| draft-ietf-grow-bgp-gshut-00.txt | draft-ietf-grow-bgp-gshut-01.txt | |||
|---|---|---|---|---|
| Network Working Group Pierre Francois | Network Working Group Pierre Francois | |||
| Internet-Draft Universite catholique de Louvain | Internet-Draft Universite catholique de Louvain | |||
| Intended status: Informational Bruno Decraene | Intended status: Informational Bruno Decraene | |||
| Expires: December 17, 2009 France Telecom | Expires: April 29, 2010 France Telecom | |||
| Cristel Pelsser | Cristel Pelsser | |||
| NTT Corporation | Internet Initiative Japan | |||
| Clarence Filsfils | Clarence Filsfils | |||
| Cisco Systems | Cisco Systems | |||
| June 15, 2009 | October 26, 2009 | |||
| Graceful BGP session shutdown | Graceful BGP session shutdown | |||
| draft-ietf-grow-bgp-gshut-00 | draft-ietf-grow-bgp-gshut-01 | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. This document may contain material | provisions of BCP 78 and BCP 79. This document may contain material | |||
| from IETF Documents or IETF Contributions published or made publicly | from IETF Documents or IETF Contributions published or made publicly | |||
| available before November 10, 2008. The person(s) controlling the | available before November 10, 2008. The person(s) controlling the | |||
| copyright in some of this material may not have granted the IETF | copyright in some of this material may not have granted the IETF | |||
| Trust the right to allow modifications of such material outside the | Trust the right to allow modifications of such material outside the | |||
| IETF Standards Process. Without obtaining an adequate license from | IETF Standards Process. Without obtaining an adequate license from | |||
| skipping to change at page 1, line 47 | skipping to change at page 1, line 47 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on December 17, 2009. | This Internet-Draft will expire on April 29, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. | and restrictions with respect to this document. | |||
| skipping to change at page 3, line 16 | skipping to change at page 3, line 16 | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Packet loss upon manual eBGP session shutdown . . . . . . . . 5 | 3. Packet loss upon manual eBGP session shutdown . . . . . . . . 5 | |||
| 4. Practices to avoid packet losses . . . . . . . . . . . . . . . 5 | 4. Practices to avoid packet losses . . . . . . . . . . . . . . . 5 | |||
| 4.1. Improving availability of alternate paths . . . . . . . . 6 | 4.1. Improving availability of alternate paths . . . . . . . . 6 | |||
| 4.2. Graceful shutdown procedures for eBGP sessions . . . . . . 6 | 4.2. Graceful shutdown procedures for eBGP sessions . . . . . . 6 | |||
| 4.2.1. Outbound traffic . . . . . . . . . . . . . . . . . . . 6 | 4.2.1. Outbound traffic . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.2.2. Inbound traffic . . . . . . . . . . . . . . . . . . . 7 | 4.2.2. Inbound traffic . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.3. Graceful shutdown procedures for iBGP sessions . . . . . . 9 | 4.3. Graceful shutdown procedures for iBGP sessions . . . . . . 9 | |||
| 5. Forwarding modes and forwarding loops . . . . . . . . . . . . 9 | 5. Forwarding modes and forwarding loops . . . . . . . . . . . . 10 | |||
| 6. Dealing with Internet policies . . . . . . . . . . . . . . . . 10 | 6. Dealing with Internet policies . . . . . . . . . . . . . . . . 10 | |||
| 7. Effect of the g-shut procedure on the convergence . . . . . . 10 | 7. Link Up cases . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 7.1. Maintenance of an eBGP session . . . . . . . . . . . . . . 10 | 7.1. Unreachability local to the ASBR . . . . . . . . . . . . . 11 | |||
| 7.1.1. Propagation on the other eBGP sessions of the | 7.2. iBGP convergence . . . . . . . . . . . . . . . . . . . . . 11 | |||
| g-shut initiator . . . . . . . . . . . . . . . . . . . 10 | 8. IANA considerations . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 7.1.2. Propagation on the other iBGP sessions of the | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | |||
| g-shut initiator . . . . . . . . . . . . . . . . . . . 11 | 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7.1.3. Propagation of updates in an iBGP full-mesh . . . . . 11 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7.1.4. Propagation of updates from iBGP to iBGP in a RR | Appendix A. Summary of operations . . . . . . . . . . . . . . . . 13 | |||
| hierarchy . . . . . . . . . . . . . . . . . . . . . . 11 | A.1. Pre-configuration . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7.2. Maintenance of an iBGP session . . . . . . . . . . . . . . 12 | A.2. Operations at maintenance time . . . . . . . . . . . . . . 14 | |||
| 7.3. Applicability of the g-shut procedure . . . . . . . . . . 13 | Appendix B. Alternative techniques with limited applicability . . 14 | |||
| 7.4. Summary of operations . . . . . . . . . . . . . . . . . . 13 | B.1. In-filter reconfiguration . . . . . . . . . . . . . . . . 14 | |||
| 7.4.1. Pre-configuration . . . . . . . . . . . . . . . . . . 13 | B.2. Multi Exit Discriminator tweaking . . . . . . . . . . . . 15 | |||
| 7.4.2. Operations at maintenance time . . . . . . . . . . . . 13 | B.3. IGP distance Poisoning . . . . . . . . . . . . . . . . . . 16 | |||
| 8. Link Up cases . . . . . . . . . . . . . . . . . . . . . . . . 13 | Appendix C. Effect of the g-shut procedure on the convergence . . 16 | |||
| 8.1. Unreachability local to the ASBR . . . . . . . . . . . . . 13 | C.1. Maintenance of an eBGP session . . . . . . . . . . . . . . 16 | |||
| 8.2. iBGP convergence . . . . . . . . . . . . . . . . . . . . . 14 | C.1.1. Propagation on the other eBGP sessions of the | |||
| 9. Alternative techniques with limited applicability . . . . . . 15 | g-shut initiator . . . . . . . . . . . . . . . . . . . 16 | |||
| 9.1. In-filter reconfiguration . . . . . . . . . . . . . . . . 15 | C.1.2. Propagation on the other iBGP sessions of the | |||
| 9.2. Multi Exit Discriminator tweaking . . . . . . . . . . . . 16 | g-shut initiator . . . . . . . . . . . . . . . . . . . 16 | |||
| 9.3. IGP distance Poisoning . . . . . . . . . . . . . . . . . . 16 | C.1.3. Propagation of updates in an iBGP full-mesh . . . . . 17 | |||
| 10. IANA considerations . . . . . . . . . . . . . . . . . . . . . 16 | C.1.4. Propagation of updates from iBGP to iBGP in a RR | |||
| 11. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | hierarchy . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 | C.2. Maintenance of an iBGP session . . . . . . . . . . . . . . 18 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 | ||||
| 1. Introduction | 1. Introduction | |||
| Routing changes in BGP can be caused by planned, manual, maintenance | Routing changes in BGP can be caused by planned, manual, maintenance | |||
| operations. This document discusses operational procedures to be | operations. This document discusses operational procedures to be | |||
| applied in order to reduce or eliminate losses of packets during the | applied in order to reduce or eliminate losses of packets during the | |||
