Re: [GROW] AD Review of draft-ietf-idr-bgp-open-policy-15

Alexander Azimov <a.e.azimov@gmail.com> Sat, 12 June 2021 21:12 UTC

Return-Path: <a.e.azimov@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72D53A218D; Sat, 12 Jun 2021 14:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA1dTEQjLLAe; Sat, 12 Jun 2021 14:12:39 -0700 (PDT)
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F6A93A218C; Sat, 12 Jun 2021 14:12:38 -0700 (PDT)
Received: by mail-pf1-x42b.google.com with SMTP id g6so7428253pfq.1; Sat, 12 Jun 2021 14:12:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sE4kxnL/QFOUhMtqpvJdu9S4RV0dmkd8XsVZNOUgs4U=; b=uCuuqUm8640TwwLSBwwq6VRzL7ECbDaERI4UM+fm6uIHA3VajNA8LxTOSXS4Ru6ppO RneofZV88XvaLVgzay2rEHZyKGtZchZy0Hp9lEIjAD1nQamoQYE0BUQOVs8C2pigWYxh hTXGODV2pRNnzppfC3wd5nPn0umCs9dkCYvTPOfHZ2AmK2zOG459a9NTCno8IIdJM65U vHVs1KrzgPL1+Pq7rzmAcDGTb6kvHqbMxoAPU4voxE8cZD1UG/0U1sh7nvlpFKFNlCkj AFP1Dbuul4Nv/Ffr/5Gw+UxgvrvIyRGWiK6Liq/+sE+F0GaMuC9KY3o9Nz6Biwri3Rp1 1mHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sE4kxnL/QFOUhMtqpvJdu9S4RV0dmkd8XsVZNOUgs4U=; b=FC31MK2+VNyAHAU5AWEdP4dC2ojdRaGaIxwWbn3SUL5Hph/rdg5FtsPHvtNKn2zbN3 q7s45+maSqMbPeO9Q2N3EoXFndJRBZtAFK8wI1cjqoKWFNklv7fuYlXv0Imnt2akSjZX n7kmzMjVq7BaqfUYQexBUZzPICxXVBQKrPZF3s/LWODur6erE6lS5JoWFG68EqGNpJMb LsxyDTGB083R0NmrFPsm7rzhbnmWaltFtS0hy0wu3Fm05iqFVxwH+4+IMEg0pEbNfoRj ZCqtfq47JkNC3faswOmqQtbOkzVqg47TKqB+pmGCfR1SPeLuN/+ylcJJ0fC0Nqrm18q/ zmHg==
X-Gm-Message-State: AOAM531U7IB6WptuzeYdthFmcZtpP/NJ3v/wuRUKGmxdt7oNoRuBAgiw UMl+AzMca9gYucp2qgmp0fJrLD91xKE/wU5/IIooRfq/h5s=
X-Google-Smtp-Source: ABdhPJxClH1+74LWhF9n9hY98Brh5z3V2BvHHALGm9KGtR0LUJHROYQ7uMkEhc9NH6ZmXjV8ePivTotkF7LpQz0ZEq0=
X-Received: by 2002:a65:68c8:: with SMTP id k8mr1660410pgt.130.1623532356578; Sat, 12 Jun 2021 14:12:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAMMESszyrdFsaYYtvTo_0jHnsWGsbc-0aSthUi7pmNUt+U+GsA@mail.gmail.com>
In-Reply-To: <CAMMESszyrdFsaYYtvTo_0jHnsWGsbc-0aSthUi7pmNUt+U+GsA@mail.gmail.com>
From: Alexander Azimov <a.e.azimov@gmail.com>
Date: Sun, 13 Jun 2021 00:12:25 +0300
Message-ID: <CAEGSd=BqtM8=DtWUbrk0t7dkwhuvOvhhsGu8ozHmriqJNs5Cvw@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: draft-ietf-idr-bgp-open-policy@ietf.org, Susan Hares <shares@ndzh.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, IDR List <idr@ietf.org>, "grow@ietf.org grow@ietf.org" <grow@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000065313705c4981551"
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/MajasNEUs0iL9_OyyVzwcqVD6fM>
Subject: Re: [GROW] AD Review of draft-ietf-idr-bgp-open-policy-15
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2021 21:12:41 -0000

Dear Alvaro,

Thank you for your detailed comments.
I will work on the edits during the weekend and after recheck in our small
co-author group, I'll push the next version.

