Skip to main content

Subcodes for BGP Finite State Machine Error
draft-ietf-idr-fsm-subcode-03

Revision differences

Document history

Date Rev. By Action
2012-08-22
03 (System) post-migration administrative database adjustment to the No Objection position for Peter Saint-Andre
2012-08-22
03 (System) post-migration administrative database adjustment to the No Objection position for Adrian Farrel
2012-08-22
03 (System) post-migration administrative database adjustment to the No Objection position for Ronald Bonica
2012-04-13
03 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2012-04-13
03 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2012-04-13
03 (System) IANA Action state changed to In Progress from Waiting on Authors
2012-04-02
03 (System) IANA Action state changed to Waiting on Authors from In Progress
2012-02-27
03 Cindy Morgan State changed to RFC Ed Queue from Approved-announcement sent
2012-02-24
03 (System) IANA Action state changed to In Progress
2012-02-24
03 Amy Vezza IESG state changed to Approved-announcement sent
2012-02-24
03 Amy Vezza IESG has approved the document
2012-02-24
03 Amy Vezza Closed "Approve" ballot
2012-02-24
03 Amy Vezza Approval announcement text regenerated
2012-02-24
03 Amy Vezza State changed to Approved-announcement to be sent from IESG Evaluation::AD Followup.
2012-02-24
03 Amy Vezza Ballot writeup text changed
2012-02-15
03 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss
2012-02-14
03 Adrian Farrel
[Ballot discuss]
I see that a small Seurity Section has been added to the new revision. This seems to address the specific example Ran gave, …
[Ballot discuss]
I see that a small Seurity Section has been added to the new revision. This seems to address the specific example Ran gave, and also provides a reference for general BGP security considerations.

Ultimately, the Discuss is my point and not Ran's, but I remain surprised that this IETF last call comment was not addressed on the IETF mailing list and closed down with Ran. I will hold my Discuss a short while longer in the hope that this happens.


There was a last call comment from Ran Atkinson that said:

  I have read this short document and am familiar with its
  contents.  I am not a BGP implementer, instead I am a BGP
  user (as are several of my clients).

  Summary:  Security Considerations are missing

  The absence of any substantive "Security Considerations"
  is problematic and needs to be corrected prior to approval. 

  As an example, creating these sub-codes will greatly facilitate
  active probing of remote routers for "OS fingerprinting" or
  "BGP fingerprinting", which might be used in future to determine
  the manufacturer, software-version, and possibly hardware model
  of the remote router. 

  In turn, such fingerprinting can facilitate targeting attacks
  against security issues present in certain software versions
  or software+hardware combinations.

  I do not object to the principle of adding these sub-codes,
  but the practical operational security risks ought to be
  fully and clearly documented before this draft proceeds. 

Without agreeing or disagreeing with what Ran has said, I expect IETF
last call comments to be resolved through discussion on the IETF list
before te I-D is approved.
2012-02-14
03 Ron Bonica [Ballot Position Update] Position for Ron Bonica has been changed to No Objection from Discuss
2012-02-13
03 Peter Saint-Andre [Ballot Position Update] Position for Peter Saint-Andre has been changed to No Objection from Discuss
2012-02-13
03 (System) New version available: draft-ietf-idr-fsm-subcode-03.txt
2012-01-19
03 Cindy Morgan Removed from agenda for telechat
2012-01-19
03 Cindy Morgan State changed to IESG Evaluation::AD Followup from IESG Evaluation.
2012-01-19
03 Dan Romascanu [Ballot comment]
I support Adrian's DISCUSS.
2012-01-19
03 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded
2012-01-19
03 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded
2012-01-18
03 Stephen Farrell [Ballot comment]
I also support Adrian's first discuss point.
2012-01-18
03 Stephen Farrell [Ballot Position Update] New position, No Objection, has been recorded
2012-01-17
03 Peter Saint-Andre
[Ballot discuss]
The IANA Considerations section states:

  IANA is requested to create the registry "BGP Finite State Machine
  Error Subcodes", within the "BGP …
[Ballot discuss]
The IANA Considerations section states:

  IANA is requested to create the registry "BGP Finite State Machine
  Error Subcodes", within the "BGP Error Subcodes" registry, with
  Registration Procedures "Standards Action process or the Early IANA
  Allocation process".

As far as I understand it, "Standards Action" is a registration process (per RFC 5226) but there is no such registration process as "Early IANA Allocation". It is true that RFC 4020 defines procedures for early allocation of code points, but that does not mean that early allocation is a registration process. Given that early allocation is always possible when the registration process is "Standards Action", it is proper to remove the text " or the Early IANA Allocation process" from the quoted paragraph. Alternatively, you could say something like this:

  IANA is requested to create the registry "BGP Finite State Machine
  Error Subcodes", within the "BGP Error Subcodes" registry, with a
  Registration Procedure of "Standards Action" as defined in [RFC5226]
  (naturally, early allocation of such subcodes is allowed, in accordance
  with [RFC4020]).
2012-01-17
03 Peter Saint-Andre [Ballot Position Update] New position, Discuss, has been recorded
2012-01-17
03 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded
2012-01-17
03 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded
2012-01-17
03 Sean Turner [Ballot comment]
I support Adrian's discuss.
2012-01-17
03 Sean Turner [Ballot Position Update] New position, No Objection, has been recorded
2012-01-16
03 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded
2012-01-16
03 Ron Bonica [Ballot discuss]
I intend to change this DISCUSS to a YES. However, I think that this draft should UPDATE RFC 4271.
2012-01-16
03 Ron Bonica [Ballot Position Update] New position, Discuss, has been recorded
2012-01-15
03 Adrian Farrel
[Ballot discuss]
There was a last call comment from Ran Atkinson that said:

  I have read this short document and am familiar with its …
[Ballot discuss]
There was a last call comment from Ran Atkinson that said:

  I have read this short document and am familiar with its
  contents.  I am not a BGP implementer, instead I am a BGP
  user (as are several of my clients).

  Summary:  Security Considerations are missing

  The absence of any substantive "Security Considerations"
  is problematic and needs to be corrected prior to approval. 

  As an example, creating these sub-codes will greatly facilitate
  active probing of remote routers for "OS fingerprinting" or
  "BGP fingerprinting", which might be used in future to determine
  the manufacturer, software-version, and possibly hardware model
  of the remote router. 

  In turn, such fingerprinting can facilitate targeting attacks
  against security issues present in certain software versions
  or software+hardware combinations.

  I do not object to the principle of adding these sub-codes,
  but the practical operational security risks ought to be
  fully and clearly documented before this draft proceeds. 

Without agreeing or disagreeing with what Ran has said, I expect IETF
last call comments to be resolved through discussion on the IETF list
before te I-D is approved.

---

I am unclear whether this document is intended to update RFC 4271. Is
the plan that all future BGP implementations need to include this work,
or is the inclusion optional? As currently presented, it is optional.
2012-01-15
03 Adrian Farrel [Ballot Position Update] New position, Discuss, has been recorded
2012-01-14
03 Wesley Eddy [Ballot Position Update] New position, No Objection, has been recorded
2012-01-10
03 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded
2012-01-10
03 Stewart Bryant State changed to IESG Evaluation from AD Evaluation.
2011-12-22
03 Stewart Bryant State changed to AD Evaluation from Waiting for AD Go-Ahead.
2011-12-22
03 Stewart Bryant Placed on agenda for telechat - 2012-01-19
2011-12-22
03 Stewart Bryant [Ballot Position Update] New position, Yes, has been recorded for Stewart Bryant
2011-12-22
03 Stewart Bryant Ballot has been issued
2011-12-22
03 Stewart Bryant Created "Approve" ballot
2011-12-12
03 Sam Weiler Request for Last Call review by SECDIR Completed. Reviewer: Warren Kumari.
2011-12-12
03 (System) State changed to Waiting for AD Go-Ahead from In Last Call.
2011-12-08
03 Amanda Baber [Note]: 'Susan Hares is the document shepherd  (Susan.Hares@huawei.com or shares@ndzh.com).' added by Amanda Baber
2011-12-08
03 Amanda Baber
Upon approval of this document, IANA will create the following
sub-registry under "BGP Error Subcodes" at
http://www.iana.org/assignments/bgp-parameters

Registry Name: BGP Finite State Machine Error Subcodes …
Upon approval of this document, IANA will create the following
sub-registry under "BGP Error Subcodes" at
http://www.iana.org/assignments/bgp-parameters

Registry Name: BGP Finite State Machine Error Subcodes
Registration Procedures: Standards Action or Early Allocation

Value Name
0 Unspecified Error
1 Receive Unexpected Message in OpenSent State
2 Receive Unexpected Message in OpenConfirm State
3 Receive Unexpected Message in Established State
2011-12-04
03 Sam Weiler Request for Last Call review by SECDIR is assigned to Warren Kumari
2011-12-04
03 Sam Weiler Request for Last Call review by SECDIR is assigned to Warren Kumari
2011-11-30
03 Mary Barnes Request for Last Call review by GENART Completed. Reviewer: Mary Barnes.
2011-11-29
03 Jean Mahoney Request for Last Call review by GENART is assigned to Mary Barnes
2011-11-29
03 Jean Mahoney Request for Last Call review by GENART is assigned to Mary Barnes
2011-11-24
03 Amy Vezza Last call sent
2011-11-24
03 Amy Vezza
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: …
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Subcodes for BGP Finite State Machine Error) to Proposed Standard


The IESG has received a request from the Inter-Domain Routing WG (idr) to
consider the following document:
- 'Subcodes for BGP Finite State Machine Error'
  as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-12-12. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document defines several subcodes for BGP Finite State Machine
  (FSM) Error that could provide more information to help network
  operators in diagnosing BGP FSM issues and correlating network
  events.





The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-idr-fsm-subcode/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-idr-fsm-subcode/


No IPR declarations have been submitted directly on this I-D.


2011-11-24
03 Stewart Bryant Last Call was requested
2011-11-24
03 Stewart Bryant State changed to Last Call Requested from Publication Requested.
2011-11-24
03 Stewart Bryant Last Call text changed
2011-11-24
03 (System) Ballot writeup text was added
2011-11-24
03 (System) Last call text was added
2011-11-24
03 (System) Ballot approval text was added
2011-11-13
03 Cindy Morgan
Proto write-up for draft-ietf-idr-fsm-subcode-02

(1.a) Who is the Document Shepherd for this document? Has the
      Document Shepherd personally reviewed this version of …
Proto write-up for draft-ietf-idr-fsm-subcode-02

(1.a) Who is the Document Shepherd for this document? Has the
      Document Shepherd personally reviewed this version of the
      document and, in particular, does he or she believe this
      version is ready for forwarding to the IESG for publication?

The document shepherd for draft-ietf-idr-fsm-subcode-02 is Susan Hares.  Susan.Hares@huawei.com (or shares@ndzh.com). 
I believe this document is ready for forwarding to the IESG for publication.

      The document had adequate review both from key WG members
      and from key non-WG members? Does the Document Shepherd have
      any concerns about the depth or breadth of the reviews that
      have been performed?

The document has been presented in two+ meetings of the IETF (IETF77/IETF78]. The document shepherd personally requested key implementers/architects at Cisco and Juniper to review the code for implementation. These architect/key implementers discussed the document with the authors.  In addition, the IDR chairs request that any IDR feature have two implementations that interoperate prior to forwarding. 

