randy/draft-wkc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
draft-wkc/draft-ietf-grow-wkc-behavior.xml

299 lines
10 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc comments="yes"?>
<?rfc compact="yes"?>
<?rfc inline="yes"?>
<?rfc sortrefs="yes"?>
<?rfc subcompact="no"?>
<?rfc symrefs="yes"?>
<?rfc toc="yes"?>
<?rfc tocdepth="3"?>
<?rfc tocindent="yes"?>
<?rfc tocompact="yes"?>
<rfc category="std" docName="draft-ietf-grow-wkc-behavior-03" ipr="trust200902">
<front>
<title>Well-Known Community Policy Behavior</title>
<author fullname="Jay Borkenhagen" initials="J." surname="Borkenhagen">
<organization>AT&amp;T</organization>
<address>
<postal>
<street>200 Laurel Avenue South</street>
<city>Middletown</city>
<region>NJ</region>
<code>07748</code>
<country>United States of America</country>
</postal>
<email>jayb@att.com</email>
</address>
</author>
<author fullname="Randy Bush" initials="R." surname="Bush">
<organization>Internet Initiative Japan</organization>
<address>
<postal>
<street>5147 Crystal Springs</street>
<city>Bainbridge Island</city>
<region>WA</region>
<code>98110</code>
<country>United States of America</country>
</postal>
<email>randy@psg.com</email>
</address>
</author>
<author fullname="Ron Bonica" initials="R." surname="Bonica">
<organization>Juniper Networks</organization>
<address>
<postal>
<street>2251 Corporate Park Drive</street>
<city>Herndon</city>
<region>VA</region>
<code>20171</code>
<country>US</country>
</postal>
<email>rbonica@juniper.net</email>
</address>
</author>
<author fullname="Serpil Bayraktar" initials="S." surname="Bayraktar">
<organization>Cisco Systems</organization>
<address>
<postal>
<street>170 W. Tasman Drive</street>
<city>San Jose</city>
<region>CA</region>
<code>95134</code>
<country>United States of America</country>
</postal>
<email>serpil@cisco.com</email>
</address>
</author>
<date />
<abstract>
<t>Well-Known BGP Communities are manipulated inconsistently by
current implementations. This results in difficulties for
operators. Network operators are encouraged to deploy consistent
community handling across their networks, taking the inconsistent
behaviors from the various BGP implementations they operate into
consideration. Also, BGP implementors are expected to not create
any further inconsistencies from this point forward.</t>
</abstract>
<note title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
are to be interpreted as described in <xref target="RFC2119">RFC
2119</xref> only when they appear in all upper case. They may
also appear in lower or mixed case as English words, without
normative meaning.</t>
</note>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>The BGP Communities Attribute was specified in <xref
target="RFC1997"/> which introduced the concept of Well-Known
Communities. In hindsight, <xref target="RFC1997"/> did not
prescribe as fully as it should have how Well-Known Communities may
be manipulated by policies applied by operators. Currently,
implementations differ in this regard, and these differences can
result in inconsistent behaviors that operators find difficult to
identify and resolve.</t>
<t>This document describes the current behavioral differences in
order to assist operators in generating consistent
community-manipulation policies in a multi-vendor environment, and
to prevent the introduction of additional divergence in
implementations.</t>
</section>
<section anchor="manip" title="Manipulation of Communities by Policy">
<t><xref target="RFC1997"/> says:</t>
<t>"A BGP speaker receiving a route with the COMMUNITIES path
attribute may modify this attribute according to the local
policy."</t>
<t>A basic operational need is to add or remove one or more
communities to the received set. Another common need is to replace
all received communities with a new set. To simplify the second
case, most BGP policy implementations provide syntax to "set"
community that operators use to mean "remove any/all communities
present on the update received from the neighbor, and apply this set
of communities instead."</t>
<t>Some operators prefer to write explicit policy to delete unwanted
communities rather than using "set;" i.e. using a "delete community
*:*" and then "add community x:y ..." configuration statements in an
attempt to replace all received communities. The same community
manipulation policy differences described in the following section
exist in both "set" and "delete community *:*" syntax. For
simplicity, the remainder of this document refers only to the "set"
behaviors.</t>
</section>
<section anchor="diffs" title="Community Manipulation Policy Differences">
<t>Vendor implementations differ in the treatment of certain
Well-Known communities when modified using the syntax to "set" the
community. Some replace all communities including the Well-Known
ones with the new set, while others replace all non-Well-Known
Communities but do not modify any Well-Known Communities that are
present.</t>
<t>These differences result in what would appear to be identical
policy configurations having very different results on different
platforms.</t>
</section>
<section anchor="impls" title="Documentation of Vendor Implementations">
<t>In this section we document the syntax and observed behavior of
the "set" directive in several popular BGP implementations.</t>
<t>In Juniper Networks' JunOS, "community set" removes all received
communities, Well-Known or otherwise.</t>
<t>In Cisco Systems' IOS-XR, "set community" removes all received
communities except for the following:</t>
<texttable anchor="cisco">
<preamble></preamble>
<ttcol align="left">Numeric</ttcol>
<ttcol align="left">Common Name</ttcol>
<c>0:0</c> <c>internet</c>
<c>65535:0</c> <c>graceful-shutdown</c>
<c>65535:1</c> <c>accept-own rfc7611</c>
<c>65535:65281</c> <c>NO_EXPORT</c>
<c>65535:65282</c> <c>NO_ADVERTISE</c>
<c>65535:65283</c> <c>NO_EXPORT_SUBCONFED (or local-AS)</c>
<postamble>Communities not removed by Cisco IOS/XR</postamble>
</texttable>
<t>IOS-XR does allow Well-Known communities to be removed one at a
time by explicit policy; for example, "delete community accept-own".
