Re: [Bgp-autoconf] Discussion about BGP autoconf requirements in DC
Robert Raszuk <robert@raszuk.net> Sat, 08 February 2020 12:01 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: bgp-autoconf@ietfa.amsl.com
Delivered-To: bgp-autoconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 03E65120143
for <bgp-autoconf@ietfa.amsl.com>; Sat, 8 Feb 2020 04:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id vMAD15fJfG7r for <bgp-autoconf@ietfa.amsl.com>;
Sat, 8 Feb 2020 04:01:54 -0800 (PST)
Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com
[IPv6:2607:f8b0:4864:20::330])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 76DA612013B
for <bgp-autoconf@ietf.org>; Sat, 8 Feb 2020 04:01:54 -0800 (PST)
Received: by mail-ot1-x330.google.com with SMTP id j20so1911728otq.3
for <bgp-autoconf@ietf.org>; Sat, 08 Feb 2020 04:01:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=8wCHXwxf8yDInsbCeSBwD56l6q0Ujg6gWINykgQlQgA=;
b=E4t0gi1I3gAjOwEvoQKTANWQhlopI+rhxOuwgLQ1nECfNNzngwIYg19VYLm9MisCxY
Ju8aWp2A4zlrM52cTz1oogB3ZB5Ra96IKJufaC+c/+k4KzgzJr10tekyB2zjCwrhYCDD
S7N0JJWwm8qK5I91lD9EWwm0dBL02Wq6wTrjPAw9Ir5IryNvluiz+KvRxSWa4jxcFept
RlWrrH9E94wJGCOUJWdXOzc0riBMbKUI94jmJUBO+cq18QThG+UOGh75gE9HZpc1tBjl
cEQ0z8+Kv7bh7fKSmrhbjNDdRSkWhf7/+q8nNzgR5eSS5jAPDGMBCUqsW0ubaQwaPj/g
o1Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=8wCHXwxf8yDInsbCeSBwD56l6q0Ujg6gWINykgQlQgA=;
b=anPKatR24NjRxqD4x0P8WuKUXuH6jRFz0ZeNeWpXmqnRMD/X0SfQ6M71LyI/Q3gbkt
WmZE0FMjnwLZPgX48hkRBG3/gkfwU7jYFQOaeTppZUx0Zyi4aCNdhlwzFljhxgKh7IQj
pChoQO7A8fXPxjWrKdUQyczc4KGGjfcs3Mbvdqy8kOmHelNy+4BrRqtUnSDYqO4uCFEC
tvHTZEGbrwU6xrLemXQTfsbmIWOE4iSYxz8QyJPkxEWY9C4OMVt+3K4xlq77oo8VEe0t
Dt7jyautylZ81sPQrR5dYqxpC2ovgwT2c2FfiQBPb+5wI4FVGI1Sv7Q/xbbfNZqF7I0y
Q/2Q==
X-Gm-Message-State: APjAAAUip37RhXBzvFt1eMpNNeC0EABrbdtoVViwtVboRXJuP123slWZ
tigTTsBfQQFs4QtLV0EjvPKrb3c+uesyR5oe3KN+/Q==
X-Google-Smtp-Source: APXvYqw6YI5ywutMvZPHrnt0gUqJn8tGuga4PoT7/vxcKuYPTlrwsYdxJFt1QzUVVK8iJSHLNVnG5oF9QOtkWayKtpc=
X-Received: by 2002:a9d:6a06:: with SMTP id g6mr2966031otn.305.1581163313542;
Sat, 08 Feb 2020 04:01:53 -0800 (PST)
MIME-Version: 1.0
References: <89bb996682564b99af57133a76b8dc6b@huawei.com>
<m2a75u3tcx.wl-randy@psg.com>
<CAOj+MMH7ERDbHt6jy1guLUg-ncqbVhv5GaYTd2Hb4a6R82sd7w@mail.gmail.com>
<m27e0y3rfq.wl-randy@psg.com>
In-Reply-To: <m27e0y3rfq.wl-randy@psg.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Sat, 8 Feb 2020 13:01:43 +0100
Message-ID: <CAOj+MMGeCS10NpXxaWj82urs8xV03oF8Lm6B_xxxkZduBMUcRA@mail.gmail.com>
To: Randy Bush <randy@psg.com>
Cc: bgp-autoconf@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a2cc6e059e0f457e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bgp-autoconf/2A4cac8VE2vrUluwiei3AzZxG-I>
Subject: Re: [Bgp-autoconf] Discussion about BGP autoconf requirements in DC
X-BeenThere: bgp-autoconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP autoconfiguration design team discussion list
<bgp-autoconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bgp-autoconf>,
<mailto:bgp-autoconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bgp-autoconf/>
List-Post: <mailto:bgp-autoconf@ietf.org>
List-Help: <mailto:bgp-autoconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bgp-autoconf>,
<mailto:bgp-autoconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Feb 2020 12:01:57 -0000
