Re: [babel] Warren Kumari's Discuss on draft-ietf-babel-source-specific-07: (with DISCUSS)

Toke Høiland-Jørgensen <> Wed, 04 November 2020 11:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4F23D3A0FCF; Wed, 4 Nov 2020 03:27:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S_n2TxS_bCkh; Wed, 4 Nov 2020 03:27:34 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 072C43A0D6C; Wed, 4 Nov 2020 03:27:31 -0800 (PST)
From: Toke Høiland-Jørgensen <>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=20161023; t=1604489249; bh=ZLmbCbvyw4TdKjosPRlJ6sN7fcqFar2i6WmoA4iYTLU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=dzS/IMeIAM9Pl3X54EbFiKCTF0juom7gV+CSSrvJvEWaLMxfjVUzvhje6r7oeE3WH RV740itqhOrpiXl1CVvZ3w3uSLBjKg2xYR9rP29tJQ/eLIF4aHDZWb3N1024HIiQo1 zom3BoBcvMcQCjnacDLcuZqXhRRSgoF/N1ovn4uVY13/r/jlz2OV19hh8gRWeTvDTB dgo3ScYxm//dL+it0D5iV6kRVEuIqO7iBI8U4i2IinAeSqPyXwzrFZMsu+/Aeb1zY1 y85XL0KbahYkNZQPkBCZwF6xRyBehTB7oIqTev86AuBFFpWNg3NJorz/9sTrcDrC11 sBeV/yA5KBPnQ==
To: Warren Kumari <>, The IESG <>
In-Reply-To: <>
References: <>
Date: Wed, 04 Nov 2020 12:27:27 +0100
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <>
Subject: Re: [babel] Warren Kumari's Discuss on draft-ietf-babel-source-specific-07: (with DISCUSS)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Nov 2020 11:27:36 -0000

Warren Kumari via Datatracker <> writes:

> Warren Kumari has entered the following ballot position for
> draft-ietf-babel-source-specific-07: Discuss
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> Please refer to
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> I apologize for being rushed, and not balloting earlier, but I feel like I must
> have missed something fundamental here.
> The example in Section 4 (Data Forwarding) illustrates an issue, but doesn't
> actually *state* which (A or B) next hop will be used. The text then says that:
> "A Babel implementation MUST choose routing table entries by using the
> so-called destination-first ordering,". I interpret this to mean that the
> packet "with source 2001:DB8:0:2::42 and destination 2001:DB8:0:1::57" should
> use next-hop A. This means that you will be sending the packet to the
> destination with no regard for if the provider connected to next-hop A
> carries/announces 2001:DB8:0:2::/64. If if it doesn't, this will look like a
> spoofing attack, and the ISP will (rightly) drop it.
> The only way that I can see this working is if:
> 1: destination routes never point "outside" the network (and so will never hit
> inbound BCP38 filters) or 2: destination routes always "match" - if you install
> x:y:z::/q pointing at next-hop A, you also install the same router pointing at
> next-hop B (this is pointless).
> Please help me understand what I'm missing here -- routing on destination to an
> ISP (which is what I'm assuming based on the "small networks" statement) seems
> like it will route packets with ISP B sources addresses to ISP A, running into
> BCP38/anti-spoofing filters. BCP84 also covers a number of scenarios - it
> sounds like you are referring to Section 4.3.  Send Traffic Using a Provider
> Prefix Only to That Provider, but that is exactly what is not happening above.
> Again, I'm assuming that I'm just missing something blindingly obvious here,
> but it would be good to figure out what, so the document can be clarified and
> others don't fall into the same trap...

Please see my reply to Alvaro, where I describe how the multi-provider
use case is supposed to work: