| draft-ietf-grow-wkc-behavior-02.txt | draft-ietf-grow-wkc-behavior-03.txt | |||
|---|---|---|---|---|
| Network Working Group J. Borkenhagen | Network Working Group J. Borkenhagen | |||
| Internet-Draft AT&T | Internet-Draft AT&T | |||
| Intended status: Standards Track R. Bush | Intended status: Standards Track R. Bush | |||
| Expires: July 26, 2019 Internet Initiative Japan | Expires: September 11, 2019 Internet Initiative Japan | |||
| R. Bonica | R. Bonica | |||
| Juniper Networks | Juniper Networks | |||
| S. Bayraktar | S. Bayraktar | |||
| Cisco Systems | Cisco Systems | |||
| January 22, 2019 | March 10, 2019 | |||
| Well-Known Community Policy Behavior | Well-Known Community Policy Behavior | |||
| draft-ietf-grow-wkc-behavior-02 | draft-ietf-grow-wkc-behavior-03 | |||
| Abstract | Abstract | |||
| Well-Known BGP Communities are manipulated inconsistently by current | Well-Known BGP Communities are manipulated inconsistently by current | |||
| implementations. This results in difficulties for operators. | implementations. This results in difficulties for operators. | |||
| Network operators are encouraged to deploy consistent community | Network operators are encouraged to deploy consistent community | |||
| handling across their networks, taking the inconsistent behaviors | handling across their networks, taking the inconsistent behaviors | |||
| from the various bgp implementations they operate into consideration. | from the various BGP implementations they operate into consideration. | |||
| Also, bgp implementors are expected to not create any further | Also, BGP implementors are expected to not create any further | |||
| inconsistencies from this point forward. | inconsistencies from this point forward. | |||
| Requirements Language | Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to | |||
| be interpreted as described in RFC 2119 [RFC2119] only when they | be interpreted as described in RFC 2119 [RFC2119] only when they | |||
| appear in all upper case. They may also appear in lower or mixed | appear in all upper case. They may also appear in lower or mixed | |||
| case as English words, without normative meaning. | case as English words, without normative meaning. | |||
| skipping to change at page 1, line 49 ¶ | skipping to change at page 1, line 49 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 26, 2019. | This Internet-Draft will expire on September 11, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 27 ¶ | skipping to change at page 2, line 27 ¶ | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 | 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 | |||
| 3. Community Manipulation Policy Differences . . . . . . . . . . 3 | 3. Community Manipulation Policy Differences . . . . . . . . . . 3 | |||
| 4. Documentation of Vendor Implementations . . . . . . . . . . . 3 | 4. Documentation of Vendor Implementations . . . . . . . . . . . 3 | |||
| 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 | 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 | |||
| 5. Note for Those Writing RFCs for New Community-Like | 5. Note for Those Writing RFCs for New Community-Like Attributes 5 | |||
| Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 4 | ||||
| 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 | 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 10. Normative References . . . . . . . . . . . . . . . . . . . . 5 | 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 1. Introduction | 1. Introduction | |||
| The BGP Communities Attribute was specified in [RFC1997] which | The BGP Communities Attribute was specified in [RFC1997] which | |||
| introduced the concept of Well-Known Communities. In hindsight, | introduced the concept of Well-Known Communities. In hindsight, | |||
| [RFC1997] did not prescribe as fully as it should have how Well-Known | [RFC1997] did not prescribe as fully as it should have how Well-Known | |||
| Communities may be manipulated by policies applied by operators. | Communities may be manipulated by policies applied by operators. | |||
| Currently, implementations differ in this regard, and these | Currently, implementations differ in this regard, and these | |||
| differences can result in inconsistent behaviors that operators find | differences can result in inconsistent behaviors that operators find | |||
| skipping to change at page 3, line 12 ¶ | skipping to change at page 3, line 12 ¶ | |||
| policies in a multi-vendor environment, and to prevent the | policies in a multi-vendor environment, and to prevent the | |||
| introduction of additional divergence in implementations. | introduction of additional divergence in implementations. | |||
| 2. Manipulation of Communities by Policy | 2. Manipulation of Communities by Policy | |||
| [RFC1997] says: | [RFC1997] says: | |||
| "A BGP speaker receiving a route with the COMMUNITIES path attribute | "A BGP speaker receiving a route with the COMMUNITIES path attribute | |||
| may modify this attribute according to the local policy." | may modify this attribute according to the local policy." | |||
| A basic operational need is to add or remove one or more communities | One basic operational need is to add or remove one or more | |||
| to the received set. Another common need is to replace all received | communities to the received set. The focus of this document is | |||
| communities with a new set. To simplify the second case, most BGP | another common operational need, to replace all communities with a | |||
| policy implementations provide syntax to "set" community that | new set. To simplify this second case, most BGP policy | |||
| operators use to mean "remove any/all communities present on the | implementations provide syntax to "set" community that operators use | |||
