Re: [bess] Benjamin Kaduk's No Objection on draft-ietf-bess-datacenter-gateway-12: (with COMMENT)
John E Drake <jdrake@juniper.net> Wed, 21 July 2021 20:11 UTC
Return-Path: <jdrake@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EC093A279E; Wed, 21 Jul 2021 13:11:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=0QeHD/Hk; dkim=pass (1024-bit key) header.d=juniper.net header.b=V/WlKdTg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R97iN0NBJhqW; Wed, 21 Jul 2021 13:11:00 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BC673A279B; Wed, 21 Jul 2021 13:10:49 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16LKAmiw017257; Wed, 21 Jul 2021 13:10:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=4iwzwwgQGcQV/IBXjI7OFsTLKUWKZznIVySz9flCLR4=; b=0QeHD/HkhbJYJBSqinzilnqRGb/j2W2aJTIVV7kkeU7w7NMtQXBGkabhRN6LiITbfgD4 BVeaj/PzKd/c4a2pMcqh0z30Bm7ldrsfMR981cDbXB0S4rn3zAGMd1pvNAyNgcZhTS4j oxL4RRkEgOirr4g1d8yMtieiCkwO0G0RtZR03+TJr908uhpUvAyriH/JSZ0ILUUp+X7o AcE+Y/yrDKHJ0q8jtH3cb9oj8FfRU+KoqR4413fcpAlbQ1L4bF911IrrhZNZnCD/HsyL iRFaSvGZXjx162xM/8n8b3PxH30x8Pqp1Pgy11DCAKaMw0/ULd9YI//3R9I5JxjGqS2L aQ==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2172.outbound.protection.outlook.com [104.47.55.172]) by mx0b-00273201.pphosted.com with ESMTP id 39xef4hdyy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 21 Jul 2021 13:10:47 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=crGyGREj92Mqsqa8gGDI24KC/OHpgo1BETtwHSEwzPIrcNRN8lh5Kcqucf6Aq6CA9LWzap6dnJ/CWxsTjzIRAu8HhA07fg0xZIcrYfdcvZ3EOJPFXkesp8DQHEAj5kwOOYyyppn/ZkneowOij6TBdSzilLJx8GxVBYvHsDutZMGSu26zSuA/QLf2qTwaDqGaYQCJUPGXcQ4JOAcZnV18UPVXFW90iewtOelL6Etkol2fSYzmBC0aDx0SPJvJnV+TX5NIKo2nnHICfreDrKob+qar1Cu8c09Jd0k9I8Mkr78iyPxhmV5Lpz75LbkbQWc1uiza2Ijfly5ySR2wtGPuDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4iwzwwgQGcQV/IBXjI7OFsTLKUWKZznIVySz9flCLR4=; b=lR/KLhdMWRwXnl2/nGgGt+VREMEb2ksp6o+mUU8//nv2pFfq6CAxnpiyqVfYEarc/AbpVacXmhQBn180/vT+xlik8lSgQN+K6aG1pA2+ZrzvAdSldQoQwjQc8o6FzGdhhRmmEMAdo+hw7MGSkdh0zKBNe5DhCKp3F+r7EQGZvc/eakyrDnGke3z1zQ4vwK6kdjm9F+HlW973xbcgOSnaUqZG+3yDT5ULCWzssYDbGvjIGbySN2Cn6A5MC0duu8XIcVTKmsGyvX49TaQqe9Q+IMbQ8kcfYFmGW8KbgyR+lkKj49Del+NL5F8oHtNJ4dGMapH0ioEC6/+U7yOZqrckOw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4iwzwwgQGcQV/IBXjI7OFsTLKUWKZznIVySz9flCLR4=; b=V/WlKdTg+YL+rEM8NbK6BvvPoB6vpI5TnV+bElwsyDDeVL8JLU+7OhUsGCPYPXtHsU2aNPUzuQe8cKUyWcnWZW0un8/OeTtxPZh6pHBWKfmBinnqKsdsLUazOdl8LiBycHVaWyiNS7t3TdS9wnOmi9BP2Q4ZYwhVPs8CMn0zyFA=
Received: from BY3PR05MB8081.namprd05.prod.outlook.com (2603:10b6:a03:366::15) by BYAPR05MB3944.namprd05.prod.outlook.com (2603:10b6:a02:8d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.15; Wed, 21 Jul 2021 20:10:46 +0000
Received: from BY3PR05MB8081.namprd05.prod.outlook.com ([fe80::52a:5992:7fe1:e596]) by BY3PR05MB8081.namprd05.prod.outlook.com ([fe80::52a:5992:7fe1:e596%9]) with mapi id 15.20.4352.025; Wed, 21 Jul 2021 20:10:46 +0000
