AjCGFQ@mail.gmail.com> <CA+b+ERk_2XZ_Y3EqSjNAbSi1ZqKhD2oThrRR2EOJzckQ41GijA@mail.gmail.com> <CACWOCC-EfzOYdUrHAWQN10LBzofySrKRADc6Zq-dyca1o0DPvw@mail.gmail.com> <CA+b+ER=ppm1N2wnMrPxxS_Nug2EaETBkW5gASTVZ2UKKq0aZJA@mail.gmail.com> <976743ea96934039a85fa74415b45862@XCH-ALN-014.cisco.com> <CA+b+ERmpEghcndHKM+WKKxg1V8ufTwg=xqb0J5jNowZHj2OwAQ@mail.gmail.com> <88d5df779a344b588745108c771d3145@XCH-ALN-014.cisco.com> <deae6e85c3ff47a6bbcac176eb91bd3e@XCH-ALN-014.cisco.com>, <F0EAF2D4-656D-48BD-830B-DC2E8B862813@nist.gov>
In-Reply-To: <F0EAF2D4-656D-48BD-830B-DC2E8B862813@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_A0106E1A272D4E1DA0F3E3531D583AA3ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/wNnK6VKZcKc4TQFXqImwj-EdoJE>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 17:15:54 -0000

Larger message implies larger path attributes. You may answer “no” for the parts with which you do not comply.

If the implied path attribute sizes are too large, then we need to be explicit about the maximum sizes for each attribute in the draft. Please suggest reasonable maximum sizes.

Thanks,
Jakob.

On Nov 22, 2017, at 7:10 AM, Borchert, Oliver (Fed) <oliver.borchert@nist.gov<mailto:oliver.borchert@nist.gov>> wrote:

Jakob,

I looked into the added questions for the compliance report you added on the wiki.
I am not quite sure that these added questions do apply for a compliance of the requested draft. These do more apply to features used within BGP that might result in larger BGP messages.
And here the draft has a clear message in the last paragraph of section 3:

“It is RECOMMENDED that BGP protocol developers and implementers are
  conservative in their application and use of Extended Messages.”

Therefore, they would more apply to proper functioning of implemented BGP features rather than the extended message itself. I do not believe that these new questions do apply here.

Said that, BGPSEC-IO is a traffic generator that mainly focusses on BGPSEC updates. We did not add communities to the generated traffic and I do not intent to do so in the near future (though community contributions are welcome) – in this sense, for sending my answer is NA.
On the receiving side, as long as the BGP update in itself is well formed and within its length boundaries (4K or < 64K) there is no issue. We just dump the update either on the “floor” or screen.

With QuaggaSRx, as long as Quagga can process communities of that length, QuaggaSRx can as well. QuaggaSRx same as BGPSEC-IO do comply with the draft itself when it comes to accepting and generating > 4K updates as specified in the draft and we tested the processing and memory usage using BGPsec traffic of little less than 64 K.

Oliver

From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> on behalf of "Jakob Heitz (jheitz)" <jheitz@cisco.com<mailto:jheitz@cisco.com>>
Date: Tuesday, November 21, 2017 at 6:13 PM
To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>, "idr-ads@ietf.org<mailto:idr-ads@ietf.org>" <idr-ads@ietf.org<mailto:idr-ads@ietf.org>>, Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>, Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

1 hour ??
When I tested my large community code, I tested at the limit and over it.
There was no perceptible time for the operations.
16 times imperceptible would be a blip at the most.
The only operations that take a worrisome amount of time are regexp matches with nested wildcards.
Hmm, I should add regexp matches explicitly, because that requires to expand the communities into ascii representation in the matching engine.

Thanks,
Jakob

From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Jakob Heitz (jheitz)
Sent: Tuesday, November 21, 2017 2:58 PM
To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>; idr-ads@ietf.org<mailto:idr-ads@ietf.org>; Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>; Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Just that it does it without error.
If the numbers are too large, we should discuss reasonable limits.

Thanks,
Jakob

From: rraszuk@gmail.com<mailto:rraszuk@gmail.com> [mailto:rraszuk@gmail.com] On Behalf Of Robert Raszuk
Sent: Tuesday, November 21, 2017 2:55 PM
To: Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>>
Cc: Job Snijders <job@ntt.net<mailto:job@ntt.net>>; idr wg <idr@ietf.org<mailto:idr@ietf.org>>; idr-ads@ietf.org<mailto:idr-ads@ietf.org>; Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>; Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Hi Jakob,

I think what you added is fine, but requires a time limit.

Statement that implementation can receive, parse/validate, display in CLI or match in the policy 16K of communities all actions taking 1h each is rather not that interesting isn't it ?

Or is the indicator of spec compliance a statement that it just does not crash regardless of time it takes for execution of each stated action :) ?

Thx,
//R.





On Tue, Nov 21, 2017 at 11:38 PM, Jakob Heitz (jheitz) <jheitz@cisco.com<mailto:jheitz@cisco.com>> wrote:
The new update message size requires support for:
16375 communities
8187 extended communities
5458 large communities
I have not changed the as-path length, because it is already ridiculously high.
If anyone wants to talk about a maximum as-path length, please speak up.

I have added tests to the implementation report
https://trac.ietf.org/trac/idr/wiki/draft-ietf-idr-bgp-extended-implementations<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fidr%2Fwiki%2Fdraft-ietf-idr-bgp-extended-implementations&data=02%7C01%7Coliver.borchert%40nist.gov%7Cc29658d9c708468b0ccd08d5313576ee%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636469028063383089&sdata=zRFsa6v%2BqWcQo44fTcKtmbmqmFZicA495i%2BZfcA4ZSg%3D&reserved=0>
to ensure full compliance with the consequences of the draft.

Implementers, please update your compliance.

Thanks,
Jakob

From: Idr [mailto:idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>] On Behalf Of Robert Raszuk
Sent: Tuesday, November 21, 2017 10:41 AM
To: Job Snijders <job@ntt.net<mailto:job@ntt.net>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>; idr-ads@ietf.org<mailto:idr-ads@ietf.org>; Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>>; Thomas Mangin <thomas.mangin@exa.net.uk<mailto:thomas.mangin@exa.net.uk>>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Great !

On Tue, Nov 21, 2017 at 6:35 PM, Job Snijders <job@ntt.net<mailto:job@ntt.net>> wrote:
Robert/Randy,

About this being a default:

Old (Section 4):

A BGP speaker that is willing to send and receive BGP Extended Messages with a peer SHOULD advertise the BGP Extended Message Capability to the peer using BGP Capabilities Advertisement RFC5492].

New (Section 4)

A BGP speaker that is capable to send and receive BGP Extended Messages with a peer SHOULD advertise the BGP Extended Message Capability to the peer using BGP Capabilities Advertisement [RFC5492].


_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=02%7C01%7Coliver.borchert%40nist.gov%7Cc29658d9c708468b0ccd08d5313576ee%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636469028063383089&sdata=Bt6F5N6zA5v7GCXm7peFu06uK1TCD3sRHIVPffp%2F0O0%3D&reserved=0>

v2.23.0 | Report a Bug | By Email