RE: Best practices for BGP Communities

2019-03-07 Thread adamv0025 
> From: NANOG  On Behalf Of Arnold Nipper
> Sent: Wednesday, March 6, 2019 6:57 PM
> 
> On 04.03.2019 19:15, John Kristoff wrote:
> > On Mon, 4 Mar 2019 01:42:02 +
> > Joshua Miller  wrote:
> >
> >> A while back I read somewhere that transit providers shouldn't delete
> >> communities unless the communities have a specific impact to their
> >> network, but my google-fu is failing me and I can't find any sources.
> >
> > Perhaps you're referring to this recent work?
> >
> >   
> >
> 
> See also
> 
>  https://2019.apricot.net/assets/files/APKS756/weaponizing-bgp-using-
> communities.pdf
> 
> 
And the list goes on...
Route-target extended community anyone? Yup I'm talking about routes being 
injected to your L3VPN customers'/services' routing-instances(VRFs).

adam

Re: Best practices for BGP Communities

2019-03-06 Thread Christopher Morrow 
On Wed, Mar 6, 2019 at 7:53 PM Randy Bush  wrote:

> > How does one distinguish "informational" and "action" of unknown
> > communities?
>
>
"if the community is unknown why would you take any action except to strip
it?"


> the action ones are divisible by 3
>
> 
>
> you are in a twisty maze where there are no formnally defined semantics,
> only a #:# syntax.  if there were general formal semantics, it could
> have been put directly in bgp attributes.
>
>
isn't it really that the communities (well known aside) mean what you want
them to mean? you get to be creative and have fun!! imagine the fun you'll
leave behind with your follow on networking folks at your job!! great
times!

Re: Best practices for BGP Communities

2019-03-06 Thread Randy Bush 
> How does one distinguish "informational" and "action" of unknown
> communities?

the action ones are divisible by 3



you are in a twisty maze where there are no formnally defined semantics,
only a #:# syntax.  if there were general formal semantics, it could
have been put directly in bgp attributes.

steaming pile

Re: Best practices for BGP Communities

2019-03-06 Thread Arnold Nipper 
On 04.03.2019 19:15, John Kristoff wrote:
> On Mon, 4 Mar 2019 01:42:02 +
> Joshua Miller  wrote:
> 
>> A while back I read somewhere that transit providers shouldn't delete
>> communities unless the communities have a specific impact to their
>> network, but my google-fu is failing me and I can't find any sources.
> 
> Perhaps you're referring to this recent work?
> 
>   
> 

See also

 
https://2019.apricot.net/assets/files/APKS756/weaponizing-bgp-using-communities.pdf


Arnold
-- 
Arnold Nipper
email: arn...@nipper.de
mobile: +49 172 2650958



signature.asc
Description: OpenPGP digital signature

Re: Best practices for BGP Communities

2019-03-06 Thread Joshua Miller 
Thanks for all the feedback.

Follow up questions:

How does one distinguish "informational" and "action" of unknown
communities?

Also, why would a transit provider go out of their way to remove unknown
communities that don't have any meaning within their network? What benefit
would it serve the transit provider?

Best,
Josh

On Tue, Mar 5, 2019 at 8:18 PM Job Snijders  wrote:

> On Wed, Mar 6, 2019 at 8:32 Smith, Courtney 
> wrote:
>
>> On 3/5/19, 6:04 PM, "NANOG on behalf of Job Snijders"
>> > j...@instituut.net> wrote:
>>
>> On Sun, Mar 03, 2019 at 08:42:02PM -0500, Joshua Miller wrote:
>> > A while back I read somewhere that transit providers shouldn't
>> delete
>> > communities unless the communities have a specific impact to their
>> > network, but my google-fu is failing me and I can't find any
>> sources.
>> >
>> > Is this still the case? Does anyone have a source for the practice
>> of
>> > leaving unknown communities alone or deleting them?
>>
>> https://tools.ietf.org/html/rfc7454#section-11
>>
>>
>> Remember policies between two peers may not be same as customer policies.
>>
>> Example:  Customers_of_transit_X >>> Transit X >>> Peer_A >>
>> Customers_of_Peer_A
>>
>> Customers_of_Peer_A may use community A:50 to set local pref to 50 in
>> Peer_A network.  But that doesn’t not mean Customers_of_transit_X can send
>> A:50 to set lpref on their routes in Peer_A's network.  Peer_A's policy
>> with Transit X likely does not take action on customer communities since
>> they are 'peers' not customers.  Transit X can send A:50 to Peer_A but
>> nothing would happen.  What's the benefit of Transit X preserving A:50 from
>> its customers if it means nothing in Transit X?
>
>
>
> OP didn’t specify what kind of BGP communities they were referring to. In
> general we can separate communities into two categories: “Informational”
> and “Action”. You are right that preserving/propagating “action”
> communities (such as in your example) probably isn’t that interesting.
> “informational” communities on the other hand can be very valuable.
>
> See https://tools.ietf.org/html/rfc8195 for more information on how the
> two types differ.
>
> Kind regards,
>
> Job
>
>