| maintenance. These losses come from the transient lack of | maintenance. These losses come from the transient lack of | |||
| reachability during the BGP convergence following the shutdown of an | reachability during the BGP convergence following the shutdown of an | |||
| eBGP peering session between two Autonomous System Border Routers | eBGP peering session between two Autonomous System Border Routers | |||
| (ASBR). | (ASBR). | |||
| skipping to change at page 4, line 34 | skipping to change at page 4, line 34 | |||
| during the convergence process. | during the convergence process. | |||
| The goal of the document is to meet the requirements described in | The goal of the document is to meet the requirements described in | |||
| [REQS] at best, without changing the BGP protocol or BGP | [REQS] at best, without changing the BGP protocol or BGP | |||
| implementations. | implementations. | |||
| Still, it explains why reserving a community value for the purpose of | Still, it explains why reserving a community value for the purpose of | |||
| BGP session graceful shutdown would reduce the management overhead | BGP session graceful shutdown would reduce the management overhead | |||
| bound with the solution. It would also allow vendors to provide an | bound with the solution. It would also allow vendors to provide an | |||
| automatic graceful shutdown mechanism that does not require any | automatic graceful shutdown mechanism that does not require any | |||
| configuration at maintenance time. | router reconfiguration at maintenance time. | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | ||||
| 2. Terminology | 2. Terminology | |||
| g-shut initiator : a router on which the session shutdown is | g-shut initiator : a router on which the session shutdown is | |||
| performed for the maintenance. | performed for the maintenance. | |||
| g-shut neighbor : a router that peers with the g-shut initiator via | g-shut neighbor : a router that peers with the g-shut initiator via | |||
| (one of) the session(s) to be shut down. | (one of) the session(s) to be shut down. | |||
| Note that for the link-up case, we will refer to these nodes as g-no- | Note that for the link-up case, we will refer to these nodes as g-no- | |||
| skipping to change at page 5, line 11 | skipping to change at page 5, line 15 | |||
| Neighbor AS : the Autonomous System of the g-shut neighbor. | Neighbor AS : the Autonomous System of the g-shut neighbor. | |||
| Affected path / Nominal / pre-convergence path : a BGP path via the | Affected path / Nominal / pre-convergence path : a BGP path via the | |||
| peering link(s) undergoing the maintenance. This path will no longer | peering link(s) undergoing the maintenance. This path will no longer | |||
| exist after the shutdown. | exist after the shutdown. | |||
| Affected prefix : a prefix initially reached via an affected path. | Affected prefix : a prefix initially reached via an affected path. | |||
| Affected router : a router having an affected prefix. | Affected router : a router having an affected prefix. | |||
| Backup / alternate / post-convergence path : a path toward an | Backup / alternate / post-convergence path : a path towards an | |||
| affected prefix that will be selected as the best path by an affected | affected prefix that will be selected as the best path by an affected | |||
| router, when the link is shut down and the BGP convergence is | router, when the link is shut down and the BGP convergence is | |||
| completed. | completed. | |||
| Transient alternate path : a path towards an affected prefix that may | Transient alternate path : a path towards an affected prefix that may | |||
| be transiently selected as best by an affected router during the | be transiently selected as best by an affected router during the | |||
| convergence process but that is not a post-convergence path. | convergence process but that is not a post-convergence path. | |||
| Loss of Connectivity (LoC) : the state when a router has no path | Loss of Connectivity (LoC) : the state when a router has no path | |||
| towards an affected prefix. | towards an affected prefix. | |||
| skipping to change at page 6, line 12 | skipping to change at page 6, line 12 | |||
| This section describes means for an ISP to reduce the transient loss | This section describes means for an ISP to reduce the transient loss | |||
| of packets upon a manual shutdown of a BGP session. | of packets upon a manual shutdown of a BGP session. | |||
| 4.1. Improving availability of alternate paths | 4.1. Improving availability of alternate paths | |||
| All solutions that increase the availability of alternate BGP paths | All solutions that increase the availability of alternate BGP paths | |||
| in routers performing packet lookups in BGP tables [BestExternal] | in routers performing packet lookups in BGP tables [BestExternal] | |||
| [AddPath] help in reducing the LoC bound with manual shutdown of eBGP | [AddPath] help in reducing the LoC bound with manual shutdown of eBGP | |||
| sessions. | sessions. | |||
| One solution increasing diversity in such a way that, at any single | One of such solutions increasing diversity in such a way that, at any | |||
| step of the convergence process following the eBGP session shutdown, | single step of the convergence process following the eBGP session | |||
| a BGP router does not receive a message withdrawing the only path it | shutdown, a BGP router does not receive a message withdrawing the | |||
| currently knows for a given NLRI, allows for a simplified g-shut | only path it currently knows for a given NLRI, allows for a | |||
| procedure. This simplified procedure would only tackle potential LoC | simplified g-shut procedure. This simplified procedure would only | |||
| for the inbound traffic. | tackle potential LoC for the inbound traffic. | |||
| Using advertise-best-external [BestExternal] on ASBRs and RRs helps | Using advertise-best-external [BestExternal] on ASBRs and RRs helps | |||
| in avoiding lack of alternate paths in route reflectors upon a | in avoiding lack of alternate paths in route reflectors upon a | |||
| convergence. Hence it reduces the LoC duration for the outbound | convergence. Hence it reduces the LoC duration for the outbound | |||
| traffic of the ISP upon an eBGP Session shutdown by reducing the iBGP | traffic of the ISP upon an eBGP Session shutdown by reducing the iBGP | |||
| path hunting. | path hunting. | |||
| Still it does not ensure that BGP routers will always have at least | Still it does not ensure that BGP routers will always have at least | |||
| one path towards affected prefixes during the convergence following | one path towards affected prefixes during the convergence following | |||
| the event. This property may be verified in future revisions of | the event. This property may be verified in future revisions of | |||
| [BestExternal], notably of its Section 4, hence the current proposal | [BestExternal], notably of its Section 3, hence the current proposal | |||
