| draft-ietf-grow-wkc-behavior-04.txt | draft-ietf-grow-wkc-behavior-05.txt | |||
|---|---|---|---|---|
| Network Working Group J. Borkenhagen | Network Working Group J. Borkenhagen | |||
| Internet-Draft AT&T | Internet-Draft AT&T | |||
| Intended status: Best Current Practice R. Bush | Updates: 1997 (if approved) R. Bush | |||
| Expires: November 17, 2019 Internet Initiative Japan | Intended status: Standards Track Internet Initiative Japan | |||
| R. Bonica | Expires: December 1, 2019 R. Bonica | |||
| Juniper Networks | Juniper Networks | |||
| S. Bayraktar | S. Bayraktar | |||
| Cisco Systems | Cisco Systems | |||
| May 16, 2019 | May 30, 2019 | |||
| Well-Known Community Policy Behavior | Well-Known Community Policy Behavior | |||
| draft-ietf-grow-wkc-behavior-04 | draft-ietf-grow-wkc-behavior-05 | |||
| Abstract | Abstract | |||
| Popular BGP implementations manipulate Well-known Communities | Well-Known BGP Communities are manipulated differently across various | |||
| differently from one another. This results in difficulties for | current implementations; resulting in difficulties for operators. | |||
| operators. Network operators are encouraged to deploy consistent | Network operators should deploy consistent community handling across | |||
| community handling across their networks, taking the inconsistent | their networks while taking the inconsistent behaviors from the | |||
| behaviors from the various BGP implementations they operate into | various BGP implementations into consideration.. This document | |||
| consideration. This document recommends specific action items to | recommends specific actions to limit future inconsistency, namely BGP | |||
| limit future inconsistency, namely BGP implementors are expected to | implementors must not create further inconsistencies from this point | |||
| not create any further inconsistencies from this point forward. | forward. | |||
| Requirements Language | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to | ||||
| be interpreted as described in RFC 2119 [RFC2119] only when they | ||||
| appear in all upper case. They may also appear in lower or mixed | ||||
| case as English words, without normative meaning. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 1, 2019. | ||||
| This Internet-Draft will expire on November 17, 2019. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 | 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 | |||
| 3. Manipulation of Communities by Policy . . . . . . . . . . . . 3 | 3. Community Manipulation Policy Differences . . . . . . . . . . 3 | |||
| 4. Community Manipulation Policy Differences . . . . . . . . . . 3 | 4. Documentation of Vendor Implementations . . . . . . . . . . . 3 | |||
| 5. Documentation of Vendor Implementations . . . . . . . . . . . 4 | 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 | |||
| 5.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 5 | 5. Note for Those Writing RFCs for New Community-Like Attributes 5 | |||
| 6. Note for Those Writing RFCs for New Community-Like Attributes 5 | 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 | 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 6 | ||||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 6 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 1. Introduction | 1. Introduction | |||
| The BGP Communities Attribute was specified in [RFC1997] which | The BGP Communities Attribute was specified in [RFC1997] which | |||
| introduced the concept of Well-Known Communities. In hindsight, | introduced the concept of Well-Known Communities. In hindsight, | |||
| [RFC1997] did not prescribe as fully as it should have how Well-Known | [RFC1997] did not prescribe as fully as it should have how Well-Known | |||
| Communities may be manipulated by policies applied by operators. | Communities may be manipulated by policies applied by operators. | |||
| Currently, implementations differ in this regard, and these | Currently, implementations differ in this regard, and these | |||
| differences can result in inconsistent behaviors that operators find | differences can result in inconsistent behaviors that operators find | |||
| difficult to identify and resolve. | difficult to identify and resolve. | |||
| This document describes the current behavioral differences in order | This document describes the current behavioral differences in order | |||
| to assist operators in generating consistent community-manipulation | to assist operators in generating consistent community-manipulation | |||
| policies in a multi-vendor environment, and to prevent the | policies in a multi-vendor environment, and to prevent the | |||
