draft-ietf-grow-bgp-gshut-07.txt   draft-ietf-grow-bgp-gshut-08.txt 
Network Working Group Pierre Francois Network Working Group Pierre Francois
Internet-Draft Individual Contributor Internet-Draft Individual Contributor
Intended status: Informational B. Decraene Intended status: Informational B. Decraene
Expires: December 23, 2017 Orange Expires: December 27, 2017 Orange
C. Pelsser C. Pelsser
Strasbourg University Strasbourg University
K. Patel K. Patel
Arrcus, Inc. Arrcus, Inc.
C. Filsfils C. Filsfils
Cisco Systems Cisco Systems
June 21, 2017 June 25, 2017
Graceful BGP session shutdown Graceful BGP session shutdown
draft-ietf-grow-bgp-gshut-07 draft-ietf-grow-bgp-gshut-08
Abstract Abstract
This draft describes operational procedures aimed at reducing the This draft describes operational procedures aimed at reducing the
amount of traffic lost during planned maintenances of routers or amount of traffic lost during planned maintenances of routers or
links, involving the shutdown of BGP peering sessions. links, involving the shutdown of BGP peering sessions. It defines a
well-known BGP community, called g-shut, to signal the graceful
shutdown of paths to other Autonomous Systems.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 23, 2017. This Internet-Draft will expire on December 27, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Packet loss upon manual eBGP session shutdown . . . . . . . . 3 3. Packet loss upon manual EBGP session shutdown . . . . . . . . 3
4. Practices to avoid packet losses . . . . . . . . . . . . . . 4 4. Practices to avoid packet losses . . . . . . . . . . . . . . 4
4.1. Improving availability of alternate paths . . . . . . . . 4 4.1. Improving availability of alternate paths . . . . . . . . 4
4.2. Make before break convergence: g-shut . . . . . . . . . . 4 4.2. Make before break convergence: g-shut . . . . . . . . . . 4
5. Forwarding modes and transient forwarding loops during 5. Forwarding modes and transient forwarding loops during
convergence . . . . . . . . . . . . . . . . . . . . . . . . . 7 convergence . . . . . . . . . . . . . . . . . . . . . . . . . 7
6. Link Up cases . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Link Up cases . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1. Unreachability local to the ASBR . . . . . . . . . . . . 7 6.1. Unreachability local to the ASBR . . . . . . . . . . . . 7
6.2. iBGP convergence . . . . . . . . . . . . . . . . . . . . 7 6.2. iBGP convergence . . . . . . . . . . . . . . . . . . . . 7
7. IANA assigned g-shut BGP community . . . . . . . . . . . . . 8 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8
9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 10.1. Normative References . . . . . . . . . . . . . . . . . . 9
11.1. Normative References . . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 9
11.2. Informative References . . . . . . . . . . . . . . . . . 9 Appendix A. Alternative techniques with limited applicability . 9
Appendix A. Alternative techniques with limited applicability . 10
A.1. Multi Exit Discriminator tweaking . . . . . . . . . . . . 10 A.1. Multi Exit Discriminator tweaking . . . . . . . . . . . . 10
A.2. IGP distance Poisoning . . . . . . . . . . . . . . . . . 10 A.2. IGP distance Poisoning . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
Routing changes in BGP can be caused by planned, maintenance Routing changes in BGP can be caused by planned, maintenance
operations. This document discusses operational procedures to be operations. This document discusses operational procedures to be
applied in order to reduce or eliminate losses of packets during the applied in order to reduce or eliminate losses of packets during the
maintenance. These losses come from the transient lack of maintenance. These losses come from the transient lack of
reachability during the BGP convergence following the shutdown of an reachability during the BGP convergence following the shutdown of an
eBGP peering session between two Autonomous System Border Routers EBGP peering session between two Autonomous System Border Routers
(ASBR). (ASBR).
This document presents procedures for the cases where the forwarding This document presents procedures for the cases where the forwarding
plane is impacted by the maintenance, hence when the use of Graceful plane is impacted by the maintenance, hence when the use of Graceful
Restart does not apply. Restart does not apply.