| will be updated accordingly. | will be updated accordingly. | |||
| Increasing diversity with [AddPath] might lead to the respect of this | Increasing diversity with [AddPath] might lead to the respect of this | |||
| property, depending on the path propagation decision process that | property, depending on the path propagation decision process that | |||
| add-path compliant routers would use. | add-path compliant routers would use. | |||
| Note that the LoC for the inbound traffic of the maintained router, | Note that the LoC for the inbound traffic of the maintained router, | |||
| induced by a lack of alternate path propagation within the iBGP | induced by a lack of alternate path propagation within the iBGP | |||
| topology of a neighboring AS is not under the control of the operator | topology of a neighboring AS is not under the control of the operator | |||
| performing the maintenance, hence the procedure described in | performing the maintenance, hence the procedure described in | |||
| skipping to change at page 7, line 29 | skipping to change at page 7, line 29 | |||
| switch to another path, as the input to the BGP decision process of | switch to another path, as the input to the BGP decision process of | |||
| that router does not change. As a consequence, the g-shut initiator | that router does not change. As a consequence, the g-shut initiator | |||
| will not send a withdraw message over its iBGP sessions when it | will not send a withdraw message over its iBGP sessions when it | |||
| receives an alternate path over an iBGP session. It will however | receives an alternate path over an iBGP session. It will however | |||
| modify the local-pref of the affected paths so that upstream routers | modify the local-pref of the affected paths so that upstream routers | |||
| will switch to alternate ones. | will switch to alternate ones. | |||
| When the actual shutdown of the session is performed, the g-shut | When the actual shutdown of the session is performed, the g-shut | |||
| initiator will itself switch to the alternate paths. | initiator will itself switch to the alternate paths. | |||
| In cases some BGP speakers in the AS override the local-pref | ||||
| attribute of paths received over iBGP sessions, the procedure | ||||
| described above will not work. In such cases, the recommended | ||||
| procedure is to tag the paths sent over the iBGP sessions of the | ||||
| g-shut initiator with an AS specific community. This AS specific | ||||
| community should lead to the setting of a low local-pref value. To | ||||
| be effective, the configuration related to this community MUST | ||||
| supplant or be applied after the already configured local-pref | ||||
| overriding. | ||||
| 4.2.2. Inbound traffic | 4.2.2. Inbound traffic | |||
| The solution described for the outbound traffic can be applied at the | The solution described for the outbound traffic can be applied at the | |||
| neighbor AS. This can be done either "manually" or by using a | neighbor AS. This can be done either "manually" or by using a | |||
| community value dedicated to this task. | community value dedicated to this task. | |||
| 4.2.2.1. Phone call | 4.2.2.1. Phone call | |||
| The operator performing the maintenance of the eBGP session can | The operator performing the maintenance of the eBGP session can | |||
| contact the operator at the other side of the peering link, and let | contact the operator at the other side of the peering link, and let | |||
| skipping to change at page 8, line 24 | skipping to change at page 8, line 36 | |||
| 4.2.2.2.2. Operational action upon maintenance | 4.2.2.2.2. Operational action upon maintenance | |||
| Upon the manual shutdown, the output filter associated with the | Upon the manual shutdown, the output filter associated with the | |||
| maintained eBGP session will be modified on the g-shut initiator so | maintained eBGP session will be modified on the g-shut initiator so | |||
| as to tag all the paths advertised over the session with the GSHUT | as to tag all the paths advertised over the session with the GSHUT | |||
| community. | community. | |||
| 4.2.2.2.3. Transitivity of the community | 4.2.2.2.3. Transitivity of the community | |||
| If the GSHUT community is an extended community, it SHOULD be set non | If the GSHUT community is an extended community, it SHOULD be chosen | |||
| transitive. | non-transitive. In that case, the clarification described in | |||
| [Clarification4360] is required. | ||||
| If a normal community is used, this community SHOULD be removed from | If a regular community is used, this community SHOULD be removed from | |||
| the path by the ASBR of the peer receiving it. If not, the GSHUT | the path when the path is propagated over eBGP sessions. | |||
| community MAY be removed from the path by all the ASBRs of the | ||||
| neighboring AS, before propagating the path to other peers. | ||||
| Not propagating the community further in the Internet reduces the | Not propagating the community further in the Internet reduces the | |||
| amount of BGP churn and avoids rerouting in distant ASes that would | amount of BGP churn and avoids rerouting in distant ASes that would | |||
| also recognize this community value. In other words, it helps | also recognize this community value. In other words, from a routing | |||
| concealing the convergence at the maintenance location. | stability perspective, it helps concealing the convergence at the | |||
| maintenance location. From a security perspective, it prevents | ||||
| malignant ASes from using the community over paths propagated through | ||||
| intermediate ASes that do not support the feature, in order to | ||||
| perform inbound traffic engineering at the first AS recognizing the | ||||
| community. | ||||
| ASes which support the g-shut procedure SHOULD remove the community | ||||
| value(s) that they use for g-shut from the paths received from | ||||
| neighboring ASes that do not support the procedure or to whom the | ||||
| service is not provided. | ||||
| There are cases where an interdomain exploration is to be performed | There are cases where an interdomain exploration is to be performed | |||
| to recover the reachability, e.g., in the case of a shutdown in | to recover the reachability, e.g., in the case of a shutdown in | |||
| confederations where the alternate paths will be found in another AS | confederations where the alternate paths will be found in another AS | |||
| of the confederation. In such scenarios, the community value SHOULD | of the confederation. In such scenarios, the community value SHOULD | |||
| be allowed to transit through the confederation but MAY be removed | be allowed to transit through the confederation but SHOULD be removed | |||
| from the paths advertised outside of the confederation. | from the paths advertised outside of the confederation. | |||
| When the local-pref value of a path is conserved upon its propagation | When the local-pref value of a path is conserved upon its propagation | |||
