draft-ietf-grow-bgp-gshut-01.txt   draft-ietf-grow-bgp-gshut-02.txt 
Network Working Group Pierre Francois Network Working Group Pierre Francois
Internet-Draft Universite catholique de Louvain Internet-Draft Universite catholique de Louvain
Intended status: Informational Bruno Decraene Intended status: Informational Bruno Decraene
Expires: April 29, 2010 France Telecom Expires: April 28, 2011 France Telecom
Cristel Pelsser Cristel Pelsser
Internet Initiative Japan Internet Initiative Japan
Keyur Patel
Clarence Filsfils Clarence Filsfils
Cisco Systems Cisco Systems
October 26, 2009 October 25, 2010
Graceful BGP session shutdown Graceful BGP session shutdown
draft-ietf-grow-bgp-gshut-01 draft-ietf-grow-bgp-gshut-02
Abstract
This draft describes operational procedures aimed at reducing the
amount of traffic lost during planned maintenances of routers,
involving the shutdown of BGP peering sessions.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79.
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 29, 2010. This Internet-Draft will expire on April 28, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents
publication of this document (http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Abstract include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
This draft describes operational procedures aimed at reducing the This document may contain material from IETF Documents or IETF
amount of traffic lost during planned maintenances of routers, Contributions published or made publicly available before November
involving the shutdown of BGP peering sessions. 10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Packet loss upon manual eBGP session shutdown . . . . . . . . 5 3. Packet loss upon manual eBGP session shutdown . . . . . . . . 4
4. Practices to avoid packet losses . . . . . . . . . . . . . . . 5 4. Practices to avoid packet losses . . . . . . . . . . . . . . . 4
4.1. Improving availability of alternate paths . . . . . . . . 6 4.1. Improving availability of alternate paths . . . . . . . . 5
4.2. Graceful shutdown procedures for eBGP sessions . . . . . . 6 4.2. Graceful shutdown procedures for eBGP sessions . . . . . . 5
4.2.1. Outbound traffic . . . . . . . . . . . . . . . . . . . 6 4.2.1. Outbound traffic . . . . . . . . . . . . . . . . . . . 5
4.2.2. Inbound traffic . . . . . . . . . . . . . . . . . . . 7 4.2.2. Inbound traffic . . . . . . . . . . . . . . . . . . . 6
4.2.3. Summary of operations . . . . . . . . . . . . . . . . 8
4.2.4. BGP implementation support for G-Shut . . . . . . . . 9
4.3. Graceful shutdown procedures for iBGP sessions . . . . . . 9 4.3. Graceful shutdown procedures for iBGP sessions . . . . . . 9
5. Forwarding modes and forwarding loops . . . . . . . . . . . . 10 5. Forwarding modes and forwarding loops . . . . . . . . . . . . 10
6. Dealing with Internet policies . . . . . . . . . . . . . . . . 10 6. Dealing with Internet policies . . . . . . . . . . . . . . . . 10
7. Link Up cases . . . . . . . . . . . . . . . . . . . . . . . . 11 7. Link Up cases . . . . . . . . . . . . . . . . . . . . . . . . 11
7.1. Unreachability local to the ASBR . . . . . . . . . . . . . 11 7.1. Unreachability local to the ASBR . . . . . . . . . . . . . 11
7.2. iBGP convergence . . . . . . . . . . . . . . . . . . . . . 11 7.2. iBGP convergence . . . . . . . . . . . . . . . . . . . . . 11
8. IANA considerations . . . . . . . . . . . . . . . . . . . . . 12 8. IANA considerations . . . . . . . . . . . . . . . . . . . . . 12
9. Security Considerations . . . . . . . . . . . . . . . . . . . 12 9. Security Considerations . . . . . . . . . . . . . . . . . . . 12
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Appendix A. Summary of operations . . . . . . . . . . . . . . . . 13 Appendix A. Alternative techniques with limited applicability . . 14
A.1. Pre-configuration . . . . . . . . . . . . . . . . . . . . 13 A.1. In-filter reconfiguration . . . . . . . . . . . . . . . . 14
A.2. Operations at maintenance time . . . . . . . . . . . . . . 14 A.2. Multi Exit Discriminator tweaking . . . . . . . . . . . . 15
Appendix B. Alternative techniques with limited applicability . . 14 A.3. IGP distance Poisoning . . . . . . . . . . . . . . . . . . 15
B.1. In-filter reconfiguration . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
B.2. Multi Exit Discriminator tweaking . . . . . . . . . . . . 15
B.3. IGP distance Poisoning . . . . . . . . . . . . . . . . . . 16
Appendix C. Effect of the g-shut procedure on the convergence . . 16
C.1. Maintenance of an eBGP session . . . . . . . . . . . . . . 16
C.1.1. Propagation on the other eBGP sessions of the
g-shut initiator . . . . . . . . . . . . . . . . . . . 16
C.1.2. Propagation on the other iBGP sessions of the
g-shut initiator . . . . . . . . . . . . . . . . . . . 16
C.1.3. Propagation of updates in an iBGP full-mesh . . . . . 17
C.1.4. Propagation of updates from iBGP to iBGP in a RR
hierarchy . . . . . . . . . . . . . . . . . . . . . . 17
C.2. Maintenance of an iBGP session . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
Routing changes in BGP can be caused by planned, manual, maintenance Routing changes in BGP can be caused by planned, manual, maintenance
operations. This document discusses operational procedures to be operations. This document discusses operational procedures to be
applied in order to reduce or eliminate losses of packets during the applied in order to reduce or eliminate losses of packets during the
maintenance. These losses come from the transient lack of maintenance. These losses come from the transient lack of
reachability during the BGP convergence following the shutdown of an reachability during the BGP convergence following the shutdown of an
eBGP peering session between two Autonomous System Border Routers eBGP peering session between two Autonomous System Border Routers
(ASBR). (ASBR).
skipping to change at page 5, line 40 skipping to change at page 5, line 40
two reasons. two reasons.
First, routers involved in the convergence process can transiently First, routers involved in the convergence process can transiently
lack of paths towards an affected prefix, and drop traffic destined lack of paths towards an affected prefix, and drop traffic destined
to this prefix. This is because alternate paths can be hidden by to this prefix. This is because alternate paths can be hidden by
nodes of an AS. This happens when the paths are not selected as best nodes of an AS. This happens when the paths are not selected as best
by the ASBR that receive them on an eBGP session, or by Route by the ASBR that receive them on an eBGP session, or by Route
Reflectors that do not propagate them further in the iBGP topology Reflectors that do not propagate them further in the iBGP topology
because they do not select them as best. because they do not select them as best.
Second, within the AS, routers' FIB can be transiently inconsistent Second, within the AS, the FIB of routers can be transiently
during the BGP convergence and packets towards affected prefixes can inconsistent during the BGP convergence and packets towards affected
loop and be dropped. Note that these loops only happen when ASBR-to- prefixes can loop and be dropped. Note that these loops only happen
ASBR encapsulation is not used within the AS. when ASBR-to-ASBR encapsulation is not used within the AS.
This document only addresses the first reason. This document only addresses the first reason.
4. Practices to avoid packet losses 4. Practices to avoid packet losses
This section describes means for an ISP to reduce the transient loss This section describes means for an ISP to reduce the transient loss
of packets upon a manual shutdown of a BGP session. of packets upon a manual shutdown of a BGP session.
4.1. Improving availability of alternate paths 4.1. Improving availability of alternate paths
All solutions that increase the availability of alternate BGP paths All solutions that increase the availability of alternate BGP paths
in routers performing packet lookups in BGP tables [BestExternal] at routers performing packet lookups in BGP tables [BestExternal]
[AddPath] help in reducing the LoC bound with manual shutdown of eBGP [AddPath] help in reducing the LoC bound with manual shutdown of eBGP
sessions. sessions.
One of such solutions increasing diversity in such a way that, at any One of such solutions increasing diversity in such a way that, at any
single step of the convergence process following the eBGP session single step of the convergence process following the eBGP session
shutdown, a BGP router does not receive a message withdrawing the shutdown, a BGP router does not receive a message withdrawing the
only path it currently knows for a given NLRI, allows for a only path it currently knows for a given NLRI, allows for a
simplified g-shut procedure. This simplified procedure would only simplified g-shut procedure.
tackle potential LoC for the inbound traffic.
Increasing diversity with [AddPath] might lead to the respect of this
property, depending on the path propagation decision process that
add-path compliant routers would use.
Using advertise-best-external [BestExternal] on ASBRs and RRs helps Using advertise-best-external [BestExternal] on ASBRs and RRs helps
in avoiding lack of alternate paths in route reflectors upon a in avoiding lack of alternate paths in route reflectors upon a
convergence. Hence it reduces the LoC duration for the outbound convergence. Hence it reduces the LoC duration for the outbound
traffic of the ISP upon an eBGP Session shutdown by reducing the iBGP traffic of the ISP upon an eBGP Session shutdown by reducing the iBGP
path hunting. path hunting.
