junkins@nwnet.net (Doug Junkins) writes:

These cases seem to point to a problem with BGP route withdrawls that will continue to increase the time it takes to recover from network problems. Perhaps the router vendors would like to comment.

I'm not a router vendor, but I used to play one on TV. Is that close enough? ;-) Let me comment about BGP, the protocol, as opposed to BGP, the implementation. The protocol dictates that a BGP speaker that receives a withdrawl for a prefix _MUST_ promptly distribute that withdrawl. The reason for this is obvious: a router which has no route to a prefix is blackholing traffic or, if it has selected a different path, is possibly contributing to a forwarding loop. We can argue about the definition of 'promptly', but I hope it's clear that taking hours to withdraw the route is out of the question. Now, please note that a BGP speaker that receives a reachability announcement for a prefix MAY decide to not advertise it for an indefinite period of time, for whatever reason. However, this is subject to some restrictions. If the newly reachable prefix is installed in the routers forwarding table and it chooses not to advertise this fact, the router MUST NOT advertise a shorter overlapping prefix. Again, this would be lying about the forwarding path that packets might take, so there's possibly a forwarding loop. What does this mean for an implementation? In particular, how MUST flap damping work? Flap damping MUST NOT damp out withdrawls. Note that a _history_ of withdrawals may well be data used by subsequent flap damping computations, but the withdrawl itself should propagate. Flap damping SHOULD happen on reachability advertisement. To simplify the implementation, most folks are likely to choose to suppress newly advertised routes for a time. While the path is suppressed, the implementation probably does NOT want to install the path in its forwarding table. That would be painful. Only after the path finishes its suppression period should it be installed and then promptly advertised. If your router's implementation is significantly different than this, you might wanna have a talk with them. Sooner would be better than later. ;-) Please note that I'm not throwing stones or pointing fingers. I have no knowledge of the internals of what happened other than what's appeared on this list. However, the reports are disturbing and there seems to be some considerable confusion about the internals of BGP, so I thought some education was in order. Tony