| from one AS of the confederation to the other, there is no need to | from one AS of the confederation to the other, there is no need to | |||
| have the GSHUT community be propagated throughout that confederation. | have the GSHUT community be propagated throughout that confederation. | |||
| 4.2.2.2.4. Easing the configuration for G-SHUT | 4.2.2.2.4. Easing the configuration for G-SHUT | |||
| From a configuration burden viewpoint, it would be much easier to | From a configuration burden viewpoint, it is much easier to use a | |||
| reserve a value for the GSHUT community. | single dedicated value for the GSHUT community. | |||
| First, on the g-shut initiator, an operator would have a single | First, on the g-shut initiator, an operator would have a single | |||
| configuration rule to be applied at the maintenance time, which would | configuration rule to be applied at the maintenance time, which would | |||
| not depend on the identity of its peer. This would make the | not depend on the identity of its peer. This would make the | |||
| maintenance operations less error prone. | maintenance operations less error prone. | |||
| Second, on the g-shut neighbor, a simple filter related to g-shut can | Second, on the g-shut neighbor, a simple filter related to g-shut can | |||
| be applied to all iBGP sessions. Additionnaly, this filter doesn't | be applied to all iBGP sessions. Additionnaly, this filter does not | |||
| need to be updated each time neighboring ASes are added or removed. | need to be updated each time neighboring ASes are added or removed. | |||
| The FCFS community value 0xFFFF0000 has been reserved for this | ||||
| purpose [BGPWKC]. | ||||
| 4.3. Graceful shutdown procedures for iBGP sessions | 4.3. Graceful shutdown procedures for iBGP sessions | |||
| If the iBGP topology is viable after the maintenance of the session, | If the iBGP topology is viable after the maintenance of the session, | |||
| i.e, if all BGP speakers of the AS have an iBGP signaling path for | i.e, if all BGP speakers of the AS have an iBGP signaling path for | |||
| all prefixes advertised on this g-shut iBGP session, then the | all prefixes advertised on this g-shut iBGP session, then the | |||
| shutdown of an iBGP session does not lead to transient | shutdown of an iBGP session does not lead to transient | |||
| unreachability. | unreachability. | |||
| However, in the case of a shutdown of a router, a reconfiguration of | However, in the case of a shutdown of a router, a reconfiguration of | |||
| the out-filters of the g-shut initiator should be performed to set a | the out-filters of the g-shut initiator MAY be performed to set a low | |||
| low local-pref value for the paths originated by the g-shut initiator | local-pref value for the paths originated by the g-shut initiator | |||
| (e.g, BGP aggregates redistributed from other protocols, including | (e.g, BGP aggregates redistributed from other protocols, including | |||
| static routes). | static routes). | |||
| This behavior is equivalent to the recommended behavior for paths | This behavior is equivalent to the recommended behavior for paths | |||
| "redistributed" from eBGP sessions to iBGP sessions in the case of | "redistributed" from eBGP sessions to iBGP sessions in the case of | |||
| the shutdown of an ASBR. | the shutdown of an ASBR. | |||
| 5. Forwarding modes and forwarding loops | 5. Forwarding modes and forwarding loops | |||
| If the AS applying the solution does not rely on encapsulation to | If the AS applying the solution does not rely on encapsulation to | |||
| forward packets from the Ingress Border Router to the Egress Border | forward packets from the Ingress Border Router to the Egress Border | |||
| Router, then transient forwarding loops and consequent packet losses | Router, then transient forwarding loops and consequent packet losses | |||
| can occur during the convergence process, even if the procedure | can occur during the convergence process, even if the procedure | |||
| described above is applied. Hence if zero LoC is required, | described above is applied. Hence if zero LoC is required, | |||
| encapsulation is required between ASBRs of the AS. | encapsulation is required between ASBRs of the AS. | |||
| Using the out-filter reconfiguration avoids the forwarding loops | Using the out-filter reconfiguration avoids the forwarding loops | |||
| between the g-shut initiator and its directly connected upstream | between the g-shut initiator and its directly connected upstream | |||
| neighbors. Indeed, when this reconfiguration is applied, the g-shut | neighboring routers. Indeed, when this reconfiguration is applied, | |||
| initiator keeps using its own external path and lets the upstream | the g-shut initiator keeps using its own external path and lets the | |||
| routers converge to the alternate ones. During this phase, no | upstream routers converge to the alternate ones. During this phase, | |||
| forwarding loops can occur between the g-shut initiator and its | no forwarding loops can occur between the g-shut initiator and its | |||
| upstream neighbors as the g-shut initiator keeps using the affected | upstream neighbors as the g-shut initiator keeps using the affected | |||
| paths via its eBGP peering links. When all the upstream routers have | paths via its eBGP peering links. When all the upstream routers have | |||
| switched to alternate paths, the transition performed by the g-shut | switched to alternate paths, the transition performed by the g-shut | |||
| initiator when the session is actually shut down, will be loopfree. | initiator when the session is actually shut down, will be loopfree. | |||
| Transient forwarding loops between other routers will not be avoided | Transient forwarding loops between other routers will not be avoided | |||
| with this procedure. | with this procedure. | |||
| 6. Dealing with Internet policies | 6. Dealing with Internet policies | |||
| A side gain of the maintenance solution is that it can also reduce | A side gain of the maintenance solution is that it can also reduce | |||
| skipping to change at page 10, line 31 | skipping to change at page 11, line 9 | |||
| propagation of withdraw messages over eBGP sessions with shared-cost | propagation of withdraw messages over eBGP sessions with shared-cost | |||
| peers and providers. | peers and providers. | |||
| Proceeding like this reduces both BGP churn and traffic shifting as | Proceeding like this reduces both BGP churn and traffic shifting as | |||
| routers will less likely switch to transient paths. | routers will less likely switch to transient paths. | |||
| In the above example, it also prevents transient unreachabilities in | In the above example, it also prevents transient unreachabilities in | |||
| the neighboring AS that are due to the sending of "abrupt" withdraw | the neighboring AS that are due to the sending of "abrupt" withdraw | |||
| messages to shared-cost peers and providers. | messages to shared-cost peers and providers. | |||
| 7. Effect of the g-shut procedure on the convergence | 7. Link Up cases | |||
