idnits 2.17.1 draft-ietf-grow-wkc-behavior-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (July 18, 2018) is 2106 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: '0x00000000-0x0000FFFF' is mentioned on line 174, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'IANA-WKS' Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Borkenhagen 3 Internet-Draft AT&T 4 Intended status: Standards Track R. Bush 5 Expires: January 19, 2019 Internet Initiative Japan 6 R. Bonica 7 Juniper Networks 8 S. Bayraktar 9 Cisco Systems 10 July 18, 2018 12 Well-Known Community Policy Behavior 13 draft-ietf-grow-wkc-behavior-00 15 Abstract 17 Well-Known BGP Communities are manipulated inconsistently by current 18 implementations. This results in difficulties for operators. It is 19 recommended that removal policies be applied consistently to Well- 20 Known Communities. 22 Requirements Language 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to 26 be interpreted as described in RFC 2119 [RFC2119] only when they 27 appear in all upper case. They may also appear in lower or mixed 28 case as English words, without normative meaning. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on January 19, 2019. 47 Copyright Notice 49 Copyright (c) 2018 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 66 3. Community Manipulation Policy Differences . . . . . . . . . . 3 67 4. Documentation of Vendor Implementations . . . . . . . . . . . 3 68 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 69 5. Note for Those Writing RFCs for New Community-Like 70 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 4 71 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 72 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 74 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 75 10. Normative References . . . . . . . . . . . . . . . . . . . . 5 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 78 1. Introduction 80 The BGP Communities Attribute was specified in [RFC1997] which 81 introduced the concept of Well-Known Communities. In hindsight, it 82 did not prescribe as fully as it should have how Well-Known 83 Communities may be manipulated by policies applied by operators. 84 Currently, implementations differ in this regard, and these 85 differences can result in inconsistent behaviors that operators find 86 difficult to identify and resolve. 88 This document describes the current behavioral differences in order 89 to assist operators in generating consistent community-manipulation 90 policies in a multi-vendor environment, and to prevent the 91 introduction of additional divergence in implementations. 93 2. Manipulation of Communities by Policy 95 [RFC1997] says: 97 "A BGP speaker receiving a route with the COMMUNITIES path attribute 98 may modify this attribute according to the local policy." 100 A basic operational need is to add or remove one or more communities 101 to the received set. Another common need is to replace all received 102 communities with a new set. To simplify the second case, most BGP 103 policy implementations provide syntax to "set" community that 104 operators use to mean "remove any/all communities present on the 105 update received from the neighbor, and apply this set of communities 106 instead." 108 Some operators prefer to write explicit policy to delete unwanted 109 communities rather than using "set;" i.e. using a "delete community 110 *:*" and then "add community x:y ..." configuration statements in an 111 attempt to replace all received communities. The same community 112 manipulation policy differences described in the following section 113 exist in both "set" and "delete community *:*" syntax. For 114 simplicity, the remainder of this document refers only to the "set" 115 behaviors. 117 3. Community Manipulation Policy Differences 119 Vendor implementations differ in the treatment of certain Well-Known 120 communities when modified using the syntax to "set" the community. 121 Some replace all communities including the Well-Known ones with the 122 new set, while others replace all non-Well-Known Communities but do 123 not modify any Well-Known Communities that are present. 125 These differences result in what would appear to be identical policy 126 configurations having very different results on different platforms. 128 4. Documentation of Vendor Implementations 130 In Juniper Networks' JunOS, "community set" removes all received 131 communities, Well-Known or otherwise. 133 In Cisco Systems' IOS-XR, "set community" removes all received 134 communities except for the following: 136 +-------------+-----------------------------------+ 137 | Numeric | Common Name | 138 +-------------+-----------------------------------+ 139 | 0:0 | internet | 140 | 65535:0 | graceful-shutdown | 141 | 65535:1 | accept-own rfc7611 | 142 | 65535:65281 | NO_EXPORT | 143 | 65535:65282 | NO_ADVERTISE | 144 | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | 145 +-------------+-----------------------------------+ 147 Communities not removed by Cisco IOS/XR 149 Table 1 151 IOS-XR does allow Well-Known communities to be removed one at a time 152 by explicit policy; for example, "delete community accept-own". 153 Operators are advised to consult IOS-XR documentation and/or Cisco 154 Systems support for full details. 156 On Brocade NetIron: "set community X" removes all communities and 157 sets X. 159 In Huawei's VRP product, "community set" removes all received 160 communities, well-Known or otherwise. 162 In OpenBSD's OpenBGPD, "set community" does not remove any 163 communities, well-Known or otherwise. 165 4.1. Note on an Inconsistency 167 The IANA publishes a list of Well-Known Communities [IANA-WKS]. 169 IOS-XR's set of well-known communities that "set community" will not 170 overwrite diverges from IANA's list. Quite a few well-known 171 communities from IANA's list do not receive special treatment in IOS- 172 XR, and at least one specific community on IOS-XR's special treatment 173 list (internet == 0:0) is not really on IANA's list -- it's taken 174 from the "Reserved" range [0x00000000-0x0000FFFF]. 176 This merely notes an inconsistency. It is not a plea to 'protect' 177 the entire IANA list from "set community." 179 5. Note for Those Writing RFCs for New Community-Like Attributes 181 Care should be taken when establishing new [RFC1997]-like attributes 182 (large communities, wide communities, etc) to avoid repeating this 183 mistake. 185 6. Action Items 187 Unfortunately, it would be operationally disruptive for vendors to 188 change their current implementations. 190 Vendors SHOULD share the behavior of their implementations for 191 inclusion in this document, especially if their behavior differs from 192 the examples described. 194 For new well-known communities specified (after this draft), vendors 195 MUST treat "community set" command to mean "remove all other 196 communities, Well-Known or otherwise." 198 7. Security Considerations 200 Surprising defaults and/or undocumented behaviors are not good for 201 security. This document attempts to remedy that. 203 8. IANA Considerations 205 This document has no IANA Considerations other than to be aware that 206 any future Well-Known Communities will be subject to the policy 207 treatment described here. 209 9. Acknowledgements 211 The authors thank Martijn Schmidt for his contribution, Qin Wu for 212 the Huawei data point. 214 10. Normative References 216 [IANA-WKS] 217 "IANA Well-Known Comunities", 218 . 221 [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities 222 Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, 223 . 225 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 226 Requirement Levels", BCP 14, RFC 2119, 227 DOI 10.17487/RFC2119, March 1997, 228 . 230 Authors' Addresses 232 Jay Borkenhagen 233 AT&T 234 200 Laurel Avenue South 235 Middletown, NJ 07748 236 United States of America 238 Email: jayb@att.com 240 Randy Bush 241 Internet Initiative Japan 242 5147 Crystal Springs 243 Bainbridge Island, WA 98110 244 United States of America 246 Email: randy@psg.com 248 Ron Bonica 249 Juniper Networks 250 2251 Corporate Park Drive 251 Herndon, VA 20171 252 US 254 Email: rbonica@juniper.net 256 Serpil Bayraktar 257 Cisco Systems 258 170 W. Tasman Drive 259 San Jose, CA 95134 260 United States of America 262 Email: serpil@cisco.com