(1.c) Does the Document Shepherd have concerns that the document
      needs more review from a particular or broader perspective,
      e.g., security, operational complexity, someone familiar with
      AAA, internationalization or XML

No. The chairs believe this document has seen sufficient review in IDR for its scope. The document focuses on correcting error codes sent during BGP errors. The error codes are then exposed to the BGP operator via the CLI, message logs or other mechanisms.

This document has been implemented by the following two different BGP implementations: Huawei NE40E, NE80E, NE500E running VRP 5-R9, and the Quagga code (running on OPENBSD). The Quagga version of this code runs in the bgpd.8 code module and impacts the session.cand session.h routes. The person implementing it in Quagga was Claudio Jeker.  The log report from the interoperable run is attached in an appendix.

Both implementations correctly coded the “MUST” statements within the code base.

  (1.d) Do have any specific concerns or
      issues with this document that the Responsible Area Director
      and/or the IESG should be aware of? For example, perhaps he
      or she is uncomfortable with certain parts of the document, or
      has concerns whether there really is a need for it. In any
      event, if the WG has discussed those issues and has indicated
      that it still wishes to advance the document, detail those
      concerns here. Has an IPR disclosure related to this document
      been filed? If so, please include a reference to the
      disclosure and summarize the WG discussion and conclusion on
      the IPR issue.

No concerns. [checking disclosure]

(1.e) How solid is the WG consensus behind this document? Does it
      represent the strong concurrence of a few individuals, with
      others being silent, or does the WG as a whole understand and
      agree with it?

It represents the concurrence of the working group.  The mail list had strong concurrence.  This draft is part of the general agreement of this being a “whole” in the previous error handling.  Please note that this draft is part of the IDR WG response to Grow requested revisions to the error handling in BGP. As such, this shepherd presented the general topic at IETF 82. 

(1.f) Has anyone threatened an appeal or otherwise indicated extreme  discontent? If so, please summarize the areas of conflict in
      separate email messages to the Responsible Area Director. (It
      should be in a separate email because this questionnaire is
      entered into the ID Tracker.)

No. This draft provides additional error reporting as the Grow working group requested.

(1.g) Has the Document Shepherd personally verified that the
      document satisfies all ID nits? (See the Internet-Drafts Checklist
      and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
      not enough; this check needs to be thorough. Has the document
      met all formal review criteria it needs to, such as the MIB
      Doctor, media type and URI type review

Data tracker finds no issues. Idnits is satisfied. [check this]

(1.h) Has the document split its references into normative and
      informative? Are there normative references to documents that
      are not ready for advancement or are otherwise in an unclear
      state? If such normative references exist, what is the
      strategy for their completion? Are there normative references
      that are downward references, as described in [RFC3967]? If
      so, list these downward references to support the Area
      Director in the Last Call procedure for them [RFC3967].

Split as required. No down-references. [check this]

(1.i) Has the Document Shepherd verified that the document IANA
        consideration section exists and is consistent with the body
        of the document? If the document specifies protocol
        extensions, are reservations requested in appropriate IANA
        registries?

Are the IANA registries clearly identified? If
        the document creates a new registry, does it define the
        proposed initial contents of the registry and an allocation
        procedure for future registrations? Does it suggest a
        reasonable name for the new registry? See [RFC5226]. If the
        document describes an Expert Review process has Shepherd
        conferred with the Responsible Area Director so that the IESG
        can appoint the needed Expert during the IESG Evaluation?

This document defines a registry should be defined for BGP Finite Statement Machine Error Subcodes within the BGP Error Subcode registry. This registry is a subcategory under the BGP Error Subcodes.

[www.iana.org/assignments/bgp-parameters/bgp-parameters.xml]

The name for the registry is “BGP Finite Statemachine Error Subcodes.
The document defines four state variables to be the original values in this registry.

(1.j) Has the Document Shepherd verified that sections of the
      document that are written in a formal language, such as XML
      code, BNF rules, MIB definitions, etc., validate correctly in
      an automated checker?

Not applicable.

