idnits 2.17.1 draft-ietf-grow-wkc-behavior-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (March 10, 2019) is 1874 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: '0x00000000-0x0000FFFF' is mentioned on line 185, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'IANA-WKS' Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Borkenhagen 3 Internet-Draft AT&T 4 Intended status: Standards Track R. Bush 5 Expires: September 11, 2019 Internet Initiative Japan 6 R. Bonica 7 Juniper Networks 8 S. Bayraktar 9 Cisco Systems 10 March 10, 2019 12 Well-Known Community Policy Behavior 13 draft-ietf-grow-wkc-behavior-03 15 Abstract 17 Well-Known BGP Communities are manipulated inconsistently by current 18 implementations. This results in difficulties for operators. 19 Network operators are encouraged to deploy consistent community 20 handling across their networks, taking the inconsistent behaviors 21 from the various BGP implementations they operate into consideration. 22 Also, BGP implementors are expected to not create any further 23 inconsistencies from this point forward. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to 29 be interpreted as described in RFC 2119 [RFC2119] only when they 30 appear in all upper case. They may also appear in lower or mixed 31 case as English words, without normative meaning. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on September 11, 2019. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 69 3. Community Manipulation Policy Differences . . . . . . . . . . 3 70 4. Documentation of Vendor Implementations . . . . . . . . . . . 3 71 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 72 5. Note for Those Writing RFCs for New Community-Like Attributes 5 73 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 75 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 76 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 77 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 80 1. Introduction 82 The BGP Communities Attribute was specified in [RFC1997] which 83 introduced the concept of Well-Known Communities. In hindsight, 84 [RFC1997] did not prescribe as fully as it should have how Well-Known 85 Communities may be manipulated by policies applied by operators. 86 Currently, implementations differ in this regard, and these 87 differences can result in inconsistent behaviors that operators find 88 difficult to identify and resolve. 90 This document describes the current behavioral differences in order 91 to assist operators in generating consistent community-manipulation 92 policies in a multi-vendor environment, and to prevent the 93 introduction of additional divergence in implementations. 95 2. Manipulation of Communities by Policy 97 [RFC1997] says: 99 "A BGP speaker receiving a route with the COMMUNITIES path attribute 100 may modify this attribute according to the local policy." 102 One basic operational need is to add or remove one or more 103 communities to the received set. The focus of this document is 104 another common operational need, to replace all communities with a 105 new set. To simplify this second case, most BGP policy 106 implementations provide syntax to "set" community that operators use 107 to mean "remove any/all communities present on the route, and apply 108 this set of communities instead." 110 Some operators prefer to write explicit policy to delete unwanted 111 communities rather than using "set;" i.e. using a "delete community 112 *:*" and then "add community x:y ..." configuration statements in an 113 attempt to replace all received communities. The same community 114 manipulation policy differences described in the following section 115 exist in both "set" and "delete community *:*" syntax. For 116 simplicity, the remainder of this document refers only to the "set" 117 behaviors, which we refer to collectively as each implementation's 118 '"set" directive.' 120 3. Community Manipulation Policy Differences 122 Vendor implementations differ in the treatment of certain Well-Known 123 communities when modified using the syntax to "set" the community. 124 Some replace all communities including the Well-Known ones with the 125 new set, while others replace all non-Well-Known Communities but do 126 not modify any Well-Known Communities that are present. 128 These differences result in what would appear to be identical policy 129 configurations having very different results on different platforms. 131 4. Documentation of Vendor Implementations 133 In this section we document the syntax and observed behavior of the 134 "set" directive in several popular BGP implementations. 136 In Juniper Networks' Junos OS, "community set" removes all received 137 communities, Well-Known or otherwise. 