The procedures described in this document can be applied to reduce or The procedures described in this document can be applied to reduce or
avoid packet loss for outbound and inbound traffic flows initially avoid packet loss for outbound and inbound traffic flows initially
forwarded along the peering link to be shut down. These procedures forwarded along the peering link to be shut down. These procedures
trigger, in both involved ASes, rerouting to the alternate path, trigger, in both involved ASes, rerouting to the alternate path,
while allowing routers to keep using old paths until alternate ones while allowing routers to keep using old paths until alternate ones
are learned, installed in the RIB and in the FIB. This ensures that are learned, installed in the RIB and in the FIB. This ensures that
routers always have a valid route available during the convergence routers always have a valid route available during the convergence
process. process.
The goal of the document is to meet the requirements described in The goal of the document is to meet the requirements described in
[RFC6198] at best, without changing the BGP protocol. [RFC6198] at best, without changing the BGP protocol.
Still, it explains why reserving a community value for the purpose of This document defines a well-known community [RFC1997], called
BGP session graceful shutdown would reduce the management overhead g-shut, for the purpose of reducing the management overhead of
bound with the solution. It would also allow vendors to provide an gracefully shutting down BGP sessions. The well-known community
automatic graceful shutdown mechanism that does not require any allows implementers to provide an automated graceful shutdown
router reconfiguration at maintenance time. mechanism that does not require any router reconfiguration at
maintenance time.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
2. Terminology 2. Terminology
g-shut initiator: a router on which the session shutdown is performed g-shut initiator: a router on which the session shutdown is performed
for the maintenance. for the maintenance.
g-shut neighbor: a router that peers with the g-shut initiator via g-shut neighbor: a router that has a BGP session, to be shutdown,
(one of) the session(s) to be shut down. with the g-shut initiator.
Initiator AS: the Autonomous System of the g-shut initiator. Initiator AS: the Autonomous System of the g-shut initiator.
Neighbor AS: the Autonomous System of the g-shut neighbor. Neighbor AS: the Autonomous System of the g-shut neighbor.
Loss of Connectivity (LoC: the state when a router has no path Loss of Connectivity (LoC: the state when a router has no path
towards an affected prefix. towards an affected prefix.
3. Packet loss upon manual eBGP session shutdown 3. Packet loss upon manual EBGP session shutdown
Packets can be lost during a manual shutdown of an eBGP session for Packets can be lost during a manual shutdown of an EBGP session for
two reasons. two reasons.
First, routers involved in the convergence process can transiently First, routers involved in the convergence process can transiently
lack of paths towards an affected prefix, and drop traffic destined lack of paths towards an affected prefix, and drop traffic destined
to this prefix. This is because alternate paths can be hidden by to this prefix. This is because alternate paths can be hidden by
nodes of an AS. This happens when the paths are not selected as best nodes of an AS. This happens when the paths are not selected as best
by the ASBR that receive them on an eBGP session, or by Route by the ASBR that receive them on an EBGP session, or by Route
Reflectors that do not propagate them further in the iBGP topology Reflectors that do not propagate them further in the iBGP topology
because they do not select them as best. because they do not select them as best.
Second, within the AS, the FIB of routers can be transiently Second, within the AS, the FIB of routers can be transiently
inconsistent during the BGP convergence and packets towards affected inconsistent during the BGP convergence and packets towards affected
prefixes can loop and be dropped. Note that these loops only happen prefixes can loop and be dropped. Note that these loops only happen
when ASBR-to-ASBR encapsulation is not used within the AS. when ASBR-to-ASBR encapsulation is not used within the AS.
This document only addresses the first reason. This document only addresses the first reason.
4. Practices to avoid packet losses 4. Practices to avoid packet losses
This section describes means for an ISP to reduce the transient loss This section describes means for an ISP to reduce the transient loss
of packets upon a manual shutdown of a BGP session. of packets upon a manual shutdown of a BGP session.
4.1. Improving availability of alternate paths 4.1. Improving availability of alternate paths
All solutions that increase the availability of alternate BGP paths All solutions that increase the availability of alternate BGP paths
at routers performing packet lookups in BGP tables such as at routers performing packet lookups in BGP tables such as
[I-D.ietf-idr-best-external] and [RFC7911] help in reducing the LoC [I-D.ietf-idr-best-external] and [RFC7911] help in reducing the LoC
bound with manual shutdown of eBGP sessions. bound with manual shutdown of EBGP sessions.
