Re: [Idr] I-D Action: draft-ietf-idr-flowspec-l2vpn-09.txt

Donald Eastlake <> Sun, 29 September 2019 04:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8A3F612013D for <>; Sat, 28 Sep 2019 21:17:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.152
X-Spam-Status: No, score=0.152 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2Wil1OMxlMeF for <>; Sat, 28 Sep 2019 21:16:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::d42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8BEF0120137 for <>; Sat, 28 Sep 2019 21:15:35 -0700 (PDT)
Received: by with SMTP id q10so28621953iop.2 for <>; Sat, 28 Sep 2019 21:15:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZwYj1dEQxeMj/OIqmGW1pfdRMV1/0cWUYeCaai+V96o=; b=nSoH7++uCJ4zAoJWlQZSlujQQmX/FD9inseolkOX/kCzKZSrmRUaVcUxv5r1rHvkr/ KvhvgEsxE6sy0P85DxfDDZRvHD8g1g+ErnilpUg/9F091ABW6LLuvCGAYAH9WVyshBCk /VvyJdnh0FZmP2/2PFPsKrLtlBQMywr+L44FBZn7epKqlYZfZalynQyMk/sKboz3a6Oj IZa/hLa5Ru3zAk6UMUD30quLkuf7UQNFLBbYqWVfRE+8cnUk/lCZ9aemAycbqTS3QevZ 3V8pC7cE1scXe8sxrPy2r7zVL5x2v8zARZhy8gtl7CnzR/WbbU/jxGJivWEW2zSXTuND I3ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZwYj1dEQxeMj/OIqmGW1pfdRMV1/0cWUYeCaai+V96o=; b=OeEBAjoUxG/uGp1R2/4lLYE+uNIpXHuYqfqmGXRjMF8jDvY3PCqUuSTlvxeIRL+Pvu smMAnlzj2tEB3lPm0GqQR81QtLNbjuPw1H7WjQ6IS+bC8YqisOpm3K2C9EPk87RBsveH l+hn90FwZC27LHFGx2k0okcHI21vmlt21i2HliHbRgoX1Q8+04E+Pc1RPFyhX9tgzqZe hW149nOolhBIeAKR3ghFJ/O4+kXKj9RfKS+9tXKyqKxhgdFyO3YDamuoJ5Jf0vqIS9aF vDm29zVR1zhmdd4LYb8NBm/RlTbT3QBzJMq1OmIHTjv1xPadFxEf/8mkww7S3dKQuJn4 x4Kg==
X-Gm-Message-State: APjAAAXjnRz6VC1Xqw47vvzBfRITEMUBr7xKa1bx59TjiJ2vLWSFue2W +pTnpLqenyyrwZjmbmAzH14xl9WfNSMhKDQSuIvXAZhHQjQ=
X-Google-Smtp-Source: APXvYqzQDKTaqii37p0BOLu3bryapr+tri1zuGzloNpR3m21FLngtIPzhmocdjakk672OMi4BqN5QnC7f0PQXaGVxrk=
X-Received: by 2002:a02:b782:: with SMTP id f2mr15072271jam.48.1569729914087; Sat, 28 Sep 2019 21:05:14 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Donald Eastlake <>
Date: Sun, 29 Sep 2019 00:05:03 -0400
Message-ID: <>
To: Robert Raszuk <>
Cc: "idr@ietf. org" <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-flowspec-l2vpn-09.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 29 Sep 2019 04:17:52 -0000

Hi Robert,

Thanks for your review. Apologies for the delay in response.

On Thu, Jan 3, 2019 at 6:04 AM Robert Raszuk <> wrote:
> Hi,
> Two observations:
> 1.
> The current draft extends exisiting SAFI 134 with new NLRI types.
> That means that now we have new giant NLRI in SAFI 134.
> Have any consideration been made to just define a new flow spec SAFI
> instead for L2 filtering ? I am quite skeptical from implementation,
> operational and deployment points of view to extend the existing
> SAFI and it makes a gradual deployment a nightmare if not mission
> impossible.
> Any change to NLRI format without signalling it with new capability is
> far from good practice.

My understanding is that flow spec capabilities are signalled by an
AFI/SAFI pair as specified in RFC 2858. So I think that
AFI=25/SAFI=134 already is a new capability. The draft should be
clarified to present things in those terms.

It would be easy, from the IANA Considerations point of view, to get a
new SAFI that could be used with AFI=25 for L2VPN flowspec. But I
don't really see the benefit of burning a new SAFI value, say xyz, and
using AFI=25/SAFI=xyz instead of ARI=25/SAFI=134.

In my opinion, the general format for the NLRI in this draft ia
similar to the flow specs for IPv4 and IPv6.  The components that are
added by this draft differ from the IPv4 and IPv6 components in the
generally the same way that the IPv4 and IPv6 components differ from
each other.

> 2.
> The draft is pretty silent on adjusting validation procedures to make sure only
> senders of the original L2 information may inject the L2 flow routes..
> I would hope that this is basic omission and will be consider for addition into
> next version of he draft.

That is an excellent point and the next version should have adjusted
validation procedures in it.

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA

> Thx,
> R.
> On Thu, Jan 3, 2019 at 10:33 AM <> wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the Inter-Domain Routing WG of the IETF.
>>         Title           : BGP Dissemination of L2VPN Flow Specification Rules
>>         Authors         : Weiguo Hao
>>                           Donald E. Eastlake, 3rd
>>                           James Uttaro
>>                           Stephane Litkowski
>>                           Shunwan Zhuang
>>         Filename        : draft-ietf-idr-flowspec-l2vpn-09.txt
>>         Pages           : 13
>>         Date            : 2019-01-03
>> Abstract:
>>    This document defines a BGP flow-spec extension to disseminate L2 VPN
>>    Ethernet traffic filtering rules.  SAFI=134 in [RFC5575] is redefined
>>    for this purpose.  A new subset of component types and extended
>>    community also are defined.  A new subset of component types and new
>>    extended community also are defined.
>> The IETF datatracker status page for this draft is:
>> There are also htmlized versions available at:
>> A diff from the previous version is available at:
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at
>> Internet-Drafts are also available by anonymous FTP at: