IETF Logo Mail Archive

Re: [GROW] An alternative approach to draft-ietf-grow-route-leak-detection-mitigation

Job Snijders <job@fastly.com> Wed, 10 March 2021 09:11 UTC

Return-Path: <job@fastly.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C35633A1FD4 for <grow@ietfa.amsl.com>; Wed, 10 Mar 2021 01:11:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLggDv8G07sG for <grow@ietfa.amsl.com>; Wed, 10 Mar 2021 01:11:45 -0800 (PST)
Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A5D63A1FD1 for <grow@ietf.org>; Wed, 10 Mar 2021 01:11:45 -0800 (PST)
Received: by mail-ej1-x644.google.com with SMTP id hs11so37183585ejc.1 for <grow@ietf.org>; Wed, 10 Mar 2021 01:11:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=fYKDnn18PdxqPJQBJEJhNNYrPNrtnQz/yP19EzFWa1k=; b=AX1WSQY915YF78sFELCgqHOkxZnhX7Swdlpj//1yGA2XN1E4J0JlI/3v/m0xaeMK3l j7s4LNSDAqg6EEKVbH/QGk9hkuaYStiaukNcWPaydXUfzv/j4QWxUFxeXvuayVGxtJ5V HOuo315F7d/qShbTAZm00x3vB6PtiRPkb6mik=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=fYKDnn18PdxqPJQBJEJhNNYrPNrtnQz/yP19EzFWa1k=; b=JkO15V9Ssyp/Wu9awLTG1c9CnllnMjvWW2fGmJA23kZEedYkxaDpolvLSnmIyd/9/U vgBo9lFJdDOsGaRiuQEIQhni6Cs0dC8vWzF+z8x+/BnwHNDy4NPRU3KW4YCwDCdl7mOE hyxWZ6Q89aXpXcpk4utnFlG+8nklo0eZiicChFeuEYrRUQ6Gos255jQBA5nNhgYtW4RU AN9QshhgzyQbbyhuf8v1h+cUDRZQERC0d13mK1PDPpQNfLJjiRzjBANv2PcGAloNMZUX h5cl/WgRX9Rul7IrPK39yTXM9RdKpeDLJWuPJiXhYF+aU925CchbvqQ5Xg4Gc+CDjRha X/NA==
X-Gm-Message-State: AOAM532Apg49frqLRHLdKbs/iY57jNHRImhH0zkul8/03U7H6ui2EAb2 V2uAoTAXzLGXzJiju4ewWtl2P8uMuDlHPg==
X-Google-Smtp-Source: ABdhPJzOoZpWD5s33IF1tpf8yD6n1WVqUl4gAqY3Wgkq2AlDvu+z10SXRz+hvmVwzuVtG/RTsLFRpw==
X-Received: by 2002:a17:906:228d:: with SMTP id p13mr2604771eja.412.1615367503756; Wed, 10 Mar 2021 01:11:43 -0800 (PST)
Received: from snel ([2a10:3781:276:0:21e:c2ff:fefb:f388]) by smtp.gmail.com with ESMTPSA id l10sm10497686edr.87.2021.03.10.01.11.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Mar 2021 01:11:43 -0800 (PST)
Date: Wed, 10 Mar 2021 10:11:41 +0100
From: Job Snijders <job@fastly.com>
To: "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>
Cc: "grow@ietf.org" <grow@ietf.org>
Message-ID: <YEiNTfcuCPROzQmn@snel>
References: <YEfTnMNU+taoqzal@snel> <BYAPR11MB3207C48AB9F27BC7E015CCC6C0919@BYAPR11MB3207.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <BYAPR11MB3207C48AB9F27BC7E015CCC6C0919@BYAPR11MB3207.namprd11.prod.outlook.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/9hsASeZAgv3yjZ_YJdATfRZwCaQ>
Subject: Re: [GROW] An alternative approach to draft-ietf-grow-route-leak-detection-mitigation
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2021 09:11:48 -0000

Dear Jakob,

On Wed, Mar 10, 2021 at 02:10:24AM +0000, Jakob Heitz (jheitz) wrote:
> Job, your suggestion kicks a different goal than
> draft-ietf-grow-route-leak-detection-mitigation does.

Yes, I'm aware I am suggesting a different approach to solve the problem
of route leaks.

> draft-ietf-grow-route-leak-detection-mitigation tries to determine
> if your neighbor leaked the route to you.
> To do that, you need to know how your neighbor received the route
> before he sent it to you.
> That's what the ASN in the LC is for.

Right, so my proposal is that the neighbor does not (knowingly) leak 
routes to you, negating the need to additionally tag routes with more
information than "this route is intended for not-for-peers (Down Only)"

I believe the Section 6 'Only To Customer' Attribute described in
https://tools.ietf.org/html/draft-ietf-idr-bgp-open-policy-15 can be
implemented using the existing well-known NOPEER Attribute.

Kind regards,

Job

v2.23.0 | Report a Bug | By Email