Still it does not ensure that BGP routers will always have at least
one path towards affected prefixes during the convergence following
the event. This property may be verified in future revisions of
[BestExternal], notably of its Section 3, hence the current proposal
will be updated accordingly.
Increasing diversity with [AddPath] might lead to the respect of this
property, depending on the path propagation decision process that
add-path compliant routers would use.
Note that the LoC for the inbound traffic of the maintained router, Note that the LoC for the inbound traffic of the maintained router,
induced by a lack of alternate path propagation within the iBGP induced by a lack of alternate path propagation within the iBGP
topology of a neighboring AS is not under the control of the operator topology of a neighboring AS is not under the control of the operator
performing the maintenance, hence the procedure described in performing the maintenance. The procedure described in Section 4.2.2
Section 4.2.2 should be applied upon the maintenance, even if not should thus be applied upon the maintenance, even if the procedure
required for the outbound traffic. described in Section 4.2.1 is not applied.
4.2. Graceful shutdown procedures for eBGP sessions 4.2. Graceful shutdown procedures for eBGP sessions
This section aims at describing a procedure to be applied to reduce This section aims at describing a procedure to be applied to reduce
the LoC with readily available BGP features, and without assuming a the LoC with readily available BGP features, and without assuming a
particular iBGP design in the Initiator and Neighbor ASes. particular iBGP design in the Initiator and Neighbor ASes.
4.2.1. Outbound traffic 4.2.1. Outbound traffic
This section discusses a mean to render the affected paths less This section discusses a mean to render the affected paths less
desirable by the BGP decision process of affected routers, still desirable by the BGP decision process of affected routers, still
allowing these to be used during the convergence while alternate allowing these to be used during the convergence, while alternate
paths are propagated to the affected routers. paths are propagated to the affected routers.
A decrease of the local-pref value of the affected paths can be A decrease of the local-pref value of the affected paths can be
issued in order to render the affected paths less preferable, at the issued in order to render the affected paths less preferable, at the
highest possible level of the BGP Decision Process. highest possible level of the BGP Decision Process.
This operation can be performed by reconfiguring the out-filters This operation can be performed by reconfiguring the out-filters
associated with the iBGP sessions established by the g-shut associated with the iBGP sessions established by the g-shut
initiator. initiator.
The modification of the filters MUST supplant any other rule The modification of the filters MUST supplant any other rule
affecting the local-pref value of the old paths. affecting the local-pref value of the old paths.
Compared to using an in-filter of the eBGP session to be shut down, Compared to using an in-filter of the eBGP session to be shut down,
the modification of the out-filters will not let the g-shut initiator the modification of the out-filters will not let the g-shut initiator
switch to another path, as the input to the BGP decision process of switch to another path, as the input to the BGP decision process of
that router does not change. As a consequence, the g-shut initiator that router does not change. As a consequence, the g-shut initiator
will not send a withdraw message over its iBGP sessions when it will not modify the state of its dataplane, and will not withdraw the
receives an alternate path over an iBGP session. It will however affected paths over its iBGP sessions when it receives alternate
modify the local-pref of the affected paths so that upstream routers paths. It will however modify the local-pref of the affected paths
will switch to alternate ones. so that upstream routers will switch to alternate ones.
When the actual shutdown of the session is performed, the g-shut When the actual shutdown of the session is performed, the g-shut
initiator will itself switch to the alternate paths. initiator will itself switch to the alternate paths.
In cases some BGP speakers in the AS override the local-pref In cases some BGP speakers in the AS override the local-pref
attribute of paths received over iBGP sessions, the procedure attribute of paths received over iBGP sessions, the procedure
described above will not work. In such cases, the recommended described above will not work. In such cases, the recommended
procedure is to tag the paths sent over the iBGP sessions of the procedure is to tag the paths sent over the iBGP sessions of the
g-shut initiator with an AS specific community. This AS specific g-shut initiator with an AS specific community. This AS specific
community should lead to the setting of a low local-pref value. To community should lead to the setting of the lowest local-pref value.
be effective, the configuration related to this community MUST To be effective, the configuration related to this community MUST
supplant or be applied after the already configured local-pref supplant or be applied after the already configured local-pref
overriding. overriding.
