draft-ietf-grow-wkc-behavior-08.txt   rfc8642.txt 
Network Working Group J. Borkenhagen Internet Engineering Task Force (IETF) J. Borkenhagen
Internet-Draft AT&T Request for Comments: 8642 AT&T
Updates: 1997 (if approved) R. Bush Updates: 1997 R. Bush
Intended status: Standards Track IIJ & Arrcus Category: Standards Track IIJ & Arrcus
Expires: December 15, 2019 R. Bonica ISSN: 2070-1721 R. Bonica
Juniper Networks Juniper Networks
S. Bayraktar S. Bayraktar
Cisco Systems Cisco Systems
June 13, 2019 August 2019
Well-Known Community Policy Behavior Policy Behavior for Well-Known BGP Communities
draft-ietf-grow-wkc-behavior-08
Abstract Abstract
Well-Known BGP Communities are manipulated differently across various Well-known BGP communities are manipulated differently across various
current implementations; resulting in difficulties for operators. current implementations, resulting in difficulties for operators.
Network operators should deploy consistent community handling across Network operators should deploy consistent community handling across
their networks while taking the inconsistent behaviors from the their networks while taking the inconsistent behaviors from the
various BGP implementations into consideration.. This document various BGP implementations into consideration. This document
recommends specific actions to limit future inconsistency, namely BGP recommends specific actions to limit future inconsistency: namely,
implementors must not create further inconsistencies from this point BGP implementors must not create further inconsistencies from this
forward. point forward. These behavioral changes, though subtle, actually
update RFC 1997.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This document is a product of the Internet Engineering Task Force
Task Force (IETF). Note that other groups may also distribute (IETF). It represents the consensus of the IETF community. It has
working documents as Internet-Drafts. The list of current Internet- received public review and has been approved for publication by the
Drafts is at https://datatracker.ietf.org/drafts/current/. Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Internet-Drafts are draft documents valid for a maximum of six months Information about the current status of this document, any errata,
and may be updated, replaced, or obsoleted by other documents at any and how to provide feedback on it may be obtained at
time. It is inappropriate to use Internet-Drafts as reference https://www.rfc-editor.org/info/rfc8642.
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 15, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 25
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3
3. Community Manipulation Policy Differences . . . . . . . . . . 3 3. Community Manipulation Policy Differences . . . . . . . . . . 3
4. Documentation of Vendor Implementations . . . . . . . . . . . 3 4. Documentation of Vendor Implementations . . . . . . . . . . . 4
4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 5
5. Note for Those Writing RFCs for New Community-Like Attributes 5 5. Note for Those Writing RFCs for New Community-Like Attributes 5
6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 9. Normative References . . . . . . . . . . . . . . . . . . . . 6
10. Normative References . . . . . . . . . . . . . . . . . . . . 6 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
The BGP Communities Attribute was specified in [RFC1997] which The BGP Communities attribute was specified in [RFC1997], which
introduced the concept of Well-Known Communities. In hindsight, introduced the concept of well-known communities. In hindsight,
[RFC1997] did not prescribe as fully as it should have how Well-Known [RFC1997] did not prescribe as fully as it should have how well-known
Communities may be manipulated by policies applied by operators. communities may be manipulated by policies applied by operators.
Currently, implementations differ in this regard, and these Currently, implementations differ in this regard, and these
differences can result in inconsistent behaviors that operators find differences can result in inconsistent behaviors that operators find
difficult to identify and resolve. difficult to identify and resolve.
This document describes the current behavioral differences in order This document describes the current behavioral differences in order
to assist operators in generating consistent community-manipulation to assist operators in generating consistent community-manipulation
policies in a multi-vendor environment, and to prevent the policies in a multi-vendor environment and to prevent the
introduction of additional divergence in implementations. introduction of additional divergence in implementations.
This document recommends specific actions to limit future This document recommends specific actions to limit future
inconsistency, namely BGP implementors MUST NOT create further inconsistency: namely, BGP implementors MUST NOT create further
inconsistencies from this point forward. inconsistencies from this point forward.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Manipulation of Communities by Policy 2. Manipulation of Communities by Policy
[RFC1997] says: [RFC1997] says:
"A BGP speaker receiving a route with the COMMUNITIES path attribute A BGP speaker receiving a route with the COMMUNITIES path
may modify this attribute according to the local policy." attribute may modify this attribute according to the local policy.
One basic operational need is to add or remove one or more One basic operational need is to add or remove one or more
communities to the set. The focus of this document is another common communities to or from the set. The focus of this document is
operational need, to replace all communities with a new set. To another common operational need: to replace all communities with a
simplify this second case, most BGP policy implementations provide new set. To simplify this second case, most BGP policy
syntax to "set" community that operators use to mean "remove any/all implementations provide a syntax to "set" a community that operators
communities present on the route, and apply this set of communities use to mean "remove any/all communities present on the route and
instead." apply this set of communities instead".
Some operators prefer to write explicit policy to delete unwanted Some operators prefer to write explicit policy to delete unwanted
communities rather than using "set;" i.e. using a "delete community communities rather than use "set", i.e., using "delete community *:*"
*:*" and then "add community x:y ..." configuration statements in an and then "add community x:y ..." configuration statements in an
attempt to replace all communities. The same community manipulation attempt to replace all communities. The same community-manipulation
policy differences described in the following section exist in both policy differences described in the following section exist in the
"set" and "delete community *:*" syntax. For simplicity, the syntax for both "set" and "delete community *:*". For simplicity,
remainder of this document refers only to the "set" behaviors, which the remainder of this document refers only to the "set" behaviors,
we refer to collectively as each implementation's '"set" directive.' which we refer to collectively as each implementation's '"set"
directive'.
3. Community Manipulation Policy Differences 3. Community Manipulation Policy Differences
Vendor implementations differ in the treatment of certain Well-Known Vendor implementations differ in the treatment of certain well-known
communities when modified using the syntax to "set" the community. communities when modified using the syntax to "set" the community.
Some replace all communities including the Well-Known ones with the Some replace all communities, including the well-known ones, with the
new set, while others replace all non-Well-Known Communities but do new set; others replace all non-well-known communities but do not
not modify any Well-Known Communities that are present. modify any well-known communities that are present.
These differences result in what would appear to be identical policy These differences result in what would appear to be identical policy
configurations having very different results on different platforms. configurations having very different results on different platforms.
4. Documentation of Vendor Implementations 4. Documentation of Vendor Implementations
In this section we document the syntax and observed behavior of the In this section, we document the syntax and observed behavior of the
"set" directive in several popular BGP implementations to illustrate "set" directive in several popular BGP implementations to illustrate
the severity of the problem operators face. the severity of the problem operators face.
In Juniper Networks' Junos OS, "community set" removes all In Juniper Networks' Junos OS, "community set" removes all
communities, Well-Known or otherwise. communities, well-known or otherwise.
In Cisco IOS XR, "set community" removes all communities except for In Cisco IOS XR, "set community" removes all communities except for
the following: the following:
+-------------+-----------------------------------+ +-------------+-----------------------------------+
| Numeric | Common Name | | Numeric | Common Name |
+-------------+-----------------------------------+ +-------------+-----------------------------------+
| 0:0 | internet | | 0:0 | internet |
| 65535:0 | graceful-shutdown | | 65535:0 | graceful-shutdown |
| 65535:1 | accept-own rfc7611 | | 65535:1 | accept-own rfc7611 |
| 65535:65281 | NO_EXPORT | | 65535:65281 | NO_EXPORT |
| 65535:65282 | NO_ADVERTISE | | 65535:65282 | NO_ADVERTISE |
| 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) |
+-------------+-----------------------------------+ +-------------+-----------------------------------+
Communities not removed by Cisco IOS XR Table 1: Communities Not Removed by Cisco's IOS XR
Table 1
Cisco IOS XR does allow Well-Known communities to be removed only by Cisco IOS XR allows well-known communities to be removed only by
explicitly enumerating one at a time, not in the aggregate; for explicitly enumerating one at a time and not in the aggregate -- for
example, "delete community accept-own". Operators are advised to example, "delete community accept-own". Operators are advised to
consult Cisco IOS XR documentation and/or Cisco support for full consult Cisco IOS XR documentation and/or Cisco support for full
details. details.
On Extreme networks' Brocade NetIron: "set community X" removes all On Extreme networks' Brocade NetIron, "set community X" removes all
communities and sets X. communities and sets X.
In Huawei's VRP product, "community set" removes all communities, In Huawei's VRP product, "community set" removes all communities,
Well-Known or otherwise. well-known or otherwise.
In OpenBGPD, "set community" does not remove any communities, Well- In OpenBGPD, "set community" does not remove any communities, well-
Known or otherwise. known or otherwise.
Nokia's SR OS has several directives that operate on communities. Nokia's SR OS has several directives that operate on communities.
Its "set" directive is called using the "replace" keyword, replacing Its "set" directive is called using the "replace" keyword, replacing
all communities, Well-Known or otherwise, with the specified all communities, well-known or otherwise, with the specified
communities. communities.
4.1. Note on an Inconsistency 4.1. Note on an Inconsistency
The IANA publishes a list of Well-Known Communities [IANA-WKC]. IANA publishes a list of well-known communities [IANA-WKC].
Cisco IOS XR's set of Well-Known communities that "set community" Cisco IOS XR's set of well-known communities that "set community"
will not overwrite diverges from the IANA's list of Well-Known will not overwrite diverges from the IANA's list of well-known
communities. Quite a few Well-Known communities from IANA's list do communities. Quite a few well-known communities from IANA's list do
not receive special treatment in Cisco IOS XR, and at least one not receive special treatment in Cisco IOS XR, and at least one
community on Cisco IOS XR's special treatment list, internet == 0:0, community on Cisco IOS XR's special treatment list, internet == 0:0,
is not formally a Well-Known Community as it is not in [IANA-WKC]; is not formally a well-known community as it is not in [IANA-WKC] (it
but taken from the Reserved range [0x00000000-0x0000FFFF]. is taken from the Reserved range [0x00000000-0x0000FFFF]).
