Re: [GROW] Secdir last call review of draft-ietf-grow-bgp-session-culling-04
Job Snijders <job@ntt.net> Mon, 25 September 2017 16:36 UTC
Return-Path: <job@instituut.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E04A01344B4 for <grow@ietfa.amsl.com>; Mon, 25 Sep 2017 09:36:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.419
X-Spam-Level:
X-Spam-Status: No, score=-1.419 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9dDvZ8rdXcX for <grow@ietfa.amsl.com>; Mon, 25 Sep 2017 09:36:23 -0700 (PDT)
Received: from mail-wm0-f49.google.com (mail-wm0-f49.google.com [74.125.82.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 421491344F5 for <grow@ietf.org>; Mon, 25 Sep 2017 09:36:15 -0700 (PDT)
Received: by mail-wm0-f49.google.com with SMTP id b195so21574279wmb.5 for <grow@ietf.org>; Mon, 25 Sep 2017 09:36:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=U17jD/RsnOZBpsGw4aDf87Gr+BQHGSEysR6CNsmhG18=; b=SZJmMi+OYkLyHiKhxoALzVCooSTWmDC4EL8ti6PzKBRnp+X5FTnvG1d/u9L5Lx+Qve LnMR9OkBgXzH1qV5tQ0Lav8JbOJtFtYyNr+igfU9DEaVg15iQhmPVobwMynCSGOgxHyS tpCgcOLlNcts1IzNu7Sv2o/709jI29XgktYIW0OmJVCu4MIm7fmFyPAn8fx7dcYM7pcY q5BffC+mUiV4hSv6+Im6qr8Gnzilv0fkkndgL+pVuJ2K3ft6Q3vP9dpIXzksb4Kuzuw1 cPgNJEtXClxKQBVJd/wFElC1yN+ZEjfZcygyLWdSPTtmI4qllHvTAfBK7ax2AupRC/AO fv9g==
X-Gm-Message-State: AHPjjUiK+ZPn49d8QwY1md/vnT6yhlYBVJUdW8GSGoW29TSwJHaegVvp 5l6lzJRrNtDej4gaDtOQ/Qt+hA==
X-Google-Smtp-Source: AOwi7QC9ALXRO9tHnWsdGpdbYya7S2+mTnvBovvVSKF2VmvoLsR40fzhQ24YH1DpikQvprFfCb3LNQ==
X-Received: by 10.80.179.120 with SMTP id r53mr15069670edd.174.1506357373461; Mon, 25 Sep 2017 09:36:13 -0700 (PDT)
Received: from localhost ([2001:67c:208c:10:1533:ae60:ce69:5c07]) by smtp.gmail.com with ESMTPSA id 26sm4134513eds.5.2017.09.25.09.36.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Sep 2017 09:36:12 -0700 (PDT)
Date: Mon, 25 Sep 2017 18:36:11 +0200
From: Job Snijders <job@ntt.net>
To: Will Hargrave <will@harg.net>
Cc: Paul Wouters <paul@nohats.ca>, secdir@ietf.org, grow@ietf.org, draft-ietf-grow-bgp-session-culling.all@ietf.org, ietf@ietf.org
Message-ID: <20170925163611.3tgzo5emijwickpn@hanna.meerval.net>
References: <150635434992.27366.574012206348474088@ietfa.amsl.com> <ABA19C9B-7226-4001-86F9-9BDAAA21942C@harg.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <ABA19C9B-7226-4001-86F9-9BDAAA21942C@harg.net>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170912 (1.9.0)
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/kWCswHaTTqAczFvodpw1FLPYB-8>
Subject: Re: [GROW] Secdir last call review of draft-ietf-grow-bgp-session-culling-04
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Sep 2017 16:36:25 -0000
On Mon, Sep 25, 2017 at 04:29:24PM +0000, Will Hargrave wrote: > On 25 Sep 2017, at 16:45, Paul Wouters wrote: > > This document basically states that people doing network maintenance > > so often make mistakes that leak into the global BGP table, that it > > would be a good idea to just firewall all the BGP traffic going out > > of your network edge as a preventive measure. It's a sad state of > > software/firmware that an external firewalling process is deemed > > necessary to properly (re)configure BGP. > > Hi Paul, > > I am afraid you have got the wrong end of the stick here. This > technique is intended for IXP and other L2 operators, not those who > operate BGP speakers / IP networks. Small nit pick: section 3.1 applies to those who operate BGP speakers / IP networks. But yes, it appears that the review is based on a misunderstanding about the layering of the ISO model and how the IP filters trigger rerouting as (desired) second order effect. > It is a workaround to unwanted blackholing of traffic as a result of > the dataplane being broken whilst waiting for BGP holdtimers to expire > - nothing to do with actual BGP route policy. > > I gave a presentation earlier this year at the UK Network Operators > Forum which attempts to explain this > https://indico.uknof.org.uk/event/39/contribution/8 I'd also like to note that the techniques described in the culling document have nothing to do with 'leaking' of any sort, nor is the BCP attempting or purposed to describe firewalling best practises from a general perspective. Kind regards, Job
- [GROW] Secdir last call review of draft-ietf-grow… Paul Wouters
- Re: [GROW] Secdir last call review of draft-ietf-… Will Hargrave
- Re: [GROW] Secdir last call review of draft-ietf-… Job Snijders