Internet-Draft | Avoid Ext Comms | June 2024 |
Snijders, et al. | Expires 6 December 2024 | [Page] |
This document outlines a recommendation to the Internet operational community to avoid the use of BGP Extended Communities at Internet Exchange Point (IXP) Route Servers. It includes guidance for both the Internet Service Provider side peering with Route Servers and IXPs operating Route Servers. This recommendation aims to help the global Internet routing system's performance and help protect Route Server participants against misconfigurations.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 6 December 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This document outlines a recommendation to the Internet operational community to avoid the use of BGP Extended Communities [RFC4360] at Internet Exchange Point (IXP) Route Servers [RFC7947], [RFC7948]. It includes guidance for both the Internet Service Provider side peering with Route Servers and IXPs operating Route Servers. This recomendation aims to help the global Internet routing system's performance and help protect Route Server participants against misconfigurations.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The main use-case for Extended Communities are as Route Targets within VPN [RFC4364] deployments, but historically Extended Communities also have been used as an operational utility to signal requests to IXP Route Servers such as functionality to reduce propagation scope or request AS_PATH prepending.¶
Use of Extended Communities arose from a lack of support to fit 4-octet Autonomous System Numbers (ASNs) [RFC4893] in Classic BGP communities [RFC1997], thus operators improvised a method that could allow BGP signaling from IXP participants with 4-octet ASN. The 6-octet space for the Global and Local administrator part of the BGP Extended Community provides sufficient space for a single 4-octet ASN. However, the 6-octet space is not sufficient enough should a 4-octet ASN participant of an IXP want to send a signal to a 4-octet ASN Route Server or to another 4-octet ASN participant. Moreover, the flexibility to insert a 4-octet ASN either in the Global or the Local Administrator part, proved to bring extra complexity both in the BGP implementations and in the route propagation functions that are being triggered through BGP Extended Communities. Although, this method was widely considered to be an acceptable workaround for a period of time, a more robust and future proof solution was needed that could overcome the aforementioned obstacles.¶
BGP Large communities [RFC8092] addressed the operational requirements for working with 4-octet ASNs in a variety of scenarios. With a total space of 12 octets divided into 3 separate fields, signalling between 2-octet ASNs and 4-octet ASNs, or 4-octet ASNs and 4-octet ASNs, making the use of BGP Extended Communities redundant. Since the introduction of BGP Large communities in 2017 - by now - virtually all BGP implementations have adopted this standard, making this feature usable in all public Internet deployments.¶
At the moment of writing this recommendation, there are still IP Network and IXP operators that support BGP Extended Communities for IXP Route Server signaling purposes. However, supporting three flavors of BGP Communities (Classic, Large, and Extended) contribute to increased memory consumption, increased complexity in Routing Policies, and reduced stability of the Internet ecosystem as BGP speakers need to send a BGP UPDATE message every time any type of BGP Community is added, removed, or modified. As each and every BGP UPDATE message propagated and received requires CPU cycles for processing, any efforts that minimize the number of BGP UPDATE messages are advantageous for the routing system. The authors of this document posit that Extended Communities are superfluous in context of the existence of Large Communities.¶
Route Server operators that match on route announcements with Extended Communities for 4-octet ASNs SHOULD replace these configurations with equivalent functionality implemented using Large Communities [RFC8092].¶
As an additional recommendation, Route Server operators should communicate a clear timeline for their clients to transition from Extended to Large communities.¶
Finally, operators of Internet Exchange Route Servers are RECOMMENDED to:¶
Scrub the BGP Extended Communities at the inbound direction which are intendend for L3VPN purposes. That concerns the Extended communities where the sub-type value has been set to 0x02 (Route Target).¶
Allow the rest of the BGP Extended Communities to transit transparently through the Route Servers.¶
The authors would like to thank Jeffrey Haas and Martin Pels for their useful feedback during the review process through the GROW mailing list.¶
There are no security considerations accompanying this document.¶
This document has no actions for IANA.¶