One of such solutions increasing diversity in such a way that, at any One of such solutions increasing diversity in such a way that, at any
single step of the convergence process following the eBGP session single step of the convergence process following the EBGP session
shutdown, a BGP router does not receive a message withdrawing the shutdown, a BGP router does not receive a message withdrawing the
only path it currently knows for a given NLRI, allows for a only path it currently knows for a given NLRI, allows for a
simplified g-shut procedure. simplified g-shut procedure.
Note that the LoC for the inbound traffic of the maintained router, Note that the LoC for the inbound traffic of the maintained router,
induced by a lack of alternate path propagation within the iBGP induced by a lack of alternate path propagation within the iBGP
topology of a neighboring AS is not under the control of the operator topology of a neighboring AS is not under the control of the operator
performing the maintenance. The part of the procedure aimed at performing the maintenance. The part of the procedure aimed at
avoiding LoC for incoming paths can thus be applied even if no LoC avoiding LoC for incoming paths can thus be applied even if no LoC
are expected for the outgoing paths. are expected for the outgoing paths.
4.2. Make before break convergence: g-shut 4.2. Make before break convergence: g-shut
This section describes configurations and actions to be performed for This section describes configurations and actions to be performed for
the graceful shutdown of eBGP sessions, iBGP sessions or a whole BGP the graceful shutdown of BGP sessions.
speaker.
The goal of this procedure is to let, in both ASes, the paths being The goal of this procedure is to let, in both ASes, the paths being
shutdown visible, but with a lower LOCAL_PREF value, while alternate shutdown visible, but with a lower LOCAL_PREF value, while alternate
paths spread through the iBGP topology. Instead of withdrawing the paths spread through the iBGP topology. Instead of withdrawing the
path, routers of an AS will keep on using it until they become aware path, routers of an AS will keep on using it until they become aware
of alternate paths. of alternate paths.
4.2.1. eBGP g-shut 4.2.1. EBGP g-shut
This section describes configurations and actions to be performed for This section describes configurations and actions to be performed for
the graceful shutdown of eBGP peering links. the graceful shutdown of EBGP peering links.
4.2.1.1. Pre-configuration 4.2.1.1. Pre-configuration
On each ASBR supporting the g-shut procedure, an outbound BGP route On each ASBR supporting the g-shut procedure, an outbound BGP route
policy is applied on all iBGP sessions of the ASBR, that: policy is applied on all iBGP sessions of the ASBR, that:
o matches the g-shut community o matches the g-shut community
o sets the LOCAL_PREF attribute of the paths tagged with the g-shut o sets the LOCAL_PREF attribute of the paths tagged with the g-shut
community to a low value community to a low value
skipping to change at page 5, line 39 skipping to change at page 5, line 34
under a covering prefix, it is recommended to filter out the g-shut under a covering prefix, it is recommended to filter out the g-shut
community from the resulting aggregate BGP route. By doing so, the community from the resulting aggregate BGP route. By doing so, the
setting of the g-shut community on one of the aggregated routes will setting of the g-shut community on one of the aggregated routes will
not let the entire aggregate inherit the community. Not doing so not let the entire aggregate inherit the community. Not doing so
would let the entire aggregate undergo the g-shut behavior. would let the entire aggregate undergo the g-shut behavior.
4.2.1.2. Operations at maintenance time 4.2.1.2. Operations at maintenance time
On the g-shut initiator, upon maintenance time, it is required to: On the g-shut initiator, upon maintenance time, it is required to:
o apply an outbound BGP route policy on the maintained eBGP session o apply an outbound BGP route policy on the EBGP session to be
to tag the paths propagated over the session with the g-shut shutdown. This policy tags the paths propagated over the session
community. This will trigger the BGP implementation to re- with the g-shut community. This will trigger the BGP
advertise all active routes previously advertised, and tag them implementation to re-advertise all active routes previously
with the g-shut community. advertised, and tag them with the g-shut community.
o apply an inbound BGP route policy on the maintained eBGP session o apply an inbound BGP route policy on the maintained EBGP session
to tag the paths received over the session with the g-shut to tag the paths received over the session with the g-shut
community. community.
o wait for convergence to happen. o wait for convergence to happen.
o perform a BGP session shutdown. o shutdown the EBGP session, optionally using
[I-D.ietf-idr-shutdown] to communicate the reason of the shutdown.
