Re: [babel] Warren Kumari's Discuss on draft-ietf-babel-source-specific-07: (with DISCUSS)

Toke Høiland-Jørgensen <toke@toke.dk> Wed, 04 November 2020 11:27 UTC

Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F23D3A0FCF; Wed, 4 Nov 2020 03:27:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S_n2TxS_bCkh; Wed, 4 Nov 2020 03:27:34 -0800 (PST)
Received: from mail.toke.dk (mail.toke.dk [45.145.95.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 072C43A0D6C; Wed, 4 Nov 2020 03:27:31 -0800 (PST)
From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1604489249; bh=ZLmbCbvyw4TdKjosPRlJ6sN7fcqFar2i6WmoA4iYTLU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=dzS/IMeIAM9Pl3X54EbFiKCTF0juom7gV+CSSrvJvEWaLMxfjVUzvhje6r7oeE3WH RV740itqhOrpiXl1CVvZ3w3uSLBjKg2xYR9rP29tJQ/eLIF4aHDZWb3N1024HIiQo1 zom3BoBcvMcQCjnacDLcuZqXhRRSgoF/N1ovn4uVY13/r/jlz2OV19hh8gRWeTvDTB dgo3ScYxm//dL+it0D5iV6kRVEuIqO7iBI8U4i2IinAeSqPyXwzrFZMsu+/Aeb1zY1 y85XL0KbahYkNZQPkBCZwF6xRyBehTB7oIqTev86AuBFFpWNg3NJorz/9sTrcDrC11 sBeV/yA5KBPnQ==
To: Warren Kumari <warren@kumari.net>, The IESG <iesg@ietf.org>
Cc: babel-chairs@ietf.org, d3e3e3@gmail.com, babel@ietf.org, draft-ietf-babel-source-specific@ietf.org
In-Reply-To: <160444589696.9348.17838097712934982658@ietfa.amsl.com>
References: <160444589696.9348.17838097712934982658@ietfa.amsl.com>
Date: Wed, 04 Nov 2020 12:27:27 +0100
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87wnz1uzts.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/c0-_FlDYpiMJTIPyVqNNqygn3qk>
Subject: Re: [babel] Warren Kumari's Discuss on draft-ietf-babel-source-specific-07: (with DISCUSS)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2020 11:27:36 -0000

Warren Kumari via Datatracker <noreply@ietf.org> writes:

> Warren Kumari has entered the following ballot position for
> draft-ietf-babel-source-specific-07: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-babel-source-specific/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> I apologize for being rushed, and not balloting earlier, but I feel like I must
> have missed something fundamental here.
>
> The example in Section 4 (Data Forwarding) illustrates an issue, but doesn't
> actually *state* which (A or B) next hop will be used. The text then says that:
> "A Babel implementation MUST choose routing table entries by using the
> so-called destination-first ordering,". I interpret this to mean that the
> packet "with source 2001:DB8:0:2::42 and destination 2001:DB8:0:1::57" should
> use next-hop A. This means that you will be sending the packet to the
> destination with no regard for if the provider connected to next-hop A
> carries/announces 2001:DB8:0:2::/64. If if it doesn't, this will look like a
> spoofing attack, and the ISP will (rightly) drop it.
>
> The only way that I can see this working is if:
> 1: destination routes never point "outside" the network (and so will never hit
> inbound BCP38 filters) or 2: destination routes always "match" - if you install
> x:y:z::/q pointing at next-hop A, you also install the same router pointing at
> next-hop B (this is pointless).
>
> Please help me understand what I'm missing here -- routing on destination to an
> ISP (which is what I'm assuming based on the "small networks" statement) seems
> like it will route packets with ISP B sources addresses to ISP A, running into
> BCP38/anti-spoofing filters. BCP84 also covers a number of scenarios - it
> sounds like you are referring to Section 4.3.  Send Traffic Using a Provider
> Prefix Only to That Provider, but that is exactly what is not happening above.
>
> Again, I'm assuming that I'm just missing something blindingly obvious here,
> but it would be good to figure out what, so the document can be clarified and
> others don't fall into the same trap...

Please see my reply to Alvaro, where I describe how the multi-provider
use case is supposed to work:

https://mailarchive.ietf.org/arch/msg/babel/7_O-b6bN525EonbZu0cf6_hIjKU/

-Toke