| introduction of additional divergence in implementations. | introduction of additional divergence in implementations. | |||
| This document recommends specific action items to limit future | This document recommends specific actions to limit future | |||
| inconsistency. | inconsistency, namely BGP implementors MUST NOT create further | |||
| inconsistencies from this point forward. | ||||
| 2. Requirements Language | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | ||||
| "OPTIONAL" in this document are to be interpreted as described in BCP | ||||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | ||||
| capitals, as shown here. | ||||
| 3. Manipulation of Communities by Policy | 2. Manipulation of Communities by Policy | |||
| [RFC1997] says: | [RFC1997] says: | |||
| "A BGP speaker receiving a route with the COMMUNITIES path attribute | "A BGP speaker receiving a route with the COMMUNITIES path attribute | |||
| may modify this attribute according to the local policy." | may modify this attribute according to the local policy." | |||
| One basic operational need is to add or remove one or more | One basic operational need is to add or remove one or more | |||
| communities to the received set. The focus of this document is | communities to the set. The focus of this document is another common | |||
| another common operational need, to replace all communities with a | operational need, to replace all communities with a new set. To | |||
| new set. To simplify this second case, most BGP policy | simplify this second case, most BGP policy implementations provide | |||
| implementations provide syntax to "set" community that operators use | syntax to "set" community that operators use to mean "remove any/all | |||
| to mean "remove any/all communities present on the route, and apply | communities present on the route, and apply this set of communities | |||
| this set of communities instead." | instead." | |||
| Some operators prefer to write explicit policy to delete unwanted | Some operators prefer to write explicit policy to delete unwanted | |||
| communities rather than using "set;" i.e. using a "delete community | communities rather than using "set;" i.e. using a "delete community | |||
| *:*" and then "add community x:y ..." configuration statements in an | *:*" and then "add community x:y ..." configuration statements in an | |||
| attempt to replace all received communities. The same community | attempt to replace all communities. The same community manipulation | |||
| manipulation policy differences described in the following section | policy differences described in the following section exist in both | |||
| exist in both "set" and "delete community *:*" syntax. For | "set" and "delete community *:*" syntax. For simplicity, the | |||
| simplicity, the remainder of this document refers only to the "set" | remainder of this document refers only to the "set" behaviors, which | |||
| behaviors, which we refer to collectively as each implementation's | we refer to collectively as each implementation's '"set" directive.' | |||
| '"set" directive.' | ||||
| 4. Community Manipulation Policy Differences | 3. Community Manipulation Policy Differences | |||
| Vendor implementations differ in the treatment of certain Well-Known | Vendor implementations differ in the treatment of certain Well-Known | |||
| communities when modified using the syntax to "set" the community. | communities when modified using the syntax to "set" the community. | |||
| Some replace all communities including the Well-Known ones with the | Some replace all communities including the Well-Known ones with the | |||
| new set, while others replace all non-Well-Known Communities but do | new set, while others replace all non-Well-Known Communities but do | |||
| not modify any Well-Known Communities that are present. | not modify any Well-Known Communities that are present. | |||
| These differences result in what would appear to be identical policy | These differences result in what would appear to be identical policy | |||
| configurations having very different results on different platforms. | configurations having very different results on different platforms. | |||
| 5. Documentation of Vendor Implementations | 4. Documentation of Vendor Implementations | |||
| In this section we document the syntax and observed behavior of the | In this section we document the syntax and observed behavior of the | |||
| "set" directive in several popular BGP implementations. | "set" directive in several popular BGP implementations to illustrate | |||
| the severity of the problem operators face. | ||||