An operator may decide to follow a simplified procedure and directly
apply an in-filter reducing the local preference of the paths
received over the eBGP session being brought down. While this
procedure will be effective in many cases, corner cases as described
in Appendix A.1 may happen, which may lead to some LoC for some
affected destinations. The use of this simplified procedure does not
lead to LoC when used in conjunction with [BestExternal].
4.2.2. Inbound traffic 4.2.2. Inbound traffic
The solution described for the outbound traffic can be applied at the The solution described for the outbound traffic can be applied at the
neighbor AS. This can be done either "manually" or by using a neighbor AS. This can be done either "manually" or by using a
community value dedicated to this task. community value dedicated to this task.
4.2.2.1. Phone call 4.2.2.1. Phone call
The operator performing the maintenance of the eBGP session can The operator performing the maintenance of the eBGP session can
contact the operator at the other side of the peering link, and let contact the operator at the other side of the peering link, and let
him apply the procedure described above for its own outbound traffic. him apply the procedure described above for its own outbound traffic.
4.2.2.2. Community tagging 4.2.2.2. Community tagging
A community value (referred to as GSHUT community in this document) A community value (referred to as GSHUT community in this document)
can be agreed upon by neighboring ASes. A path tagged with this can be agreed upon by neighboring ASes and used to trigger the g-shut
community must be considered as soon to be affected by a maintenance behavior at the g-shut neighbor.
operation.
4.2.2.2.1. Pre-Configuration 4.2.2.2.1. Pre-Configuration
A g-shut neighbor is pre-configured to set a low local-pref value for A g-shut neighbor is pre-configured to set a low local-pref value for
the paths received over eBGP sessions which are tagged with the GSHUT the paths received over eBGP sessions which are tagged with the GSHUT
community. community.
This rule must supplant any other rule affecting the local-pref value This rule must supplant any other rule affecting the local-pref value
of the paths. of the paths.
This local-pref reconfiguration SHOULD be performed at the out- This local-pref reconfiguration SHOULD be performed at the out-
filters of the iBGP sessions of the g-shut neighbor. That is, the filters of the iBGP sessions of the g-shut neighbor. That is, the
g-shut neighbor does not take into account this low local-pref in its g-shut neighbor does not take into account this low local-pref in its
own BGP best path selection. As described in Section 4.2.1 this own BGP best path selection. As described in Section 4.2.1 this
avoids sending the withdraw messages that can lead to LoC. approach avoids sending withdraw messages that can lead to LoC in
some cases.
4.2.2.2.2. Operational action upon maintenance 4.2.2.2.2. Operational action upon maintenance
Upon the manual shutdown, the output filter associated with the Upon the manual shutdown, the output filter associated with the
maintained eBGP session will be modified on the g-shut initiator so maintained eBGP session will be modified on the g-shut initiator so
as to tag all the paths advertised over the session with the GSHUT as to tag all the paths advertised over the session with the GSHUT
community. community.
4.2.2.2.3. Transitivity of the community 4.2.2.2.3. Transitivity of the community
If the GSHUT community is an extended community, it SHOULD be chosen If the GSHUT community is an extended community, it SHOULD be chosen
non-transitive. In that case, the clarification described in non-transitive.
[Clarification4360] is required.
If a regular community is used, this community SHOULD be removed from If a regular community is used, this community SHOULD be removed from
the path when the path is propagated over eBGP sessions. the path when the path is propagated over eBGP sessions.
Not propagating the community further in the Internet reduces the Not propagating the community further in the Internet reduces the
amount of BGP churn and avoids rerouting in distant ASes that would amount of BGP churn and avoids rerouting in distant ASes that would
also recognize this community value. In other words, from a routing also recognize this community value. In other words, from a routing
stability perspective, it helps concealing the convergence at the stability perspective, it helps concealing the convergence at the
maintenance location. From a security perspective, it prevents maintenance location. From a policy perspective, it prevents
malignant ASes from using the community over paths propagated through malignant ASes from using the community over paths propagated through
intermediate ASes that do not support the feature, in order to intermediate ASes that do not support the feature, in order to
perform inbound traffic engineering at the first AS recognizing the perform inbound traffic engineering at the first AS recognizing the
community. community.
