Re: [GROW] WGLC: draft-ietf-grow-blackholing - ENDS May 20, 2016
Jeffrey Haas <jhaas@pfrc.org> Tue, 10 May 2016 20:26 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1BE512D5A9; Tue, 10 May 2016 13:26:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.898
X-Spam-Level:
X-Spam-Status: No, score=-2.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHGZUeBW5JHp; Tue, 10 May 2016 13:26:56 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 0EE5F12D141; Tue, 10 May 2016 13:26:56 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 051741E336; Tue, 10 May 2016 16:31:57 -0400 (EDT)
Date: Tue, 10 May 2016 16:31:56 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Christopher Morrow <christopher.morrow@gmail.com>
Message-ID: <20160510203156.GA7636@pfrc.org>
References: <CAL9jLaZhxmc1wH7gPCXJ7D0XuxEtzV630uy321+KVm3aRQ69Sw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAL9jLaZhxmc1wH7gPCXJ7D0XuxEtzV630uy321+KVm3aRQ69Sw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/grow/zfrSadshc8rAZGyH9XIF7YDB5ds>
Cc: "grow-chairs@ietf.org" <grow-chairs@ietf.org>, "grow@ietf.org grow@ietf.org" <grow@ietf.org>, "grow-ads@tools.ietf.org" <grow-ads@tools.ietf.org>
Subject: Re: [GROW] WGLC: draft-ietf-grow-blackholing - ENDS May 20, 2016
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2016 20:26:58 -0000
On Fri, May 06, 2016 at 10:51:46AM -0400, Christopher Morrow wrote: > The authors of: draft-ietf-grow-blackholing had asked for WGLC to be > started on their document. The abstract is: > > This document describes the use of a well-known Border Gateway > Protocol (BGP) community for blackholing at IP networks and Internet > Exchange Points (IXP). This well-known advisory transitive BGP > community, namely BLACKHOLE, allows an origin AS to specify that a > neighboring IP network or IXP should blackhole a specific IP prefix. > > The URL to the document: > <https://tools.ietf.org/html/draft-ietf-grow-blackholing-00> > > Please have a read, give it some consideration and send > comments/questions/ACK/NACK back so the authors can adjust course or > celebrate a process victory over the document snake. I'm generally supportive of the draft in its current state. A (re-)read does cause me to ask the following: : BGP speakers SHOULD only accept and honor BGP announcements carrying : the BLACKHOLE community if the announced prefix is covered by a : shorter prefix for which the neighboring network is authorized to : advertise. The "authorized to advertise" is a bit on the vague end. (I.e. how do you write code for it?) Could the authors give a bit more guidance here? For example, would an AS_PATH that is a proper prefix of the less specific route's AS_PATH do? The incremental deployment case is also a bit ugly. If this more specific route is received by a router that doesn't understand the community, it will instead forward that more specific traffic toward the advertiser. Presumably it would eventually reach a router that knows what it means and blackhole it, so it's not tragic as long as the forwarding path in question can absorb the traffic (which is presumably at DDoS levels). -- Jeff
- [GROW] WGLC: draft-ietf-grow-blackholing - ENDS M… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Jeffrey Haas
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Thomas King
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Job Snijders
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Thomas King
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Job Snijders
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Gert Doering
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Christopher Morrow
- Re: [GROW] WGLC: draft-ietf-grow-blackholing - EN… Thomas King