(1.k) The IESG approval announcement includes a Document
      Announcement Write-Up. Please provide such a Document
      Announcement Write-Up? Recent examples can be found in the
      "Action" announcements for approved documents.


Technical Summary
The IDR working group is revising the BGP-4 specifications to add additional error handling per the Grow Working Group’s request in draft-grow-ops-reqs-for-bgp-error-handling-02. This draft defines operational sub-codes for the BGP Finite State Machine Error that provide more information to aid network operators in diagnosing BGP FSM issues and correlating network events.

This BGP feature has been implemented in two separate implementation (Huawei VRP5-R9 OS and Quagga) which successful interoperated. 

Working Group Summary
The document is a product of the IDR working group. The document has working group consensus, and it is part of the IDR work in revising BGP error handling in response to GROW’s request. 

Document Quality
The document provides the necessary specification for implementers to use implement the additional error processing by providing a description of when to send the error codes (usage, section 3), and what error codes to send (Definition of error codes, section 2). 

The quality of the document is good with enough brevity to make it easy to understand.


Appendix A – log text demonstrating the code from the Huawei Router

Oct 24 2011 20:10:02-08:00 Quidway %%01BGP/6/SEND_NOTIFY(l)[203]:The router sent a NOTIFICATION message to peer 192.168.1.33. (ErrorCode=5, SubErrorCode=3, BgpAddressFamily=Public, ErrorData=01)
Oct 24 2011 20:10:02-08:00 Quidway %%01BGP/3/STATE_CHG_UPDOWN(l)[204]:The status of the peer 192.168.1.33 changed from ESTABLISHED to IDLE. (InstanceName=Public, StateChangeReason=Finite State Machine Error/Receive Unexpected Message in Established State)
Oct 24 2011 20:10:31-08:00 Quidway %%01BGP/6/SEND_NOTIFY(l)[205]:The router sent a NOTIFICATION message to peer 192.168.1.33. (ErrorCode=5, SubErrorCode=1, BgpAddressFamily=Public, ErrorData=04)
Oct 24 2011 20:11:06-08:00 Quidway %%01BGP/6/SEND_NOTIFY(l)[206]:The router sent a NOTIFICATION message to peer 192.168.1.33. (ErrorCode=5, SubErrorCode=1, BgpAddressFamily=Public, ErrorData=02)
Oct 24 2011 20:11:51-08:00 Quidway %%01BGP/6/SEND_NOTIFY(l)[209]:The router sent a NOTIFICATION message to peer 192.168.1.33. (ErrorCode=5, SubErrorCode=1, BgpAddressFamily=Public, ErrorData=05)
Oct 24 2011 20:12:23-08:00 Quidway %%01BGP/6/SEND_NOTIFY(l)[210]:The router sent a NOTIFICATION message to peer 192.168.1.33. (ErrorCode=5, SubErrorCode=2, BgpAddressFamily=Public, ErrorData=01)
Oct 24 2011 20:12:40-08:00 Quidway %%01BGP/6/SEND_NOTIFY(l)[211]:The router sent a NOTIFICATION message to peer 192.168.1.33. (ErrorCode=5, SubErrorCode=2, BgpAddressFamily=Public, ErrorData=02)
Oct 24 2011 20:13:03-08:00 Quidway %%01BGP/6/SEND_NOTIFY(l)[214]:The router sent a NOTIFICATION message to peer 192.168.1.33. (ErrorCode=5, SubErrorCode=2, BgpAddressFamily=Public, ErrorData=05)


2011-11-13
03 Cindy Morgan [Note]: 'Susan Hares is the document shepherd  (Susan.Hares@huawei.com or shares@ndzh.com).' added
2011-11-13
03 Cindy Morgan Draft added in state Publication Requested
2011-08-11
02 (System) New version available: draft-ietf-idr-fsm-subcode-02.txt
2011-03-14
01 (System) New version available: draft-ietf-idr-fsm-subcode-01.txt
2010-10-01
00 (System) New version available: draft-ietf-idr-fsm-subcode-00.txt