This merely notes an inconsistency. It is not a plea to 'protect' This merely notes an inconsistency. It is not a plea to protect the
the entire IANA list from "set community." entire IANA list from "set community".
5. Note for Those Writing RFCs for New Community-Like Attributes 5. Note for Those Writing RFCs for New Community-Like Attributes
When establishing new [RFC1997]-like attributes (large communities, When establishing new attributes similar to those in [RFC1997] (large
wide communities, etc.), RFC authors should state explicitly how the communities, wide communities, etc.), RFC authors should state
new attribute is to be handled. explicitly how the new attribute is to be handled.
6. Action Items 6. Action Items
Network operators are encouraged to limit their use of the "set" Network operators are encouraged to limit their use of the "set"
directive (within reason), to improve consistency across platforms. directive (within reason) to improve consistency across platforms.
Unfortunately, it would be operationally disruptive for vendors to Unfortunately, it would be operationally disruptive for vendors to
change their current implementations. change their current implementations.
Vendors MUST clearly document the behavior of "set" directive in Vendors MUST clearly document the behavior of the "set" directive in
their implementations. their implementations.
Vendors MUST ensure that their implementations' "set" directive Vendors MUST ensure that their implementations' "set" directive
treatment of any specific community does not change if/when that treatment of any specific community does not change if/when that
community becomes a new Well-Known Community through future community becomes a new well-known community through future
standardization. For most implementations, this means that the "set" standardization. For most implementations, this means that the "set"
directive MUST continue to remove the community; for those directive MUST continue to remove the community; for those
implementations where the "set" directive removes no communities, implementations where the "set" directive removes no communities,
that behavior MUST continue. that behavior MUST continue.
Given the implementation inconsistencies described in this document, Given the implementation inconsistencies described in this document,
network operators are urged never to rely on any implicit network operators are urged never to rely on any implicit
understanding of a neighbor ASN's BGP community handling. I.e., understanding of a neighbor ASN's BGP community handling. That is,
before announcing prefixes with NO_EXPORT or any other community to a before announcing prefixes with NO_EXPORT or any other community to a
neighbor ASN, the operator should confirm with that neighbor how the neighbor ASN, the operator should confirm with that neighbor how the
community will be treated. community will be treated.
7. Security Considerations 7. Security Considerations
Surprising defaults and/or undocumented behaviors are not good for Surprising defaults and/or undocumented behaviors are not good for
security. This document attempts to remedy that. security. This document attempts to remedy that.
8. IANA Considerations 8. IANA Considerations
The IANA is requested to list this document as an additional The IANA has listed this document as an additional reference for the
reference for the [IANA-WKC] registry. [IANA-WKC] registry.
9. Acknowledgments
The authors thank Martijn Schmidt, Qin Wu for the Huawei data point,
Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob
Heitz.
10. Normative References 9. Normative References
[IANA-WKC] [IANA-WKC] IANA, "Border Gateway Protocol (BGP) Well-known
IANA, "Border Gateway Protocol (BGP) Well-Known
Communities", <https://www.iana.org/assignments/ Communities", <https://www.iana.org/assignments/
bgp-well-known-communities>. bgp-well-known-communities>.
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
<http://www.rfc-editor.org/info/rfc1997>. <https://www.rfc-editor.org/info/rfc1997>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <http://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Acknowledgments
The authors thank Martijn Schmidt and Qin Wu for the Huawei data
point as well as Greg Hankins, Job Snijders, David Farmer, John
Heasley, and Jakob Heitz.
Authors' Addresses Authors' Addresses
Jay Borkenhagen Jay Borkenhagen
AT&T AT&T
200 Laurel Avenue South 200 Laurel Avenue South
Middletown, NJ 07748 Middletown, NJ 07748
United States of America United States of America
Email: jayb@att.com Email: jayb@att.com
Randy Bush Randy Bush
IIJ & Arrcus IIJ & Arrcus
5147 Crystal Springs 5147 Crystal Springs
Bainbridge Island, WA 98110 Bainbridge Island, WA 98110
US United States of America
Email: randy@psg.com Email: randy@psg.com
Ron Bonica Ron Bonica
Juniper Networks Juniper Networks
2251 Corporate Park Drive 2251 Corporate Park Drive
Herndon, VA 20171 Herndon, VA 20171
US United States of America
Email: rbonica@juniper.net Email: rbonica@juniper.net
Serpil Bayraktar Serpil Bayraktar
Cisco Systems Cisco Systems
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
United States of America United States of America
Email: serpil@cisco.com Email: serpil@cisco.com
 End of changes. 45 change blocks. 
108 lines changed or deleted 103 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/