IETF Logo Mail Archive

Re: [Idr] Request to adopt draft-heitz-idr-large-community

Robert Raszuk <robert@raszuk.net> Wed, 07 September 2016 23:29 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C1D912B20D for <idr@ietfa.amsl.com>; Wed, 7 Sep 2016 16:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dK3fe2vRc67j for <idr@ietfa.amsl.com>; Wed, 7 Sep 2016 16:29:30 -0700 (PDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EC3B12B23D for <idr@ietf.org>; Wed, 7 Sep 2016 16:29:30 -0700 (PDT)
Received: by mail-wm0-x22f.google.com with SMTP id 72so1339421wme.1 for <idr@ietf.org>; Wed, 07 Sep 2016 16:29:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=QVB2xc/5LZh8+D++Co5Ho7KuhNkpN2cXuM0yn8RtnPA=; b=q9OOdEN71kZAotecIPClaNIlMmv18tWz9B/+jgv8BtuSax1+kBIZnABQyEsAWnurn9 g99S/MmbKiVPaKTftT3/IP4q4nEmvWRurJXtXGsdhVRVHChYFwGyO3kH+dKHV5uflgOe SDkYqthgzhf+/r48cHnhBkY1Aak+4VvmzAu0MD0Mpl7Pb3LxLsexiKkeUSCMbY29WD06 3uRmnfeHcj7vX2T+XwOWrdaT3R3RhJE2somOuc5eiPnaNzvq8b0UIUm6Lx6TZ5DWV6p8 buqXFfjdrdEK4n8KWm15d6kYIxlts4HdNau0DcNdtHxBNJxx6uqztb9wMu1DWtQQYsR8 dUmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=QVB2xc/5LZh8+D++Co5Ho7KuhNkpN2cXuM0yn8RtnPA=; b=fJkDtlvTND+k09xwo7Ng0cSEeJUb4L6p9DcvPtWwiZdTk9jRh58EBWkRwt6a2A+AyS wbJxjWgAGTy34ThxL0MREgIZf7q1A/s3oSNplp5I2On3dspgWG/n0xQhxN2aMnoO9wdL r1DCh+0PwidSkh/A3EmtO2BVEjSR+qWiJTx8gYnGiF+cfh4crOONe7rFR9Slq7O7bkbd DOsrBMVSvA9MWDuGcMJUI6EROoWoiJ+WsFd8fgFAqg/j54F0S9x3MWFO3U7GoEXyVe0I xskl4r/x/mVRxttlSlyTVwodL87WGp7fmLji0f5PxE8O5TL0QAFvHQhgubV+KxDxDflj NfmQ==
X-Gm-Message-State: AE9vXwOorr29UoEiVdT4WWr7KJ9cP0zg64CkFERVi+k6j0dXiFni2KfBWIc/e9DP0PNvHz6mS3werndKwI/3Ag==
X-Received: by 10.194.89.228 with SMTP id br4mr43048791wjb.187.1473290968431; Wed, 07 Sep 2016 16:29:28 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.194.60.51 with HTTP; Wed, 7 Sep 2016 16:29:27 -0700 (PDT)
In-Reply-To: <D2565063-A1DE-4AB0-9903-65AA2805D0D3@cisco.com>
References: <20160906113919.GC17613@vurt.meerval.net> <F3BDAC77-FA01-4F90-9BC1-9F2F1B7B6029@ecix.net> <CAHxMReZxtHSHfavDaAm=JrBqQ+UHkbJoai52Zt3rFFSKgp=aLA@mail.gmail.com> <CA+b+ER=QOJXZoZaNhRhiHS2SgE88cBaxOb39eRshyA1TxnQXUg@mail.gmail.com> <20160907161113.GG5423@57.rev.meerval.net> <CA+b+ERmfPrjbsAx42aKH_OVdZnf0WzqS_B1mJ6eTVni7T2s6xg@mail.gmail.com> <D2565063-A1DE-4AB0-9903-65AA2805D0D3@cisco.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 08 Sep 2016 01:29:27 +0200
X-Google-Sender-Auth: wBPPI3hVU_paPugjFWSZvcQDLlA
Message-ID: <CA+b+ERmT17dvv93edN+O0XU=PmUMWNyyBuKyv-ShjT6g9xO9rg@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Content-Type: multipart/alternative; boundary="047d7bf10adad309a4053bf3482a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/xMZOlrCTvm229opWpyFjZfeJwmQ>
Cc: idr wg <idr@ietf.org>
Subject: Re: [Idr] Request to adopt draft-heitz-idr-large-community
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2016 23:29:33 -0000

Hi Jakob,

To me what you proposed here below is sufficient and covers second sentence:

"
​
The meaning of all octets in the large community is to be defined by mutual
agreement between the originating and terminating ASes."

- - -

However while we do not talk about this often in IDR and just leave freedom
of implementation let me risk a question what filtering capabilities should
be or are expected to be implemented for large communities at the ASBRs ?

Q1: In your current implementation can I selectively accept communities
only with my AS listed in the first 4 octets and drop everything else ?

Q2: If as you say large community is intended to "transit an AS" how do I
know the destination/terminating AS will get what real sender sent or
intended to sent in the remaining 4:4 ?

Q3: Assume the terminating AS as agreed with with originating AS did the
job. Should spec enforce (MUST) to strip such community before propagating
the route any other EBGP speaker ? Why do we want to trash the Internet
with something which by AS-PATH rules should never be needed again (leave
alone allowas-in tricks or as-overwrite) ?

Thx,
R.



On Thu, Sep 8, 2016 at 12:39 AM, Jakob Heitz (jheitz) <jheitz@cisco.com>
wrote:

> Here is how I would treat the first 4 octet so of the large community.
> The community is normally used by an ISP to allow a directly connected
> customer to express its wishes about how to process the route. In that
> case, the first four octets and all octets are totally in control of the
> ISP. The ISP has total control of the definition of the octets. If an ISP
> is willing to carry communities that are destined to another AS, then it
> makes sense for everyone to agree on the encoding of the target ASN in the
> community.
> I would phrase it like this:
>
> ​​
> The meaning of all octets in the large community is to be defined by
> mutual agreement between the originating and terminating ASes. However, if
> a large community is intended to transit an AS, then the ASN of the
> terminating AS SHOULD be encoded in the first 4 octets of the large
> community.
>
> For example, there is no reason that an invalid ASN (say 0 or 23456)
> should be disallowed as long as the intended recipients of the community
> understand the meaning.
>
> Thanks,
> Jakob.
>
>
> On Sep 7, 2016, at 1:57 PM, Robert Raszuk <robert@raszuk.net> wrote:
>
> Hi Job,
>
> Excellent.
>
> And my only point was to add that single sentence to the spec when next
> rev comes out.
>
> Suggestion for the sentence to add into bottom of the section 3:
>
> "The Autonomous System number used within the community field is an Autonomous
> System which understands the encoded meaning of the 8 octets which follow
> and which is to act on it."
>
> ... or something along those lines.
>
> Cheers,
> R.
>
>
> On Wed, Sep 7, 2016 at 6:11 PM, Job Snijders <job@ntt.net> wrote:
>
>> Hi Robert,
>>
>> On Wed, Sep 07, 2016 at 05:47:27PM +0200, Robert Raszuk wrote:
>> > I agree with all statements made by Rob S.
>> >
>> > Kay's email however triggered the clarification question to the
>> > current -03 version.
>> >
>> > What is the meaning of explicit AS number listed in the first 4 octets
>> > of the community. I was under impression that originally it was the AS
>> > number in which given community needs to be executed however it seems
>> > that this sentence is no longer in the current version of the draft.
>>
>> The first 4 bytes contain the ASN in which the last 8 bytes have a
>> meaning. Its not about what is executed where. Consider the last 8
>> bytes, the 'local opaque data', a namespace of sorts, the first 4 bytes
>> indicate who owns that namespace. The owner of the namespace can
>> publicly or privately document what the meaning communities are within
>> his/her namespace.
>>
>> I welcome suggestions to improve the text on this aspect. RFC 1997 had
>> language like "Global Administrator" and "Local Administrator" - but I
>> think that is a somewhat archaic to explain this concept. In -04 we're
>> talking about "Autonomous System Number" and "Local Data".
>>
>> > So it may be unclear if this is AS number inserting this community, if
>> > this is target AS to execute it or perhaps like in the case of Route
>> > Server is it AS acting as proxy for other ASes it peers with ?
>> >
>> > The answer could be none of the above - it's all local significant - but
>> > then shouldn't it rather use a 4:4:4 description.
>>
>> What Kay described is that they today with RFC 1997 communities they are
>> using a horrible kludge because there is not enough space.
>>
>> With Large communities, ECIX (AS 9033) could say "Dear customers, if you
>> attach 9033:XXX:YYY to your prefix, our routeserver will do A", where
>> XXX and YYY are values decided by ECIX. This way, there will never be
>> collisions. What XXX and YYY are is up to ECIX, XXX could be the ASN of
>> a peer on the route server, YYY could be an identifier which triggers an
>> action, such as no-export.
>>
>> Given the above context and what Kay sent to the list:
>>
>> > > As we use 65000:XXX, where XXX is the ASN which should
>> >> not receive the route, this proposal would give us the option to also
>> >> extend the control-mechanisms towards 32-bit ASNs and not just 16-bit
>> >> ASNs anymore.
>>
>> With Large Communities, the above example could be turned into:
>> 9033:65000:XXX, where XXX is the ASN which should not receive the route.
>> Suddenly they aren't overloading a Global Administrator field with a
>> private ASN! :-)
>>
>> ECIX (and other Route Server operators) gain two advantages: There won't
>> be a risk of collision because its in their own namespace, (in ECIX's
>> case '9033'), and XXX can be a 4-byte value, meaning they can target
>> 4-byte ASNs, which is something they cannot do today but clearly want to
>> do for consistency.
>>
>> It is important to recognise that it is up to ECIX to decide how they
>> use the 8 bytes of data available to them. They can put ASNs in there
>> directly, or use a mapping table, or throw a dice and just publish which
>> value means what on their Route Server. It is entirely opaque.
>>
>> Kind regards,
>>
>> Job
>>
>> ps. Large Communities' expiry date will be the moment the IETF starts
>> working on 8-byte ASNs. If that ever happens, we'll hopefully remember
>> this thread.
>>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>

v2.23.0 | Report a Bug | By Email