draft-ietf-grow-wkc-behavior-02.txt   draft-ietf-grow-wkc-behavior-03.txt 
Network Working Group J. Borkenhagen Network Working Group J. Borkenhagen
Internet-Draft AT&T Internet-Draft AT&T
Intended status: Standards Track R. Bush Intended status: Standards Track R. Bush
Expires: July 26, 2019 Internet Initiative Japan Expires: September 11, 2019 Internet Initiative Japan
R. Bonica R. Bonica
Juniper Networks Juniper Networks
S. Bayraktar S. Bayraktar
Cisco Systems Cisco Systems
January 22, 2019 March 10, 2019
Well-Known Community Policy Behavior Well-Known Community Policy Behavior
draft-ietf-grow-wkc-behavior-02 draft-ietf-grow-wkc-behavior-03
Abstract Abstract
Well-Known BGP Communities are manipulated inconsistently by current Well-Known BGP Communities are manipulated inconsistently by current
implementations. This results in difficulties for operators. implementations. This results in difficulties for operators.
Network operators are encouraged to deploy consistent community Network operators are encouraged to deploy consistent community
handling across their networks, taking the inconsistent behaviors handling across their networks, taking the inconsistent behaviors
from the various bgp implementations they operate into consideration. from the various BGP implementations they operate into consideration.
Also, bgp implementors are expected to not create any further Also, BGP implementors are expected to not create any further
inconsistencies from this point forward. inconsistencies from this point forward.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to
be interpreted as described in RFC 2119 [RFC2119] only when they be interpreted as described in RFC 2119 [RFC2119] only when they
appear in all upper case. They may also appear in lower or mixed appear in all upper case. They may also appear in lower or mixed
case as English words, without normative meaning. case as English words, without normative meaning.
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 26, 2019. This Internet-Draft will expire on September 11, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3
3. Community Manipulation Policy Differences . . . . . . . . . . 3 3. Community Manipulation Policy Differences . . . . . . . . . . 3
4. Documentation of Vendor Implementations . . . . . . . . . . . 3 4. Documentation of Vendor Implementations . . . . . . . . . . . 3
4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4
5. Note for Those Writing RFCs for New Community-Like 5. Note for Those Writing RFCs for New Community-Like Attributes 5
Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 4
6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
10. Normative References . . . . . . . . . . . . . . . . . . . . 5 10. Normative References . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
The BGP Communities Attribute was specified in [RFC1997] which The BGP Communities Attribute was specified in [RFC1997] which
introduced the concept of Well-Known Communities. In hindsight, introduced the concept of Well-Known Communities. In hindsight,
[RFC1997] did not prescribe as fully as it should have how Well-Known [RFC1997] did not prescribe as fully as it should have how Well-Known
Communities may be manipulated by policies applied by operators. Communities may be manipulated by policies applied by operators.
Currently, implementations differ in this regard, and these Currently, implementations differ in this regard, and these
differences can result in inconsistent behaviors that operators find differences can result in inconsistent behaviors that operators find
skipping to change at page 3, line 12 skipping to change at page 3, line 12
policies in a multi-vendor environment, and to prevent the policies in a multi-vendor environment, and to prevent the
introduction of additional divergence in implementations. introduction of additional divergence in implementations.
2. Manipulation of Communities by Policy 2. Manipulation of Communities by Policy
[RFC1997] says: [RFC1997] says:
"A BGP speaker receiving a route with the COMMUNITIES path attribute "A BGP speaker receiving a route with the COMMUNITIES path attribute
may modify this attribute according to the local policy." may modify this attribute according to the local policy."
A basic operational need is to add or remove one or more communities One basic operational need is to add or remove one or more
to the received set. Another common need is to replace all received communities to the received set. The focus of this document is
communities with a new set. To simplify the second case, most BGP another common operational need, to replace all communities with a
policy implementations provide syntax to "set" community that new set. To simplify this second case, most BGP policy
operators use to mean "remove any/all communities present on the implementations provide syntax to "set" community that operators use
update received from the neighbor, and apply this set of communities to mean "remove any/all communities present on the route, and apply
instead." this set of communities instead."