ASes which support the g-shut procedure SHOULD remove the community ASes which support the g-shut procedure SHOULD remove the community
value(s) that they use for g-shut from the paths received from value(s) that they use for g-shut from the paths received from
neighboring ASes that do not support the procedure or to whom the neighboring ASes that do not support the procedure or to whom the
service is not provided. service is not provided.
skipping to change at page 9, line 38 skipping to change at page 9, line 36
not depend on the identity of its peer. This would make the not depend on the identity of its peer. This would make the
maintenance operations less error prone. maintenance operations less error prone.
Second, on the g-shut neighbor, a simple filter related to g-shut can Second, on the g-shut neighbor, a simple filter related to g-shut can
be applied to all iBGP sessions. Additionnaly, this filter does not be applied to all iBGP sessions. Additionnaly, this filter does not
need to be updated each time neighboring ASes are added or removed. need to be updated each time neighboring ASes are added or removed.
The FCFS community value 0xFFFF0000 has been reserved for this The FCFS community value 0xFFFF0000 has been reserved for this
purpose [BGPWKC]. purpose [BGPWKC].
4.2.3. Summary of operations
This section summarizes the configurations and actions to be
performed to support the g-shut procedure for eBGP peering links.
4.2.3.1. Pre-configuration
On each ASBR supporting the g-shut procedure, set-up an out-filter
applied on all iBGP sessions of the ASBR, that :
o sets the local-pref of the paths tagged with the g-shut
community to a low value
o removes the g-shut community from the paths.
o optionally, adds an AS specific g-shut community on these paths
to indicate that these are to be withdrawn soon. If some
ingress ASBRs reset the local preference attribute, this AS
specific g-shut community will be used to override other local
preference changes.
4.2.3.2. Operations at maintenance time
On the g-shut initiator :
o Apply an out-filter on the maintained eBGP session to tag the
paths propagated over the session with the g-shut community.
o Apply an in-filter on the maintained eBGP session to tag the paths
received over the session with the g-shut community.
o Wait for convergence to happen.
o Perform a BGP session shutdown.
4.2.4. BGP implementation support for G-Shut
A BGP router implementation MAY provide features aimed at automating
the application of the graceful shutdown procedures described above.
Upon a session shutdown specified as to be graceful by the operator,
a BGP implementation supporting a g-shut feature would
1. Update all the paths propagated over the corresponding eBGP
session, tagging the GSHUT community to them. Any subsequent
update sent to the session being gracefully shut down would be
tagged with the GSHUT community.
2. Lower the local preference value of the paths received over the
eBGP session being shut down, upon their propagation over iBGP
sessions. Optionally, also tag these paths with an AS specific
g-shut community. Note that alternatively, the local preference
of the paths received over the eBGP session can be lowered on
the g-shut initiator itself, instead of only when propagating
over its iBGP sessions. This simplified behavior can lead to
some LoC, as described in Appendix A.1, if not used in
conjunction with [BestExternal].
3. Optionally shut down the session after a configured time.
4. Prevent the GSHUT community from being inherited by a path that
would aggregate some paths tagged with the GSHUT community.
This behavior avoids the GSHUT procedure to be applied to the
aggregate upon the graceful shutdown of one of its covered
prefixes.
4.3. Graceful shutdown procedures for iBGP sessions 4.3. Graceful shutdown procedures for iBGP sessions
If the iBGP topology is viable after the maintenance of the session, If the iBGP topology is viable after the maintenance of the session,
i.e, if all BGP speakers of the AS have an iBGP signaling path for i.e, if all BGP speakers of the AS have an iBGP signaling path for
all prefixes advertised on this g-shut iBGP session, then the all prefixes advertised on this g-shut iBGP session, then the
shutdown of an iBGP session does not lead to transient shutdown of an iBGP session does not lead to transient
unreachability. unreachability.
However, in the case of a shutdown of a router, a reconfiguration of However, in the case of a shutdown of a router, a reconfiguration of
the out-filters of the g-shut initiator MAY be performed to set a low the out-filters of the g-shut initiator MAY be performed to set a low
skipping to change at page 11, line 38 skipping to change at page 12, line 44
If the link up event corresponds to an eBGP session that is being If the link up event corresponds to an eBGP session that is being
manually brought up, over an already up multi-access link, then the manually brought up, over an already up multi-access link, then the
operator can ping third party nexthops that are expected to be used operator can ping third party nexthops that are expected to be used
before actually bringing the session up, or ping directed broadcast before actually bringing the session up, or ping directed broadcast
the subnet IP address of the link. By proceeding like this, the MAC the subnet IP address of the link. By proceeding like this, the MAC
addresses associated with these third party nexthops will be resolved addresses associated with these third party nexthops will be resolved
by the g-no-shut initiator. by the g-no-shut initiator.