| update received from the neighbor, and apply this set of communities | to mean "remove any/all communities present on the route, and apply | |||
| instead." | this set of communities instead." | |||
| Some operators prefer to write explicit policy to delete unwanted | Some operators prefer to write explicit policy to delete unwanted | |||
| communities rather than using "set;" i.e. using a "delete community | communities rather than using "set;" i.e. using a "delete community | |||
| *:*" and then "add community x:y ..." configuration statements in an | *:*" and then "add community x:y ..." configuration statements in an | |||
| attempt to replace all received communities. The same community | attempt to replace all received communities. The same community | |||
| manipulation policy differences described in the following section | manipulation policy differences described in the following section | |||
| exist in both "set" and "delete community *:*" syntax. For | exist in both "set" and "delete community *:*" syntax. For | |||
| simplicity, the remainder of this document refers only to the "set" | simplicity, the remainder of this document refers only to the "set" | |||
| behaviors. | behaviors, which we refer to collectively as each implementation's | |||
| '"set" directive.' | ||||
| 3. Community Manipulation Policy Differences | 3. Community Manipulation Policy Differences | |||
| Vendor implementations differ in the treatment of certain Well-Known | Vendor implementations differ in the treatment of certain Well-Known | |||
| communities when modified using the syntax to "set" the community. | communities when modified using the syntax to "set" the community. | |||
| Some replace all communities including the Well-Known ones with the | Some replace all communities including the Well-Known ones with the | |||
| new set, while others replace all non-Well-Known Communities but do | new set, while others replace all non-Well-Known Communities but do | |||
| not modify any Well-Known Communities that are present. | not modify any Well-Known Communities that are present. | |||
| These differences result in what would appear to be identical policy | These differences result in what would appear to be identical policy | |||
| configurations having very different results on different platforms. | configurations having very different results on different platforms. | |||
| 4. Documentation of Vendor Implementations | 4. Documentation of Vendor Implementations | |||
| In this section we document the syntax and observed behavior of the | In this section we document the syntax and observed behavior of the | |||
| "set" directive in several popular bgp implementations. | "set" directive in several popular BGP implementations. | |||
| In Juniper Networks' JunOS, "community set" removes all received | In Juniper Networks' Junos OS, "community set" removes all received | |||
| communities, Well-Known or otherwise. | communities, Well-Known or otherwise. | |||
| In Cisco Systems' IOS-XR, "set community" removes all received | In Cisco Systems' IOS XR, "set community" removes all received | |||
| communities except for the following: | communities except for the following: | |||
| +-------------+-----------------------------------+ | +-------------+-----------------------------------+ | |||
| | Numeric | Common Name | | | Numeric | Common Name | | |||
| +-------------+-----------------------------------+ | +-------------+-----------------------------------+ | |||
| | 0:0 | internet | | | 0:0 | internet | | |||
| | 65535:0 | graceful-shutdown | | | 65535:0 | graceful-shutdown | | |||
| | 65535:1 | accept-own rfc7611 | | | 65535:1 | accept-own rfc7611 | | |||
| | 65535:65281 | NO_EXPORT | | | 65535:65281 | NO_EXPORT | | |||
| | 65535:65282 | NO_ADVERTISE | | | 65535:65282 | NO_ADVERTISE | | |||
| | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | | | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | | |||
| +-------------+-----------------------------------+ | +-------------+-----------------------------------+ | |||
| Communities not removed by Cisco IOS/XR | Communities not removed by Cisco IOS XR | |||
| Table 1 | Table 1 | |||
| IOS-XR does allow Well-Known communities to be removed one at a time | IOS XR does allow Well-Known communities to be removed one at a time | |||
| by explicit policy; for example, "delete community accept-own". | by explicit policy; for example, "delete community accept-own". | |||
| Operators are advised to consult IOS-XR documentation and/or Cisco | Operators are advised to consult IOS XR documentation and/or Cisco | |||
| Systems support for full details. | Systems support for full details. | |||
| On Brocade NetIron: "set community X" removes all communities and | On Extreme networks' Brocade NetIron: "set community X" removes all | |||
| sets X. | communities and sets X. | |||
| In Huawei's VRP product, "community set" removes all received | In Huawei's VRP product, "community set" removes all received | |||
| communities, well-Known or otherwise. | communities, well-Known or otherwise. | |||
| In OpenBSD's OpenBGPD, "set community" does not remove any | In OpenBSD's OpenBGPD, "set community" does not remove any | |||
| communities, Well-Known or otherwise. | communities, Well-Known or otherwise. | |||
| Nokia's SR OS has several directives that operate on communities. | ||||
| Its "set" directive is called using the "replace" keyword, replacing | ||||
| all communities, Well-Known or otherwise, with the specified | ||||
| communities. | ||||
| 4.1. Note on an Inconsistency | 4.1. Note on an Inconsistency | |||