| This section describes the effect of applying the solution. | ||||
| 7.1. Maintenance of an eBGP session | ||||
| This section describes the effect of applying the solution for the | ||||
| shutdown of an eBGP session. | ||||
| 7.1.1. Propagation on the other eBGP sessions of the g-shut initiator | ||||
| Nothing is propagated on the other eBGP sessions when the out-filters | ||||
| reconfiguration step is applied. The reconfiguration is indeed only | ||||
| defined for its iBGP sessions. | ||||
| The reconfiguration of the iBGP out-filters will trigger the | ||||
| reception of alternate paths at the g-shut initiator. As the eBGP | ||||
| in-filters have not been modified at that step, the old paths are | ||||
| still preferred by the g-shut initiator. | ||||
| 7.1.2. Propagation on the other iBGP sessions of the g-shut initiator | ||||
| During the out-filter reconfiguration, path updates are propagated | ||||
| with a reduced local-pref value for the affected paths. As a | ||||
| consequence, Route Reflectors and distant ASBRs select and propagate | ||||
| alternate paths through the iBGP topology as they no longer select | ||||
| the old paths as best. | ||||
| When the shut-down is performed, for each affected prefix, the g-shut | ||||
| initiator propagates on its iBGP sessions: | ||||
| . The alternate path, if the best path was received over an eBGP | ||||
| sessions. | ||||
| . A withdraw, if the best path was received over an iBGP sessions. | ||||
| 7.1.3. Propagation of updates in an iBGP full-mesh | ||||
| No transient LoC can occur if a reconfiguration of the iBGP out- | ||||
| filters on the g-shut initiator is performed. | ||||
| 7.1.4. Propagation of updates from iBGP to iBGP in a RR hierarchy | ||||
| Upon the reception of the update of a primary path with a lower | ||||
| local-pref value from a client, a Route Reflector RR1 will either | ||||
| propagate the update, or select an alternate path, depending on the | ||||
| fact that the updated primary path is still the best one w.r.t. the | ||||
| state of the Adj-Rib-In of RR1. | ||||
| If the updated primary path is still the best, then the RR will | ||||
| propagate an update for this path to the iBGP neighbors to which it | ||||
| previously advertised the path. Hence it cannot cause transient lack | ||||
| of path in the Adj-Rib-In of its iBGP neighbors. | ||||
| If an alternate path is picked, and this path was also originated by | ||||
| a client of RR1, an update will also be propagated to the same | ||||
| neighbors as the one to which the primary path was initially | ||||
| propagated. Hence it cannot cause transient lack of path in the Adj- | ||||
| Rib-In of its iBGP neighbors. | ||||
| If an alternate path is picked, and this path was received from a | ||||
| member of its Route-Reflector iBGP full-mesh, then a withdraw message | ||||
| is sent. As the alternate path has been sent over each session of | ||||
| the iBGP full-mesh, the propagation of a withdraw for the primary | ||||
| path of RR1 is done to routers that are expected to know the | ||||
| alternate path picked by RR1. | ||||
| The following example describes a situation where some corner case | ||||
| timings could lead to transient unreachability from some members of | ||||
| the iBGP full-mesh. | ||||
| 1. A Route Reflector RR1 only knew about the primary path upon | ||||
| the shutdown. | ||||
| 2. A member of its RR full-mesh, RR2, propagates an update of | ||||
| the old path with a lower local-pref. | ||||
| 3. Another member of its RR full-mesh, RR3 processes the | ||||
| update, selects an alternate path, and propagates an update in | ||||
| the mesh. | ||||
| 4. RR2 receives the alternate path, selects it as best, and | ||||
| hence withdraws the updated old path on the iBGP sessions of the | ||||
| mesh. | ||||
| 5. If for any reason, RR1 receives and processes the withdraw | ||||
| generated in step 4 before processing the update generated in | ||||
| step 3, RR1 transiently suffers from unreachability for the | ||||
| affected prefix. | ||||
| In such corner cases, the solution improves the iBGP convergence | ||||
| behavior/LoC but does not ensure 0 packet loss, as we cannot define a | ||||
| simple solution relying only on a reconfiguration of the filters of | ||||
| the g-shut initiator. Improving the availability of alternate paths | ||||
| in Route Reflectors, using [BestExternal], or [AddPath], seems to be | ||||
| the most pragmatic solution to these corner cases. | ||||
| The use of [BestExternal] in the iBGP full-mesh between RRs can solve | ||||
| these corner cases by ensuring that within an AS, the advertisement | ||||
| of a new path is not translated into the withdraw of a former path. | ||||
| Indeed, "best-external" ensures that an ASBR does not withdraw a | ||||
| previously advertised (eBGP) path when it receives an additional, | ||||
| preferred path over an iBGP session. Also, "best-intra-cluster" | ||||
| ensures that a RR does not withdraw a previously advertised (iBGP) | ||||
| path to its non clients (e.g. other RRs in a mesh of RR) when it | ||||
| receives a new, preferred path over an iBGP session. | ||||
| 7.2. Maintenance of an iBGP session | ||||
| If the shutdown does not temper with the viability of the iBGP | ||||
| topology, the described procedure is sufficient to avoid LoC. | ||||
| 7.3. Applicability of the g-shut procedure | ||||
| The applicability of the procedure described in this draft to the | ||||
| cases presented in [REQS] can be shown by combining the effects | ||||
| described in this section. A complete case by case analysis will be | ||||
| provided in the next versions of the draft. | ||||
| 7.4. Summary of operations | ||||
| This section summarizes the configurations and actions to be | ||||
| performed to support the g-shut procedure for eBGP peering links. | ||||
| 7.4.1. Pre-configuration | ||||
| On each ASBR supporting the g-shut procedure, set-up an out-filter | ||||
| applied on all iBGP sessions of the ASBR, that : | ||||
| . sets the local-pref of the paths tagged with the g-shut community | ||||
| to a low value | ||||
| . removes the g-shut community from the path. | ||||
| 7.4.2. Operations at maintenance time | ||||
| On the g-shut initiator : | ||||
| . Apply an in-filter on the maintained BGP session to tag the paths | ||||
| received over the session with the g-shut community. | ||||
| . Apply an out-filter on the maintained BGP session to tag the paths | ||||
| propagated over the session with the g-shut community. | ||||
| . Wait for convergence to happen. | ||||
| . Perform a BGP session shutdown. | ||||
| 8. Link Up cases | ||||
| We identify two potential causes for transient packet losses upon an | We identify two potential causes for transient packet losses upon an | |||
| eBGP link up event. The first one is local to the g-shut initiator, | eBGP link up event. The first one is local to the g-no-shut | |||
| the second one is due to the BGP convergence following the injection | initiator, the second one is due to the BGP convergence following the | |||
