Re: [mpls] Routing directorate review of draft-ietf-mpls-rfc3107-bis

Jonathan Hardwick <> Thu, 04 May 2017 17:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8D4B7129B66; Thu, 4 May 2017 10:37:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T4IJkG1dvHFn; Thu, 4 May 2017 10:37:36 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 866CE129B2E; Thu, 4 May 2017 10:37:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=rD3Injx8f7qmDia8xsf0R6dSjaKKl9xEYk8cgfNDJTk=; b=QuC1ztuaFolXIST+gpINVeC9tSV1Gnul2KZmiGjteTY9bxnbh+zjD8Fk64HYeFdrQzJGIwMf1/a6m9vNq5dzBYB4uZcVY1cNmMr7+iZiJyr73eVj+IqICEtUhB1MZ5z964CP9vhWCBYgDmiNsapt75lXW/o2/9x9rUKMfAnYzqw=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1075.11; Thu, 4 May 2017 17:37:34 +0000
Received: from ([]) by ([]) with mapi id 15.01.1075.010; Thu, 4 May 2017 17:37:34 +0000
From: Jonathan Hardwick <>
To: Eric C Rosen <>, "" <>, "" <>, "" <>
CC: "" <>
Thread-Topic: Routing directorate review of draft-ietf-mpls-rfc3107-bis
Thread-Index: AdK/UgoPnMchP/X0SOKBF6US5Kr0PwE6EMqAAC5SQVA=
Date: Thu, 4 May 2017 17:37:34 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR0201MB1912; 7:nTxF7YELHQXk3O3PWOLT36Y9IfxTa1mFpgwWSpcohue2eH2jIo4xS5+u5qW60nr88pf4yKcAsAzF92/yCtrPsL3qOABRVABbkicMR6opwdCa7/XwoWSW/I2EEWStK+TI2Bdmaxpsf+1M/HjbzLDgm5Tj9DgU5kv+nG881eNpId+3P32KP4826iD/iytMWsxKmFRhubo2IZFFwrFEv8Axz2Ujk9xscgTz/Zd+QzzeBBCHmJ95OtLAmmwoU/GnXfGo26zZKRhV54bn6CnbX9EejKQR8BFIB1D9yzh8Us2f/gpdfZpDYgejdNbSUpM6ETxe30wFAfY2oIAL8OHxXSW/LA==
x-ms-office365-filtering-correlation-id: a880813f-5e01-4382-9445-08d493143fe6
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:BY2PR0201MB1912;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(35073007944872)(138986009662008)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(6072148); SRVR:BY2PR0201MB1912; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0201MB1912;
x-forefront-prvs: 02973C87BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39400400002)(39410400002)(39450400003)(24454002)(51444003)(377454003)(51914003)(2906002)(478600001)(189998001)(7696004)(76176999)(50986999)(54356999)(229853002)(3280700002)(2950100002)(3660700001)(230783001)(74316002)(5660300001)(2900100001)(6436002)(77096006)(6506006)(122556002)(33656002)(81166006)(8676002)(66066001)(8936002)(9686003)(54896002)(6306002)(55016002)(8666007)(99286003)(38730400002)(7736002)(53936002)(25786009)(53546009)(86362001)(2201001)(2501003)(3846002)(790700001)(102836003)(6116002)(4326008); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0201MB1912;; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR0201MB19109734BAE5CFFB0E7DD70C84EA0BY2PR0201MB1910_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2017 17:37:34.3124 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0201MB1912
Archived-At: <>
Subject: Re: [mpls] Routing directorate review of draft-ietf-mpls-rfc3107-bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-Protocol Label Switching WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 May 2017 17:37:40 -0000

Hi Eric

Thanks for the replies – please see [Jon] inline.


From: Eric C Rosen []
Sent: 03 May 2017 19:23
To: Jonathan Hardwick <>om>;;;
Subject: Re: Routing directorate review of draft-ietf-mpls-rfc3107-bis

Thanks for your review!

On 4/27/2017 9:03 AM, Jonathan Hardwick wrote:
I also spotted a few nits that should be fixed at some point before publication.

I have fixed the nits.

Comments and Questions

1) In section 2.1 it says:
“   If the Multiple Labels Capability for a given AFI/SAFI had been
   exchanged on the failed session, but is not exchanged on the
   restarted session, then any prefixes advertised in that AFI/SAFI with
   multiple labels MUST be explicitly withdrawn.”

If I have understood this correctly, it requires a speaker to withdraw NLRI that it sent on the previous session but that it has not sent on the restarted session (because the negotiated session capabilities changed).
(a) Why does it need to do that – isn’t the NLRI implicitly withdrawn when the EOR marker is sent?

The theory here is that the label stack in the stale routes is known to be invalid, so you really don't want your peer to hold on to them until EOR is received.

[Jon] OK, that’s fine.

(b) This seems to contradict section 2.4 which says “Note that label/prefix bindings that were not advertised on the given session cannot be withdrawn by this method.”

I added the following text to section 2.4 right after the quoted sentence:
 (However, if the bindings were advertised on a previous session with the same peer, and the current session is the result of a "graceful restart" ([RFC4724]) of the previous session, then this withdrawal method may be used.)

