Re: [GROW] call for feedback on draft-ietf-grow-route-leak-detection-mitigation
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 17 June 2019 18:21 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F8912004F for <grow@ietfa.amsl.com>; Mon, 17 Jun 2019 11:21:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.47
X-Spam-Level:
X-Spam-Status: No, score=-0.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BODY_ENHANCEMENT2=1.541, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LzjsCYo8WORd for <grow@ietfa.amsl.com>; Mon, 17 Jun 2019 11:21:25 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830122.outbound.protection.outlook.com [40.107.83.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BF2120154 for <grow@ietf.org>; Mon, 17 Jun 2019 11:21:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p7Dkp2FNgiaEENJCgn5/3O9M2nxqnomTPf4m7M2jnII=; b=a1ysrVF8Y7VfG1zV9TbR29LqCZEztQwnEy5b7VDCgnYJuEhrndesHxLICrEh/XhyySuFZpIz5zvExiY9/SJoqBN8w/kUXQqS7Y65VVpi1RLqo7N5yEtjHDLXA1TMB+OWle2XLqdXxEiax6BOtzZpLUCGJdysd4oX4gI2Lk4WbVw=
Received: from SN6PR0901MB2366.namprd09.prod.outlook.com (52.132.115.159) by SN6PR0901MB2464.namprd09.prod.outlook.com (52.132.117.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.11; Mon, 17 Jun 2019 18:21:19 +0000
Received: from SN6PR0901MB2366.namprd09.prod.outlook.com ([fe80::3884:ab1a:63f7:89ee]) by SN6PR0901MB2366.namprd09.prod.outlook.com ([fe80::3884:ab1a:63f7:89ee%4]) with mapi id 15.20.1987.014; Mon, 17 Jun 2019 18:21:19 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Nick Hilliard <nick@foobar.org>, Brian Dickson <brian.peter.dickson@gmail.com>
CC: "grow@ietf.org" <grow@ietf.org>, Ruediger Volk <rv@NIC.DTAG.DE>
Thread-Topic: [GROW] call for feedback on draft-ietf-grow-route-leak-detection-mitigation
Thread-Index: AQHVFXJKk3Jl8tWqc0G/pyWH2vOrQqabyTKAgADUeACAA5pvoA==
Date: Mon, 17 Jun 2019 18:21:18 +0000
Message-ID: <SN6PR0901MB23666177E77D2963597B417684EB0@SN6PR0901MB2366.namprd09.prod.outlook.com>
References: <20190528162707.GD29921@hanna.meerval.net> <CAH1iCip6YmGri9Eq5YvHqs8bqooNMYcY_fPYGQ4v5epcc9oV_w@mail.gmail.com>, <b8d27bb4-32a1-281e-7361-a58da8a28dc7@foobar.org>
In-Reply-To: <b8d27bb4-32a1-281e-7361-a58da8a28dc7@foobar.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [2610:20:6005:222::90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8666e528-9805-4deb-a324-08d6f35097ea
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:SN6PR0901MB2464;
x-ms-traffictypediagnostic: SN6PR0901MB2464:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <SN6PR0901MB2464E450BD9F4A7B25DF514284EB0@SN6PR0901MB2464.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0071BFA85B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(366004)(346002)(376002)(136003)(189003)(199004)(66946007)(73956011)(91956017)(76116006)(33656002)(53936002)(6116002)(446003)(66446008)(66476007)(66556008)(64756008)(8676002)(7736002)(186003)(7696005)(102836004)(4326008)(305945005)(6506007)(53546011)(2906002)(25786009)(99286004)(76176011)(561944003)(5660300002)(8936002)(316002)(52536014)(81156014)(478600001)(6246003)(81166006)(486006)(55016002)(71200400001)(9686003)(476003)(71190400001)(229853002)(6436002)(68736007)(110136005)(54906003)(256004)(86362001)(74316002)(14454004)(46003)(966005)(6306002)(14444005)(11346002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR0901MB2464; H:SN6PR0901MB2366.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: QIMo0JOP4cJCeRcnbVVFcDbkH8BLz01uWISTNYNMOYbzcNyNyplKozabFsNHRZezlr0kUNmYJyIz9W9f/0bmz32FRojw1Pxhv9Gz6pALS2csbcLfcEXcWkbYsUT37YV8ZaHfiX3I3AdRRdCVncLFcNUfQb+Hi8ap50NPBsoC1C10WOU4EQSj/WpLkB1rPS/JrDTtBeSxQdJdWL6Eq4sKCh7jgHWoWU5p7WfRTF0J9SidQ2eM7lSsAwqi0rbXna4MluonYU6UsOrOBfFvdOzwrvStDQLgMw+gzzO9xuKHCUfD0DdNdoionN+glOI4yQZfKVONyD6naQwdLth+OEg3vcvRnQ+aVQ+Ezi6kktKUMpmyJc4aCk9Sb5YV96ZrI2Lo+3YUNzLPe3gr8nZofxvx/PIj9Dg/3bfjmQQsyM2gUdQ=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 8666e528-9805-4deb-a324-08d6f35097ea
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2019 18:21:18.9644 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ksriram@nist.gov
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR0901MB2464
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/6OFr-_rN0zLTXu6IpgciQxv6vx8>
