IETF Logo Mail Archive

Re: [Gen-art] Gen-ART LC review of draft-ietf-sidr-roa-validation-10.txt

Sandra Murphy <Sandra.Murphy@sparta.com> Tue, 12 April 2011 02:16 UTC

Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: gen-art@ietfc.amsl.com
Delivered-To: gen-art@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 613BFE069A for <gen-art@ietfc.amsl.com>; Mon, 11 Apr 2011 19:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SbtxUrADEhyv for <gen-art@ietfc.amsl.com>; Mon, 11 Apr 2011 19:16:05 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfc.amsl.com (Postfix) with ESMTP id 76B4BE0675 for <gen-art@ietf.org>; Mon, 11 Apr 2011 19:16:05 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p3C2G0VV025384; Mon, 11 Apr 2011 21:16:00 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p3C2G0x7005208; Mon, 11 Apr 2011 21:16:00 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([65.38.221.48]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Mon, 11 Apr 2011 22:15:59 -0400
Date: Mon, 11 Apr 2011 22:15:59 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <4DA15DD1.7020407@gmail.com>
Message-ID: <Pine.WNT.4.64.1104112153310.5412@SMURPHY-LT.columbia.ads.sparta.com>
References: <4DA0525B.1010804@gmail.com> <6B4E37B9-9A12-4A79-A43D-6DF16AC33E28@apnic.net> <4DA15DD1.7020407@gmail.com>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 12 Apr 2011 02:15:59.0828 (UTC) FILETIME=[90907140:01CBF8B7]
X-Mailman-Approved-At: Mon, 11 Apr 2011 20:17:08 -0700
Cc: draft-ietf-sidr-roa-validation.all@tools.ietf.org, General Area Review Team <gen-art@ietf.org>, Geoff Huston <gih@apnic.net>
Subject: Re: [Gen-art] Gen-ART LC review of draft-ietf-sidr-roa-validation-10.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2011 02:16:06 -0000

On Sun, 10 Apr 2011, Brian E Carpenter wrote:

> On 2011-04-10 03:13, Geoff Huston wrote:
>> On 09/04/2011, at 10:34 PM, Brian E Carpenter wrote:
>>
>>> Please see attached review.
>>>
>>> <draft-ietf-sidr-roa-validation-10-carpenter.txt>
>>
>>
>>
>> Thanks Brian,
>>
>> I'm not sure as to the appropriate form of response, but let me respond to the two minor issues you identified in this review (many thanks for the review, by the way)
>
> This is just fine... the gen-art archive is public, so replying here
> is on the record.
>
>>> 3.  Applying Validation Outcomes to Route Selection
>> ...
>>>      "valid" is to be preferred over
>>>      "unknown", which is to be preferred over
>>>      "invalid".
>> ...
>>>   It is a matter of local routing policy as to the actions to be
>>>   undertaken by a routing entity in processing those routes with
>>>   "unknown" validity states.
>>
>> you commented that:
>>
>> That seems to leave open the possibility that an aggregated route (which
>> is by definition "unknown") would be rejected. Assuming that the various
>> separate routes that were aggregated together never reached this particular
>> router, the result would be a black hole. At the least, it seems that this
>> should be mentioned, even if it is an intentional possibility.
>>
>> But the next sentence in the document states:
>>
>>    Due to considerations of partial use of
>>    ROAs in heterogeneous environments, such as in the public Internet,
>>    it is advised that local policy settings should not result in
>>    "unknown" validity state outcomes being considered as sufficient
>>    grounds to reject a route outright from further consideration as a
>>    local "best" route.
>
> Yes, indeed, and all I was thinking of was adding a sentence here saying
> that the "unknown" category might include aggregates. It's a direct implication
> of the earlier text but I tend to assume that not all readers will
> notice all implications.

I don't know that I quite understand your objection in the first place. 
Aggregates are not *by definition* "unknown" unless they are proxy 
aggregates.  Normal aggreages exist and are valid.  An ISP with a /16 who 
suballocates /18s to customers and then propogates only the aggregate /16 
can issue a ROA for the /16 itself and make the aggregate valid.

And proxy aggregates implies AS_SETs which as Geoff notes are being 
deprecated and are formally ruled out of bounds in the sidr work.

And "unknown" routes don't necessarily result in a blackhole.  If 
"unknown" routes are acceptable by local policy, the traffic will get 
through.  The only way a definition of "unknown" would result in a 
blackhole would be if the local policy was so strict that it would reject 
its only route to a prefix.  Local shoot-foot policy decisions can occur 
already for many different reasons, this is nothing new.

>
>> Also, given the current proposal in the IDR WG to deprecate the use
>> of AS Sets (and by implication deprecate the (rarely used if ever)
>> practice of proxy aggregation, I am unsure of the need to call out
>> proxy aggregation in this context.
>
> I won't get into that debate ;-)
>
>>> 5.  Route Validation Lifetime
>>>
>>>   The "lifetime" of a validation outcome refers to the time period
>>>   during which the original validation outcome can be still applied.
>>>   The implicit assumption here is that when the validation lifetime
>>>   expires the routing object should be re-tested for validity.
>>
>> you commented that:
>>
>> OK, but shouldn't a previously "valid" route be downgraded to
>> "unknown" after the lifetime expires and until the validity has
>> been re-tested?
>>
>> Not necessarily. When a route is validated, the validation lifetime refers
>> to the validation time of the EE cert used to sign that ROA. When the
>> ROA is no longer valid the route should be re-tested for validity. It it
>> possible that there is another ROA that still validates the route, or in the
>> absence of the ROA that previously validated the route, the route may
>> be considered invalid (i.e. there is an AS 0 ROA still extant that encompasses
>> this prefix). For this reason the text specifically indicates that the
>> appropriate action is to retest the route for validity in the context of the
>> current local cache of valid ROAs.
>
> Yes, but I have no sense of the timing - would the time taken to revalidate
> the route leave a long enough gap for some kind of security exposure while
> an expired route was still marked as valid? Maybe I am worrying about
> nothing.

Information necessary to revalidate the route should be available locally, 
and so should take little time.

>
>>
>>
>> At this stage I am unsure if changes to the draft are warranted, as
>> I believe that the issues you highlight here are addressed in the
>> document as it stands.
>
> Sure, these were minor comments, unless your shepherd feels differently.
>

I am not convinced that changes to the draft are necessary here.

>   Brian
>

--Sandy

v2.23.0 | Report a Bug | By Email