IETF Logo Mail Archive

Re: [Gen-art] Genart last call review of draft-ietf-idr-bgp-open-policy-18

Alvaro Retana <aretana.ietf@gmail.com> Wed, 05 January 2022 23:01 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97CE93A08B7; Wed, 5 Jan 2022 15:01:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nhxn8Gdj8D6E; Wed, 5 Jan 2022 15:01:02 -0800 (PST)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57DAD3A08B6; Wed, 5 Jan 2022 15:01:02 -0800 (PST)
Received: by mail-ed1-x530.google.com with SMTP id bm14so2438322edb.5; Wed, 05 Jan 2022 15:01:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc:content-transfer-encoding; bh=N268jfupGjwJhdTz1V/MI9IqF2vsbRqrQ9IBKdOw3Sw=; b=Nv80IoE/BRyqFE+prl/4d36mTFCOzoZMD8lkasPDTsS+yYx5bvvNmjcdWkweWrVVks +//1KSgp/gSPsIE9FBtT3SiNLzx/0+5ojwmt01+TgMf5b2hlFfO9UJS27EWbaHY2QMqj p1EsnbBme6/fijJ7hZqt+JGtD+mnphP9Qo9Clh1tP7RBT4KnB8u0gLJkCAu8t2Uninsv hhacZlbf191OYlGIUIzqK+Y2PMoHjoMtrem9XGIsJthq4A3vBBFW2BuMnXDo9rWMpSaG 1phlVUu7/JHOJRJTlTzgUSGV66sx/IDoQY9rJ4kFRVDYXE1b3MY7MXSA+1Ah3vuAMI3A nHAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc:content-transfer-encoding; bh=N268jfupGjwJhdTz1V/MI9IqF2vsbRqrQ9IBKdOw3Sw=; b=gNof7UCTnW1mnIo+GEr7frwbcunMN0QmWA8iRCWOrFobWeuiT0ToA1aomlGNoT5ILd lfl/B9PJVWADNViQA7IJWa5O2AofdTXJGsTg7Z+IX+wzYS0Argz0xh6qHL+RgOAHoh01 twDCrKdXoW03Qeq2YoU3mxOwbA4ZOrazBPnWhXwjzuA0tNjlLgCplp/f4VdkArVCpVwg j+Q1veBFMSfNr6CJ+ZF9qXLQ8+ME1500NynXMaErhZSgypuHd6rFGp++OzamHDQ2oLTc fVDSMKpw+xUEdQl46ZK3QG2whGkf4Qd2IrwEtYVs1BmQgfDhhO8FKlgWrJKW3R4DVL2t PWWA==
X-Gm-Message-State: AOAM531lwWpLkH/eChMLNmoqlVO3Kd9are4q4Q4assGk8ozCHnNZe+7q BBG0aUi0+n8h1LopdokWUOpVMoYKbAzVn+vNUpeGNnPo
X-Google-Smtp-Source: ABdhPJz2WdBKgzZZ6mW2e3H+gKeJU9jLhl1K2XjFE/votQA0I3KV30nE+1JKxj1zy3s1VFUI4jE6kk+hU/2iaomqNkU=
X-Received: by 2002:aa7:de82:: with SMTP id j2mr36085730edv.389.1641423659022; Wed, 05 Jan 2022 15:00:59 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 5 Jan 2022 15:00:58 -0800
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <CAEGSd=B66-KiUdRh5vL=zFK_=58JLo7h1K1r_OOB2U+5mQD8tw@mail.gmail.com>
References: <164013488006.27197.13873644386825552452@ietfa.amsl.com> <CAMMESsx35+gC7CP9ox+U-QsT8Dxkv3=Du8VRq_cprMsEc5PCyQ@mail.gmail.com> <CABNhwV30nrqJ-mOpniso6c=rJpFi0zQX93BWaQKJvKNVcrMNAw@mail.gmail.com> <SA1PR09MB8142D79278F793814694AD40844A9@SA1PR09MB8142.namprd09.prod.outlook.com> <CABNhwV0cGhp1pW24mzJvtOoaGDYM2ypBtTn_--L-0dNRmFhSUA@mail.gmail.com> <SA1PR09MB8142DBB76926B62226E7BB6D844B9@SA1PR09MB8142.namprd09.prod.outlook.com> <CAMMESswPLViBv_hcAWyzhrfYsXGn3uZhWVXEP4AHy=8YQRgCpw@mail.gmail.com> <CAEGSd=B66-KiUdRh5vL=zFK_=58JLo7h1K1r_OOB2U+5mQD8tw@mail.gmail.com>
MIME-Version: 1.0
Date: Wed, 05 Jan 2022 15:00:58 -0800
Message-ID: <CAMMESsx_Ve-uxUh=iO=-FTy6whwm9X+3FLttHDqPXnwo=xR2XA@mail.gmail.com>
To: Alexander Azimov <a.e.azimov@gmail.com>
Cc: "draft-ietf-idr-bgp-open-policy.all@ietf.org" <draft-ietf-idr-bgp-open-policy.all@ietf.org>, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>, "last-call@ietf.org" <last-call@ietf.org>, "idr@ietf.org" <idr@ietf.org>, Gyan Mishra <hayabusagsm@gmail.com>, "gen-art@ietf.org" <gen-art@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/JooWwgvpGPEvIilqLc8OIKOh934>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-idr-bgp-open-policy-18
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2022 23:01:05 -0000

