Re: [Sidrops] Which 8210-bis error code should be used?
Claudio Jeker <cjeker@diehard.n-r-g.com> Thu, 08 June 2023 10:09 UTC
Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1BA6C14CE4F for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 03:09:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id arGUChotedWo for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 03:09:03 -0700 (PDT)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D72AC151B16 for <sidrops@ietf.org>; Thu, 8 Jun 2023 03:09:02 -0700 (PDT)
Received: (qmail 65148 invoked by uid 1000); 8 Jun 2023 10:09:00 -0000
Date: Thu, 08 Jun 2023 12:09:00 +0200
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: gengnan <gengnan=40huawei.com@dmarc.ietf.org>
Cc: SIDR Operations WG <sidrops@ietf.org>
Message-ID: <ZIGovP2SaF0UgkNT@diehard.n-r-g.com>
References: <F338C878-E41A-4DB7-A4C6-1CEE0A6F6502@verisign.com> <003401d9993d$6b03db90$410b92b0$@cernet.edu.cn> <C1A9142F-F938-42F2-970E-3C2B85044019@nlnetlabs.nl> <ZICJjsmMcuQr55Sn@diehard.n-r-g.com> <7462895378ab4903b692264e67700ee5@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <7462895378ab4903b692264e67700ee5@huawei.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/EEWHdj5RE4au04WlAD5jiHkx7Fo>
Subject: Re: [Sidrops] Which 8210-bis error code should be used?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 10:09:06 -0000
On Thu, Jun 08, 2023 at 06:53:41AM +0000, gengnan wrote: > Hi, > > (Want to confirm another 8210bis error code usage in this thread..) > > The two descriptions in the 8210bis draft below look like inconsistent. > (Through reading the codes) Openbgpd seems to follow the first > description, i.e., "replacing". > If "replacing" is the correct understanding, why not IPvX PDU and Router > Key PDU take the "replacing" action? I followed 5.12 that is very clear that an announce will replace the ASPA record. The section is also emphasing that the ASPA PDU lookup is not using the Provider Autonomous System Numbers or Provider AS Count as information to lookup the record: The router MUST see at most one ASPA for a given AFI from a cache for a particular Customer Autonomous System Number active at any time. So there is a difference in behaviour here regarding the other PDUs. For IPvX PDU and Router Key PDU track one element and the full element is used as key in the lookup (there is no extra data). The ASPA PDU did not do that. It aggreagtes all the Provider Autonomous System Numbers into a single object (extra data). To simplify update operation the replace method was added. The alternative would be to update an ASPA record by issuing a withdraw of the old record and announce of the new record. This can result in Break Before Make issues. For IPvX PDUs this problem is delegated to the RTR cache to order the updates properly. For Router Key there is nothing in place right now mainly because there is no experience with it. My assumption is that Section 11 will need to be extended for Router Key consideration at some point. In the case for Router Keys this may be delegated all the way up to the CA to perform proper key roll over procedures (so it may not be needed inside RTR itself). RTR is lacking all the transactional awareness that databases normally need to be ACID compliant. This lack of basic isolation is a big problem of RTR and the reason for special workarounds (Section 11). In OpenBGPD we try to make all Payload PDU updates between Cache Response and End of Data PDU to appear atomic but if the End of Data PDU is not received in reasonable time (60 sec) this atomicity is not guaranteed. This works as long as the RTR cache is not spreading connected PDUs over multiple incremental updates. > Description 1: > " > Receipt of an ASPA PDU announcement (announce/withdraw flag == 1) when the router already has an ASPA PDU with the same Customer Autonomous System Number and the same Address Family (see AFI Flags field), replaces the previous one. > " > Description 2: > " > Duplicate Announcement Received (fatal): > The received PDU has Flag=1, but a matching record ({Prefix, Len, Max-Len, ASN} tuple for an IPvX PDU or {SKI, ASN, Subject Public Key} tuple for a Router Key PDU), or Customer Autonomous System for an ASPA PDU is already active in the router. > " The additon of ASPA PDU text in Description 2 (Section 13. Error Codes) needs to be removed since there is no way to have a duplicate announcement based on the text in Section 5.12 Now one could argue that sending an ASPA PDU to replace the current PDU that is exactly the same should trigger this error but what do we gain from that? -- :wq Claudio
- [Sidrops] Which 8210-bis error code should be use… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Randy Bush
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- [Sidrops] some wording improvements in draft-ietf… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] some wording improvements in draft-… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Jay Borkenhagen
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Martin Hoffmann
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Job Snijders
- Re: [Sidrops] Which 8210-bis error code should be… Randy Bush
- Re: [Sidrops] Which 8210-bis error code should be… Martin Hoffmann
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Jay Borkenhagen
- Re: [Sidrops] Which 8210-bis error code should be… Hollyman, Michael
- Re: [Sidrops] Which 8210-bis error code should be… Mikael Abrahamsson
- Re: [Sidrops] Which 8210-bis error code should be… Tony Tauber
- Re: [Sidrops] Which 8210-bis error code should be… Yangyang Wang
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… gengnan
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)