| In Juniper Networks' Junos OS, "community set" removes all received | In Juniper Networks' Junos OS, "community set" removes all | |||
| communities, Well-Known or otherwise. | communities, Well-Known or otherwise. | |||
| In Cisco Systems' IOS XR, "set community" removes all received | In Cisco IOS XR, "set community" removes all communities except for | |||
| communities except for the following: | the following: | |||
| +-------------+-----------------------------------+ | +-------------+-----------------------------------+ | |||
| | Numeric | Common Name | | | Numeric | Common Name | | |||
| +-------------+-----------------------------------+ | +-------------+-----------------------------------+ | |||
| | 0:0 | internet | | | 0:0 | internet | | |||
| | 65535:0 | graceful-shutdown | | | 65535:0 | graceful-shutdown | | |||
| | 65535:1 | accept-own rfc7611 | | | 65535:1 | accept-own rfc7611 | | |||
| | 65535:65281 | NO_EXPORT | | | 65535:65281 | NO_EXPORT | | |||
| | 65535:65282 | NO_ADVERTISE | | | 65535:65282 | NO_ADVERTISE | | |||
| | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | | | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | | |||
| +-------------+-----------------------------------+ | +-------------+-----------------------------------+ | |||
| Communities not removed by Cisco IOS XR | Communities not removed by Cisco IOS XR | |||
| Table 1 | Table 1 | |||
| IOS XR does allow Well-Known communities to be removed by explicitly | Cisco IOS XR does allow Well-Known communities to be removed only by | |||
| enumerating each one, not in the aggregate; for example, "delete | explicitly enumerating one at a time, not in the aggregate; for | |||
| community accept-own". Operators are advised to consult IOS XR | example, "delete community accept-own". Operators are advised to | |||
| documentation and/or Cisco Systems support for full details. | consult Cisco IOS XR documentation and/or Cisco support for full | |||
| details. | ||||
| On Extreme networks' Brocade NetIron: "set community X" removes all | On Extreme networks' Brocade NetIron: "set community X" removes all | |||
| received communities and sets X. | communities and sets X. | |||
| In Huawei's VRP product, "community set" removes all received | In Huawei's VRP product, "community set" removes all communities, | |||
| communities, well-Known or otherwise. | Well-Known or otherwise. | |||
| In OpenBSD's OpenBGPD, "set community" does not remove any | In OpenBGPD, "set community" does not remove any communities, Well- | |||
| communities, Well-Known or otherwise. | Known or otherwise. | |||
| Nokia's SR OS has several directives that operate on communities. | Nokia's SR OS has several directives that operate on communities. | |||
| Its "set" directive is called using the "replace" keyword, replacing | Its "set" directive is called using the "replace" keyword, replacing | |||
| all received communities, Well-Known or otherwise, with the specified | all communities, Well-Known or otherwise, with the specified | |||
| communities. | communities. | |||
| 5.1. Note on an Inconsistency | 4.1. Note on an Inconsistency | |||
| In IOS XR, "set community" will not overwrite some well-known | The IANA publishes a list of Well-Known Communities [IANA-WKC]. | |||
| communities. However, it will overwrite other well-known | ||||
| communities. Conversely, In IOS XR, "set community" will not | Cisco IOS XR's set of Well-Known communities that "set community" | |||
| overwrite some communities that are not well-known (e.g., (internet | will not overwrite diverges from the IANA's list of Well-Known | |||
| == 0:0). | communities. Quite a few Well-Known communities from IANA's list do | |||
| not receive special treatment in Cisco IOS XR, and at least one | ||||
| specific community on Cisco IOS XR's special treatment list (internet | ||||
| == 0:0) is not really on IANA's list -- it's taken from the | ||||
| "Reserved" range [0x00000000-0x0000FFFF]. | ||||
| This merely notes an inconsistency. It is not a plea to 'protect' | This merely notes an inconsistency. It is not a plea to 'protect' | |||
| the entire IANA list from "set community." | the entire IANA list from "set community." | |||
| 6. Note for Those Writing RFCs for New Community-Like Attributes | 5. Note for Those Writing RFCs for New Community-Like Attributes | |||
| When establishing new [RFC1997]-like attributes (large communities, | > When establishing new [RFC1997]-like attributes (large communities, | |||
| wide communities, etc.), RFC authors should state how the new | wide communities, etc.), RFC authors should state explicitly how the | |||
