--- 1/draft-ietf-grow-wkc-behavior-04.txt 2019-05-30 15:13:10.481483063 -0700 +++ 2/draft-ietf-grow-wkc-behavior-05.txt 2019-05-30 15:13:10.501483566 -0700 @@ -1,215 +1,215 @@ Network Working Group J. Borkenhagen Internet-Draft AT&T -Intended status: Best Current Practice R. Bush -Expires: November 17, 2019 Internet Initiative Japan - R. Bonica +Updates: 1997 (if approved) R. Bush +Intended status: Standards Track Internet Initiative Japan +Expires: December 1, 2019 R. Bonica Juniper Networks S. Bayraktar Cisco Systems - May 16, 2019 + May 30, 2019 Well-Known Community Policy Behavior - draft-ietf-grow-wkc-behavior-04 + draft-ietf-grow-wkc-behavior-05 Abstract - Popular BGP implementations manipulate Well-known Communities - differently from one another. This results in difficulties for - operators. Network operators are encouraged to deploy consistent - community handling across their networks, taking the inconsistent - behaviors from the various BGP implementations they operate into - consideration. This document recommends specific action items to - limit future inconsistency, namely BGP implementors are expected to - not create any further inconsistencies from this point forward. + Well-Known BGP Communities are manipulated differently across various + current implementations; resulting in difficulties for operators. + Network operators should deploy consistent community handling across + their networks while taking the inconsistent behaviors from the + various BGP implementations into consideration.. This document + recommends specific actions to limit future inconsistency, namely BGP + implementors must not create further inconsistencies from this point + forward. + +Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to + be interpreted as described in RFC 2119 [RFC2119] only when they + appear in all upper case. They may also appear in lower or mixed + case as English words, without normative meaning. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - - This Internet-Draft will expire on November 17, 2019. + This Internet-Draft will expire on December 1, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 - 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 - 3. Manipulation of Communities by Policy . . . . . . . . . . . . 3 - 4. Community Manipulation Policy Differences . . . . . . . . . . 3 - 5. Documentation of Vendor Implementations . . . . . . . . . . . 4 - 5.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 5 - 6. Note for Those Writing RFCs for New Community-Like Attributes 5 - 7. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 - 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 - 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 - 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 - 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 - 11.1. Normative References . . . . . . . . . . . . . . . . . . 6 - 11.2. Informative References . . . . . . . . . . . . . . . . . 6 + 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 + 3. Community Manipulation Policy Differences . . . . . . . . . . 3 + 4. Documentation of Vendor Implementations . . . . . . . . . . . 3 + 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 + 5. Note for Those Writing RFCs for New Community-Like Attributes 5 + 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 + 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 + 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 + 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 + 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction The BGP Communities Attribute was specified in [RFC1997] which introduced the concept of Well-Known Communities. In hindsight, [RFC1997] did not prescribe as fully as it should have how Well-Known Communities may be manipulated by policies applied by operators. Currently, implementations differ in this regard, and these differences can result in inconsistent behaviors that operators find difficult to identify and resolve. This document describes the current behavioral differences in order to assist operators in generating consistent community-manipulation policies in a multi-vendor environment, and to prevent the introduction of additional divergence in implementations. - This document recommends specific action items to limit future - inconsistency. - -2. Requirements Language - - The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", - "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and - "OPTIONAL" in this document are to be interpreted as described in BCP - 14 [RFC2119] [RFC8174] when, and only when, they appear in all - capitals, as shown here. + This document recommends specific actions to limit future + inconsistency, namely BGP implementors MUST NOT create further + inconsistencies from this point forward. -3. Manipulation of Communities by Policy +2. Manipulation of Communities by Policy [RFC1997] says: "A BGP speaker receiving a route with the COMMUNITIES path attribute may modify this attribute according to the local policy." One basic operational need is to add or remove one or more - communities to the received set. The focus of this document is - another common operational need, to replace all communities with a - new set. To simplify this second case, most BGP policy - implementations provide syntax to "set" community that operators use - to mean "remove any/all communities present on the route, and apply - this set of communities instead." + communities to the set. The focus of this document is another common + operational need, to replace all communities with a new set. To + simplify this second case, most BGP policy implementations provide + syntax to "set" community that operators use to mean "remove any/all + communities present on the route, and apply this set of communities + instead." Some operators prefer to write explicit policy to delete unwanted communities rather than using "set;" i.e. using a "delete community *:*" and then "add community x:y ..." configuration statements in an - attempt to replace all received communities. The same community - manipulation policy differences described in the following section - exist in both "set" and "delete community *:*" syntax. For - simplicity, the remainder of this document refers only to the "set" - behaviors, which we refer to collectively as each implementation's - '"set" directive.' + attempt to replace all communities. The same community manipulation + policy differences described in the following section exist in both + "set" and "delete community *:*" syntax. For simplicity, the + remainder of this document refers only to the "set" behaviors, which + we refer to collectively as each implementation's '"set" directive.' -4. Community Manipulation Policy Differences +3. Community Manipulation Policy Differences Vendor implementations differ in the treatment of certain Well-Known communities when modified using the syntax to "set" the community. Some replace all communities including the Well-Known ones with the new set, while others replace all non-Well-Known Communities but do not modify any Well-Known Communities that are present. These differences result in what would appear to be identical policy configurations having very different results on different platforms. -5. Documentation of Vendor Implementations +4. Documentation of Vendor Implementations In this section we document the syntax and observed behavior of the - "set" directive in several popular BGP implementations. + "set" directive in several popular BGP implementations to illustrate + the severity of the problem operators face. - In Juniper Networks' Junos OS, "community set" removes all received + In Juniper Networks' Junos OS, "community set" removes all communities, Well-Known or otherwise. - In Cisco Systems' IOS XR, "set community" removes all received - communities except for the following: + In Cisco IOS XR, "set community" removes all communities except for + the following: +-------------+-----------------------------------+ | Numeric | Common Name | +-------------+-----------------------------------+ | 0:0 | internet | | 65535:0 | graceful-shutdown | | 65535:1 | accept-own rfc7611 | | 65535:65281 | NO_EXPORT | | 65535:65282 | NO_ADVERTISE | | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | +-------------+-----------------------------------+ Communities not removed by Cisco IOS XR Table 1 - IOS XR does allow Well-Known communities to be removed by explicitly - enumerating each one, not in the aggregate; for example, "delete - community accept-own". Operators are advised to consult IOS XR - documentation and/or Cisco Systems support for full details. + Cisco IOS XR does allow Well-Known communities to be removed only by + explicitly enumerating one at a time, not in the aggregate; for + example, "delete community accept-own". Operators are advised to + consult Cisco IOS XR documentation and/or Cisco support for full + details. On Extreme networks' Brocade NetIron: "set community X" removes all - received communities and sets X. + communities and sets X. - In Huawei's VRP product, "community set" removes all received - communities, well-Known or otherwise. + In Huawei's VRP product, "community set" removes all communities, + Well-Known or otherwise. - In OpenBSD's OpenBGPD, "set community" does not remove any - communities, Well-Known or otherwise. + In OpenBGPD, "set community" does not remove any communities, Well- + Known or otherwise. Nokia's SR OS has several directives that operate on communities. Its "set" directive is called using the "replace" keyword, replacing - all received communities, Well-Known or otherwise, with the specified + all communities, Well-Known or otherwise, with the specified communities. -5.1. Note on an Inconsistency +4.1. Note on an Inconsistency - In IOS XR, "set community" will not overwrite some well-known - communities. However, it will overwrite other well-known - communities. Conversely, In IOS XR, "set community" will not - overwrite some communities that are not well-known (e.g., (internet - == 0:0). + The IANA publishes a list of Well-Known Communities [IANA-WKC]. + + Cisco IOS XR's set of Well-Known communities that "set community" + will not overwrite diverges from the IANA's list of Well-Known + communities. Quite a few Well-Known communities from IANA's list do + not receive special treatment in Cisco IOS XR, and at least one + specific community on Cisco IOS XR's special treatment list (internet + == 0:0) is not really on IANA's list -- it's taken from the + "Reserved" range [0x00000000-0x0000FFFF]. This merely notes an inconsistency. It is not a plea to 'protect' the entire IANA list from "set community." -6. Note for Those Writing RFCs for New Community-Like Attributes +5. Note for Those Writing RFCs for New Community-Like Attributes - When establishing new [RFC1997]-like attributes (large communities, - wide communities, etc.), RFC authors should state how the new - community attribute is to be handled. + > When establishing new [RFC1997]-like attributes (large communities, + wide communities, etc.), RFC authors should state explicitly how the + > new attribute is to be handled. -7. Action Items +6. Action Items Network operators are encouraged to limit their use of the "set" - directive (within reason), to improve the readability of their - configurations and hopefully to achieve behavioral consistency across - platforms. + directive (within reason), to improve consistency across platforms. Unfortunately, it would be operationally disruptive for vendors to change their current implementations. Vendors SHOULD clearly document the behavior of "set" directive in their implementations. Vendors MUST ensure that their implementations' "set" directive treatment of any specific community does not change if/when that community becomes a new Well-Known Community through future @@ -218,62 +218,54 @@ implementations where the "set" directive removes no communities, that behavior MUST continue. Given the implementation inconsistencies described in this document, network operators are urged never to rely on any implicit understanding of a neighbor ASN's BGP community handling. I.e., before announcing prefixes with NO_EXPORT or any other community to a neighbor ASN, the operator should confirm with that neighbor how the community will be treated. -8. Security Considerations +7. Security Considerations Surprising defaults and/or undocumented behaviors are not good for security. This document attempts to remedy that. - Also see Appendix A of [RFC5706]. - -9. IANA Considerations +8. IANA Considerations - This document has no IANA Considerations. + This document has no IANA Considerations; though the IANA may wish to + refer to this document, if/when published, in [IANA-WKC]. -10. Acknowledgments +9. Acknowledgments The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob Heitz. -11. References +10. Normative References -11.1. Normative References + [IANA-WKC] + IANA, "Border Gateway Protocol (BGP) Well-Known + Communities", . [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, - . + . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, - . - - [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC - 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, - May 2017, . - -11.2. Informative References - - [RFC5706] Harrington, D., "Guidelines for Considering Operations and - Management of New Protocols and Protocol Extensions", - RFC 5706, DOI 10.17487/RFC5706, November 2009, - . + . Authors' Addresses + Jay Borkenhagen AT&T 200 Laurel Avenue South Middletown, NJ 07748 United States of America Email: jayb@att.com Randy Bush Internet Initiative Japan