| of new best paths within the iBGP topology. | injection of new best paths within the iBGP topology. | |||
| 8.1. Unreachability local to the ASBR | 7.1. Unreachability local to the ASBR | |||
| An ASBR that selects as best a path received over a newly brought up | An ASBR that selects as best a path received over a newly brought up | |||
| eBGP session may transiently drop traffic. This can typically happen | eBGP session may transiently drop traffic. This can typically happen | |||
| when the nexthop attribute differs from the IP address of the eBGP | when the nexthop attribute differs from the IP address of the eBGP | |||
| peer, and the receiving ASBR has not yet resolved the MAC address | peer, and the receiving ASBR has not yet resolved the MAC address | |||
| associated with the IP address of that "third party" nexthop. | associated with the IP address of that "third party" nexthop. | |||
| A BGP speaker implementation could avoid such losses by ensuring that | A BGP speaker implementation could avoid such losses by ensuring that | |||
| "third party" nexthops are resolved before installing paths using | "third party" nexthops are resolved before installing paths using | |||
| these in the RIB. | these in the RIB. | |||
| If the link up event corresponds to an eBGP session that is being | If the link up event corresponds to an eBGP session that is being | |||
| manually brought up, over an already up multi-access link, then the | manually brought up, over an already up multi-access link, then the | |||
| operator can ping third party nexthops that are expected to be used | operator can ping third party nexthops that are expected to be used | |||
| before actually bringing the session up, or ping directed broadcast | before actually bringing the session up, or ping directed broadcast | |||
| the subnet IP address of the link. By proceeding like this, the MAC | the subnet IP address of the link. By proceeding like this, the MAC | |||
| addresses associated with these third party nexthops will be resolved | addresses associated with these third party nexthops will be resolved | |||
| by the g-no-shut initiator. | by the g-no-shut initiator. | |||
| 8.2. iBGP convergence | 7.2. iBGP convergence | |||
| Similar corner cases as described in Section 7.1.4 for the link down | Similar corner cases as described in Appendix C.1.4 for the link down | |||
| case, can occur during an eBGP link up event. | case, can occur during an eBGP link up event. | |||
| A typical example for such transient unreachability for a given | A typical example for such transient unreachability for a given | |||
| prefix is the following : | prefix is the following : | |||
| 1. A Route Reflector, RR1, is initially advertising the current | 1. A Route Reflector, RR1, is initially advertising the current | |||
| best path to the members of its iBGP RR full-mesh. It | best path to the members of its iBGP RR full-mesh. It | |||
| propagated that path within its RR full-mesh. Another route | propagated that path within its RR full-mesh. Another route | |||
| reflector of the full-mesh, RR2, knows only that path towards | reflector of the full-mesh, RR2, knows only that path towards | |||
| the prefix. | the prefix. | |||
| skipping to change at page 15, line 9 | skipping to change at page 12, line 25 | |||
| advertisement of a new route is not translated into the withdraw of a | advertisement of a new route is not translated into the withdraw of a | |||
| former route. | former route. | |||
| Indeed, "best-external" ensures that an ASBR does not withdraw a | Indeed, "best-external" ensures that an ASBR does not withdraw a | |||
| previously advertised (eBGP) path when it receives an additional, | previously advertised (eBGP) path when it receives an additional, | |||
| preferred path over an iBGP session. Also, "best-intra-cluster" | preferred path over an iBGP session. Also, "best-intra-cluster" | |||
| ensures that a RR does not withdraw a previously advertised (iBGP) | ensures that a RR does not withdraw a previously advertised (iBGP) | |||
| path to its non clients (e.g. other RRs in a mesh of RR) when it | path to its non clients (e.g. other RRs in a mesh of RR) when it | |||
| receives a new, preferred path over an iBGP session. | receives a new, preferred path over an iBGP session. | |||
| 9. Alternative techniques with limited applicability | 8. IANA considerations | |||
| Applying the g-shut procedure is rendered much easier with a reserved | ||||
| g-shut community value. The community value 0xFFFF0000 has been | ||||
| reserved from the FCFS community pool for this purpose. | ||||
| 9. Security Considerations | ||||
| By providing the g-shut service to a neighboring AS, an ISP provides | ||||
| means to this neighbor to lower the local-pref value assigned to the | ||||
| paths received from this neighbor. | ||||
| The neighbor could abuse the technique and do inbound traffic | ||||
| engineering by declaring some prefixes as undergoing a maintenance so | ||||
| as to switch traffic to another peering link. | ||||
| If this behavior is not tolerated by the ISP, it SHOULD monitor the | ||||
| use of the g-shut community by this neighbor. | ||||
| ASes which support the g-shut procedure SHOULD remove the community | ||||
| value(s) that they use for g-shut from the paths received from | ||||
| neighboring ASes that do not support the procedure or to whom the | ||||
| service is not provided. Doing so prevents malignant ASes from using | ||||
| the community through intermediate ASes that do not support the | ||||
| feature, in order to perform inbound traffic engineering. | ||||
| 10. Acknowledgments | ||||
| The authors wish to thank Olivier Bonaventure and Pradosh Mohapatra | ||||
| for their useful comments on this work. | ||||
| 11. References | ||||
| [AddPath] D. Walton, A. Retana, and E. Chen, "Advertisement of | ||||
| Multiple Paths in BGP", draft-walton-bgp-add-paths-06.txt | ||||
| (work in progress). | ||||
| [BestExternal] | ||||
| Marques, P., Fernando, R., Chen, E., and P. Mohapatra, | ||||
| "Advertisement of the best-external route to IBGP", | ||||
| draft-ietf-idr-best-external-00.txt, May 2009. | ||||
| [REQS] Decraene, B., Francois, P., Pelsser, C., Ahmad, Z., and T. | ||||
| Takeda, "Requirements for the graceful shutdown of BGP | ||||
| sessions", | ||||
| draft-ietf-grow-bgp-graceful-shutdown-requirements- | ||||
| 01.txt, October 2009. | ||||
| [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended | ||||
| Communities Attribute", RFC 4360, February 2006. | ||||
| [Clarification4360] | ||||
| Decraene, B., Vanbever, L., and P. Francois, "RFC 4360 | ||||
| Clarification Request", | ||||
| draft-decraene-idr-rfc4360-clarification-00, | ||||
| October 2009. | ||||
| [BGPWKC] "http://www.iana.org/assignments/ | ||||
| bgp-well-known-communities". | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | ||||
| Appendix A. Summary of operations | ||||
| This section summarizes the configurations and actions to be | ||||
| performed to support the g-shut procedure for eBGP peering links. | ||||
| A.1. Pre-configuration | ||||
| On each ASBR supporting the g-shut procedure, set-up an out-filter | ||||
| applied on all iBGP sessions of the ASBR, that : | ||||
| . sets the local-pref of the paths tagged with the g-shut community | ||||
| to a low value | ||||
| . removes the g-shut community from the path. | ||||
| Optionally, add an AS specific g-shut community on the path to | ||||
| indicate that this path is to be shutdown. If some ingress ASBRs | ||||
| reset the local preference attribute, this AS specific g-shut | ||||
| community will be used to override other local preference changes. | ||||
| A.2. Operations at maintenance time | ||||
| On the g-shut initiator : | ||||
| . Apply an in-filter on the maintained eBGP session to tag the paths | ||||
| received over the session with the g-shut community. | ||||
| . Apply an out-filter on the maintained eBGP session to tag the | ||||
| paths propagated over the session with the g-shut community. | ||||
| . Wait for convergence to happen. | ||||
| . Perform a BGP session shutdown. | ||||
| Appendix B. Alternative techniques with limited applicability | ||||
| A few alternative techniques have been considered to provide g-shut | A few alternative techniques have been considered to provide g-shut | |||
| capabilities but have been rejected due to their limited | capabilities but have been rejected due to their limited | |||
| applicability. This section describe them for possible reference. | applicability. This section describe them for possible reference. | |||
| 9.1. In-filter reconfiguration | B.1. In-filter reconfiguration | |||
| An In-filter reconfiguration on the eBGP session undergoing the | An In-filter reconfiguration on the eBGP session undergoing the | |||
| maintenance could be performed instead of out-filter reconfigurations | maintenance could be performed instead of out-filter reconfigurations | |||
| on the iBGP sessions of the g-shut initiator. | on the iBGP sessions of the g-shut initiator. | |||
| Upon the application of the maintenance procedure, if the g-shut | Upon the application of the maintenance procedure, if the g-shut | |||
| initiator has an alternate path in its Adj-Rib-In, it will switch to | initiator has an alternate path in its Adj-Rib-In, it will switch to | |||
| it directly. | it directly. | |||
| If this new path was advertised by an eBGP neighbor of the g-shut | If this new path was advertised by an eBGP neighbor of the g-shut | |||
| skipping to change at page 16, line 21 | skipping to change at page 15, line 40 | |||
| path first, the withdraw from ASBR2 does not trigger unreachability | path first, the withdraw from ASBR2 does not trigger unreachability | |||
| in other nodes, as the old path is still available. Indeed, even | in other nodes, as the old path is still available. Indeed, even | |||
| though it receives alternate paths, the g-shut initiator keeps using | though it receives alternate paths, the g-shut initiator keeps using | |||
| its old path as best as the in-filter of the maintained eBGP session | its old path as best as the in-filter of the maintained eBGP session | |||
| has not been modified yet. | has not been modified yet. | |||
| Applying the out-filter reconfiguration also prevents packet loops | Applying the out-filter reconfiguration also prevents packet loops | |||
| between the g-shut initiator and its direct neighbors when | between the g-shut initiator and its direct neighbors when | |||
| encapsulation is not used between the ASBRs of the AS. | encapsulation is not used between the ASBRs of the AS. | |||
| 9.2. Multi Exit Discriminator tweaking | B.2. Multi Exit Discriminator tweaking | |||
| The MED attribute of the paths to be avoided can be increased so as | The MED attribute of the paths to be avoided can be increased so as | |||
| to force the routers in the neighboring AS to select other paths. | to force the routers in the neighboring AS to select other paths. | |||
| The solution only works if the alternate paths are as good as the | The solution only works if the alternate paths are as good as the | |||
| initial ones with respect to the Local-Pref value and the AS Path | initial ones with respect to the Local-Pref value and the AS Path | |||
| Length value. In the other cases, increasing the MED value will not | Length value. In the other cases, increasing the MED value will not | |||
| have an impact on the decision process of the routers in the | have an impact on the decision process of the routers in the | |||
| neighboring AS. | neighboring AS. | |||
| 9.3. IGP distance Poisoning | B.3. IGP distance Poisoning | |||
| The distance to the BGP nexthop corresponding to the maintained | The distance to the BGP nexthop corresponding to the maintained | |||
| session can be increased in the IGP so that the old paths will be | session can be increased in the IGP so that the old paths will be | |||
| less preferred during the application of the IGP distance tie-break | less preferred during the application of the IGP distance tie-break | |||
| rule. However, this solution only works for the paths whose | rule. However, this solution only works for the paths whose | |||
| alternates are as good as the old paths with respect to their Local- | alternates are as good as the old paths with respect to their Local- | |||
| Pref value, their AS Path length, and their MED value. | Pref value, their AS Path length, and their MED value. | |||
| Also, this poisoning cannot be applied when nexthop self is used as | Also, this poisoning cannot be applied when nexthop self is used as | |||
| there is no nexthop specific to the maintained session to poison in | there is no nexthop specific to the maintained session to poison in | |||
| the IGP. | the IGP. | |||
| 10. IANA considerations | Appendix C. Effect of the g-shut procedure on the convergence | |||
| Applying the g-shut procedure is rendered much easier with a reserved | This section describes the effect of applying the solution. | |||
| g-shut community value. Hence this draft suggests to reserve a | ||||
| community value, e.g., 0xFFFF0000, for this purpose. | ||||
| 11. Security Considerations | C.1. Maintenance of an eBGP session | |||
| By providing the g-shut service to a neighboring AS, an ISP provides | This section describes the effect of applying the solution for the | |||
| means to this neighbor to lower the local-pref value assigned to the | shutdown of an eBGP session. | |||
| paths received from this neighbor. | ||||
| The neighbor could abuse the technique and do inbound traffic | C.1.1. Propagation on the other eBGP sessions of the g-shut initiator | |||
| engineering by declaring some prefixes as undergoing a maintenance so | ||||
| as to switch traffic to another peering link. | ||||
| If this behavior is not tolerated by the ISP, it SHOULD monitor the | Nothing is propagated on the other eBGP sessions when the out-filters | |||
| use of the g-shut community by this neighbor. | reconfiguration step is applied. The reconfiguration is indeed only | |||
| defined for its iBGP sessions. | ||||