4.2.1.3. BGP implementation support for g-Shut 4.2.1.3. BGP implementation support for g-Shut
A BGP router implementation MAY provide features aimed at automating A BGP router implementation MAY provide features aimed at automating
the application of the graceful shutdown procedures described above. the application of the graceful shutdown procedures described above.
Upon a session shutdown specified as graceful by the operator, a BGP Upon a session shutdown specified as graceful by the operator, a BGP
implementation supporting a g-shut feature SHOULD: implementation supporting a g-shut feature SHOULD:
1. On the eBGP side, update all the paths propagated over the 1. On the EBGP side, update all the paths propagated over the
corresponding eBGP session, tagging the g-shut community to them. corresponding EBGP session, tagging the g-shut community to them.
Any subsequent update sent to the session being gracefully shut Any subsequent update sent over the session being gracefully shut
down would be tagged with the g-shut community. down would be tagged with the g-shut community.
2. On the iBGP side, lower the LOCAL_PREF value of the paths 2. On the iBGP side, lower the LOCAL_PREF value of the paths
received over the eBGP session being shut down, upon their received over the EBGP session being shut down, upon their
propagation over iBGP sessions. Optionally, also tag these paths propagation over iBGP sessions. Optionally, also tag these paths
with an AS specific g-shut community. with an AS specific g-shut community.
3. Optionally shut down the session after a configured time. 3. Optionally shut down the session after a configured time.
4. Prevent the g-shut community from being inherited by a path that 4. Prevent the g-shut community from being inherited by a path that
would aggregate some paths tagged with the GSHUT community. This would aggregate some paths tagged with the GSHUT community. This
behavior avoids the GSHUT procedure to be applied to the behavior avoids the GSHUT procedure to be applied to the
aggregate upon the graceful shutdown of one of its covered aggregate upon the graceful shutdown of one of its covered
prefixes. prefixes.
skipping to change at page 6, line 47 skipping to change at page 6, line 47
For the shutdown of an iBGP session, provided the iBGP topology is For the shutdown of an iBGP session, provided the iBGP topology is
viable after the maintenance of the session, i.e, if all BGP speakers viable after the maintenance of the session, i.e, if all BGP speakers
of the AS have an iBGP signaling path for all prefixes advertised on of the AS have an iBGP signaling path for all prefixes advertised on
this g-shut iBGP session, then the shutdown of an iBGP session does this g-shut iBGP session, then the shutdown of an iBGP session does
not lead to transient unreachability. As a consequence, no specific not lead to transient unreachability. As a consequence, no specific
g-shut action is required. g-shut action is required.
4.2.3. Router g-shut 4.2.3. Router g-shut
In the case of a shutdown of a router, a reconfiguration of the In the case of a shutdown of the whole router, in addition to the
outbound BGP route policies of the g-shut initiator SHOULD be g-shut of all EBGP sessions, there is a need to g-shut the routes
performed to set a low LOCAL_PREF value for the paths originated by originated by this router (e.g, BGP aggregates redistributed from
the g-shut initiator (e.g, BGP aggregates redistributed from other other protocols, including static routes). This can be performed by
protocols, including static routes). tagging such routes with the g-shut community.
This behavior is equivalent to the recommended behavior for paths
"redistributed" from eBGP sessions to iBGP sessions in the case of
the shutdown of an ASBR.
5. Forwarding modes and transient forwarding loops during convergence 5. Forwarding modes and transient forwarding loops during convergence
The g-shut procedure or the solutions improving the availability of The g-shut procedure or the solutions improving the availability of
alternate paths, do not change the fact that BGP convergence and the alternate paths, do not change the fact that BGP convergence and the
subsequent FIB updates are run independently on each router of the subsequent FIB updates are run independently on each router of the
ASes. If the AS applying the solution does not rely on encapsulation ASes. If the AS applying the solution does not rely on encapsulation
to forward packets from the Ingress Border Router to the Egress to forward packets from the Ingress Border Router to the Egress
Border Router, then transient forwarding loops and consequent packet Border Router, then transient forwarding loops and consequent packet
losses can occur during the convergence process. If zero LoC is losses can occur during the convergence process. If zero LoC is
required, encapsulation is required between ASBRs of the AS. required, encapsulation is required between ASBRs of the AS.