From: John E Drake <jdrake@juniper.net>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-bess-datacenter-gateway@ietf.org" <draft-ietf-bess-datacenter-gateway@ietf.org>, "matthew.bocci@nokia.com" <matthew.bocci@nokia.com>, "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: [bess] Benjamin Kaduk's No Objection on draft-ietf-bess-datacenter-gateway-12: (with COMMENT)
Thread-Index: AQHXflT3JGiKEwvF7kep9Y8MY/h6CatN3CQA
Date: Wed, 21 Jul 2021 20:10:45 +0000
Message-ID: <BY3PR05MB8081B3D79D0A1EC33B36C017C7E39@BY3PR05MB8081.namprd05.prod.outlook.com>
References: <162688813188.15471.11185576631396701262@ietfa.amsl.com>
In-Reply-To: <162688813188.15471.11185576631396701262@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.6.100.41
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2021-07-21T20:10:43Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=e3aadc76-10d6-4397-a556-50f02fc86f87; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=juniper.net;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f9c1d051-2cc8-427f-c524-08d94c83a025
x-ms-traffictypediagnostic: BYAPR05MB3944:
x-microsoft-antispam-prvs: <BYAPR05MB3944B2A93C923B87AB806A8CC7E39@BYAPR05MB3944.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: synghj1iaK5jj+YXYq2zSRmsAVPq3b/YX+fu64s/diOXFuaptoGi5rvRQork2WHsLGrnMMJ26BkUH4qbfVpHFBZlPlg9pvskC8JUYUysDIf2Q8JVei4RqK1ODsPZh8Vzc+HRSJNQ//LhiE+9LWpPn0+fRzUgyWNhskrPyA23RP1+OlwSrJZ8GEvw0imH1YCObqjKlGI/ZAhSmAJ3xXsTjiAFS2DraD9RKAtGDRk5pEAYKEBjXhF+HToefec3Swow9k+zcWUXOSzlYY4ZJiYwc5hfq9s9zPu+Adbg31YfB1JnnD0QVGQ6jpGHbVMmG72j5AdU2tpbU2k4LYU7Byp7X475Siog/Dq0gItSVRiVGkE2yzHXylKuhoXgPsZktLf5/4nF+J7fZXfyDDk/jAH7cCqVDGQkbt7pNCFRwnORZi05j3FQKI8mZV72g3vtJWzS1lDYhujRGwNtv97kDVz5d2y4/hpZOeZVxGkKn12c0Fywe6GKvZv7y8bJSXWLeaJm2nsN1o1CHpNBo+ikd19Li1rIU8lFi7BKc2lclhstNgE1MznnT6Mus5W5W1q+9ReugPX09ZGvDOAwZb16sY4QmiOf8bVhjlrG4Csyh0MiIkvQR/scyHJt+BCD/Wg0D/43uytbdN67jvlg2g75jnyihKPalmyYFFiWXe6oXhEmqxzWEEqLA+MfF0H5hwiK7Av7dbZXjtS2Xwo9Gev6Ckr2tgiPuEI31e6Wnylw7Th7ysId5MjhijTnFrt9KxjsThGk/qz+4T+NirpdC4KJKR24kSfMrBGDx5MK4WmLcSmduLGy1fkO/fcJxTizI/HoIU/6BmqTgcbO3u1RKESssjFVrw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY3PR05MB8081.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(4326008)(26005)(54906003)(53546011)(66446008)(55016002)(186003)(9686003)(8936002)(33656002)(110136005)(86362001)(52536014)(83380400001)(64756008)(66556008)(316002)(6506007)(66574015)(38100700002)(966005)(122000001)(8676002)(76116006)(7696005)(71200400001)(2906002)(5660300002)(508600001)(66946007)(66476007)(38070700004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eHDv0GT0LblwJi7CzlchR5nDd0Uq+B43ZNmoxFBnMqJNi/ZXX+DMO0AFwROAbRx3xRmUYT8K6vefUW91gjpf+7Uapi0AIzJcIA6C1VuKBLDuGmE8JnScc1ikjvBj9Q7EoFpaD9TcqODaAoVo6Pv7oSCxi+Lgg7DuIdrZsm33qdSWvYq3kZQn9RnVWJ25mkBPSb/SVOVdN4SJPuwDR9L9n8S8Zxqp4gn1Wy0SxrHz/YEpJDF0EKfPuK8nGjGAn0G3Gjsqb9DKplpxcb2ZtfQ4sD18qjqtG8gyDpSXrG/jkYtCE+3JYLG/z8zCiIkt3MQXNebOgRUWgbXgFfXfzLtNhLZ5FJGO91ZqA53QyvMYA1ArbOMXRxWhEvzk0fYOIo93sm4a54dGLPTXkgj+xpa3L57