| The IANA publishes a list of Well-Known Communities [IANA-WKS]. | The IANA publishes a list of Well-Known Communities [IANA-WKS]. | |||
| IOS-XR's set of well-known communities that "set community" will not | IOS XR's set of well-known communities that "set community" will not | |||
| overwrite diverges from IANA's list. Quite a few well-known | overwrite diverges from IANA's list. Quite a few well-known | |||
| communities from IANA's list do not receive special treatment in IOS- | communities from IANA's list do not receive special treatment in IOS | |||
| XR, and at least one specific community on IOS-XR's special treatment | XR, and at least one specific community on IOS XR's special treatment | |||
| list (internet == 0:0) is not really on IANA's list -- it's taken | list (internet == 0:0) is not really on IANA's list -- it's taken | |||
| from the "Reserved" range [0x00000000-0x0000FFFF]. | from the "Reserved" range [0x00000000-0x0000FFFF]. | |||
| This merely notes an inconsistency. It is not a plea to 'protect' | This merely notes an inconsistency. It is not a plea to 'protect' | |||
| the entire IANA list from "set community." | the entire IANA list from "set community." | |||
| 5. Note for Those Writing RFCs for New Community-Like Attributes | 5. Note for Those Writing RFCs for New Community-Like Attributes | |||
| Care should be taken when establishing new [RFC1997]-like attributes | Care should be taken when establishing new [RFC1997]-like attributes | |||
| (large communities, wide communities, etc) to avoid repeating this | (large communities, wide communities, etc) to avoid repeating this | |||
| mistake. | mistake. | |||
| 6. Action Items | 6. Action Items | |||
| Unfortunately, it would be operationally disruptive for vendors to | Unfortunately, it would be operationally disruptive for vendors to | |||
| change their current implementations. | change their current implementations. | |||
| Vendors SHOULD clearly document the behavior of "set" directive in | Vendors SHOULD clearly document the behavior of "set" directive in | |||
| their implementations. | their implementations. | |||
| Vendors MUST ensure that any Well-Known Communities specified after | Vendors MUST ensure that their implementations' "set" directive | |||
| this document's publication are removed by their "set" directive. | treatment of any specific community does not change if/when that | |||
| community becomes a new Well-Known Community through future | ||||
| standardization. For most implementations, this means that the "set" | ||||
| directive MUST continue to remove the community; for those | ||||
| implementations where the "set" directive removes no communities, | ||||
| that behavior MUST continue. | ||||
| Given the implementation inconsistencies described in this document, | Given the implementation inconsistencies described in this document, | |||
| network operators are urged never to rely on any implicit | network operators are urged never to rely on any implicit | |||
| understanding of a neighbor ASN's bgp community handling. I.e., | understanding of a neighbor ASN's BGP community handling. I.e., | |||
| before announcing prefixes with NO_EXPORT or any other community to a | before announcing prefixes with NO_EXPORT or any other community to a | |||
| neighbor ASN, the operator should confirm with that neighbor how the | neighbor ASN, the operator should confirm with that neighbor how the | |||
| community will be treated. | community will be treated. | |||
| Network operators are encouraged to limit their use of the "set" | Network operators are encouraged to limit their use of the "set" | |||
| directive (within reason), to improve the readability of their | directive (within reason), to improve the readability of their | |||
| configurations and hopefully to achieve behavioral consistency across | configurations and hopefully to achieve behavioral consistency across | |||
| platforms. | platforms. | |||
| 7. Security Considerations | 7. Security Considerations | |||
| Surprising defaults and/or undocumented behaviors are not good for | Surprising defaults and/or undocumented behaviors are not good for | |||
| security. This document attempts to remedy that. | security. This document attempts to remedy that. | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| This document has no IANA Considerations other than to be aware that | This document has no IANA Considerations other than to be aware that | |||
| any future Well-Known Communities will be subject to the policy | any future Well-Known Communities will be subject to the policy | |||
| treatment described here. | treatment described here. | |||
| 9. Acknowledgements | 9. Acknowledgments | |||
| The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, | The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, | |||
| Job Snijders, David Farmer,John Heasley, and Jakob Heitz. | Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob | |||
| Heitz. | ||||
| 10. Normative References | 10. Normative References | |||
| [IANA-WKS] | [IANA-WKS] | |||
| "IANA Well-Known Comunities", | "IANA Well-Known Communities", | |||
| <https://www.iana.org/assignments/bgp-well-known- | <https://www.iana.org/assignments/bgp-well-known- | |||
| communities/bgp-well-known-communities.xhtml>. | communities/bgp-well-known-communities.xhtml>. | |||
| [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | |||
| Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | |||
| <http://www.rfc-editor.org/info/rfc1997>. | <http://www.rfc-editor.org/info/rfc1997>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| End of changes. 24 change blocks. | ||||
| 35 lines changed or deleted | 46 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||