| community attribute is to be handled. | > new attribute is to be handled. | |||
| 7. Action Items | 6. Action Items | |||
| Network operators are encouraged to limit their use of the "set" | Network operators are encouraged to limit their use of the "set" | |||
| directive (within reason), to improve the readability of their | directive (within reason), to improve consistency across platforms. | |||
| configurations and hopefully to achieve behavioral consistency across | ||||
| platforms. | ||||
| Unfortunately, it would be operationally disruptive for vendors to | Unfortunately, it would be operationally disruptive for vendors to | |||
| change their current implementations. | change their current implementations. | |||
| Vendors SHOULD clearly document the behavior of "set" directive in | Vendors SHOULD clearly document the behavior of "set" directive in | |||
| their implementations. | their implementations. | |||
| Vendors MUST ensure that their implementations' "set" directive | Vendors MUST ensure that their implementations' "set" directive | |||
| treatment of any specific community does not change if/when that | treatment of any specific community does not change if/when that | |||
| community becomes a new Well-Known Community through future | community becomes a new Well-Known Community through future | |||
| skipping to change at page 6, line 5 ¶ | skipping to change at page 5, line 42 ¶ | |||
| implementations where the "set" directive removes no communities, | implementations where the "set" directive removes no communities, | |||
| that behavior MUST continue. | that behavior MUST continue. | |||
| Given the implementation inconsistencies described in this document, | Given the implementation inconsistencies described in this document, | |||
| network operators are urged never to rely on any implicit | network operators are urged never to rely on any implicit | |||
| understanding of a neighbor ASN's BGP community handling. I.e., | understanding of a neighbor ASN's BGP community handling. I.e., | |||
| before announcing prefixes with NO_EXPORT or any other community to a | before announcing prefixes with NO_EXPORT or any other community to a | |||
| neighbor ASN, the operator should confirm with that neighbor how the | neighbor ASN, the operator should confirm with that neighbor how the | |||
| community will be treated. | community will be treated. | |||
| 8. Security Considerations | 7. Security Considerations | |||
| Surprising defaults and/or undocumented behaviors are not good for | Surprising defaults and/or undocumented behaviors are not good for | |||
| security. This document attempts to remedy that. | security. This document attempts to remedy that. | |||
| Also see Appendix A of [RFC5706]. | 8. IANA Considerations | |||
| 9. IANA Considerations | ||||
| This document has no IANA Considerations. | This document has no IANA Considerations; though the IANA may wish to | |||
| refer to this document, if/when published, in [IANA-WKC]. | ||||
| 10. Acknowledgments | 9. Acknowledgments | |||
| The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, | The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, | |||
| Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob | Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob | |||
| Heitz. | Heitz. | |||
| 11. References | 10. Normative References | |||
| 11.1. Normative References | [IANA-WKC] | |||
| IANA, "Border Gateway Protocol (BGP) Well-Known | ||||
| Communities", <https://www.iana.org/assignments/ | ||||
| bgp-well-known-communities>. | ||||
| [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities | |||
| Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, | |||
| <https://www.rfc-editor.org/info/rfc1997>. | <http://www.rfc-editor.org/info/rfc1997>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| 11.2. Informative References | ||||
| [RFC5706] Harrington, D., "Guidelines for Considering Operations and | ||||
| Management of New Protocols and Protocol Extensions", | ||||
| RFC 5706, DOI 10.17487/RFC5706, November 2009, | ||||
| <https://www.rfc-editor.org/info/rfc5706>. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Jay Borkenhagen | Jay Borkenhagen | |||
| AT&T | AT&T | |||
| 200 Laurel Avenue South | 200 Laurel Avenue South | |||
| Middletown, NJ 07748 | Middletown, NJ 07748 | |||
| United States of America | United States of America | |||
| Email: jayb@att.com | Email: jayb@att.com | |||
| Randy Bush | Randy Bush | |||
| Internet Initiative Japan | Internet Initiative Japan | |||
| End of changes. 35 change blocks. | ||||
| 102 lines changed or deleted | 94 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||