idnits 2.17.1 draft-ietf-grow-wkc-behavior-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC1997, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). (Using the creation date from RFC1997, updated by this document, for RFC5378 checks: 1996-04-10) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 30, 2019) is 1786 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: '0x00000000-0x0000FFFF' is mentioned on line 191, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'IANA-WKC' Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Borkenhagen 3 Internet-Draft AT&T 4 Updates: 1997 (if approved) R. Bush 5 Intended status: Standards Track Internet Initiative Japan 6 Expires: December 1, 2019 R. Bonica 7 Juniper Networks 8 S. Bayraktar 9 Cisco Systems 10 May 30, 2019 12 Well-Known Community Policy Behavior 13 draft-ietf-grow-wkc-behavior-05 15 Abstract 17 Well-Known BGP Communities are manipulated differently across various 18 current implementations; resulting in difficulties for operators. 19 Network operators should deploy consistent community handling across 20 their networks while taking the inconsistent behaviors from the 21 various BGP implementations into consideration.. This document 22 recommends specific actions to limit future inconsistency, namely BGP 23 implementors must not create further inconsistencies from this point 24 forward. 26 Requirements Language 28 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 29 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to 30 be interpreted as described in RFC 2119 [RFC2119] only when they 31 appear in all upper case. They may also appear in lower or mixed 32 case as English words, without normative meaning. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on December 1, 2019. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Manipulation of Communities by Policy . . . . . . . . . . . . 3 69 3. Community Manipulation Policy Differences . . . . . . . . . . 3 70 4. Documentation of Vendor Implementations . . . . . . . . . . . 3 71 4.1. Note on an Inconsistency . . . . . . . . . . . . . . . . 4 72 5. Note for Those Writing RFCs for New Community-Like Attributes 5 73 6. Action Items . . . . . . . . . . . . . . . . . . . . . . . . 5 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 75 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 76 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 77 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 80 1. Introduction 82 The BGP Communities Attribute was specified in [RFC1997] which 83 introduced the concept of Well-Known Communities. In hindsight, 84 [RFC1997] did not prescribe as fully as it should have how Well-Known 85 Communities may be manipulated by policies applied by operators. 86 Currently, implementations differ in this regard, and these 87 differences can result in inconsistent behaviors that operators find 88 difficult to identify and resolve. 90 This document describes the current behavioral differences in order 91 to assist operators in generating consistent community-manipulation 92 policies in a multi-vendor environment, and to prevent the 93 introduction of additional divergence in implementations. 95 This document recommends specific actions to limit future 96 inconsistency, namely BGP implementors MUST NOT create further 97 inconsistencies from this point forward. 99 2. Manipulation of Communities by Policy 101 [RFC1997] says: 103 "A BGP speaker receiving a route with the COMMUNITIES path attribute 104 may modify this attribute according to the local policy." 106 One basic operational need is to add or remove one or more 107 communities to the set. The focus of this document is another common 108 operational need, to replace all communities with a new set. To 109 simplify this second case, most BGP policy implementations provide 110 syntax to "set" community that operators use to mean "remove any/all 111 communities present on the route, and apply this set of communities 112 instead." 114 Some operators prefer to write explicit policy to delete unwanted 115 communities rather than using "set;" i.e. using a "delete community 116 *:*" and then "add community x:y ..." configuration statements in an 117 attempt to replace all communities. The same community manipulation 118 policy differences described in the following section exist in both 119 "set" and "delete community *:*" syntax. For simplicity, the 120 remainder of this document refers only to the "set" behaviors, which 121 we refer to collectively as each implementation's '"set" directive.' 123 3. Community Manipulation Policy Differences 125 Vendor implementations differ in the treatment of certain Well-Known 126 communities when modified using the syntax to "set" the community. 127 Some replace all communities including the Well-Known ones with the 128 new set, while others replace all non-Well-Known Communities but do 129 not modify any Well-Known Communities that are present. 131 These differences result in what would appear to be identical policy 132 configurations having very different results on different platforms. 134 4. Documentation of Vendor Implementations 136 In this section we document the syntax and observed behavior of the 137 "set" directive in several popular BGP implementations to illustrate 138 the severity of the problem operators face. 140 In Juniper Networks' Junos OS, "community set" removes all 141 communities, Well-Known or otherwise. 143 In Cisco IOS XR, "set community" removes all communities except for 144 the following: 146 +-------------+-----------------------------------+ 147 | Numeric | Common Name | 148 +-------------+-----------------------------------+ 149 | 0:0 | internet | 150 | 65535:0 | graceful-shutdown | 151 | 65535:1 | accept-own rfc7611 | 152 | 65535:65281 | NO_EXPORT | 153 | 65535:65282 | NO_ADVERTISE | 154 | 65535:65283 | NO_EXPORT_SUBCONFED (or local-AS) | 155 +-------------+-----------------------------------+ 157 Communities not removed by Cisco IOS XR 159 Table 1 161 Cisco IOS XR does allow Well-Known communities to be removed only by 162 explicitly enumerating one at a time, not in the aggregate; for 163 example, "delete community accept-own". Operators are advised to 164 consult Cisco IOS XR documentation and/or Cisco support for full 165 details. 167 On Extreme networks' Brocade NetIron: "set community X" removes all 168 communities and sets X. 170 In Huawei's VRP product, "community set" removes all communities, 171 Well-Known or otherwise. 173 In OpenBGPD, "set community" does not remove any communities, Well- 174 Known or otherwise. 176 Nokia's SR OS has several directives that operate on communities. 177 Its "set" directive is called using the "replace" keyword, replacing 178 all communities, Well-Known or otherwise, with the specified 179 communities. 181 4.1. Note on an Inconsistency 183 The IANA publishes a list of Well-Known Communities [IANA-WKC]. 185 Cisco IOS XR's set of Well-Known communities that "set community" 186 will not overwrite diverges from the IANA's list of Well-Known 187 communities. Quite a few Well-Known communities from IANA's list do 188 not receive special treatment in Cisco IOS XR, and at least one 189 specific community on Cisco IOS XR's special treatment list (internet 190 == 0:0) is not really on IANA's list -- it's taken from the 191 "Reserved" range [0x00000000-0x0000FFFF]. 193 This merely notes an inconsistency. It is not a plea to 'protect' 194 the entire IANA list from "set community." 196 5. Note for Those Writing RFCs for New Community-Like Attributes 198 > When establishing new [RFC1997]-like attributes (large communities, 199 wide communities, etc.), RFC authors should state explicitly how the 200 > new attribute is to be handled. 202 6. Action Items 204 Network operators are encouraged to limit their use of the "set" 205 directive (within reason), to improve consistency across platforms. 207 Unfortunately, it would be operationally disruptive for vendors to 208 change their current implementations. 210 Vendors SHOULD clearly document the behavior of "set" directive in 211 their implementations. 213 Vendors MUST ensure that their implementations' "set" directive 214 treatment of any specific community does not change if/when that 215 community becomes a new Well-Known Community through future 216 standardization. For most implementations, this means that the "set" 217 directive MUST continue to remove the community; for those 218 implementations where the "set" directive removes no communities, 219 that behavior MUST continue. 221 Given the implementation inconsistencies described in this document, 222 network operators are urged never to rely on any implicit 223 understanding of a neighbor ASN's BGP community handling. I.e., 224 before announcing prefixes with NO_EXPORT or any other community to a 225 neighbor ASN, the operator should confirm with that neighbor how the 226 community will be treated. 228 7. Security Considerations 230 Surprising defaults and/or undocumented behaviors are not good for 231 security. This document attempts to remedy that. 233 8. IANA Considerations 235 This document has no IANA Considerations; though the IANA may wish to 236 refer to this document, if/when published, in [IANA-WKC]. 238 9. Acknowledgments 240 The authors thank Martijn Schmidt, Qin Wu for the Huawei data point, 241 Greg Hankins, Job Snijders, David Farmer, John Heasley, and Jakob 242 Heitz. 244 10. Normative References 246 [IANA-WKC] 247 IANA, "Border Gateway Protocol (BGP) Well-Known 248 Communities", . 251 [RFC1997] Chandra, R., Traina, P., and T. Li, "BGP Communities 252 Attribute", RFC 1997, DOI 10.17487/RFC1997, August 1996, 253 . 255 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 256 Requirement Levels", BCP 14, RFC 2119, 257 DOI 10.17487/RFC2119, March 1997, 258 . 260 Authors' Addresses 262 Jay Borkenhagen 263 AT&T 264 200 Laurel Avenue South 265 Middletown, NJ 07748 266 United States of America 268 Email: jayb@att.com 270 Randy Bush 271 Internet Initiative Japan 272 5147 Crystal Springs 273 Bainbridge Island, WA 98110 274 United States of America 276 Email: randy@psg.com 277 Ron Bonica 278 Juniper Networks 279 2251 Corporate Park Drive 280 Herndon, VA 20171 281 US 283 Email: rbonica@juniper.net 285 Serpil Bayraktar 286 Cisco Systems 287 170 W. Tasman Drive 288 San Jose, CA 95134 289 United States of America 291 Email: serpil@cisco.com