Re: [GROW] Fw: New Version Notification for draft-sriram-opsec-urpf-improvements-00.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Tue, 16 May 2017 21:45 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88454129B25; Tue, 16 May 2017 14:45:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18fAmrzCrBb5; Tue, 16 May 2017 14:45:36 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0106.outbound.protection.outlook.com [23.103.200.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A221E12EB76; Tue, 16 May 2017 14:40:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=K8SU6GzICWyxdfc/UDFW/5qCnGGursFbQrPUYaErdBw=; b=pbYDOlU42G9kgzD8ZTjsedTCnzZl38WJdn9n12GjPAffOOScroHj2ueUi/Jns/S9XjgW1cShI7GTkFTJs4fOCC75l1VnNk4jGC6/FKIQxn5Jq6ZbxmXLvXn51aa1nsuuiWcGnfEm8AjzUTIWFqm5h2YgkIm79wHy4P7d0JZJpug=
Received: from DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) by DM2PR09MB0447.namprd09.prod.outlook.com (10.161.252.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Tue, 16 May 2017 21:40:33 +0000
Received: from DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) by DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) with mapi id 15.01.1084.029; Tue, 16 May 2017 21:40:33 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Jeff Haas <jhaas@juniper.net>, Jeffrey Haas <jhaas@pfrc.org>, Gert Doering <gert@space.net>
CC: "grow@ietf.org" <grow@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "draft-sriram-opsec-urpf-improvements@ietf.org" <draft-sriram-opsec-urpf-improvements@ietf.org>
Thread-Topic: Re: [GROW] Fw: New Version Notification for draft-sriram-opsec-urpf-improvements-00.txt
Thread-Index: AdLOhtgoC63hKDXgQAyUkToh0KO6NA==
Date: Tue, 16 May 2017 21:40:33 +0000
Message-ID: <DM2PR09MB04467442A7C8A67DA0414B6584E60@DM2PR09MB0446.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.140.122]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0447; 7:yPoOFfl5IMAviwB2+dS3M5dRtuG/5NRDbymIFgGKOSEihA02vtsBC5dQEE4umIOGKtGEKbbAef/Hf8kfn19TaCAdb+0IyA82Xp+7adNhF6zc+9yY1qafyMEpDfLObKQBzsesgoFSPIU5adVcXQjVOJcaX4OOAi7D5PQFKPrfrpltn8m1lZL+zjvOjZd+L46qIggdWoFk1z7Z91LKb92tF23+XuhV2WbrJUgeKnCWNNgChSTIru6lHec+2fkaPLuxtG7OL3gbGJR3f8JWA5h7tAiWu3Knt8c7lJM5vPueTW4IUfAqxbrfWojDE2aXzUMX2rhIEB4wcPbuxuLbLzippQ==
x-ms-office365-filtering-correlation-id: 01fb0d3f-a70a-4f16-ef09-08d49ca42ebd
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:DM2PR09MB0447;
x-microsoft-antispam-prvs: <DM2PR09MB04479D656BA1AA9F22D3484A84E60@DM2PR09MB0447.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(6072148); SRVR:DM2PR09MB0447; BCL:0; PCL:0; RULEID:; SRVR:DM2PR09MB0447;
x-forefront-prvs: 03094A4065
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39840400002)(39860400002)(39450400003)(39400400002)(39410400002)(24454002)(38730400002)(6246003)(74316002)(8936002)(99286003)(6306002)(8676002)(55016002)(9686003)(54356999)(50986999)(8666007)(77096006)(6436002)(4326008)(6116002)(2900100001)(102836003)(86362001)(6506006)(966005)(53936002)(54906002)(305945005)(33656002)(2906002)(122556002)(7736002)(3660700001)(81166006)(229853002)(3280700002)(189998001)(25786009)(66066001)(478600001)(5660300001)(7696004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0447; H:DM2PR09MB0446.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2017 21:40:33.7601 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0447
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/sCL7qW3y44WvOnoaAoGzOoZg4uw>
Subject: Re: [GROW] Fw: New Version Notification for draft-sriram-opsec-urpf-improvements-00.txt
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 21:45:39 -0000

Jeff:

I am responding to your comments from November 2016 (copied below):

https://www.ietf.org/mail-archive/web/grow/current/msg03726.html    (Jeff)

Thanks for your comments. I have tweaked your wording to
add a new Section 3.4 in the new version -01,
https://tools.ietf.org/html/draft-sriram-opsec-urpf-improvements-01  ,
which reads as follows:

3.4.  Implementation Consideration
   The existing RPF checks in edge routers take advantage of existing
   line card implementations to perform the RPF functions.  For
   implementation of the proposed technique, the general necessary
   feature would be to extend the line cards to take arbitrary RPF lists
   that are not necessarily tied to the existing FIB contents.  For
   example, in the proposed method, the RPF lists are constructed by
   applying a set of rules to all received BGP routes (not just those
   selected as best path and installed in FIB).

Thank you. Further comments welcome.

Sriram

Jeff Haas wrote Wed, 16 Nov 2016 00:17:39
>On Thu, Nov 10, 2016 at 04:19:14PM +0100, Gert Doering wrote:
>> On Wed, Nov 09, 2016 at 06:59:53PM +0000, Sriram, Kotikalapudi (Fed) wrote:
>> > The data plane would perform the usual uRPF check: Does the SA in the data packet 
>> > belong in a prefix in the RPF list for the interface it was received on?
>> 
>> This, actually, is not "the usual uRPF check".
>> 
>> Having implementations that could tack arbitrary "RPF lists" to an 
>> interface would be very nice, but this is more like "auto-generate ACLs
>> based on prefix info" than "RPF" which stands for "reverse path filter"
>> (not sure about the "filter" bit, though)
>
>This summarizes my hallway feedback to Sriram.
>
>As noted during mic chat, the existing RPF checks take advantage of existing
>line card implementations to do their thing.  The general necessary feature
>would be to extend the line cards to take arbitrary lists that may have
>nothing to do with the existing FIB contents.
>
>-- Jeff
>