[PATCH] bgp: Implement RFC 9234

Ondrej Zajicek santiago at crfreenet.org
Tue Jul 12 15:19:33 CEST 2022 

On Tue, Jul 12, 2022 at 01:54:15PM +0300, Eugene Bogomazov wrote:
> Hello,
> 
> I've reviewed all the changes and am happy with them. Had some misgivings
> about renaming 'strict mode ' to 'required roles' , but since this option
> can be easily found by searching for a phrase in the documentation, it
> looks fine too.
> 
> Therefore, I have no additional concerns and agree with the merging of the
> current version of the patch.

Merged to master.

The name 'strict mode' makes sense in the context of RFC 9234, but it is
fairly nondescriptive in the general context of whole BGP protocol, that
is why i changed that. I thought about several alternatives like 'strict
role mode' or 'neighbor role strict', but after some discussion with
others i settled on 'require roles'.


> Two words about the mentioned problems.
> 1) In the RFC, we wanted to address a situation where roles could be used
> in a complex confederation setup without leaking information outside the
> confederation. However, since this action is NOT RECOMMENDED, the ISP
> should apply route filtering or attribute removal at the edge of an AS
> Confederation with a member ASN as an OTC value at its own risk. So,
> warning seems to be the most appropriate solution for this case.

Added warning.

In general, i think that the proper way to support OTC values inside
confederations would require to have 8-byte OTC attribute in
confederations with one slot for stored external ASN (e.g. ASN as
received on confederation boundary) and one slot for active internal ASN.


> 2) Including the bgp_otc attribute in the route map can be a great option
> for complex bgp relationships between two ISPs. And they can be used in
> some weird scenarios (like the confederation scenario mentioned above, for
> example). They were not included in the core patch only because they are
> not part of the core functionality of the roles that we want to provide as
> soon as possible.

Added filter support for bgp_otc.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

More information about the Bird-users mailing list