idnits 2.17.00 (12 Aug 2021) /tmp/idnits13413/draft-dickson-idr-last-resort-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 14. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 329. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 340. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 347. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 353. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == Line 260 has weird spacing: '...|backup for 1...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 21, 2008) is 5021 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '2' is defined on line 195, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 198, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 201, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4264 (ref. '1') ** Obsolete normative reference: RFC 4020 (ref. '4') (Obsoleted by RFC 7120) Summary: 4 errors (**), 0 flaws (~~), 7 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 idr B. Dickson 3 Internet-Draft Afilias Canada, Inc 4 Expires: February 22, 2009 August 21, 2008 6 A New BGP Standards Action Community, LAST_RESORT 7 draft-dickson-idr-last-resort-05 9 Status of this Memo 11 By submitting this Internet-Draft, each author represents that any 12 applicable patent or other IPR claims of which he or she is aware 13 have been or will be disclosed, and any of which he or she becomes 14 aware will be disclosed, in accordance with Section 6 of BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on February 22, 2009. 34 Copyright Notice 36 Copyright (C) The IETF Trust (2008). 38 Abstract 40 This Internet Draft describes a new Standards Action BGP community, 41 LAST_RESORT. 43 This community provides a simple and easily deployable solution to a 44 certain class of BGP "wedgies". 46 Initial deployment is expected to be achieved by voluntary use in the 47 network operator community-at-large. 49 Long-term adoption via software enforcement of the community, will 50 improve global behavior, and simplify router configurations. 52 The Standards Action range of communities (previously limited to the 53 "well-known" communities) ensures that the expectation of (eventual) 54 router support is reasonable. 56 Author's Note 58 This Internet Draft is intended to result in this draft or a related 59 draft(s) being placed on the Standards Track for idr. 61 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 62 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 63 document are to be interpreted as described in [5]. 65 Intended Status: Proposed Standard. 67 1. Background 69 Even when all the best current practises are observed, operational 70 problems may be experienced when running a BGP network. 72 One particularly thorny problem is BGP "wedgies" [1]. 74 While not often articulated, the common problem is the use of local 75 policy settings within (and in particular, at) AS boundaries, which 76 often override the original intent of "backup" BGP announcements. 78 It is somewhat ironic that such local policies are often achieved by 79 use of BGP Communities, and that the lack of a common community, is 80 one source of the problem. 82 1.1. The Local Policy Problem 84 The BGP "wedgie" problem occurs when a number of mechanisms in path 85 selection interact across multiple routers, where the resulting state 86 is stable, but is not deterministic, but rather is the result of a 87 race. 89 Generally speaking, the "wedgie" problem is induced by the 90 application of non-default values to prefixes, by way of local policy 91 setting, such as modification of AS-path, setting of Multi-Exit 92 Discriminators (MEDs), local preference setting, or similar 93 mechanisms. 95 One particular class of "wedgies" is the result of the lack of an 96 explicit global mechanism for expressing de-preferring announcements 97 via "back-up" providers. In essence, the applied local policies that 98 interfere with such "back-up" announcements could be described as 99 "not well informed". 101 2. Proposed Change: A New BGP Standards Action Community 103 To solve this particular class of problem, a new BGP Stardards Action 104 Community, LAST_RESORT, is proposed. This is a standard, not an 105 extended, community. This is a new value to be assigned by IANA. In 106 particular, if this instant Draft is adopted as a WG Draft, an RFC 107 4020 Early Assignment is requested. 