7.2. iBGP convergence 7.2. iBGP convergence
Similar corner cases as described in Appendix C.1.4 for the link down Similar corner cases as described in Appendix A.1 for the link down
case, can occur during an eBGP link up event. case, can occur during an eBGP link up event.
A typical example for such transient unreachability for a given A typical example for such transient unreachability for a given
prefix is the following : prefix is the following :
1. A Route Reflector, RR1, is initially advertising the current 1. A Route Reflector, RR1, is initially advertising the current
best path to the members of its iBGP RR full-mesh. It best path to the members of its iBGP RR full-mesh. It
propagated that path within its RR full-mesh. Another route propagated that path within its RR full-mesh. Another route
reflector of the full-mesh, RR2, knows only that path towards reflector of the full-mesh, RR2, knows only that path towards
the prefix. the prefix.
skipping to change at page 13, line 21 skipping to change at page 14, line 29
[AddPath] D. Walton, A. Retana, and E. Chen, "Advertisement of [AddPath] D. Walton, A. Retana, and E. Chen, "Advertisement of
Multiple Paths in BGP", draft-walton-bgp-add-paths-06.txt Multiple Paths in BGP", draft-walton-bgp-add-paths-06.txt
(work in progress). (work in progress).
[BestExternal] [BestExternal]
Marques, P., Fernando, R., Chen, E., and P. Mohapatra, Marques, P., Fernando, R., Chen, E., and P. Mohapatra,
"Advertisement of the best-external route to IBGP", "Advertisement of the best-external route to IBGP",
draft-ietf-idr-best-external-00.txt, May 2009. draft-ietf-idr-best-external-00.txt, May 2009.
[REQS] Decraene, B., Francois, P., Pelsser, C., Ahmad, Z., and T. [REQS] Decraene, B., Francois, P., Pelsser, C., Ahmad, Z.,
Takeda, "Requirements for the graceful shutdown of BGP Armengol, A., and T. Takeda, "Requirements for the
sessions", graceful shutdown of BGP sessions",
draft-ietf-grow-bgp-graceful-shutdown-requirements- draft-ietf-grow-bgp-graceful-shutdown-requirements-
01.txt, October 2009. 06.txt, October 2010.
[RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended [RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended
Communities Attribute", RFC 4360, February 2006. Communities Attribute", RFC 4360, February 2006.
[Clarification4360] [Clarification4360]
Decraene, B., Vanbever, L., and P. Francois, "RFC 4360 Decraene, B., Vanbever, L., and P. Francois, "RFC 4360
Clarification Request", Clarification Request",
draft-decraene-idr-rfc4360-clarification-00, draft-decraene-idr-rfc4360-clarification-00,
October 2009. October 2009.
[BGPWKC] "http://www.iana.org/assignments/ [BGPWKC] "http://www.iana.org/assignments/
bgp-well-known-communities". bgp-well-known-communities".
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
Appendix A. Summary of operations Appendix A. Alternative techniques with limited applicability
This section summarizes the configurations and actions to be
performed to support the g-shut procedure for eBGP peering links.
A.1. Pre-configuration
On each ASBR supporting the g-shut procedure, set-up an out-filter
applied on all iBGP sessions of the ASBR, that :
. sets the local-pref of the paths tagged with the g-shut community
to a low value
. removes the g-shut community from the path.
Optionally, add an AS specific g-shut community on the path to
indicate that this path is to be shutdown. If some ingress ASBRs
reset the local preference attribute, this AS specific g-shut
community will be used to override other local preference changes.
A.2. Operations at maintenance time
On the g-shut initiator :
. Apply an in-filter on the maintained eBGP session to tag the paths
received over the session with the g-shut community.
. Apply an out-filter on the maintained eBGP session to tag the
paths propagated over the session with the g-shut community.
. Wait for convergence to happen.
. Perform a BGP session shutdown.
Appendix B. Alternative techniques with limited applicability
A few alternative techniques have been considered to provide g-shut A few alternative techniques have been considered to provide g-shut
capabilities but have been rejected due to their limited capabilities but have been rejected due to their limited
applicability. This section describe them for possible reference. applicability. This section describe them for possible reference.
B.1. In-filter reconfiguration A.1. In-filter reconfiguration
An In-filter reconfiguration on the eBGP session undergoing the An In-filter reconfiguration on the eBGP session undergoing the
maintenance could be performed instead of out-filter reconfigurations maintenance could be performed instead of out-filter reconfigurations
on the iBGP sessions of the g-shut initiator. on the iBGP sessions of the g-shut initiator.
Upon the application of the maintenance procedure, if the g-shut Upon the application of the maintenance procedure, if the g-shut
initiator has an alternate path in its Adj-Rib-In, it will switch to initiator has an alternate path in its Adj-Rib-In, it will switch to
it directly. it directly.
If this new path was advertised by an eBGP neighbor of the g-shut If this new path was advertised by an eBGP neighbor of the g-shut
skipping to change at page 15, line 40 skipping to change at page 16, line 16
path first, the withdraw from ASBR2 does not trigger unreachability path first, the withdraw from ASBR2 does not trigger unreachability
in other nodes, as the old path is still available. Indeed, even in other nodes, as the old path is still available. Indeed, even
though it receives alternate paths, the g-shut initiator keeps using though it receives alternate paths, the g-shut initiator keeps using
its old path as best as the in-filter of the maintained eBGP session its old path as best as the in-filter of the maintained eBGP session
has not been modified yet. has not been modified yet.
Applying the out-filter reconfiguration also prevents packet loops Applying the out-filter reconfiguration also prevents packet loops
between the g-shut initiator and its direct neighbors when between the g-shut initiator and its direct neighbors when
encapsulation is not used between the ASBRs of the AS. encapsulation is not used between the ASBRs of the AS.
B.2. Multi Exit Discriminator tweaking Note that applying this simplified procedure in conjunction with
[BestExternal] does not lead to LoC.
A.2. Multi Exit Discriminator tweaking
The MED attribute of the paths to be avoided can be increased so as The MED attribute of the paths to be avoided can be increased so as
to force the routers in the neighboring AS to select other paths. to force the routers in the neighboring AS to select other paths.
The solution only works if the alternate paths are as good as the The solution only works if the alternate paths are as good as the
initial ones with respect to the Local-Pref value and the AS Path initial ones with respect to the Local-Pref value and the AS Path
Length value. In the other cases, increasing the MED value will not Length value. In the other cases, increasing the MED value will not
have an impact on the decision process of the routers in the have an impact on the decision process of the routers in the
neighboring AS. neighboring AS.
B.3. IGP distance Poisoning A.3. IGP distance Poisoning
The distance to the BGP nexthop corresponding to the maintained The distance to the BGP nexthop corresponding to the maintained
session can be increased in the IGP so that the old paths will be session can be increased in the IGP so that the old paths will be
less preferred during the application of the IGP distance tie-break less preferred during the application of the IGP distance tie-break
rule. However, this solution only works for the paths whose rule. However, this solution only works for the paths whose
alternates are as good as the old paths with respect to their Local- alternates are as good as the old paths with respect to their Local-
Pref value, their AS Path length, and their MED value. Pref value, their AS Path length, and their MED value.
Also, this poisoning cannot be applied when nexthop self is used as Also, this poisoning cannot be applied when nexthop self is used as
there is no nexthop specific to the maintained session to poison in there is no nexthop specific to the maintained session to poison in
the IGP. the IGP.
Appendix C. Effect of the g-shut procedure on the convergence
This section describes the effect of applying the solution.
C.1. Maintenance of an eBGP session
This section describes the effect of applying the solution for the
shutdown of an eBGP session.
C.1.1. Propagation on the other eBGP sessions of the g-shut initiator
Nothing is propagated on the other eBGP sessions when the out-filters
reconfiguration step is applied. The reconfiguration is indeed only
defined for its iBGP sessions.
The reconfiguration of the iBGP out-filters will trigger the
reception of alternate paths at the g-shut initiator. As the eBGP
in-filters have not been modified at that step, the old paths are
still preferred by the g-shut initiator.
C.1.2. Propagation on the other iBGP sessions of the g-shut initiator
During the out-filter reconfiguration, path updates are propagated
with a reduced local-pref value for the affected paths. As a
consequence, Route Reflectors and distant ASBRs select and propagate
alternate paths through the iBGP topology as they no longer select
the old paths as best.
When the shut-down is performed, for each affected prefix, the g-shut
initiator propagates on its iBGP sessions:
. The alternate path, if the best path was received over an eBGP
sessions.
. A withdraw, if the best path was received over an iBGP sessions.
