Re: [GROW] AD Review of draft-ietf-idr-bgp-open-policy-15
Alexander Azimov <a.e.azimov@gmail.com> Sat, 12 June 2021 21:12 UTC
Return-Path: <a.e.azimov@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72D53A218D; Sat, 12 Jun 2021 14:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA1dTEQjLLAe; Sat, 12 Jun 2021 14:12:39 -0700 (PDT)
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F6A93A218C; Sat, 12 Jun 2021 14:12:38 -0700 (PDT)
Received: by mail-pf1-x42b.google.com with SMTP id g6so7428253pfq.1; Sat, 12 Jun 2021 14:12:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sE4kxnL/QFOUhMtqpvJdu9S4RV0dmkd8XsVZNOUgs4U=; b=uCuuqUm8640TwwLSBwwq6VRzL7ECbDaERI4UM+fm6uIHA3VajNA8LxTOSXS4Ru6ppO RneofZV88XvaLVgzay2rEHZyKGtZchZy0Hp9lEIjAD1nQamoQYE0BUQOVs8C2pigWYxh hTXGODV2pRNnzppfC3wd5nPn0umCs9dkCYvTPOfHZ2AmK2zOG459a9NTCno8IIdJM65U vHVs1KrzgPL1+Pq7rzmAcDGTb6kvHqbMxoAPU4voxE8cZD1UG/0U1sh7nvlpFKFNlCkj AFP1Dbuul4Nv/Ffr/5Gw+UxgvrvIyRGWiK6Liq/+sE+F0GaMuC9KY3o9Nz6Biwri3Rp1 1mHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sE4kxnL/QFOUhMtqpvJdu9S4RV0dmkd8XsVZNOUgs4U=; b=FC31MK2+VNyAHAU5AWEdP4dC2ojdRaGaIxwWbn3SUL5Hph/rdg5FtsPHvtNKn2zbN3 q7s45+maSqMbPeO9Q2N3EoXFndJRBZtAFK8wI1cjqoKWFNklv7fuYlXv0Imnt2akSjZX n7kmzMjVq7BaqfUYQexBUZzPICxXVBQKrPZF3s/LWODur6erE6lS5JoWFG68EqGNpJMb LsxyDTGB083R0NmrFPsm7rzhbnmWaltFtS0hy0wu3Fm05iqFVxwH+4+IMEg0pEbNfoRj ZCqtfq47JkNC3faswOmqQtbOkzVqg47TKqB+pmGCfR1SPeLuN/+ylcJJ0fC0Nqrm18q/ zmHg==
X-Gm-Message-State: AOAM531U7IB6WptuzeYdthFmcZtpP/NJ3v/wuRUKGmxdt7oNoRuBAgiw UMl+AzMca9gYucp2qgmp0fJrLD91xKE/wU5/IIooRfq/h5s=
X-Google-Smtp-Source: ABdhPJxClH1+74LWhF9n9hY98Brh5z3V2BvHHALGm9KGtR0LUJHROYQ7uMkEhc9NH6ZmXjV8ePivTotkF7LpQz0ZEq0=
X-Received: by 2002:a65:68c8:: with SMTP id k8mr1660410pgt.130.1623532356578; Sat, 12 Jun 2021 14:12:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAMMESszyrdFsaYYtvTo_0jHnsWGsbc-0aSthUi7pmNUt+U+GsA@mail.gmail.com>
In-Reply-To: <CAMMESszyrdFsaYYtvTo_0jHnsWGsbc-0aSthUi7pmNUt+U+GsA@mail.gmail.com>
From: Alexander Azimov <a.e.azimov@gmail.com>
Date: Sun, 13 Jun 2021 00:12:25 +0300
Message-ID: <CAEGSd=BqtM8=DtWUbrk0t7dkwhuvOvhhsGu8ozHmriqJNs5Cvw@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: draft-ietf-idr-bgp-open-policy@ietf.org, Susan Hares <shares@ndzh.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, IDR List <idr@ietf.org>, "grow@ietf.org grow@ietf.org" <grow@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000065313705c4981551"
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/MajasNEUs0iL9_OyyVzwcqVD6fM>
Subject: Re: [GROW] AD Review of draft-ietf-idr-bgp-open-policy-15
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2021 21:12:41 -0000
Dear Alvaro, Thank you for your detailed comments. I will work on the edits during the weekend and after recheck in our small co-author group, I'll push the next version. May I ask you to give more details on this part of your comment? > Also, I believe the specification is not complete. Can you amplify what parts of mechanics are missing? ср, 9 июн. 2021 г. в 22:40, Alvaro Retana <aretana.ietf@gmail.com>: > Dear authors: > > Thank you for your work on addressing the route leaks problem! > > I think the document still needs a lot of work. In general, the > precision in the language is not what I would expect from a Standards > Track document. Also, I believe the specification is not complete. > Please see details inline. > > Instead of returning the document to the WG, and because it is short, > I am including a long list of suggestions below. Given all the > proposed changes, we will eventually need to run a new WGLC explicitly > including the grow WG -- I have cc'd them in this message as well. > > > Thanks! > > Alvaro. > > > [Line numbers from