Re: [GROW] New Version Notification for draft-sriram-opsec-urpf-improvements-01.txt
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Tue, 16 May 2017 21:20 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA0B129AD1; Tue, 16 May 2017 14:20:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFLsoUjayAqt; Tue, 16 May 2017 14:20:41 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0107.outbound.protection.outlook.com [23.103.200.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2C07129C56; Tue, 16 May 2017 14:16:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4bftlcaPANgKwyAf9l+fjvkXii6xjWIQ1I+KC0pUI84=; b=hKYUFhfMa2rhAyAVkh2lUNnB68YSI2jzCOrP+fJ7v1xToHcjGhdRc8OIW2hcoTPell6OJLZBMCiyqEDTcOw4xvWV7qkAw83DRBGn7K8x8uR88Unk8AEOQsC9ieYg/RSoZ0Ib2bpUVaz/OncxoPscHBErqt+7e58M0medusEntME=
Received: from DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) by DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Tue, 16 May 2017 21:16:08 +0000
Received: from DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) by DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) with mapi id 15.01.1084.029; Tue, 16 May 2017 21:16:08 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "opsec@ietf.org" <opsec@ietf.org>, "grow@ietf.org" <grow@ietf.org>, Job Snijders <job@instituut.net>, Marco Marzetti <marco@lamehost.it>, Brian Dickson <brian.peter.dickson@gmail.com>
CC: "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "draft-sriram-opsec-urpf-improvements@ietf.org" <draft-sriram-opsec-urpf-improvements@ietf.org>
Thread-Topic: New Version Notification for draft-sriram-opsec-urpf-improvements-01.txt
Thread-Index: AQHSxGYfR1bXq7eqbUibzTJUl1nSPaH3giqggAAFw9A=
Date: Tue, 16 May 2017 21:16:08 +0000
Message-ID: <DM2PR09MB0446772A142A790AA1206CA384E60@DM2PR09MB0446.namprd09.prod.outlook.com>
References: <149385460087.4867.17930635308205957341.idtracker@ietfa.amsl.com> <DM2PR09MB044633DC83D0D71F85B6184484E60@DM2PR09MB0446.namprd09.prod.outlook.com>
In-Reply-To: <DM2PR09MB044633DC83D0D71F85B6184484E60@DM2PR09MB0446.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.140.122]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0446; 7:Ai8Deo4vxg2XHZa5txbRTdP+0Oxjs2eo6bgLSptgdQibcpZ/CfhqX8fxmO79lQCTtdSH9z2263GKaS3nY6Yc7uJ/+GurWmBm2jRj9o4yA5MU2sXGnWspJcGEZzZGi1EF3+1R+/kLXwrFPaoD2Eh7FL1OFHb08MLtpY+Msnp5EF9tfTb+9nu8GnKlfy964POZRNfQtrrvt8s3CdPAdgK8Ppd56UVFGmT+w/2FiqFftpywaMnxJnE8UyYjP7chZxSlWQoMVdX3g8PGWWFHzOjwkw9CJuYj/F/Fjdeaq5qoQc9D38gwV3MpKaJ9fUA8yQ7uzsMRXfGv5bg0hrynmItGUw==
x-ms-office365-filtering-correlation-id: 365e77f7-88c2-4286-c010-08d49ca0c577
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081)(201702281549075); SRVR:DM2PR09MB0446;
x-microsoft-antispam-prvs: <DM2PR09MB0446512EE6DA060B992C1AE184E60@DM2PR09MB0446.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123555025)(6072148); SRVR:DM2PR09MB0446; BCL:0; PCL:0; RULEID:; SRVR:DM2PR09MB0446;
x-forefront-prvs: 03094A4065
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39400400002)(39450400003)(39850400002)(39410400002)(68736007)(38730400002)(5660300001)(230783001)(6246003)(122556002)(8936002)(81166006)(50986999)(33656002)(3280700002)(7736002)(2900100001)(305945005)(76176999)(2906002)(74316002)(2950100002)(3846002)(54356999)(66066001)(8676002)(3660700001)(39060400002)(6506006)(99286003)(55016002)(6436002)(9686003)(4326008)(6306002)(54906002)(189998001)(102836003)(6116002)(53936002)(77096006)(86362001)(478600001)(25786009)(229853002)(2501003)(7696004)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0446; H:DM2PR09MB0446.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2017 21:16:08.6336 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0446
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/q-Z95zmrxryYDQQuW1CDaOgzFZc>
Subject: Re: [GROW] New Version Notification for draft-sriram-opsec-urpf-improvements-01.txt
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 21:20:43 -0000
Job, Marco, Brian: Thanks for your comments (back in November). Version -01 of this draft is available at: https://tools.ietf.org/html/draft-sriram-opsec-urpf-improvements-01 In response to your comments from when this was discussed (November 2016) in the GROW meeting at IETF-97 and on the GROW/OPSEC lists, https://www.ietf.org/mail-archive/web/grow/current/msg03716.html (Marco) https://www.ietf.org/mail-archive/web/grow/current/msg03713.html (Job) https://www.ietf.org/mail-archive/web/grow/current/msg03715.html (Brian) I have added a new Section 3.2 “Operational Recommendations”. Your examples involved not announcing any routes at all to one or more upstreams (transit providers). However, feasible-path uRPF relies “on consistent route advertisements (i.e., the same prefix(es), through all the paths) propagating to all the routers performing Feasible RPF checking.” (BCP 84) The proposed enhanced feasible-path uRPF requires less and still performs better relative to feasible-path uRPF given the same scenario. The corresponding guidelines are presented and discussed in the new Section 3.2. I have also included a version of your example in the discussion. Thanks! Further comments welcome. Sriram
- [GROW] FW: New Version Notification for draft-sri… Sriram, Kotikalapudi (Fed)
- Re: [GROW] New Version Notification for draft-sri… Sriram, Kotikalapudi (Fed)