6. Link Up cases 6. Link Up cases
We identify two potential causes for transient packet losses upon an We identify two potential causes for transient packet losses upon an
eBGP link up event. The first one is local to the g-no-shut EBGP link up event. The first one is local to the g-no-shut
initiator, the second one is due to the BGP convergence following the initiator, the second one is due to the BGP convergence following the
injection of new best paths within the iBGP topology. injection of new best paths within the iBGP topology.
6.1. Unreachability local to the ASBR 6.1. Unreachability local to the ASBR
An ASBR that selects as best a path received over a newly brought up An ASBR that selects as best a path received over a newly brought up
eBGP session may transiently drop traffic. This can typically happen EBGP session may transiently drop traffic. This can typically happen
when the nexthop attribute differs from the IP address of the eBGP when the nexthop attribute differs from the IP address of the EBGP
peer, and the receiving ASBR has not yet resolved the MAC address peer, and the receiving ASBR has not yet resolved the MAC address
associated with the IP address of that "third party" nexthop. associated with the IP address of that "third party" nexthop.
A BGP speaker implementation could avoid such losses by ensuring that A BGP speaker implementation could avoid such losses by ensuring that
"third party" nexthops are resolved before installing paths using "third party" nexthops are resolved before installing paths using
these in the RIB. these in the RIB.
If the link up event corresponds to an eBGP session that is being If the link up event corresponds to an EBGP session that is being
manually brought up, over an already up multi-access link, then the manually brought up, over an already up multi-access link, then the
operator can ping third party nexthops that are expected to be used operator can ping third party nexthops that are expected to be used
before actually bringing the session up, or ping directed broadcast before actually bringing the session up, or ping directed broadcast
the subnet IP address of the link. By proceeding like this, the MAC the subnet IP address of the link. By proceeding like this, the MAC
addresses associated with these third party nexthops will be resolved addresses associated with these third party nexthops will be resolved
by the g-no-shut initiator. by the g-no-shut initiator.
6.2. iBGP convergence 6.2. iBGP convergence
Corner cases leading to LoC can occur during an eBGP link up event. Corner cases leading to LoC can occur during an EBGP link up event.
A typical example for such transient unreachability for a given A typical example for such transient unreachability for a given
prefix is the following: prefix is the following:
Let's consider 3 route reflectors RR1, RR2, RR3. There is a full Let's consider 3 route reflectors RR1, RR2, RR3. There is a full
mesh of iBGP session between them. mesh of iBGP session between them.
1. RR1 is initially advertising the current best path to the 1. RR1 is initially advertising the current best path to the
members of its iBGP RR full-mesh. It propagated that path within members of its iBGP RR full-mesh. It propagated that path within
its RR full-mesh. RR2 knows only that path toward the prefix. its RR full-mesh. RR2 knows only that path toward the prefix.
skipping to change at page 8, line 31 skipping to change at page 8, line 28
4. If, for any reason, RR3 processes the withdraw generated in 4. If, for any reason, RR3 processes the withdraw generated in
step 3, before processing the update generated in step 2, RR3 step 3, before processing the update generated in step 2, RR3
transiently suffers from unreachability for the affected prefix. transiently suffers from unreachability for the affected prefix.
The use of [I-D.ietf-idr-best-external] among the RR of the iBGP The use of [I-D.ietf-idr-best-external] among the RR of the iBGP
full-mesh can solve these corner cases by ensuring that within an AS, full-mesh can solve these corner cases by ensuring that within an AS,
the advertisement of a new route is not translated into the withdraw the advertisement of a new route is not translated into the withdraw
of a former route. of a former route.
Indeed, "best-external" ensures that an ASBR does not withdraw a Indeed, "best-external" ensures that an ASBR does not withdraw a
previously advertised (eBGP) path when it receives an additional, previously advertised (EBGP) path when it receives an additional,
preferred path over an iBGP session. Also, "best-intra-cluster" preferred path over an iBGP session. Also, "best-intra-cluster"
ensures that a RR does not withdraw a previously advertised (iBGP) ensures that a RR does not withdraw a previously advertised (iBGP)
path to its non clients (e.g. other RRs in a mesh of RR) when it path to its non clients (e.g. other RRs in a mesh of RR) when it
receives a new, preferred path over an iBGP session. receives a new, preferred path over an iBGP session.