Operators are advised to consult IOS-XR documentation and/or Cisco
Systems support for full details.</t>
<t>On Brocade NetIron: "set community X" removes all communities and
sets X.</t>
<t>In Huawei's VRP product, "community set" removes all received
communities, well-Known or otherwise.</t>
<t>In OpenBSD's OpenBGPD, "set community" does not remove any
communities, Well-Known or otherwise.</t>
<section anchor="ianalist" title="Note on an Inconsistency">
<t>The IANA publishes a list of Well-Known Communities <xref
target="IANA-WKS"/>.</t>
<t>IOS-XR's set of well-known communities that "set community"
will not overwrite diverges from IANA's list. Quite a few
well-known communities from IANA's list do not receive special
treatment in IOS-XR, and at least one specific community on
IOS-XR's special treatment list (internet == 0:0) is not really
on IANA's list -- it's taken from the "Reserved" range
[0x00000000-0x0000FFFF].</t>
<t>This merely notes an inconsistency. It is not a plea to
'protect' the entire IANA list from "set community."</t>
</section>
</section>
<section anchor="note" title="Note for Those Writing RFCs for New
Community-Like Attributes">
<t>Care should be taken when establishing new <xref
target="RFC1997"/>-like attributes (large communities, wide
communities, etc) to avoid repeating this mistake.</t>
</section>
<section anchor="actions" title="Action Items">
<t>Unfortunately, it would be operationally disruptive for vendors
to change their current implementations.</t>
<t>Vendors SHOULD clearly document the behavior of "set" directive
in their implementations.</t>
<t>Vendors MUST ensure that any Well-Known Communities specified
after this document's publication are removed by their "set"
directive.</t>
<t>Given the implementation inconsistencies described in this
document, network operators are urged never to rely on any implicit
understanding of a neighbor ASN's bgp community handling. I.e.,
before announcing prefixes with NO_EXPORT or any other community to
a neighbor ASN, the operator should confirm with that neighbor how
the community will be treated.</t>
<t>Network operators are encouraged to limit their use of the "set"
directive (within reason), to improve the readability of their
configurations and hopefully to achieve behavioral consistency
across platforms.</t>
</section>
<section anchor="security" title="Security Considerations">
<t>Surprising defaults and/or undocumented behaviors are not good
for security. This document attempts to remedy that.</t>
</section>
<section anchor="iana" title="IANA Considerations">
<t>This document has no IANA Considerations other than to be aware
that any future Well-Known Communities will be subject to the policy
treatment described here.</t>
</section>
<section anchor="acks" title="Acknowledgements">
<t>The authors thank Martijn Schmidt, Qin Wu for the Huawei data
point, Job Snijders, David Farmer,John Heasley, and Jakob Heitz.</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include="reference.RFC.2119"?>
<?rfc include="reference.RFC.1997"?>
<reference anchor="IANA-WKS" target="https://www.iana.org/assignments/bgp-well-known-communities/bgp-well-known-communities.xhtml">
<front>
<title>IANA Well-Known Comunities</title>
<author/>
<date/>
</front>
</reference>
</references>
</back>
</rfc>
Reference in a new issue View git blame Copy permalink