Re: [GROW] draft-ietf-grow-bgp-gshut status?

[Job Snijders]

Dear Bruno, other gshut authors & GROW,

If you'd like help editing draft-ietf-grow-bgp-gshut-06 to reflect the
proposed changes discussed in the last 3 months in GROW, I'd be happy to
help. I have ed the standard editor installed and ready to go.

Kind regards,

Job

On Wed, Mar 15, 2017 at 03:21:18PM +, bruno.decra...@orange.com wrote:
> Hi Job,
> 
> Thanks for the feedback.
> More inline
> 
> > From: Job Snijders [mailto:j...@ntt.net]  > Sent: Wednesday, March 15, 2017 
> > 3:54 PM
> > 
>  > Hi Bruno,
>  > 
>  > On Wed, Mar 15, 2017 at 02:00:37PM +, bruno.decra...@orange.com wrote:
>  > > > From: GROW [mailto:grow-boun...@ietf.org] On Behalf Of Job Snijders  > 
> Sent:
>  > Wednesday, March 15, 2017 2:11 PM
>  > > >
>  > > > I noticed that https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-06
>  > > > expired two years ago. Can anyone offer some insight why it lapsed?
>  > >
>  > > In order to signal the graceful shutdown over the EBGP session, gshut
>  > > uses a "well-know" BGP community. Compared to using a protocol
>  > > extension, this allows a vanillia sender/receiver to handle the
>  > > information using a regular BGP policy.
>  > > So far so good. This is specified, implemented both with BGP policy
>  > > and automated by some routers, tested (both options).
>  > >
>  > > Now, for some deployments, the use of a non-transitive community offer
>  > > a better assurance that the community has indeed be originated by the
>  > > connected eBGP peer. The issue is that currently there is no
>  > > implementation of non-transitive well-known communities.
>  > > draft-ietf-idr-reserved-extended-communities is a short draft to
>  > > define non-transitive well-known communities. It proposed to re-use an
>  > > "existing" non-transitive extended community, defined for four-octets
>  > > AS: draft-ietf-idr-as4octet-extcomm-generic-subtype. But it turns out
>  > > that this latter draft did not progress and has recently been replaced
>  > > by BGP large community. The later do no support non-transitive
>  > > community.
>  > >
>  > > So after waiting for some years for
>  > > draft-ietf-idr-as4octet-extcomm-generic-subtype, this path has just
>  > > been closed. As of today, the possible options seems:
>  > >
>  > > - forget about non-transitive community. In particular as during the
>  > > BGP large community discussions, the requirement for non-transitive
>  > > community has been discussed and explicitly called as not needed. So
>  > > let's listen to this and do the same.
>  > 
>  > I'd like to add a small nuance: For the use case of large communities,
>  > non-transitivity was considered an undesirable property.
> 
> "undesirable property" is a bit beyond the term that I would use, but who 
> cares now; it's not part of it.
>  
>  > To be honest, if the 'gshut' community 'escapes' the adjacent ASN for
>  > which it was intended, what is the worst that can happen? That BGP
>  > speakers somewhere in the DFZ consider the path less desirable? This
>  > aligns with what is expected to happen in the near future anyway: the
>  > bgp session will be torn down and the path will cease to exist.
>  > 
>  > In the case where no shutdown event follows (the gshut community is used
>  > as a traffic engineering trick), it kind of goes in the same category as
>  > intermediat networks prepending ASNs to the AS_PATH to make it less
>  > desirable, or fiddling with origin. If I were to consider "permanent
>  > use" of the gshut community a violation of my agreement with the
>  > adjacent network, this would be easy enough to monitor for and
>  > subsequently resolve at layer-8.
>  
> In sync. In particular in sync with the security considerations of the draft
> https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut-06#section-8
> 
>  
>  > > - have draft-ietf-idr-reserved-extended-communities use a different
>  > > extended community type. This is easy to write, but if this does not
>  > > get implemented, the value is limited/null.
>  > 
>  > I concur. A similar consideration could be made whether gshut deserves
>  > its own path attribute or not.  Usually the nice thing about well known
>  > rfc 1997 communities is their rapid implementation and deployability.
> 
> Indeed. That was specifically important for the VPN customers, with 1000s of 
> CE, some with "legacy" software which are difficult to upgrade. So the 
> possibility to use a vanilla CE with a BGP policy was part of the 
> requirements. This may be less of an issue for big SP routers, although 
> incremental deployment is always a plus, especially when more than one AS are 
> involved.
>  
>  > > > What implementatations exist? A fellow operator told me that IOS,
>  > > > IOS XE has support for graceful shutdown, are there others?
>  > >
>  > > Same information on my side.  With the restriction that those
>  > > implementations only implement the transitive community.
>  > 
>  > ack.
>  > 
>  > I'm somewhat inclined to proceed with the gshut con

[GROW] Protocol Action: 'Default EBGP Route Propagation Behavior Without Policies' to Proposed Standard (draft-ietf-grow-bgp-reject-08.txt)

[The IESG]

The IESG has approved the following document:
- 'Default EBGP Route Propagation Behavior Without Policies'
  (draft-ietf-grow-bgp-reject-08.txt) as Proposed Standard

This document is the product of the Global Routing Operations Working Group.

The IESG contact persons are Warren Kumari and Benoit Claise.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-grow-bgp-reject/





Technical Summary

   This document defines the default behavior of a BGP speaker when
   there is no import or export policy associated with an External BGP
   session.

Working Group Summary

This document describes a change in default (or a standardization of a default) 
behavior; no changes in protocols expected.
Basically this says that implementations MUST consider a deny-all policy if 
nothing is explicitly configured / act as though the peer is not fully 
configured until policy is applied.

Document Quality

   Cisco IOS-XR already has this as the default behavior. Nokia is planning on 
making this the default. Patches have been submitted to various open-source 
implementations.
 
   This document is a product of the GROW WG. During the IETF LC, Alvaro Retana 
(RTG AD) noted that this could be interpreted as updating RFC4271, and so IDR 
should be explicitly included in the LC. IDR was notified, and the IETF LC 
extended to allow for additional review. A significant discussion (~200 email) 
then occurred on the IDR list. John Scudder (one of the IDR chairs) provided a 
useful summary here: 
https://www.ietf.org/mail-archive/web/idr/current/msg18093.html - this summary 
confirmed Warren Kumari (OpsAD)'s judgment of consensus (and double-checked by 
Alvaro, IDR / BESS AD).

  The authors have updated the document in response to the discussions;  
Updates: 4271 (if approved), includes a Transition Considerations appendix, has 
an improved Security Considerations section and multiple other edits. The 
authors are very grateful for the energy that was invested in making the 
document a success, and view the changes as improving the document. 

Personnel

Document Shepherd: christopher.mor...@gmail.com
Responsible Area Director: war...@kumari.net

___
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow