Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)

<bruno.decraene@orange.com> Tue, 17 November 2015 08:35 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 720641B2C94 for <idr@ietfa.amsl.com>; Tue, 17 Nov 2015 00:35:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KIPTWaGnz9st for <idr@ietfa.amsl.com>; Tue, 17 Nov 2015 00:35:13 -0800 (PST)
Received: from relais-inet.francetelecom.com (relais-ias244.francetelecom.com [80.12.204.244]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ACC21B2C7B for <idr@ietf.org>; Tue, 17 Nov 2015 00:35:12 -0800 (PST)
Received: from omfeda06.si.francetelecom.fr (unknown [xx.xx.xx.199]) by omfeda12.si.francetelecom.fr (ESMTP service) with ESMTP id DB1993B42A8; Tue, 17 Nov 2015 09:35:09 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.24]) by omfeda06.si.francetelecom.fr (ESMTP service) with ESMTP id 85185C801D; Tue, 17 Nov 2015 09:35:09 +0100 (CET)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM7D.corporate.adroot.infra.ftgroup ([fe80::9044:c5ee:4dd2:4f16%19]) with mapi id 14.03.0248.002; Tue, 17 Nov 2015 09:35:09 +0100
From: <bruno.decraene@orange.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Thread-Topic: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
Thread-Index: AQHQfOJEbzqBqbwli0WLinaFdrSzRp5/NkAAgCBzp+CAALACAIAAziXg
Date: Tue, 17 Nov 2015 08:35:09 +0000
Message-ID: <9781_1447749309_564AE6BD_9781_1504_1_53C29892C857584299CBF5D05346208A0F6BD227@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <015e01d07ba1$0042bff0$00c83fd0$@ndzh.com> <25797_1429696420_55376FA4_25797_3139_1_53C29892C857584299CBF5D05346208A0EBAA545@PEXCVZYM11.corporate.adroot.infra.ftgroup> <D24E929A.E0D85%aretana@cisco.com> <30646_1447691076_564A0344_30646_2291_1_53C29892C857584299CBF5D05346208A0F6BC240@OPEXCLILM21.corporate.adroot.infra.ftgroup> <D26F8B7E.EA6BA%aretana@cisco.com>
In-Reply-To: <D26F8B7E.EA6BA%aretana@cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A0F6BD227OPEXCLILM21corp_"
MIME-Version: 1.0
X-PMX-Version: 6.2.1.2478543, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2015.10.16.122716
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/-N9ScClo-1d1zkDVV3-EqI7ZY04>
Cc: "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 08:35:19 -0000

Hi Alvaro,

Thanks for the discussion and the proposed change.
I indeed think that separating the "high order bit" in its own field will help clarifying the text. I'll wait for next revision since I expect a few changes in the text.
Please see 1 point inline [Bruno]

From: Alvaro Retana (aretana) [mailto:aretana@cisco.com]
Sent: Monday, November 16, 2015 8:03 PM
To: DECRAENE Bruno IMT/OLN
Cc: idr@ietf.org; Susan Hares
Subject: Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)

On 11/16/15, 11:24 AM, "bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>" <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>> wrote:

Bruno:

Hi!

Looks good to me, except one point regarding the security consideration. Then I also have some further comments.

--
>>§6.  Security Considerations

[...]
>> a) by default, this mechanism is activated.
>> b) non compliant implementation will accept and pass transitive Opaque community (0x03)

>> a+ b): anyone in the Internet can influence the routing in my AS; which is not acceptable.

> Yes, you're right.  We added considerations to turn it off by default.

I've only seen "MUST not propagate by default" which is not something this document can enforce on non-compliant ASBR. Hence some non compliant ASBR will accept this Cost  Community from unstrusted source/AS and propagate it within the AS.
IMO, we need that by defaut, the cost community MUST NOT affect the BGP decision process.

I think that this case is addressed in the text below (mod transitive + non-transitive).
[Bruno] I don't think so.
My concern is for an AS not using this cost community:
a) compliant routers will, by default, modify route preference based on the community
b) non compliant routers will, by default, accept this community over eBGP sessions.

a+b: we have an issue as untrusted AS may influence my routing policy or create loops.

We agree that we can't do anything about "b".
So I am asking to address "a" by having compliant routers to _not_ change route preference by default. i.e. MUST be explicitly configured to change their route preference based on this community.

Thanks
-- Bruno
You're right that a non-compliant implementation can do what is not specified (accept, propagate, use).  The same obviously applies to any other normative language we can add..




"Furthermore, all

   transitive Cost Communities received across an Autonomous System

   boundary without explicit configuration MUST be stripped off the BGP

   update, and ignored during the Decision Process."


Transitive and non-transitive (MUST be stripped off) (As RFC 4360 does not specify to remove non-transitive community received over eBGP.)

The last sentence in Section 4 (Operation) reads:

   If the non-transitive version of a Cost Community is received across
   an Autonomous System boundary, then the receiver MUST strip it off
   the BGP update, and ignore it during the Decision Process.

I think we were thinking about the inter-AS case when we wrote the Security Considerations..so we left the non-transitive part out.  We can add it in the next revision to make sure it is clear.


---

OLD: If the high-order bit is set, the Cost in the Cost Community
         may replace the value of a path attribute at a specific step in
         the Decision Process, but not the attribute itself.
NEW: If the high-order bit is set, the Cost in the Cost Community
         replace the value of a path attribute at a specific step in
         the Decision Process, but not the attribute itself.

Will fix in the next revision.



---

"   Multiple Cost Communities may indicate the same POI.  All the Cost

   Communities for a specific POI MUST be considered starting with the

   one(s) with the lowest Community-ID. "

By "lowest Community-ID" it's not clear to me whether the high order bit (indicating _after_ or _instead_ the related BGP attribute) is taken into account or not (i.e. should be masked before the comparison).
IMHO I would favor not taking this bit into account as, a priori, I don't see a reason to give preference to POI _after_.  In which case, as a related comment, IMHO the first figure of section 3, should indicate this high order bit as a separate field.
Regardless of your choice, IMO the expected behavior should be explicitly stated.

We'll change the drawing to indicate the bit separately and clarify what the ID is - in the next revision.


 "All the Cost Communities for a specific POI MUST be considered"

I'm not sure I would consider comparable "POI X & High-Order bit 1" with "POI X & High-Order bit 0". To me, looks like nearly equally different than POI X and POI X+1.

Oh, that doesn't mean that they are compared against each other.  As you point out, the "effective POI" with the high-order bit set is different than without it.

Along with your other comment about the ID and the high-order bit, we'll also clarify the meaning of POI.

By separating the high-order bit into its own field the meaning of the ID is cleared.  We'll call it the "Replace Bit" (R-bit).   I'm thinking of adding a new term called the Point of Application (POA), which is the place in the Decision Process where the Cost Community is evaluated.  If the R-bit is not set, then the POA is after the step in the Decision Process indicated by the POI; if the R-bit is set, then the POA is at the POI.  I'll then s/POI/POA in Operation, etc. which should result in the clarified behavior.   Thoughts?

 --

"   Routes that do not contain the Cost Community (for a valid,

   particular POI),or a Community-ID present in a route from another

   peer, MUST be considered to have the default Cost"

"(for a valid, particular POI" + and high-order bit of the community-ID.

Yes..  As above.

Thanks!

Alvaro.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.