May I ask you to give more details on this part of your comment?
>  Also, I believe the specification is not complete.
Can you amplify what parts of mechanics are missing?

ср, 9 июн. 2021 г. в 22:40, Alvaro Retana <aretana.ietf@gmail.com>:

> Dear authors:
>
> Thank you for your work on addressing the route leaks problem!
>
> I think the document still needs a lot of work.  In general, the
> precision in the language is not what I would expect from a Standards
> Track document.  Also, I believe the specification is not complete.
> Please see details inline.
>
> Instead of returning the document to the WG, and because it is short,
> I am including a long list of suggestions below.  Given all the
> proposed changes, we will eventually need to run a new WGLC explicitly
> including the grow WG -- I have cc'd them in this message as well.
>
>
> Thanks!
>
> Alvaro.
>
>
> [Line numbers from idnits.]
>
>
> ...
> 14           Route Leak Prevention using Roles in Update and Open messages
> 15                         draft-ietf-idr-bgp-open-policy-15
>
> [minor] s/Update and Open/UPDATE and OPEN BGP
>
>
> [major] Throughout the document the concept of "sending prefixes" (or
> sometimes announcing them) is used -- I understand that these are
> common phrases.  However, that is not the terminology used in rfc4271.
> Please use "route advertisement" (and variations) instead.  Note that
> "propagated" is also ok.
>
>
> 17      Abstract
>
> 19         Route leaks are the propagation of BGP prefixes which violate
> 20         assumptions of BGP topology relationships; e.g. passing a route
> 21         learned from one lateral peer to another lateral peer or a
> transit
> 22         provider, passing a route learned from one transit provider to
> 23         another transit provider or a lateral peer.  Existing
> approaches to
> 24         leak prevention rely on marking routes by operator
> configuration,
> 25         with no check that the configuration corresponds to that of the
> eBGP
> 26         neighbor, or enforcement that the two eBGP speakers agree on the
> 27         relationship.  This document enhances BGP OPEN to establish
> agreement
> 28         of the (peer, customer, provider, Route Server, Route Server
> client)
> 29         relationship of two neighboring eBGP speakers to enforce
> appropriate
> 30         configuration on both sides.  Propagated routes are then marked
> with
> 31         an Only to Customer (OTC) attribute according to the agreed
> 32         relationship, allowing both prevention and detection of route
> leaks.
>
> [minor]
>
> OLD>
>    This document enhances BGP OPEN to establish agreement of the (peer,
>    customer, provider, Route Server, Route Server client)  relationship of
>    two neighboring eBGP speakers to enforce appropriate configuration on
> both
>    sides. Propagated routes are then marked with an Only to Customer (OTC)
>    attribute according to the agreed relationship, allowing both prevention
>    and detection of route leaks.
>
> Suggestion>
>    This document enhances the BGP OPEN message to establish an agreement of
>    the relationship between two eBGP speakers in order to enforce
> appropriate
>    configuration on both sides.  Propagated routes are then marked
> according
>    to the agreed relationship, allowing both prevention and detection of
> route
>    leaks.
>
>
> ...
> 94      1.  Introduction
>
> 96         A BGP route leak occurs when a route is learned from a transit
> 97         provider or lateral peer and then announced to another provider
> or
> 98         lateral peer.  See [RFC7908].  These are usually the result of
> 99         misconfigured or absent BGP route filtering or lack of
> coordination
> 100        between two eBGP speakers.
>
> [nit] s/peer.  See [RFC7908]./peer [RFC7908].
>
>
> [nit] s/between two eBGP speakers./between autonomous systems.
>
>
> 102        The mechanism proposed in
> 103        [I-D.ietf-grow-route-leak-detection-mitigation] uses large-
> 104        communities to perform detection and mitigation of route leaks.
> 105        While signaling using communities is easy to implement and
> deploy
> 106        quickly, it normally relies on operator-maintained policy
> 107        configuration, which is vulnerable to misconfiguration
> [Streibelt].
> 108        The community signal can also be stripped at the ISP boundaries



-- 
Best regards,
Alexander Azimov