139 In Cisco Systems' IOS XR, "set community" removes all received 140 communities except for the following: 142 +-------------+-----------------------------------+ 143 | Numeric | Common Name | 144 +-------------+-----------------------------------+ 145 | 0:0 | internet | 146 | 65535:0 | graceful-shutdown | 147 | 65535:1 | accept-own rfc7611 | 148 | 65535:65281 | NO_EXPORT | 149 | 65535:65282 | NO_ADVERTISE | 150 | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | 151 +-------------+-----------------------------------+ 153 Communities not removed by Cisco IOS XR 155 Table 1 157 IOS XR does allow Well-Known communities to be removed one at a time 158 by explicit policy; for example, "delete community accept-own". 159 Operators are advised to consult IOS XR documentation and/or Cisco 160 Systems support for full details. 162 On Extreme networks' Brocade NetIron: "set community X" removes all 163 communities and sets X. 165 In Huawei's VRP product, "community set" removes all received 166 communities, well-Known or otherwise. 168 In OpenBSD's OpenBGPD, "set community" does not remove any 169 communities, Well-Known or otherwise. 171 Nokia's SR OS has several directives that operate on communities. 172 Its "set" directive is called using the "replace" keyword, replacing 173 all communities, Well-Known or otherwise, with the specified 174 communities. 176 4.1. Note on an Inconsistency 178 The IANA publishes a list of Well-Known Communities [IANA-WKS]. 180 IOS XR's set of well-known communities that "set community" will not 181 overwrite diverges from IANA's list. Quite a few well-known 182 communities from IANA's list do not receive special treatment in IOS 183 XR, and at least one specific community on IOS XR's special treatment 184 list (internet == 0:0) is not really on IANA's list -- it's taken 185 from the "Reserved" range [0x00000000-0x0000FFFF]. 187 This merely notes an inconsistency. It is not a plea to 'protect' 188 the entire IANA list from "set community." 190 5. Note for Those Writing RFCs for New Community-Like Attributes 192 Care should be taken when establishing new [RFC1997]-like attributes 193 (large communities, wide communities, etc) to avoid repeating this 194 mistake. 196 6. Action Items 198 Unfortunately, it would be operationally disruptive for vendors to 199 change their current implementations. 201 Vendors SHOULD clearly document the behavior of "set" directive in 202 their implementations. 204 Vendors MUST ensure that their implementations' "set" directive 205 treatment of any specific community does not change if/when that 206 community becomes a new Well-Known Community through future 207 standardization. For most implementations, this means that the "set" 208 directive MUST continue to remove the community; for those 209 implementations where the "set" directive removes no communities, 210 that behavior MUST continue. 212 Given the implementation inconsistencies described in this document, 213 network operators are urged never to rely on any implicit 214 understanding of a neighbor ASN's BGP community handling. I.e., 215 before announcing prefixes with NO_EXPORT or any other community to a 216 neighbor ASN, the operator should confirm with that neighbor how the 217 community will be treated. 219 Network operators are encouraged to limit their use of the "set" 220 directive (within reason), to improve the readability of their 221 configurations and hopefully to achieve behavioral consistency across 222 platforms. 224 7. Security Considerations 226 Surprising defaults and/or undocumented behaviors are not good for 227 security. This document attempts to remedy that. 229 8. IANA Considerations 231 This document has no IANA Considerations other than to be aware that 232 any future Well-Known Communities will be subject to the policy 233 treatment described here. 235 9. Acknowledgments 237 The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, 238 Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob 239 Heitz. 241 10. Normative References 243 [IANA-WKS] 244 "IANA Well-Known Communities", 245 . 248 [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities 249 Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, 250 . 252 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 253 Requirement Levels", BCP 14, RFC 2119, 254 DOI 10.17487/RFC2119, March 1997, 255 . 257 Authors' Addresses 259 Jay Borkenhagen 260 AT&T 261 200 Laurel Avenue South 262 Middletown, NJ 07748 263 United States of America 265 Email: jayb@att.com 267 Randy Bush 268 Internet Initiative Japan 269 5147 Crystal Springs 270 Bainbridge Island, WA 98110 271 United States of America 273 Email: randy@psg.com 274 Ron Bonica 275 Juniper Networks 276 2251 Corporate Park Drive 277 Herndon, VA 20171 278 US 280 Email: rbonica@juniper.net 282 Serpil Bayraktar 283 Cisco Systems 284 170 W. Tasman Drive 285 San Jose, CA 95134 286 United States of America 288 Email: serpil@cisco.com