Re: Best practices for BGP Communities

2019-03-05 Thread Job Snijders 
On Wed, Mar 6, 2019 at 8:32 Smith, Courtney 
wrote:

> On 3/5/19, 6:04 PM, "NANOG on behalf of Job Snijders"
>  j...@instituut.net> wrote:
>
> On Sun, Mar 03, 2019 at 08:42:02PM -0500, Joshua Miller wrote:
> > A while back I read somewhere that transit providers shouldn't delete
> > communities unless the communities have a specific impact to their
> > network, but my google-fu is failing me and I can't find any sources.
> >
> > Is this still the case? Does anyone have a source for the practice of
> > leaving unknown communities alone or deleting them?
>
> https://tools.ietf.org/html/rfc7454#section-11
>
>
> Remember policies between two peers may not be same as customer policies.
>
> Example:  Customers_of_transit_X >>> Transit X >>> Peer_A >>
> Customers_of_Peer_A
>
> Customers_of_Peer_A may use community A:50 to set local pref to 50 in
> Peer_A network.  But that doesn’t not mean Customers_of_transit_X can send
> A:50 to set lpref on their routes in Peer_A's network.  Peer_A's policy
> with Transit X likely does not take action on customer communities since
> they are 'peers' not customers.  Transit X can send A:50 to Peer_A but
> nothing would happen.  What's the benefit of Transit X preserving A:50 from
> its customers if it means nothing in Transit X?



OP didn’t specify what kind of BGP communities they were referring to. In
general we can separate communities into two categories: “Informational”
and “Action”. You are right that preserving/propagating “action”
communities (such as in your example) probably isn’t that interesting.
“informational” communities on the other hand can be very valuable.

See https://tools.ietf.org/html/rfc8195 for more information on how the two
types differ.

Kind regards,

Job

Re: Best practices for BGP Communities

2019-03-05 Thread Smith, Courtney 
On 3/5/19, 6:04 PM, "NANOG on behalf of Job Snijders" 
 wrote:

On Sun, Mar 03, 2019 at 08:42:02PM -0500, Joshua Miller wrote:
> A while back I read somewhere that transit providers shouldn't delete
> communities unless the communities have a specific impact to their
> network, but my google-fu is failing me and I can't find any sources.
> 
> Is this still the case? Does anyone have a source for the practice of
> leaving unknown communities alone or deleting them?

https://tools.ietf.org/html/rfc7454#section-11

Kind regards,

Job

Remember policies between two peers may not be same as customer policies.

Example:  Customers_of_transit_X >>> Transit X >>> Peer_A >> Customers_of_Peer_A

Customers_of_Peer_A may use community A:50 to set local pref to 50 in Peer_A 
network.  But that doesn’t not mean Customers_of_transit_X can send A:50 to set 
lpref on their routes in Peer_A's network.  Peer_A's policy with Transit X 
likely does not take action on customer communities since they are 'peers' not 
customers.  Transit X can send A:50 to Peer_A but nothing would happen.  What's 
the benefit of Transit X preserving A:50 from its customers if it means nothing 
in Transit X?

Re: Best practices for BGP Communities

2019-03-05 Thread Job Snijders 
On Sun, Mar 03, 2019 at 08:42:02PM -0500, Joshua Miller wrote:
> A while back I read somewhere that transit providers shouldn't delete
> communities unless the communities have a specific impact to their
> network, but my google-fu is failing me and I can't find any sources.
> 
> Is this still the case? Does anyone have a source for the practice of
> leaving unknown communities alone or deleting them?

https://tools.ietf.org/html/rfc7454#section-11

Kind regards,

Job

Re: Best practices for BGP Communities

2019-03-04 Thread John Kristoff 
On Mon, 4 Mar 2019 01:42:02 +
Joshua Miller  wrote:

> A while back I read somewhere that transit providers shouldn't delete
> communities unless the communities have a specific impact to their
> network, but my google-fu is failing me and I can't find any sources.

Perhaps you're referring to this recent work?

  

John

Best practices for BGP Communities

2019-03-04 Thread Joshua Miller 
Hello everybody,

A while back I read somewhere that transit providers shouldn't delete
communities unless the communities have a specific impact to their network,
but my google-fu is failing me and I can't find any sources.

Is this still the case? Does anyone have a source for the practice of
leaving unknown communities alone or deleting them?

Best,
Josh