IETF Logo Mail Archive

Re: [Idr] Questions regarding BGP capabilities (RFC5492)

Donatas Abraitis <donatas.abraitis@gmail.com> Thu, 18 April 2024 11:59 UTC

Return-Path: <donatas.abraitis@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55B9CC14CE30 for <idr@ietfa.amsl.com>; Thu, 18 Apr 2024 04:59:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eWzG_Es-Tny1 for <idr@ietfa.amsl.com>; Thu, 18 Apr 2024 04:59:47 -0700 (PDT)
Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com [IPv6:2607:f8b0:4864:20::f2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70C30C151081 for <idr@ietf.org>; Thu, 18 Apr 2024 04:59:47 -0700 (PDT)
Received: by mail-qv1-xf2a.google.com with SMTP id 6a1803df08f44-69b514d3cf4so6562356d6.0 for <idr@ietf.org>; Thu, 18 Apr 2024 04:59:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713441586; x=1714046386; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9dyly8vBKrjP8qKwGyZ5+ni38h9lQAFUKGfB4jb+/jc=; b=BnYIQHYWsJGwchWXqgX6evBORKWt9QAoRZpszXls4Yd3q5RKnMTVqPqOY/0a0KK8RZ 6X1TER5A9dXx4HiXR7Kr7iz1DxmFpfP/6mniahJe3D4wP0Tl9Jqxno6rmjmcHbdHR5gy aB+6dvPc+pUCgXbKZuoikrUZ+jWaCmIT4L/NiMRyBJ7K0VwPSz182iU5+z5e+dqdjFgw m7FO3pIFk6UPVFAvF8DWjpv4QqTa4HRzdyJdnLnpYVCLbtxdKWlORD67jrYoBFV1m5yf ctF55c/ot0IY2bHmubY8rojxLF9tzA2u1VlWMkZNvq/bQ8JzNmEYco6b5Zxq4Im4klpJ ahBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713441586; x=1714046386; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9dyly8vBKrjP8qKwGyZ5+ni38h9lQAFUKGfB4jb+/jc=; b=wku4KIG4jPRKVlKcAUDOFb77LSA4Ydxr5mAqGE/Tfmuy16Nf902rP1DDv5blbclyGn Q7adqKfwG3MdXFkFDSM8guYOW1Xt+HsevmHjjTOWn4+nqXGy8hiAF2hrEyrrIs/MhDeO YG0l6AOI/k2xGptUFzA1o1goQdGTT3ES9RP8E42IJWvDyU0hmE5UkYf20Cu03TYciH4r MVTgfyMe3oDdCty0WJz4lBlvODiG4TlSUJWOcpE8T3mf/RlKcXFlqLpnH0CHPQH3irrx S/HbiwIhscIUkndjDTYfERopWyXF3cvEVgBl7J8W9N6aLC3RP+NiZEnvpPLHpC4rcyrv yx0A==
X-Gm-Message-State: AOJu0Yz3lmf/vFydd+QPOqFN75TRf4A4O7vMkvAiEOzv7rUABo9jP+eV FPI4VasUDIOe/HyZaXL0MOldTBzQQZoF1BDpL3UOjZpm5OjV+4X1vBBXCpsshyvHowfPyAU6b4l HBNx+jW71siEerd4VG6XL0Km9pD+znYCXs1qhog==
X-Google-Smtp-Source: AGHT+IGCZPuvAjf1OOAaJc0eLNKCa3E/bfJHQYGw2M14YT2CkXeSWrHc0DrhA0MAwBXkT7o7Yl9u6x6GaSAR5gfKF40=
X-Received: by 2002:a05:6214:1904:b0:6a0:5a76:a0c9 with SMTP id er4-20020a056214190400b006a05a76a0c9mr440103qvb.63.1713441586185; Thu, 18 Apr 2024 04:59:46 -0700 (PDT)
MIME-Version: 1.0
References: <ZiD21ViYxwCLju8p@diehard.n-r-g.com>
In-Reply-To: <ZiD21ViYxwCLju8p@diehard.n-r-g.com>
From: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Thu, 18 Apr 2024 14:59:35 +0300
Message-ID: <CAPF+HwXedkDMh9=WjtKePUuk8bjXx8tXM5+mKPuKCQ902WqANg@mail.gmail.com>
To: Claudio Jeker <cjeker@diehard.n-r-g.com>
Cc: idr@ietf.org
Content-Type: multipart/alternative; boundary="000000000000168ef506165db5cf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ztanzR7Z0kaUGzHazyLcIMUBoPA>
Subject: Re: [Idr] Questions regarding BGP capabilities (RFC5492)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 11:59:51 -0000