109 3. Changes to BGP Behavior 111 A BGP speaker receiving a prefix from an EBGP neighbor with 112 LAST_RESORT MUST assign the lowest-possible preference value of 113 LOCAL_PREFERENCE. This LOCAL_PREFERENCE MUST be assigned AFTER the 114 application of local policy mechanisms, and MUST NOT be able to be 115 over-ridden without first removing the LAST_RESORT community from the 116 prefix. A BGP speaker receiving a prefix from an IBGP neighbor with 117 LAST_RESORT MUST ignore the LAST_RESORT community. 119 The distinction between EBGP and IBGP ensures backwards 120 compatibility, particularly when a heterogeneous set of routers in an 121 AS doing IBGP exists. 123 The restriction preventing overriding LAST_RESORT ensures that local 124 policy mechanisms do not interfere with LAST_RESORT. This also 125 facilitates ease in deployment, as most router configurations would 126 not require modification. 128 Note Well, that this order of evaluation, with local policy before 129 LAST_RESORT, means that the only way to apply local policy to routes 130 with LAST_RESORT, is to strip LAST_RESORT on ingress, then apply 131 local policy, then set LAST_RESORT again on egress. 133 This restriction is by design, so that AS-wide policy remains 134 consistent even in a heterogenous environment of routers that may or 135 may not understand LAST_RESORT. 137 4. LAST_RESORT - Basic Method 139 The main reason for establishing the LAST_RESORT Community is to 140 permit the global implementation of "backup only" announcements, 141 whose purpose and intent are clear and unambiguous. It is not to 142 facilitate change of policies, or to circumvent local policies. 143 Rather, it is to make possible the implementation of policies where 144 those have been negotiated by two or more parties. 146 Currently, there are several documented scenarios in the "Wedgies" 147 RFC [1] where the mutually desired policy is either unable to be 148 implemented, or does not deterministically reach the desired state. 150 Application of the LAST_RESORT Community on announcements sent to a 151 backup provider, permits these problem classes to be resolved. 153 The same prefix is announced to both the primary and backup provider. 154 When announced to the primary provider, the LAST_RESORT Community is 155 NOT set. When announced to the backup provider, the LAST_RESORT 156 Community IS set. 158 The propagation of the LAST_RESORT instance will be limited by the 159 availability of paths, and inhibited by the existence of paths which 160 do not have LAST_RESORT applied to them. 162 In Figure 1 (of Appendix A), the LAST_RESORT instance will be seen by 163 the backup provider, and be passed with LAST_RESORT to the backup 164 provider's transit provider. The latter will prefer any other 165 instance without LAST_RESORT, even if it has policy for applying a 166 LOCAL_PREFERENCE to the received prefix instances. Should the other 167 instance be withdrawn, the LAST_RESORT will be selected and 168 subsequently propagated. 170 5. Security Considerations 172 No additional security considerations beyond those already present in 173 BGP are introduced. 175 6. IANA Considerations 177 IANA will need to assign a new code point from BGP Standards Action 178 Communities for LAST_RESORT. 180 7. Acknowledgements 182 The author wishes to acknowledge the helpful guidance of Joe Abley 183 and Tony Li. The author also wishes to acknowledge the assistance 184 and suggestions of Joel M. Halpern in simplifying the original 185 "Backup-only" concept to that of a BGP community, and of Olivier 186 Bonaventure in clarifying the LOCAL_PREFERENCE mechanisms. 188 8. References 190 8.1. Normative References 192 [1] Griffin, T. and G. Huston, "BGP Wedgies", RFC 4264, 193 November 2005. 195 [2] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway Protocol 4 196 (BGP-4)", RFC 4271, January 2006. 198 [3] Chandrasekeran, R., Traina, P., and T. Li, "BGP Communities 199 Attribute", RFC 1997, August 1996. 201 [4] Kompella, K. and A. Zinin, "Early IANA Allocation of Standards 202 Track Code Points", BCP 100, RFC 4020, February 2005. 204 8.2. Informative References 206 [5] Bradner, S., "Key words for use in RFCs to Indicate Requirement 207 Levels", BCP 14, RFC 2119, March 1997. 209 Appendix A. BGP Wedgie Examples 211 The following examples from RFC 4264 [1] show the effects of the 212 proposed changes, in resolving "wedgie" issues. 