idnits.] > > > ... > 14 Route Leak Prevention using Roles in Update and Open messages > 15 draft-ietf-idr-bgp-open-policy-15 > > [minor] s/Update and Open/UPDATE and OPEN BGP > > > [major] Throughout the document the concept of "sending prefixes" (or > sometimes announcing them) is used -- I understand that these are > common phrases. However, that is not the terminology used in rfc4271. > Please use "route advertisement" (and variations) instead. Note that > "propagated" is also ok. > > > 17 Abstract > > 19 Route leaks are the propagation of BGP prefixes which violate > 20 assumptions of BGP topology relationships; e.g. passing a route > 21 learned from one lateral peer to another lateral peer or a > transit > 22 provider, passing a route learned from one transit provider to > 23 another transit provider or a lateral peer. Existing > approaches to > 24 leak prevention rely on marking routes by operator > configuration, > 25 with no check that the configuration corresponds to that of the > eBGP > 26 neighbor, or enforcement that the two eBGP speakers agree on the > 27 relationship. This document enhances BGP OPEN to establish > agreement > 28 of the (peer, customer, provider, Route Server, Route Server > client) > 29 relationship of two neighboring eBGP speakers to enforce > appropriate > 30 configuration on both sides. Propagated routes are then marked > with > 31 an Only to Customer (OTC) attribute according to the agreed > 32 relationship, allowing both prevention and detection of route > leaks. > > [minor] > > OLD> > This document enhances BGP OPEN to establish agreement of the (peer, > customer, provider, Route Server, Route Server client) relationship of > two neighboring eBGP speakers to enforce appropriate configuration on > both > sides. Propagated routes are then marked with an Only to Customer (OTC) > attribute according to the agreed relationship, allowing both prevention > and detection of route leaks. > > Suggestion> > This document enhances the BGP OPEN message to establish an agreement of > the relationship between two eBGP speakers in order to enforce > appropriate > configuration on both sides. Propagated routes are then marked > according > to the agreed relationship, allowing both prevention and detection of > route > leaks. > > > ... > 94 1. Introduction > > 96 A BGP route leak occurs when a route is learned from a transit > 97 provider or lateral peer and then announced to another provider > or > 98 lateral peer. See [RFC7908]. These are usually the result of > 99 misconfigured or absent BGP route filtering or lack of > coordination > 100 between two eBGP speakers. > > [nit] s/peer. See [RFC7908]./peer [RFC7908]. > > > [nit] s/between two eBGP speakers./between autonomous systems. > > > 102 The mechanism proposed in > 103 [I-D.ietf-grow-route-leak-detection-mitigation] uses large- > 104 communities to perform detection and mitigation of route leaks. > 105 While signaling using communities is easy to implement and > deploy > 106 quickly, it normally relies on operator-maintained policy > 107 configuration, which is vulnerable to misconfiguration > [Streibelt]. > 108 The community signal can also be stripped at the ISP boundaries -- Best regards, Alexander Azimov
- [GROW] AD Review of draft-ietf-idr-bgp-open-polic… Alvaro Retana
- Re: [GROW] AD Review of draft-ietf-idr-bgp-open-p… Alexander Azimov
- Re: [GROW] AD Review of draft-ietf-idr-bgp-open-p… Alvaro Retana
- Re: [GROW] AD Review of draft-ietf-idr-bgp-open-p… Alexander Azimov
- Re: [GROW] AD Review of draft-ietf-idr-bgp-open-p… Alvaro Retana
- Re: [GROW] AD Review of draft-ietf-idr-bgp-open-p… Alvaro Retana
- Re: [GROW] AD Review of draft-ietf-idr-bgp-open-p… Sriram, Kotikalapudi (Fed)