C.1.3. Propagation of updates in an iBGP full-mesh
No transient LoC can occur if a reconfiguration of the iBGP out-
filters on the g-shut initiator is performed.
C.1.4. Propagation of updates from iBGP to iBGP in a RR hierarchy
Upon the reception of the update of a primary path with a lower
local-pref value from a client, a Route Reflector RR1 will either
propagate the update, or select an alternate path, depending on the
fact that the updated primary path is still the best one w.r.t. the
state of the Adj-Rib-In of RR1.
If the updated primary path is still the best, then the RR will
propagate an update for this path to the iBGP neighbors to which it
previously advertised the path. Hence it cannot cause transient lack
of path in the Adj-Rib-In of its iBGP neighbors.
If an alternate path is picked, and this path was also originated by
a client of RR1, an update will also be propagated to the same
neighbors as the one to which the primary path was initially
propagated. Hence it cannot cause transient lack of path in the Adj-
Rib-In of its iBGP neighbors.
If an alternate path is picked, and this path was received from a
member of its Route-Reflector iBGP full-mesh, then a withdraw message
is sent. As the alternate path has been sent over each session of
the iBGP full-mesh, the propagation of a withdraw for the primary
path of RR1 is done to routers that are expected to know the
alternate path picked by RR1.
The following example describes a situation where some corner case
timings could lead to transient unreachability from some members of
the iBGP full-mesh.
1. A Route Reflector RR1 only knew about the primary path upon
the shutdown.
2. A member of its RR full-mesh, RR2, propagates an update of
the old path with a lower local-pref.
3. Another member of its RR full-mesh, RR3 processes the
update, selects an alternate path, and propagates an update in
the mesh.
4. RR2 receives the alternate path, selects it as best, and
hence withdraws the updated old path on the iBGP sessions of the
mesh.
5. If for any reason, RR1 receives and processes the withdraw
generated in step 4 before processing the update generated in
step 3, RR1 transiently suffers from unreachability for the
affected prefix.
In such corner cases, the solution improves the iBGP convergence
behavior/LoC but does not ensure 0 packet loss, as we cannot define a
simple solution relying only on a reconfiguration of the filters of
the g-shut initiator. Improving the availability of alternate paths
in Route Reflectors, using [BestExternal], or [AddPath], seems to be
the most pragmatic solution to these corner cases.
The use of [BestExternal] in the iBGP full-mesh between RRs can solve
these corner cases by ensuring that within an AS, the advertisement
of a new path is not translated into the withdraw of a former path.
Indeed, "best-external" ensures that an ASBR does not withdraw a
previously advertised (eBGP) path when it receives an additional,
preferred path over an iBGP session. Also, "best-intra-cluster"
ensures that a RR does not withdraw a previously advertised (iBGP)
path to its non clients (e.g. other RRs in a mesh of RR) when it
receives a new, preferred path over an iBGP session.
C.2. Maintenance of an iBGP session
If the shutdown does not temper with the viability of the iBGP
topology, the described procedure is sufficient to avoid LoC.
Authors' Addresses Authors' Addresses
Pierre Francois Pierre Francois
Universite catholique de Louvain Universite catholique de Louvain
Place Ste Barbe, 2 Place Ste Barbe, 2
Louvain-la-Neuve 1348 Louvain-la-Neuve 1348
BE BE
Email: pierre.francois@uclouvain.be Email: pierre.francois@uclouvain.be
URI: http://inl.info.ucl.ac.be/pfr URI: http://inl.info.ucl.ac.be/pfr
skipping to change at page 19, line 21 skipping to change at page 17, line 33
Cristel Pelsser Cristel Pelsser
Internet Initiative Japan Internet Initiative Japan
Jinbocho Mitsui Bldg. Jinbocho Mitsui Bldg.
1-105 Kanda Jinbo-cho 1-105 Kanda Jinbo-cho
Tokyo 101-0051 Tokyo 101-0051
JP JP
Email: pelsser.cristel@iij.ad.jp Email: pelsser.cristel@iij.ad.jp
Keyur Patel
Cisco Systems
170 West Tasman Dr
San Jose, CA 95134
US
Email: keyupate@cisco.com
Clarence Filsfils Clarence Filsfils
Cisco Systems Cisco Systems
De kleetlaan 6a De kleetlaan 6a
Diegem 1831 Diegem 1831
BE BE
Email: cfilsfil@cisco.com Email: cfilsfil@cisco.com
 End of changes. 34 change blocks. 
241 lines changed or deleted 158 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/