On January 5, 2022 at 5:35:31 PM, Alexander Azimov wrote:


Alexander:


...
> > > [KS/AA]: That is interesting. We did already enhance the Role descriptions
> > > [KS/AA]: as follows to add the import policy verbiage (to the already
> > > [KS/AA]: existing export policy) in Sec. 2 of v-19 to be uploaded:
> >
> > Route leaks are created by the (incorrect) advertisement of routes.
> > Defining egress rules is then in line with the subject of this
> > document.
>
> It's true. But the incorrect or absent ingress rules are responsible for
> route leak propagation.

The absent case has already been addressed by rfc8212.

We can only hope when related to incorrect policies: the operator can
also misconfigure the roles and render OTC useless. :-(


...
> > The result is that the updated text is not consistent with the
> > behavior already defined elsewhere. For example, using the Provider
> > role:
> >
> >
> > > Old text:
> > ...
> > > Provider: MAY propagate any available route to a Customer.
> > >
> > ...
> > > New text:
> > ...
> > > Provider: May propagate any available route to a Customer. May
> > > accept routes originated by the Customer or its Customers; all
> > > other routes from the Customer must not be accepted.
> >
> > [Besides loosing the normative language...]
> >
> > A strict interpretation of the text (routes originated by a Customer
> > can be accepted) is in contradiction with this text in §4:
> >
> > 1. If a route with the OTC Attribute is received from a Customer or
> > RS-Client, then it is a route leak and MUST be considered
> > ineligible (see Section 1.1).
> >
> > Note that this text doesn't talk about the origin, but it qualifies
> > the policy based on the OTC attribute.
>
> The definition of peering relations is followed by the next phrase:
>
> A BGP speaker may apply policy to reduce what is announced, and a
> recipient may apply policy to reduce the set of routes they accept.
>
> So, the Provider/Peer may accept routes from the customer cone of
> Customer/Peer respectively.
> If OTC is set, it signals that the route was leaked, such routes MUST be
> rejected, even if coming from the customer cone.
>
> Have I missed your point?

Yes.

The text already talks about the possibility to have stricter policies.

Without that context (stricter-than-what-the-OTC-related-policy) then
the new text is left to be "May accept routes originated by the
Customer or its Customers" which is not true because of the MUST later
on.

IOW, the extra text is complicating the interpretation of the roles.



...
> If you suggest that the formal definition of Sibling relations doesn't improve the readability I will revert these changes and keep propagation rules only.

As I said in my other message, I think that adding Sibling is unnecessary.


Thanks!

Alvaro.

v2.23.0 | Report a Bug | By Email