kY66T60nHo5pSo2ncbmXDvypjSSakR2/Aq/HWIFoXFVeQVf2ND9nEkqjUmrk0xtJnusoyq9mN1RzJm7iTtUC4biYvK4bAoGFejJ6n03SSLszb8bvo8B2AhoeE6nrlqfi1TgIkbc4GR68WQbkUs7SOMiY3dsoiTHfaweKdijNaf+0bo5e3Cr7EsqP6kJReiSlVQUjBr0wT/EjozOpIg6AhzKqhMuz+6KFcFHAN6AMIevrM3YzKGzC/SLlruWiSl9rP2IydpKqElFjecmAu59H8MvAVz1foL2eTscRElYHkSU0lEoK/TSqvhPOBL9trOXYwGaj4g4nTwA609XMosF59Wvuvyoa4e7cx5Ob0viyZI45ON79pHhYEda9HydScsH+AG/kpRvs0DeJ8CIRE5RdjMpaOSnqX5qW2TsHWf343GsW/RVEGR6QtHenxu5z2Y8U0XJf64v/5gM/4LnIwHi5FjbKUxdidgkf6csTIj3bQcdM7bVQgjwKR4X10K4wk9npTk9TtCHCr69V8nA20K1kgdHu0vQ10Ktev32HHmH/0yqxCgasvYDMEJl5zArrAdMHtvrajC8HWtivxqLHvZY2ZAHBMqJDT6g9Ue2Ds+f6Phy1TS4f7DEmCOBgBBIMe0NfnHxaPs679HETCkIbIXC9or2YCeIlhz5/dJkMnevghkz6e2oVDm04MRFPhqV20GoN5+WWGWKOXsB6zW5VcTq9Ebm7AxE5lVvCEMcOHy93xYJ/4cuncpNBVh50STkC+2IYJ4uD51Ei6nz+Inmrbsi5RaRcGCOLKSC4XSe4dFkVgJBqh7qs93mLHCaWwpKPcHcE15lyB1MfjDXiqaYObqmW5FoxCwt0dd/ngTLDMmMIwFMe3+/mFOaFQ5Rign3A2flTsfHcrb38jXrH+9XhEKnm+kotzD48d/V/t3wyvp/oV
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY3PR05MB8081.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f9c1d051-2cc8-427f-c524-08d94c83a025
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jul 2021 20:10:45.9379 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: c+9WH/i+K+dydA64TXkAmTaUEoBUgYTJFbXKJ6Kbc9OdFSPbbXwC+j1swzsP8pM5Fnf2wjgpX+XhCB9+iJ+8vA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB3944
X-Proofpoint-GUID: 7E_dB3oRYcuOVeuTUQJ9hGDfYWRSroIX
X-Proofpoint-ORIG-GUID: 7E_dB3oRYcuOVeuTUQJ9hGDfYWRSroIX
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-21_10:2021-07-21, 2021-07-21 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 priorityscore=1501 adultscore=0 clxscore=1015 mlxscore=0 spamscore=0 lowpriorityscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107210120
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/dmt_Br_-HqiTe0AtCr6U6BFMhgk>
Subject: Re: [bess] Benjamin Kaduk's No Objection on draft-ietf-bess-datacenter-gateway-12: (with COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2021 20:11:07 -0000
Ben, Thanks for your thorough review and discussion. Yours Irrespectively, John Juniper Business Use Only > -----Original Message----- > From: BESS <bess-bounces@ietf.org> On Behalf Of Benjamin Kaduk via > Datatracker > Sent: Wednesday, July 21, 2021 1:22 PM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-bess-datacenter-gateway@ietf.org; matthew.bocci@nokia.com; > bess-chairs@ietf.org; bess@ietf.org > Subject: [bess] Benjamin Kaduk's No Objection on draft-ietf-bess-datacenter- > gateway-12: (with COMMENT) > > [External Email. Be cautious of content] > > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-bess-datacenter-gateway-12: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to > https://urldefense.com/v3/__https://www.ietf.org/iesg/statement/discuss- > criteria.html__;!!NEt6yMaO-gk!WM0wrcZUeK_Mcc3YdAxJJsDiUT_G1M-lAz- > 8g0fltDGASgWWcsQJ-toZT_lgRJk$ > for more information about DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-bess- > datacenter-gateway/__;!!NEt6yMaO- > gk!WM0wrcZUeK_Mcc3YdAxJJsDiUT_G1M-lAz-8g0fltDGASgWWcsQJ- > toZ_kua3SE$ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > The -12 does address the discuss point that I raised, thank you! > > In re-reading the draft so as to clear my discuss position, one thing that occurred > to me is that a reader might wonder what mechanisms are in place to prevent an > attacker outside of a site from spoofing an auto-discovery route with a given > site's site identifier. (The security considerations already dutifully considers the > case of a node in the site that is not a gateway being able to falsify an auto- > discovery > route.) As far as I can tell this is not an issue because nodes in the site will not > accept auto-discovery routes that initiate from outside the site, based on > configured knowledge of whether a given BGP peering is internal or external. > The document already makes some allusions to this by specifying that the actual > tunnel encapsulation with the union of all GWs' data is only included in "every > route advertised externally to that site", implying that the auto-discovery routes > are on the non-external (i.e., internal) advertisements. It might (or might not) be > worth being more explicit about auto-discovery only occuring internally within a > site, to clarify this mechanism of action. > > NITS > > Section 1 > > Data centers (DCs) are critical components of the infrastructure used > by network operators to provide services to their customers. DCs > (sites) are interconnected by a backbone network, which consists of > any number of private networks and/or the Internet, by gateway > routers (GWs). [...] > > This currently looks like "interconnected by <X> (...), by <Y>" which doesn't seem > right. Maybe end the sentence after "and/or the Internet" > and finish with "Each DC is connected to the backbone by one or more gateway > routers (GWs)"? > > The solution described in this document is agnostic as to whether the > transit ASes do or do not have SR capabilities. the solution uses SR > to stitch together path segments between GWs and through the ASBRs. > > Start the sentence with a majuscule 'T'. > > technique will experience scaling issues. This all means that the > Add-Paths approach is limited to sites connected over a single AS. > > I'd consider "effectively limited"; we know that some groups/individuals have a > high capacity for hitting themselves in the way that recursive Add-Path would > entail. > > > > _______________________________________________ > BESS mailing list > BESS@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/bess__;!!N > Et6yMaO-gk!WM0wrcZUeK_Mcc3YdAxJJsDiUT_G1M-lAz-8g0fltDGASgWWcsQJ- > toZF8-VjNc$
- [bess] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker
- Re: [bess] Benjamin Kaduk's No Objection on draft… John E Drake
- Re: [bess] Benjamin Kaduk's No Objection on draft… Adrian Farrel