Re: [bess] Benjamin Kaduk's No Objection on draft-ietf-bess-datacenter-gateway-12: (with COMMENT)
Adrian Farrel <adrian@olddog.co.uk> Thu, 22 July 2021 18:37 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F8F83A0D38; Thu, 22 Jul 2021 11:37:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.896
X-Spam-Level:
X-Spam-Status: No, score=-0.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MAY_BE_FORGED=1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKCdyC1ZVRJh; Thu, 22 Jul 2021 11:37:09 -0700 (PDT)
Received: from mta5.iomartmail.com (mta5.iomartmail.com [62.128.193.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA25C3A0D32; Thu, 22 Jul 2021 11:37:03 -0700 (PDT)
Received: from vs1.iomartmail.com (vs1.iomartmail.com [10.12.10.121]) by mta5.iomartmail.com (8.14.4/8.14.4) with ESMTP id 16MIb0Gd005080; Thu, 22 Jul 2021 19:37:00 +0100
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C32544604B; Thu, 22 Jul 2021 19:37:00 +0100 (BST)
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B62B34603D; Thu, 22 Jul 2021 19:37:00 +0100 (BST)
Received: from asmtp3.iomartmail.com (unknown [10.12.10.224]) by vs1.iomartmail.com (Postfix) with ESMTPS; Thu, 22 Jul 2021 19:37:00 +0100 (BST)
Received: from LAPTOPK7AS653V (84.93.110.203.plusnet.ptn-ag2.dyn.plus.net [84.93.110.203] (may be forged)) (authenticated bits=0) by asmtp3.iomartmail.com (8.14.4/8.14.4) with ESMTP id 16MIavFC004980 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 22 Jul 2021 19:36:59 +0100
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Benjamin Kaduk' <kaduk@mit.edu>, 'The IESG' <iesg@ietf.org>
Cc: draft-ietf-bess-datacenter-gateway@ietf.org, bess-chairs@ietf.org, bess@ietf.org, 'Matthew Bocci' <matthew.bocci@nokia.com>
References: <162688813188.15471.11185576631396701262@ietfa.amsl.com>
In-Reply-To: <162688813188.15471.11185576631396701262@ietfa.amsl.com>
Date: Thu, 22 Jul 2021 19:36:56 +0100
Organization: Old Dog Consulting
Message-ID: <02c201d77f28$8eda2780$ac8e7680$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHuLmZllqp9iBEjGINr7flqT+oG1Ksh8oDA
Content-Language: en-gb
X-Originating-IP: 84.93.110.203
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.2034-8.6.0.1017-26300.002
X-TM-AS-Result: No--12.491-10.0-31-10
X-imss-scan-details: No--12.491-10.0-31-10
X-TMASE-Version: IMSVA-9.1.0.2034-8.6.1017-26300.002
X-TMASE-Result: 10--12.491200-10.000000
X-TMASE-MatchedRID: /77LoUQXvQ/xIbpQ8BhdbPHkpkyUphL9TPM1foW4ZgO1oeYVuUg6ORfw Q+SArnSQHaAOG3M1xwhKkovCcLFVMK91xPCrfpdCZ9lV63zwekICC8zqHvcG2hPPSVsw1R+Y4+G zXv33W9FYaKLOBN2SuLMwNsOaGpdWPJ+LKpJ61+H4FqzGb25nh3hDDPvdmfh4BCzD0Dc8iUtTZw 1G54ybwCiujSf+IQpSmIeurdwICVxuhaARsScJxvRUId35VCIeVoopVBvm9s103EU8crzuS5IPc n3NOY+2VyMEMG+DURJwUgcoQqXK/sSiwrfykIZlC4s/hE51YdVxXefgn/TNQyPbpmcKzKmQG9ld gdPsk0XWWqyMd4Dmn+avmsUG/UyDjlL/hujrw1tAL3S+E86WTeNlVbqPGsKiinEqVqfFd0MxiXj 48wxirjGqQxamCAspKeTEE9V2pSSwQEC6hpSor6MY62qeQBkLzgjA0fz2uiCn7v45H7cwm0mobO LhIyMm/dB05pBZLFJ8eC2pVr1wb1xeXzq6ddpzZ93oz43dfXHIkqWX01P52BHFkFAjR1tnYX/Ek xUzS3kD+h7g3AV/akc+YfLo55UjMYXCjAv0ws8pSdnOjZRAPeT2LLVgCh9q9fB+4MvepQyjxYyR Ba/qJTFcRf+5vanX/fTpDjOELgPdB/CxWTRRu25FeHtsUoHu91S8YKB1DzB2dpE1yYGffZBNG/y nXnYbjmLSxSIINeXFhXMjdQIJpg==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/ZbNInzHo5n8Nm8sobuNO_YZMqjk>
Subject: Re: [bess] Benjamin Kaduk's No Objection on draft-ietf-bess-datacenter-gateway-12: (with COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2021 18:37:13 -0000
Hi again, > COMMENT: > ---------------------------------------------------------------- > > The -12 does address the discuss point that I raised, thank you! > > In re-reading the draft so as to clear my discuss position, one thing > that occurred to me is that a reader might wonder what mechanisms are in > place to prevent an attacker outside of a site from spoofing an > auto-discovery route with a given site's site identifier. (The security > considerations already dutifully considers the case of a node in the > site that is not a gateway being able to falsify an auto-discovery > route.) As far as I can tell this is not an issue because nodes in the > site will not accept auto-discovery routes that initiate from outside > the site, based on configured knowledge of whether a given BGP peering > is internal or external. The document already makes some allusions to > this by specifying that the actual tunnel encapsulation with the union > of all GWs' data is only included in "every route advertised externally > to that site", implying that the auto-discovery routes are on the > non-external (i.e., internal) advertisements. It might (or might not) > be worth being more explicit about auto-discovery only occuring > internally within a site, to clarify this mechanism of action. Per other email. Since I have suggested text I'll make the change. > NITS > > Section 1 > > Data centers (DCs) are critical components of the infrastructure used > by network operators to provide services to their customers. DCs > (sites) are interconnected by a backbone network, which consists of > any number of private networks and/or the Internet, by gateway > routers (GWs). [...] > > This currently looks like "interconnected by <X> (...), by <Y>" which > doesn't seem right. Maybe end the sentence after "and/or the Internet" > and finish with "Each DC is connected to the backbone by one or more > gateway routers (GWs)"? Yeh, that was garbled. > The solution described in this document is agnostic as to whether the > transit ASes do or do not have SR capabilities. the solution uses SR > to stitch together path segments between GWs and through the ASBRs. > > Start the sentence with a majuscule 'T'. Ack > technique will experience scaling issues. This all means that the > Add-Paths approach is limited to sites connected over a single AS. > > I'd consider "effectively limited"; we know that some groups/individuals > have a high capacity for hitting themselves in the way that recursive > Add-Path would entail. Hmmm. Yes. New version when I'm allowed to post it. Cheers, Adrian
- [bess] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker
- Re: [bess] Benjamin Kaduk's No Objection on draft… John E Drake
- Re: [bess] Benjamin Kaduk's No Objection on draft… Adrian Farrel