Hi,

>Are there still BGP implementations out there that do not support
capabilities (RFC5492)?

Most likely some random parsers/scripts don't care about capabilities, but
I think this is not a big deal.

>I checked some other opensource BGP implementations and noticed that
both FRR and bird send this suberr 7 NOTIFICATION without any data!

Speaking of FRR: what is the configuration of FRR? It SHOULD send
NOTIFICATION(7) only when there is a strict capability requirement
(neighbor ... strict-capability-match), or the AFI/SAFI is not enabled at
all when MP is used.

>The Data field in the NOTIFICATION
   message MUST list the set of capabilities that causes the speaker to
   send the message.

I double-checked this, and FRR sends capability(-ies) that are not in
compliance with what is expected. At least wireshark/tcpdump shows it
correctly.

Donatas.

On Thu, Apr 18, 2024 at 1:33 PM Claudio Jeker <cjeker@diehard.n-r-g.com>
wrote:

> Hi all,
>
> I have a few questions about BGP capabilities since we want to enforce
> some capabilities long term in OpenBGPD.
>
> As a first step we want to remove an old fallback to start over with no
> capabilities in case of a NOTIFICATION with error code 2 (OPEN) and
> suberr 4 (Unsupported Optional Parameter).
>
> Are there still BGP implementations out there that do not support
> capabilities (RFC5492)?
>
>
>
> On top of this I have a question about NOTIFICATION error code 2 (OPEN)
> suberr 7 (Unsupported Capability). From the RFC5492:
>
> 5.  Extensions to Error Handling
>
>    This document defines a new Error Subcode, Unsupported Capability.
>    The value of this Subcode is 7.  The Data field in the NOTIFICATION
>    message MUST list the set of capabilities that causes the speaker to
>    send the message.  Each such capability is encoded in the same way as
>    it would be encoded in the OPEN message.
>
>    As explained in the "Overview of Operations" section, the Unsupported
>    Capability NOTIFICATION is a way for a BGP speaker to complain that
>    its peer does not support a required capability without which the
>    peering cannot proceed.  It MUST NOT be used when a BGP speaker
>    receives a capability that it does not understand; such capabilities
>    MUST be ignored.
>
> I have an issue with "Each such capability is encoded in the same way
> as it would be encoded in the OPEN message".  The thing is for some
> capabilities the system may not really know the exact encoding of the
> missing capability. For example graceful restart could include some
> AFI/SAFI pairs but those are optional.
>
> For OpenBGPD when parsing notifications only the first byte of data is
> looked at so that we can log which capability code caused the problem.
> When sending such a notification we build a capability with valid code and
> length fields but apart from capa 1 the payload of the capability is 0.
> For capa 1 we do send the AFI/SAFI pair that is missing.
>
> How do other implementations handle this?
>
> I checked some other opensource BGP implementations and noticed that
> both FRR and bird send this suberr 7 NOTIFICATION without any data!
> I can not really check the behaviour of other propretary implementations.
>
> Also FRR seems to send suberr 7 NOTIFICATIONs for unknown or superfluous
> capabilities. Which violates the last sentence of Section 5.
> Again, do other implementations do the same?
>
> --
> :wq Claudio
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>


-- 
Donatas

v2.23.0 | Report a Bug | By Email