IETF Logo Mail Archive

Re: [GROW] [Sidrops] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt

Marco Marzetti <marco@lamehost.it> Sun, 15 January 2017 15:03 UTC

Return-Path: <marco@lamehost.it>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E53112947A for <grow@ietfa.amsl.com>; Sun, 15 Jan 2017 07:03:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lamehost-it.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YmqmXLnkpDnE for <grow@ietfa.amsl.com>; Sun, 15 Jan 2017 07:03:50 -0800 (PST)
Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com [IPv6:2607:f8b0:400c:c08::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73A2A129529 for <grow@ietf.org>; Sun, 15 Jan 2017 07:03:50 -0800 (PST)
Received: by mail-ua0-x233.google.com with SMTP id y9so67003127uae.2 for <grow@ietf.org>; Sun, 15 Jan 2017 07:03:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lamehost-it.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=HtWKAVrV3NW8eCs8iPZxYEqRMv1fm8l1ybHYJ9SQ2DM=; b=a7ewK+OXBnkGxjNN9W5o8DgITKRoCVIkntSqU5WMGPXnXNE/acXQ1EAQdGDIAhZkXf uj4UO52xONvfUL1ITbCkb3lq0idAciNg3PvZVTRWiIUYD4ztLhfSR1gf+7LNM4cKFnCQ dfpmkzpUJJE03XqsROxyRXAJSREhfh/OWP/4Z9CTM8GOpjo65LubFjYY9sA7dRlxq2o4 iBJ6VjZQ0222lNERER4fQW9GcbLLQYgR0ZUM6rZmOCUIlZ6r5bUQ1wqfKcRTIQY6vyu6 84Y98OIybFU1Od9lCzq3f4QJEFQZJuvhnlOL6pAn1Xd1oKvMQY/tB7NaCwrC2Sjco8ek U9iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=HtWKAVrV3NW8eCs8iPZxYEqRMv1fm8l1ybHYJ9SQ2DM=; b=IW/z4shE2OYPjpPUQXMuVa+yGTdtrcm0jy8BxpNJkc7rICOdSLdUg3XMZJzNAoVwMW hZopIMUeOB8lsiyuHsIU6dtL/MUk0uUNWks3EEWE+RefQRLW2ISnKX15C/NDAIQ77Ltc xtzfOeuvApG+1lrMBOMaJgwUYFy+HOlQUSFMmM0PZC7Ov5sS3O5BAT8HZszaZBvjmbob vi5orAKFQzGqZDutKX0Womwa0kK0+cdtvj9N3tdfO8HBP1dNUygHYMEqqNidFRGlrHY4 o0RralXvvv89/BouWf2TgGnlwNCHc34eSoTREmI40nw6fFLXA4LYpgo2syaEbJf7jVXR buZQ==
X-Gm-Message-State: AIkVDXL8u93qPUI73sgVvJuGIFiyWA0NgNumMoODlUPjcLU1E3/F558E1jYGnMHgR77EPXVSY7TpjROUGDMSvw==
X-Received: by 10.176.75.149 with SMTP id v21mr15178074uaf.94.1484492629529; Sun, 15 Jan 2017 07:03:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.52.214 with HTTP; Sun, 15 Jan 2017 07:03:48 -0800 (PST)
X-Originating-IP: [95.252.41.226]
In-Reply-To: <20170115144943.GF1062@Vurt.local>
References: <7f08f967-247e-4060-b643-52bc45d8ab29@Spark> <1E278B10-A5BF-40BE-95C4-7A9B6AF6C817@gmail.com> <c55845cc-ca06-45c8-9b2e-075421d0447c@Spark> <m2lgueejxr.wl-randy@psg.com> <CAO367rX1jjOdenqgouzbTRBfeaWz+TFoUjGFJVtUr9tifwAw3g@mail.gmail.com> <20a8eefe-06e5-e1c9-04f8-3c4a66bc38f1@bogus.com> <CAO367rWdDkG7f7eF+FPj9VONsajZHYjTk7cEpWsxQKR1V9dnWw@mail.gmail.com> <44b83365-8ada-4e35-e485-885caa150f44@bogus.com> <m2eg05cgdl.wl-randy@psg.com> <CAO367rX_2SOhFGw5RnA13UdZcjZH7+Hks0XUmGD57SRKQk3VHA@mail.gmail.com> <20170115144943.GF1062@Vurt.local>
From: Marco Marzetti <marco@lamehost.it>
Date: Sun, 15 Jan 2017 16:03:48 +0100
Message-ID: <CAO367rV3zMnCiQ98USNMoYp0W+fBUfU9-+aFrcA2dbQXQhKhXg@mail.gmail.com>
To: Job Snijders <job@instituut.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/HmFj5AnqiNxaNVvDIwsZLYjZYqo>
Cc: sidrops@ietf.org, GMO Crops <grow@ietf.org>
Subject: Re: [GROW] [Sidrops] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2017 15:03:52 -0000

On Sun, Jan 15, 2017 at 3:49 PM, Job Snijders <job@instituut.net> wrote:
> On Sun, Jan 15, 2017 at 03:39:37PM +0100, Marco Marzetti wrote:
>> On Sun, Jan 15, 2017 at 1:32 AM, Randy Bush <randy@psg.com> wrote:
>> > [ first, i do not use route serves (because of the data/control non-
>> >   congruence), so my opinion here is worth even less than it normally
>> >   is. ]
>> >
>> >> An ixp route-server is not a transit provider, all of the nexthops
>> >> exposed are in fact peers. So no I do not consider such a  device an
>> >> "upstream" it exists to service the policy needs of the peers on the
>> >> fabric  rather than that of the exchange operator.
>> >
>> > to repeat my previous; those policy needs might vary across ix members.
>> > some may want the ix to enforce origin validation for them, some may
>> > not.  those exchanges which offer validation today offer the choice.  i
>> > think that is the right thing; let the member make the choice at set-up
>> > with the route server.
>>
>> I think RSs should do RPKI by default and allow for two behaviors:
>> 1) Drop (default)
>> 2) Add ext-community as this draft suggests (upon request)
>
> Or perhaps we consider a Route Server to be "Just Yet Another Autonomous
> System"? Why should there be a difference between Autonomous Systems
> with regard to routing security recommendations?
>

I do consider it "another AS".

> If the recommendation is to drop/ignore/reject "RPKI Invalid"
> announcements, then that applies to Route Servers too, if the
> recommendation is to just attach an Extended BGP Community, then that
> will apply to all ASNs.

What's the current recommendation now?

Regards

-- 
Marco

v2.23.0 | Report a Bug | By Email