Subject: Re: [GROW] call for feedback on draft-ietf-grow-route-leak-detection-mitigation
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 18:21:28 -0000
Nick, Thank you for your thoughts on this. This work has been in GROW / IDR since 2014. Initially in GROW where we published a route leak problem definition RFC: https://tools.ietf.org/html/rfc7908 The work then moved to IDR for the route leak solution based on BGP Attribute. It was moved back to GROW lately because IDR Chairs and others (authors + Ruediger) felt that a solution based on Community would be deployable a lot faster -- in months as opposed to years. First, if you care you may offer your thoughts on Attribute vs. Community. Second, I would appreciate if you can offer concrete examples of the scenarios that you mention -- some examples where one saw those types of leaks occur in the real world. As for the basic principles on which the solution is based, we essentially decided that we could readily address route-leak Types 1 through 4 of RFC 7908. That is what the draft does. I don't think addressing route-leak Types 1 through 4 is narrow pigeon holing. As illustrated in RFC 7908, most real-world route leak incidents seem to fall in the six types identified in the RFC. The RFC lists many observed route-leak incidents and categorizes them. (Note: Types 5 and 6 are addressed by other solutions such as route filtering, RPKI, max prefix, etc.) The subnet leak that you mention (AS path intact or AS path removed) was discussed in GROW and it was decided that was NOT a route leak type -- OTOH subnet leak is only addressable with ROAs and/or BGPsec path validation. GROW WG decided not to include it in RFC 7908 (although it was included in earlier versions of the definition draft). Sriram ________________________________________ From: GROW <grow-bounces@ietf.org> on behalf of Nick Hilliard <nick@foobar.org> Sent: Saturday, June 15, 2019 6:22 AM To: Brian Dickson Cc: grow@ietf.org Subject: Re: [GROW] call for feedback on draft-ietf-grow-route-leak-detection-mitigation Brian Dickson wrote on 15/06/2019 00:42: > Please take a look and, if you think this is an important problem to fix > (route leaks), add your voice here. there are two things here: route leaks (important), and the proposal in draft-ietf-grow-route-leak-detection-mitigation. We can probably all agree that route leaks are a persistent threat. What concerns me about this draft is that it takes an over-simplified view of real-life networks and there's not a small amount of implied pigeon-holing going on. The difficult with the draft is that many networks don't fall into these neatly defined categories. There are back-doors, partial transit configs, PNI arrangements, subnet leaks and all sorts of weird things out there, none of which are easy to categorise, but which nevertheless make up an important part of the routing ecosystem. Characterisation of these edge cases is a difficult problem. I'm not convinced this can be done adequately without an expressive grammar (note: not rpsl). I'm also not convinced that the approach taken in draft-ietf-grow-route-leak-detection-mitigation is generic enough to be worth deploying. Nick
- [GROW] call for feedback on draft-ietf-grow-route… Job Snijders
- Re: [GROW] call for feedback on draft-ietf-grow-r… Brian Dickson
- Re: [GROW] call for feedback on draft-ietf-grow-r… Randy Bush
- Re: [GROW] call for feedback on draft-ietf-grow-r… Nick Hilliard
- Re: [GROW] call for feedback on draft-ietf-grow-r… Alexander Azimov
- Re: [GROW] call for feedback on draft-ietf-grow-r… Sriram, Kotikalapudi (Fed)
- Re: [GROW] call for feedback on draft-ietf-grow-r… Brian Dickson
- Re: [GROW] call for feedback on draft-ietf-grow-r… Sriram, Kotikalapudi (Fed)
- [GROW] An alternative approach to draft-ietf-grow… Iljitsch van Beijnum
- Re: [GROW] An alternative approach to draft-ietf-… Brian Dickson
- Re: [GROW] An alternative approach to draft-ietf-… Job Snijders
- Re: [GROW] An alternative approach to draft-ietf-… Jakob Heitz (jheitz)
- Re: [GROW] An alternative approach to draft-ietf-… Job Snijders
- Re: [GROW] An alternative approach to draft-ietf-… Jakob Heitz (jheitz)