214 +----+ +----+ 215 |AS 3|----------------|AS 4| 216 +----+ peer peer +----+ 217 |provider |provider 218 | | 219 |customer | 220 +----+ | 221 |AS 2| | 222 +----+ | 223 |provider | 224 | | 225 |customer |customer 226 +-------+ +----------+ 227 backup| |primary 228 +----+ 229 |AS 1| 230 +----+ 231 Figure 1 233 In Figure 1 above, the announcement via the backup link is sent with 234 LAST_RESORT. 235 o AS 4 sends AS_PATH "4 1" to AS 3. 236 o AS 2 receives the LAST_RESORT path from AS 1, and sends AS_PATH "2 237 1" to AS 3, also with LAST_RESORT. 238 o AS 3 and AS 4 exchange their respective "best" paths. 239 o AS 3 prefers the path "4 1" over "2 1" because "2 1" is 240 LAST_RESORT. 241 o AS 3 sends a withdrawal of the LAST_RESORT path to AS 4. 242 o AS 3 sends its "best", AS_PATH "3 4 1" to AS 2. 243 This state will be reached regardless of sequence of disconnects and 244 reconnects. 246 +----+ +----+ 247 |AS 3|----------------|AS 4| 248 +----+ peer peer +----+ 249 |provider |provider 250 | | 251 |customer |customer 252 +----+ +----+ 253 |AS 2| |AS 5| 254 +----+ +----+ 255 |provider |provider 256 | | 257 |customer |customer 258 +-------+ +----------+ 259 backup| |primary for 192.9.200.0/25 260 primary| |backup for 192.9.200.128/25 261 +----+ 262 |AS 1| 263 +----+ 265 Figure 2 267 In Figure 2 above, the announcements via the backup links will work 268 the same as in Example 1. 270 +----+ +----+ 271 |AS 3|----------------|AS 4| 272 +----+ peer peer +----+ 273 ||provider |providerS 274 |+-----------+ | 275 |customer |customer | 276 +----+ +----+ | 277 |AS 2|-------|AS 5| | 278 +----+ peer +----+ | 279 |provider |provider | 280 | | | 281 |customer +-+customer |customer 282 +-------+ |+----------+ 283 backup| ||primary 284 +----+ 285 |AS 1| 286 +----+ 288 Figure 3 290 In Figure 3 above, the announcements via both backup links will 291 result in: 292 o AS 2 selecting its best path via "3 4 1" (the only path it hears 293 from AS 3) 294 o AS 2 hearing one of two paths from AS 5: 295 * "5 3 4 1" 296 * LAST_RESORT with path "5 1" 297 o AS 2 hearing a LAST_RESORT directly from AS 1 298 Any announcement that AS 3 hears from AS 2 will always be marked 299 LAST_RESORT. (The same will be true of AS 5.) Thus, any combination 300 of break/restore on any links in any order, will always result in the 301 desired state being reached. 303 Author's Address 305 Brian Dickson 306 Afilias Canada, Inc 307 4141 Yonge St, 308 Suite 204 309 North York, ON M2P 2A8 310 Canada 312 Email: brian.peter.dickson@gmail.com 313 URI: www.afilias.info 315 Full Copyright Statement 317 Copyright (C) The IETF Trust (2008). 319 This document is subject to the rights, licenses and restrictions 320 contained in BCP 78, and except as set forth therein, the authors 321 retain all their rights. 323 This document and the information contained herein are provided on an 324 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 325 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 326 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 327 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 328 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 329 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 331 Intellectual Property 333 The IETF takes no position regarding the validity or scope of any 334 Intellectual Property Rights or other rights that might be claimed to 335 pertain to the implementation or use of the technology described in 336 this document or the extent to which any license under such rights 337 might or might not be available; nor does it represent that it has 338 made any independent effort to identify any such rights. Information 339 on the procedures with respect to rights in RFC documents can be 340 found in BCP 78 and BCP 79. 342 Copies of IPR disclosures made to the IETF Secretariat and any 343 assurances of licenses to be made available, or the result of an 344 attempt made to obtain a general license or permission for the use of 345 such proprietary rights by implementers or users of this 346 specification can be obtained from the IETF on-line IPR repository at 347 http://www.ietf.org/ipr. 349 The IETF invites any interested party to bring to its attention any 350 copyrights, patents or patent applications, or other proprietary 351 rights that may cover technology that may be required to implement 352 this standard. Please address the information to the IETF at 353 ietf-ipr@ietf.org. 355 Acknowledgment 357 Funding for the RFC Editor function is provided by the IETF 358 Administrative Support Activity (IASA).