7. IANA assigned g-shut BGP community 7. IANA Considerations
Applying the g-shut procedure is rendered much easier with the use of
a single g-shut BGP community value [RFC1997] which could be used on
all eBGP sessions, for both inbound and outbound signaling. The
community value 0xFFFF0000 has been assigned by IANA for this
purpose.
8. IANA Considerations
This document has no actions for IANA. The IANA has assigned the community value 0xFFFF0000 to the planned-
shut community in the "BGP Well-known Communities" registry. IANA is
requested to change the name planned-shut to g-shut and set this
document as the reference.
9. Security Considerations 8. Security Considerations
By providing the g-shut service to a neighboring AS, an ISP provides By providing the g-shut service to a neighboring AS, an ISP provides
means to this neighbor and possibly its downstream ASes to lower the means to this neighbor and possibly its downstream ASes to lower the
LOCAL_PREF value assigned to the paths received from this neighbor. LOCAL_PREF value assigned to the paths received from this neighbor.
The neighbor could abuse the technique and do inbound traffic The neighbor could abuse the technique and do inbound traffic
engineering by declaring some prefixes as undergoing a maintenance so engineering by declaring some prefixes as undergoing a maintenance so
as to switch traffic to another peering link. as to switch traffic to another peering link.
If this behavior is not tolerated by the ISP, it SHOULD monitor the If this behavior is not tolerated by the ISP, it SHOULD monitor the
use of the g-shut community by this neighbor. use of the g-shut community by this neighbor.
10. Acknowledgments 9. Acknowledgments
The authors wish to thank Olivier Bonaventure, Pradosh Mohapatra and The authors wish to thank Olivier Bonaventure, Pradosh Mohapatra and
Job Snijders for their useful comments on this work. Job Snijders for their useful comments on this work.
11. References 10. References
11.1. Normative References 10.1. Normative References
[RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities
Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996,
<http://www.rfc-editor.org/info/rfc1997>. <http://www.rfc-editor.org/info/rfc1997>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC6198] Decraene, B., Francois, P., Pelsser, C., Ahmad, Z., [RFC6198] Decraene, B., Francois, P., Pelsser, C., Ahmad, Z.,
Elizondo Armengol, A., and T. Takeda, "Requirements for Elizondo Armengol, A., and T. Takeda, "Requirements for
the Graceful Shutdown of BGP Sessions", RFC 6198, the Graceful Shutdown of BGP Sessions", RFC 6198,
DOI 10.17487/RFC6198, April 2011, DOI 10.17487/RFC6198, April 2011,
<http://www.rfc-editor.org/info/rfc6198>. <http://www.rfc-editor.org/info/rfc6198>.
11.2. Informative References 10.2. Informative References
[I-D.ietf-idr-best-external] [I-D.ietf-idr-best-external]
Marques, P., Fernando, R., Chen, E., Mohapatra, P., and H. Marques, P., Fernando, R., Chen, E., Mohapatra, P., and H.
Gredler, "Advertisement of the best external route in Gredler, "Advertisement of the best external route in
BGP", draft-ietf-idr-best-external-05 (work in progress), BGP", draft-ietf-idr-best-external-05 (work in progress),
January 2012. January 2012.
[I-D.ietf-idr-shutdown]
Snijders, J., Heitz, J., and J. Scudder, "BGP
Administrative Shutdown Communication", draft-ietf-idr-
shutdown-10 (work in progress), June 2017.
[RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder, [RFC7911] Walton, D., Retana, A., Chen, E., and J. Scudder,
"Advertisement of Multiple Paths in BGP", RFC 7911, "Advertisement of Multiple Paths in BGP", RFC 7911,
DOI 10.17487/RFC7911, July 2016, DOI 10.17487/RFC7911, July 2016,
<http://www.rfc-editor.org/info/rfc7911>. <http://www.rfc-editor.org/info/rfc7911>.
Appendix A. Alternative techniques with limited applicability Appendix A. Alternative techniques with limited applicability
A few alternative techniques have been considered to provide g-shut A few alternative techniques have been considered to provide g-shut
capabilities but have been rejected due to their limited capabilities but have been rejected due to their limited
applicability. This section describe them for possible reference. applicability. This section describe them for possible reference.
 End of changes. 37 change blocks. 
72 lines changed or deleted 70 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/