Scope of Communities [was: Re: Last call for bgp-redistribution]

Tom Barron tbarron at cisco.com
Thu Jul 25 18:45:54 UTC 2002 

>>>>> On Thu, 25 Jul 2002 14:09:36 -0400, Jeffrey Haas <jhaas at nexthop.com> said:
  Jeffrey> On Thu, Jul 25, 2002 at 12:33:09PM -0500, Tom Barron wrote:
  >> Maybe Andrew will repost with commentary :-)

  Jeffrey> Attached to this message.

Thanks.  Will remark on it later.

  >> One *could* do this, but I see no RFC or BCP that even suggests it.

  Jeffrey> But the base communities spec doesn't preclude it.

Agreed.  I'm thinking that as communities such as NOPEER and
transitive extended communities emerge, some BCP may be in order precisely
because the base spec doesn't settle this kind of issue.

  Jeffrey> Specifically, it only talks about "these routes have common properties"
  Jeffrey> and doesn't really talk about when as <foo> is marked in there
  Jeffrey> whether it needs to be *for* as <foo> or *to* as <foo>.  Common
  Jeffrey> practice is that they are just *to* when observed outside of the AS
  Jeffrey> in question.

Yes, common practice is that the community is *to* the AS *and* that it's
just one AS-hop away.  That's why I considered it, ahem, innovative to
suggest that one would leave communities in place on egress to mark *from*.
But now I think I see that your point is really congruent with my saying
that the base spec underdetermines the BCP.

  >> I don't see
  >> clear consensus or documentation at least of propagation behavior for
  >> communities with global significance.

  Jeffrey> And aside from rules-of-thumb like Andrew Partan's (which seem to
  Jeffrey> be what people generally try to do), such behavior isn't documented
  Jeffrey> even for the ones of local significance.

Right.

  >> If I read you correctly, you are suggesting that even those communities
  >> that I think have only local significance may really have meaning to the
  >> general Internet and might ought to be preserved - more like ASPATH after
  >> all.

  Jeffrey> If we are going to preclude an AS from marking a route with a
  Jeffrey> community with its own AS, we should:
  Jeffrey> o Make sure no one ever does this.
  Jeffrey> o Document it as a BCP (preferably with the rules of thumb)

  Jeffrey> and for vendors:
  Jeffrey> o Implement the BCP as a simple knob.

Yes, precisely.

  >> Umm, I agree except that I shouldn't be readvertising NO_EXPORT,
  >> NO_ADVERTISE, or NO_EXPORT_SUBCONFED across an AS boundary anyway!

I meant to say, one shouldn't be readvertising the *routes* that one
receives with NO_EXPORT, NO_ADVERTISE, or NO_EXPORT_SUBCONFED across
an AS boundary, so that they don't pose the problem that interests me.

  Jeffrey> Unfortunately, it is common practice for some ISPs to discard all
  Jeffrey> communities, even the well-known ones, upon ingress.  This results
  Jeffrey> in unintended route leaks.

And of course I agree that one should not strip the WKCs on ingress.

  >> I'm interested in cases where the route is readvertised.  Are there other
  >> communities than NOPEER that have global significance except those that
  >> quash the readvertisement anyway?

  Jeffrey> IMO:
  Jeffrey> o Communities with global significance probably should be
  Jeffrey>   well-known only.

I'm inclined to this view myself.  I believe - someone correct me out there
if I am wrong! - that this means that NOPEER is the only community of
global significance that should get propagated to the general Internet.  I
may set NO_EXPORT when I advertise a route across an AS boundary, but the
AS receiving it should not readvertise the route anyway, so its scope is
limited even though its significance is global.

(I distinguish between global significance and global scope because as 
my colleague Hal Peterson has taught me, only so many communities will fit
in a single update message.)

  Jeffrey> o Communities with local significance should follow Andrew's BCP

Please see below.

  Jeffrey> o Communities that have significance only to your immediately adjacent
  Jeffrey>   peers should use non-transitive extended communities.

Today extended communities are rarely used except for stuff like PPVPN (of
course the draft is only now at last call).  You may be suggesting that BCP
would be to migrate to extended communities where transitivity and
nontransitivity are explicit, and where (as in redistribution communities)
well-known values would be used to encode signalling that is today done on
a more ad-hoc basis.  If that is what your are suggesting, I tend to agree.

<snip>

  Andrew> Ideal provider config is
  Andrew> 	- strip all communities you use for internal markers on input
  Andrew> 	- act on all communities you tell you customers they may use
  Andrew> 	- strip all your communities on output
  Andrew> 	- let all other communities thru untouched

What about this variant (Andrew?)

       - strip all communities on input except
          * communities you tell your customers they may use
          * well-known communities 

       - act on well-known communities and communities you tell your
         customers they may use

       - strip all communities on output except
          * well-known communities
          * communities you have deliberately added to signal
            to the next AS

Thanks,

- Tom

More information about the Ptomaine mailing list