| 12. Acknowledgments | The reconfiguration of the iBGP out-filters will trigger the | |||
| reception of alternate paths at the g-shut initiator. As the eBGP | ||||
| in-filters have not been modified at that step, the old paths are | ||||
| still preferred by the g-shut initiator. | ||||
| The authors wish to thank Olivier Bonaventure and Pradosh Mohapatra | C.1.2. Propagation on the other iBGP sessions of the g-shut initiator | |||
| for their useful comments on this work. | ||||
| 13. References | During the out-filter reconfiguration, path updates are propagated | |||
| with a reduced local-pref value for the affected paths. As a | ||||
| consequence, Route Reflectors and distant ASBRs select and propagate | ||||
| alternate paths through the iBGP topology as they no longer select | ||||
| the old paths as best. | ||||
| [AddPath] D. Walton, A. Retana, and E. Chen, "Advertisement of | When the shut-down is performed, for each affected prefix, the g-shut | |||
| Multiple Paths in BGP", draft-walton-bgp-add-paths-06.txt | initiator propagates on its iBGP sessions: | |||
| (work in progress). | ||||
| [BestExternal] | . The alternate path, if the best path was received over an eBGP | |||
| Marques, P., Fernando, R., Chen, E., and P. Mohapatra, | sessions. | |||
| "Advertisement of the best-external route to IBGP", | ||||
| draft-marques-idr-best-external-00.txt, July 2008. | ||||
| [REQS] Decraene, B., Francois, P., Pelsser, C., and Z. Ahmad, | . A withdraw, if the best path was received over an iBGP sessions. | |||
| "Requirements for the graceful shutdown of BGP sessions", | ||||
| draft-ietf-grow-bgp-graceful-shutdown-requirements-00.txt | C.1.3. Propagation of updates in an iBGP full-mesh | |||
| , May 2009. | ||||
| No transient LoC can occur if a reconfiguration of the iBGP out- | ||||
| filters on the g-shut initiator is performed. | ||||
| C.1.4. Propagation of updates from iBGP to iBGP in a RR hierarchy | ||||
| Upon the reception of the update of a primary path with a lower | ||||
| local-pref value from a client, a Route Reflector RR1 will either | ||||
| propagate the update, or select an alternate path, depending on the | ||||
| fact that the updated primary path is still the best one w.r.t. the | ||||
| state of the Adj-Rib-In of RR1. | ||||
| If the updated primary path is still the best, then the RR will | ||||
| propagate an update for this path to the iBGP neighbors to which it | ||||
| previously advertised the path. Hence it cannot cause transient lack | ||||
| of path in the Adj-Rib-In of its iBGP neighbors. | ||||
| If an alternate path is picked, and this path was also originated by | ||||
| a client of RR1, an update will also be propagated to the same | ||||
| neighbors as the one to which the primary path was initially | ||||
| propagated. Hence it cannot cause transient lack of path in the Adj- | ||||
| Rib-In of its iBGP neighbors. | ||||
| If an alternate path is picked, and this path was received from a | ||||
| member of its Route-Reflector iBGP full-mesh, then a withdraw message | ||||
| is sent. As the alternate path has been sent over each session of | ||||
| the iBGP full-mesh, the propagation of a withdraw for the primary | ||||
| path of RR1 is done to routers that are expected to know the | ||||
| alternate path picked by RR1. | ||||
| The following example describes a situation where some corner case | ||||
| timings could lead to transient unreachability from some members of | ||||
| the iBGP full-mesh. | ||||
| 1. A Route Reflector RR1 only knew about the primary path upon | ||||
| the shutdown. | ||||
| 2. A member of its RR full-mesh, RR2, propagates an update of | ||||
| the old path with a lower local-pref. | ||||
| 3. Another member of its RR full-mesh, RR3 processes the | ||||
| update, selects an alternate path, and propagates an update in | ||||
| the mesh. | ||||
| 4. RR2 receives the alternate path, selects it as best, and | ||||
| hence withdraws the updated old path on the iBGP sessions of the | ||||
| mesh. | ||||
| 5. If for any reason, RR1 receives and processes the withdraw | ||||
| generated in step 4 before processing the update generated in | ||||
| step 3, RR1 transiently suffers from unreachability for the | ||||
| affected prefix. | ||||
| In such corner cases, the solution improves the iBGP convergence | ||||
| behavior/LoC but does not ensure 0 packet loss, as we cannot define a | ||||
| simple solution relying only on a reconfiguration of the filters of | ||||
| the g-shut initiator. Improving the availability of alternate paths | ||||
| in Route Reflectors, using [BestExternal], or [AddPath], seems to be | ||||
| the most pragmatic solution to these corner cases. | ||||
| The use of [BestExternal] in the iBGP full-mesh between RRs can solve | ||||
| these corner cases by ensuring that within an AS, the advertisement | ||||
| of a new path is not translated into the withdraw of a former path. | ||||
| Indeed, "best-external" ensures that an ASBR does not withdraw a | ||||
| previously advertised (eBGP) path when it receives an additional, | ||||
| preferred path over an iBGP session. Also, "best-intra-cluster" | ||||
| ensures that a RR does not withdraw a previously advertised (iBGP) | ||||
| path to its non clients (e.g. other RRs in a mesh of RR) when it | ||||
| receives a new, preferred path over an iBGP session. | ||||
| C.2. Maintenance of an iBGP session | ||||
| If the shutdown does not temper with the viability of the iBGP | ||||
| topology, the described procedure is sufficient to avoid LoC. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Pierre Francois | Pierre Francois | |||
| Universite catholique de Louvain | Universite catholique de Louvain | |||
| Place Ste Barbe, 2 | Place Ste Barbe, 2 | |||
| Louvain-la-Neuve 1348 | Louvain-la-Neuve 1348 | |||
| BE | BE | |||
| Email: pierre.francois@uclouvain.be | Email: pierre.francois@uclouvain.be | |||
| URI: http://inl.info.ucl.ac.be/pfr | URI: http://inl.info.ucl.ac.be/pfr | |||
| Bruno Decraene | Bruno Decraene | |||
| France Telecom | France Telecom | |||
| 38-40 rue du General Leclerc | 38-40 rue du General Leclerc | |||
| 92794 Issi Moulineaux cedex 9 | 92794 Issi Moulineaux cedex 9 | |||
| FR | FR | |||
| Email: bruno.decraene@orange-ftgroup.com | Email: bruno.decraene@orange-ftgroup.com | |||
| Cristel Pelsser | Cristel Pelsser | |||
| NTT Corporation | Internet Initiative Japan | |||
| 9-11, Midori-Cho 3 Chrome | Jinbocho Mitsui Bldg. | |||
| Musashino-Shi, Tokyo 180-8585 | 1-105 Kanda Jinbo-cho | |||
| Tokyo 101-0051 | ||||
| JP | JP | |||
| Email: pelsser.cristel@lab.ntt.co.jp | Email: pelsser.cristel@iij.ad.jp | |||
| Clarence Filsfils | Clarence Filsfils | |||
| Cisco Systems | Cisco Systems | |||
| De kleetlaan 6a | De kleetlaan 6a | |||
| Diegem 1831 | Diegem 1831 | |||
| BE | BE | |||
| Email: cfilsfil@cisco.com | Email: cfilsfil@cisco.com | |||
| End of changes. 44 change blocks. | ||||
| 251 lines changed or deleted | 298 lines changed or added | |||
This html diff was produced by rfcdiff 1.37a. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||