[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-zhao-opsec-routing-capabilities-01.txt

To: Ted Seely <tseely@sprint.net>
Subject: Re: Comments on draft-zhao-opsec-routing-capabilities-01.txt
From: Warren Kumari <warren@kumari.net>
Date: Mon, 12 Jun 2006 19:14:53 -0700
Cc: <gmj@pobox.com>, <opsec@ops.ietf.org>
In-reply-to: <Pine.GSO.4.33.0606021055460.20192-100000@iscserv1>
References: <Pine.GSO.4.33.0606021055460.20192-100000@iscserv1>


On Jun 2, 2006, at 12:07 PM, Ted Seely wrote:

Section 2.1
Max Prefix - needs language added to address what to do when maxnumber ofroutes/prefixes is reached. Doc says "may reset the BGP session",which
is true, but perhaps it should be left admin down.  usually when this
happens, it continues to happen becasue there has been a BGP
mis-configuration on the other side, and you will continue to have the
sessions come up and go down unitl this is discovered, whichintroduces
instability into the overall routing table.
most tier 1s communicate what this number needs to be, and add somesane
amount of overhead to it for growth, swings etc, but when 60K goes to
120K over and over, bad things happen.

I fully agree that having the session flap wildly is not a good thing-- I think that one of the standard capabilities (and it's currentlyimplemented by some vendors) should be to perform some sort ofexponential dampening of the session. I think that the action(immediately try bring the session back up, exponentially back offsession reestablishment or admin down the session) should beconfigurable. Also, having the device alert at some fraction ofMAX_PREFIX would lead to more adoption of max prefix limits, but thisis probably off-topic....

What confuses me is the phrase: "or may reject excess routes." -- tomy mind, if a peer has suddenly exceeded the configured number ofprefixes, it is probably broken and you can no longer trust ANY ofthe data you have from it (also, what do you do if a prefix iswithdrawn -- do you now have a free slot and install the next prefix?)


 Warren

[1] What I would actually like, but have never seen, is a back offwhere the (bounded) penalty is a function of how much the thresholdwas exceeded by.


make sense?

would you like me propose some text?

-ted


On Thu, 1 Jun 2006, George Jones wrote:

Comments on  draft-zhao-opsec-routing-capabilities-01.txt attached.
Word format.  Apologies.   It was sent to me in that format.
Changebars inline.    Hope the list does not strip attachments.

---George Jones




Ted Seely
Principal Network Design Engineer
Internet Engineering - SprintLink
(W) 703.689.6425
(M) 703.967.3289
AIM - wanpro00
Yahoo IM - tseely01

"Serious damage and router meltdown could be avoided by strict
configuration validation"

References:
- Re: Comments on draft-zhao-opsec-routing-capabilities-01.txt
  - From: Ted Seely <tseely@sprint.net>

Prev by Date: Re: MUST, SHOULD, ... in Capabilities Documents
Next by Date: comments on current practices doc
Previous by thread: RE: Comments on draft-zhao-opsec-routing-capabilities-01.txt
Next by thread: RE: Comments on draft-zhao-opsec-routing-capabilities-01.txt
Index(es):
- Date
- Thread