2) In section 2.1 it says:
“A BGP speaker SHOULD NOT send an UPDATE that binds more labels to a given prefix than its peer is capable of receiving” – why isn’t that MUST NOT?

Section 2.1 also requires the receiving speaker to apply "treat-as-withdraw" to such updates, which does imply that the sending speaker must not send them.  So I've changed "SHOULD NOT" to "MUST NOT".

[Jon] Thanks.  Note that the same change also applies in section 3.2.1

   “Similarly, a given route SHOULD NOT be
   propagated to a given peer if the route's NLRI has more labels than
   the peer has announced”

…and also in section 3.2.2

“A BGP speaker MUST NOT send multiple

   labels to a peer with which it has not exchanged the "Multiple

   Labels" Capability, and SHOULD NOT send more labels to a given peer

   than the peer has announced”

3) In section 2.4 it says:
“To do so, it may send a BGP UPDATE message with an MP_UNREACH_NLRI attribute.”
Should that be “it MUST send”?

I think the non-normative (non-RFC2119) language is fine here.

[Jon] It just jarred with me a little.  I’m not going to dig in on this point, but let me explain where I was coming from.  When you say “it may send” the word “may” makes it sound like it is not obliged to do it this way.  I don’t think there is any other way to withdraw the route (short of closing the session) so I think that what you are describing is the obligatory way to withdraw the route.  For that reason I’d prefer either “it sends” or “it MUST send”.

4) In section 5: although some implementations treat SAFI 1 and SAFI 4 routes as comparable, I believe that they should always be treated as independent, in the following sense:
Suppose a speaker S1 sends a SAFI 1 route and then a SAFI 4 route to the same prefix P.  The SAFI 4 route MUST NOT be treated by the receiving speaker as an implicit withdraw of the SAFI 1 route.  If S1 subsequently sends an explicit withdraw of the SAFI 4 route, this MUST NOT implicitly withdraw the SAFI 1 route, and vice versa.
Am I correct?  I have seen implementations that violate this so I think it is worth spelling out somewhere in this section.

From Section 1:
This document also addresses the issue of the how UPDATEs that bind labels to a given prefix interact with UPDATEs that advertise paths to that prefix but do not bind labels to it.  However, for backwards compatibility, it declares most of these interactions to be matters of local policy.
Different deployed implementations have different behavior, and I think it is better to advance the document as is rather than derail it with the inevitable food fight that would occur if we wanted to try to get the IETF to say which implementation is better than which other implementation.  The deployed implementations have been around for many years, and people seem to have adapted to the differences.

[Jon] I agree that this document can’t retrospectively deprecate existing, widely deployed behaviours.  In section 5 you say

“Other implementations may treat the SAFI-1 and SAFI-4 routes for a given prefix as comparable”

Imagine that the SAFI 1 and SAFI 4 routes were received from the same peer on the same session.  What do you mean by “comparable” in this context?  It has been interpreted in incompatible ways by different implementations.

-        Either: the routes are independent in the Adj-RIB-In but comparable in the LOC-RIB (a single best one is selected, the other is retained in memory)

-        Or: The routes are comparable in the Adj-RIB-In i.e. one implicitly withdraws the other.

Both of these behaviours are implemented and deployed.  The issue is that they do not interoperate if SAFI 1 and SAFI 4 are enabled on the same session.  For instance, if an implementation of the first type withdraws its SAFI 4 route then an implementation of the second type is left with no SAFI 1 route with which to forward traffic.  You describe this as a matter of policy, which I can live with, but without further discussion it gives no clue to the lack of interoperability.

I understand that it is too late to say that one of these is wrong and one is right, but the lack of interoperability is an important deployment consideration and I don’t think this document should be silent on it.  IMO this is an important detail for implementers, who need to be aware that both interpretations of “comparable” exist.  New implementations may wish to have a “compatibility setting” that emulates one or the other behaviour on a particular session, so that they can interoperate.

My suggestion: can we expand section 5 slightly to clarify that there are two ways in which implementations can consider SAFI 1 and SAFI 4 routes comparable on a given session, as above, and that the resulting interoperability issue can be avoided either by emulating the appropriate behaviour on that session or by not running SAFI 1 and SAFI 4 on the same session?

5) In section 7 it says:
“ If a BGP implementation, not conformant with the current document,
encodes multiple labels in the NLRI but has not sent and received the
"Multiple Labels" Capability, a BGP implementation that does conform
with the current document will likely reset the BGP session.”

Wouldn’t that prevent incremental deployment of this RFC into a network that is initially composed of such implementations?  Because it seems to require that both ends of each BGP session must be upgraded simultaneously, or else the BGP sessions will all reset.

This issue was discussed at great length when the draft was first submitted.  The vast majority of deployments do not check the S bit.  That is, the de facto standard is to assume that a received update has only one label.   If any existing deployment were transmitting updates with multiple labels encoded into the NLRI, it would already be causing BGP session resets.
[Jon] OK.

(Even iff this were a real problem, it wouldn't require both ends of a session to be upgraded simultaneously.  It would just require one end to have a knob allowing it to accept both old and new behavior from its peer, and a knob telling it whether to use old or new behavior when sending to its peer.  But since the defacto standard doesn't use multiple labels, I don't think we have to worry much about this.)