Hi, So as proven in working implementations (see Cumulus) bare min you need to automagically operate is a peer's address. They take it from link local and are done. SAFI is always 1. AFI depends on the IP as you suggested. eBGP AS is learned from OPEN. So their basic interface level bgp cfg is this: - add bgp autonomous-system 65000 - add bgp neighbor swp51 interface remote-as external - add bgp neighbor swp52 interface remote-as external Anything else seems topping on the cake. There is also an interesting case Cumulus did for unnumbered loopback peering ... well it is actually IPv4 loopback to lPv4 loopback but using IPv6 link local as next hops. Works on p2p breaks few hops away. I am not stating that we should or should not but do we have full agreement that DC case must cover any other BGP peering except p2p and lo2lo over p2p ? Is there a real requirement to discover your peers few IP hops away ? Even if you discover - how will you get there ? As far as md5, A0, XYZ to validate if you are legitimate peer this really is not an autodiscovery part. IMO it should be part of preconfigured template. Thx a lot, R. On Sat, Feb 8, 2020 at 12:31 AM Randy Bush <randy@psg.com> wrote: > > Before we dive into bits and pieces is the assumption that auto > > discovered stuff is ephemeral and disappears upon reboot or is to stay > > for a while in the box ? > > do we care? this is discovery, not colonisation :) > > > How about marking peers as upstream vs downstream? > > or which flavor of routes i am supposed to give them. maybe which > community sets i should use? perhaps we should see how simple we > can make this, not how complex? > > >> - signal your ip address (which will tell me v4 or v6) and, as > >> it is the 21st century, assump MPBGP > > Do you want to try all possible AFI/SAFIs in capabilities ? > > doesn't bgp open negotiate this > > >> - signal your asn. if it is the same as mine, it's iBGP so > >> no need to think about multi-hop etc > > if it is not the same then you guess if this is multihop, disable > > connected-check or p2p ? > > don't you know if it is single hop by the peer ip address? > > >> - signal how many hops i need to get to your listener > > How would I ever know that apriori ? > > if you don't, signal 42 or 255 > > >> - signal the authentication > > You mean type ? > > i am inclined to type and credential. > > > Well I would put those into pre-cfg template instead. > > threat model analysis needed here. historically, tcp-md5 was to stop > the nasty tcp resets of established sessions; authenticity was not the > issue. is that still true? if so, i can trust you to tell me what > hash, or whatever, to use. if not, some external authority, such as > pre-config, is needed. > > randy >
- [Bgp-autoconf] Discussion about BGP autoconf requ… Dongjie (Jimmy)
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Randy Bush
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Robert Raszuk
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Randy Bush
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Robert Raszuk
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Randy Bush
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Robert Raszuk
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Zhuangshunwan
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Dongjie (Jimmy)
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Dongjie (Jimmy)
- Re: [Bgp-autoconf] Discussion about BGP autoconf … Jeffrey Haas