Some operators prefer to write explicit policy to delete unwanted Some operators prefer to write explicit policy to delete unwanted
communities rather than using "set;" i.e. using a "delete community communities rather than using "set;" i.e. using a "delete community
*:*" and then "add community x:y ..." configuration statements in an *:*" and then "add community x:y ..." configuration statements in an
attempt to replace all received communities. The same community attempt to replace all received communities. The same community
manipulation policy differences described in the following section manipulation policy differences described in the following section
exist in both "set" and "delete community *:*" syntax. For exist in both "set" and "delete community *:*" syntax. For
simplicity, the remainder of this document refers only to the "set" simplicity, the remainder of this document refers only to the "set"
behaviors. behaviors, which we refer to collectively as each implementation's
'"set" directive.'
3. Community Manipulation Policy Differences 3. Community Manipulation Policy Differences
Vendor implementations differ in the treatment of certain Well-Known Vendor implementations differ in the treatment of certain Well-Known
communities when modified using the syntax to "set" the community. communities when modified using the syntax to "set" the community.
Some replace all communities including the Well-Known ones with the Some replace all communities including the Well-Known ones with the
new set, while others replace all non-Well-Known Communities but do new set, while others replace all non-Well-Known Communities but do
not modify any Well-Known Communities that are present. not modify any Well-Known Communities that are present.
These differences result in what would appear to be identical policy These differences result in what would appear to be identical policy
configurations having very different results on different platforms. configurations having very different results on different platforms.
4. Documentation of Vendor Implementations 4. Documentation of Vendor Implementations
In this section we document the syntax and observed behavior of the In this section we document the syntax and observed behavior of the
"set" directive in several popular bgp implementations. "set" directive in several popular BGP implementations.
In Juniper Networks' JunOS, "community set" removes all received In Juniper Networks' Junos OS, "community set" removes all received
communities, Well-Known or otherwise. communities, Well-Known or otherwise.
In Cisco Systems' IOS-XR, "set community" removes all received In Cisco Systems' IOS XR, "set community" removes all received
communities except for the following: communities except for the following:
+-------------+-----------------------------------+ +-------------+-----------------------------------+
| Numeric | Common Name | | Numeric | Common Name |
+-------------+-----------------------------------+ +-------------+-----------------------------------+
| 0:0 | internet | | 0:0 | internet |
| 65535:0 | graceful-shutdown | | 65535:0 | graceful-shutdown |
| 65535:1 | accept-own rfc7611 | | 65535:1 | accept-own rfc7611 |
| 65535:65281 | NO_EXPORT | | 65535:65281 | NO_EXPORT |
| 65535:65282 | NO_ADVERTISE | | 65535:65282 | NO_ADVERTISE |
| 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) |
+-------------+-----------------------------------+ +-------------+-----------------------------------+
Communities not removed by Cisco IOS/XR Communities not removed by Cisco IOS XR
Table 1 Table 1
IOS-XR does allow Well-Known communities to be removed one at a time IOS XR does allow Well-Known communities to be removed one at a time
by explicit policy; for example, "delete community accept-own". by explicit policy; for example, "delete community accept-own".
Operators are advised to consult IOS-XR documentation and/or Cisco Operators are advised to consult IOS XR documentation and/or Cisco
Systems support for full details. Systems support for full details.
On Brocade NetIron: "set community X" removes all communities and On Extreme networks' Brocade NetIron: "set community X" removes all
sets X. communities and sets X.
In Huawei's VRP product, "community set" removes all received In Huawei's VRP product, "community set" removes all received
communities, well-Known or otherwise. communities, well-Known or otherwise.
In OpenBSD's OpenBGPD, "set community" does not remove any In OpenBSD's OpenBGPD, "set community" does not remove any
communities, Well-Known or otherwise. communities, Well-Known or otherwise.
Nokia's SR OS has several directives that operate on communities.
Its "set" directive is called using the "replace" keyword, replacing
all communities, Well-Known or otherwise, with the specified
communities.
4.1. Note on an Inconsistency 4.1. Note on an Inconsistency
The IANA publishes a list of Well-Known Communities [IANA-WKS]. The IANA publishes a list of Well-Known Communities [IANA-WKS].
IOS-XR's set of well-known communities that "set community" will not IOS XR's set of well-known communities that "set community" will not
overwrite diverges from IANA's list. Quite a few well-known overwrite diverges from IANA's list. Quite a few well-known
communities from IANA's list do not receive special treatment in IOS- communities from IANA's list do not receive special treatment in IOS
XR, and at least one specific community on IOS-XR's special treatment XR, and at least one specific community on IOS XR's special treatment
list (internet == 0:0) is not really on IANA's list -- it's taken list (internet == 0:0) is not really on IANA's list -- it's taken
from the "Reserved" range [0x00000000-0x0000FFFF]. from the "Reserved" range [0x00000000-0x0000FFFF].
This merely notes an inconsistency. It is not a plea to 'protect' This merely notes an inconsistency. It is not a plea to 'protect'
the entire IANA list from "set community." the entire IANA list from "set community."
5. Note for Those Writing RFCs for New Community-Like Attributes 5. Note for Those Writing RFCs for New Community-Like Attributes
Care should be taken when establishing new [RFC1997]-like attributes Care should be taken when establishing new [RFC1997]-like attributes
(large communities, wide communities, etc) to avoid repeating this (large communities, wide communities, etc) to avoid repeating this
mistake. mistake.
6. Action Items 6. Action Items
Unfortunately, it would be operationally disruptive for vendors to Unfortunately, it would be operationally disruptive for vendors to
change their current implementations. change their current implementations.
Vendors SHOULD clearly document the behavior of "set" directive in Vendors SHOULD clearly document the behavior of "set" directive in
their implementations. their implementations.
Vendors MUST ensure that any Well-Known Communities specified after Vendors MUST ensure that their implementations' "set" directive
this document's publication are removed by their "set" directive. treatment of any specific community does not change if/when that
community becomes a new Well-Known Community through future
standardization. For most implementations, this means that the "set"
directive MUST continue to remove the community; for those
implementations where the "set" directive removes no communities,
that behavior MUST continue.
Given the implementation inconsistencies described in this document, Given the implementation inconsistencies described in this document,
network operators are urged never to rely on any implicit network operators are urged never to rely on any implicit
understanding of a neighbor ASN's bgp community handling. I.e., understanding of a neighbor ASN's BGP community handling. I.e.,
before announcing prefixes with NO_EXPORT or any other community to a before announcing prefixes with NO_EXPORT or any other community to a
neighbor ASN, the operator should confirm with that neighbor how the neighbor ASN, the operator should confirm with that neighbor how the
community will be treated. community will be treated.
Network operators are encouraged to limit their use of the "set" Network operators are encouraged to limit their use of the "set"
directive (within reason), to improve the readability of their directive (within reason), to improve the readability of their
configurations and hopefully to achieve behavioral consistency across configurations and hopefully to achieve behavioral consistency across
platforms. platforms.
7. Security Considerations 7. Security Considerations
Surprising defaults and/or undocumented behaviors are not good for Surprising defaults and/or undocumented behaviors are not good for
security. This document attempts to remedy that. security. This document attempts to remedy that.
8. IANA Considerations 8. IANA Considerations
This document has no IANA Considerations other than to be aware that This document has no IANA Considerations other than to be aware that
any future Well-Known Communities will be subject to the policy any future Well-Known Communities will be subject to the policy
treatment described here. treatment described here.
9. Acknowledgements 9. Acknowledgments
The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, The authors thank Martijn Schmidt, Qin Wu for the Huawei data point,
Job Snijders, David Farmer,John Heasley, and Jakob Heitz. Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob
Heitz.
10. Normative References 10. Normative References
[IANA-WKS] [IANA-WKS]
"IANA Well-Known Comunities", "IANA Well-Known Communities",
<https://www.iana.org/assignments/bgp-well-known- <https://www.iana.org/assignments/bgp-well-known-
communities/bgp-well-known-communities.xhtml>. communities/bgp-well-known-communities.xhtml>.
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
<http://www.rfc-editor.org/info/rfc1997>. <http://www.rfc-editor.org/info/rfc1997>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
 End of changes. 24 change blocks. 
35 lines changed or deleted 46 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/