Re: [Idr] New BGP capability to advertise running daemon version

Donatas Abraitis <donatas.abraitis@gmail.com> Fri, 02 August 2019 06:56 UTC

Return-Path: <donatas.abraitis@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C5CD120137 for <idr@ietfa.amsl.com>; Thu, 1 Aug 2019 23:56:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Md_gg0qaHTsZ for <idr@ietfa.amsl.com>; Thu, 1 Aug 2019 23:56:35 -0700 (PDT)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBC0312008A for <idr@ietf.org>; Thu, 1 Aug 2019 23:56:34 -0700 (PDT)
Received: by mail-qk1-x733.google.com with SMTP id t187so1331505qke.8 for <idr@ietf.org>; Thu, 01 Aug 2019 23:56:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Au7+sNomPybSSJeVQemHyIPYiXS2+hXehP3/gFntPRs=; b=dKsApvgnNojdZ6v/iI9x5+KCkdGF4RNnE66o3zp++N/w4bfVn8Uf0oYVtF4pVFgqnP kwvhM6eb3t5YP0v36tIf0owa6Krig0C4+s0aaalFSi+50GZi9/7+BWPUF+S8cxSoETJ3 +lefDiqfjqljap40WhW7WN9zeAPs5AQeP4Nsf0+5bjhqsz7kSVPDOTC1kkFJZJzI+kVi TvDXENMo8zJx3TNkzEoW6x9Mf+fnhNQJhzhxxIao0+TNaZsSo0gvpM6o45yQnJ9XB7jf VIFp1bg1mKDn0xMlTu9vbB0g++QUw3v7wNVDP62CAwL4c8jOg4g3GwY8zH0Ne+j7JSfy C5IA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Au7+sNomPybSSJeVQemHyIPYiXS2+hXehP3/gFntPRs=; b=Sa26xoN/a1lFLNVTvdKX+HGbW32o1twGw9g8sHrsbfLiVwK+48bVrpj4Cb0LSw5f2h ylKuIeGmnfe+ncN7489cNjJ1F2bvC5V975c1tO+UKZ+qsevlZXrVGxManpmUhP+9yZ0r Tf2kqhsOuXFHpTVUSPDFFqBp9oLdTPBUv17ymzuiCg+xPkVsofgT1EKui3a6WUNa1WDZ e147hkn7UWklj24lTypJM6yfw2G+6+bxNqxn2tbX7uKksncCu05FqS3PRQzUXCQxd/64 7pUxSJ4j9H5fOHu2wKE56cilCvfnPzHpjGb7Cew1Y6FoD8MYe01bJhiUNfVeIRL/fWBW OesA==
X-Gm-Message-State: APjAAAUfJFK+sFg52R7y7Iv46RLHBmdbgrdwpZT+QSZYlklFY18bZu4N s3/kql5Wq47p19uBi7mHa8/PNd2RV2MT+mLyprI=
X-Google-Smtp-Source: APXvYqzmPqOEJz0XhvN9dacocsxfA3Q4RHrCKk4RPo3TuBcT/1I72wYX1QB+u006pN8v/VJmsQTJnFc+wANnqO5re3k=
X-Received: by 2002:a05:620a:127c:: with SMTP id b28mr62004002qkl.299.1564728993793; Thu, 01 Aug 2019 23:56:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAPF+HwV3EEUza3FyiXsd_oSkj80OwY-tE2DgFWnynq1FL2tLHg@mail.gmail.com> <015d56c13d01436890da2b8a7179fac9@turkcell.com.tr>
In-Reply-To: <015d56c13d01436890da2b8a7179fac9@turkcell.com.tr>
From: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Fri, 2 Aug 2019 09:56:22 +0300
Message-ID: <CAPF+HwV2Df6qcRD+GrE_JFv8W5Yh3OACKZrdv1Bw4PXQbjtDyQ@mail.gmail.com>
To: ERCIN TORUN <ercin.torun@turkcell.com.tr>
Cc: "idr@ietf.org" <idr@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/3p47Zt588RqQeXtec0Aq6y6TyXw>
Subject: Re: [Idr] New BGP capability to advertise running daemon version
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 06:56:41 -0000

Hello,

yes, it's risky and shouldn't be toggled by default, but in data
center environments where you have full control, it's very handy. For
instance in FRR has a few modes to operate like traditional and
datacenter. By having datacenter profile enabled, it's safe enough to
have this capability, IMO. Or as you suggested, just an additional
knob for configuring this is considered as well.

On Fri, Aug 2, 2019 at 9:39 AM ERCIN TORUN <ercin.torun@turkcell.com.tr> wrote:
>
> Hello Donatas,
>
> I do think that your suggestion is handy, but from security perspective it is risky if you are enabling such a feature in a non-trust environment. An implementation warning should be added for vendors/code developers not to enable this capability by default. Enabling such a functionality by default might result in your neighbors knowing your BGP implementation & its version, which might contain security risks.
>
> In security section you refer to RFC3552. In section 6.1.1.4 (https://tools.ietf.org/html/rfc3552#section-6.1.1) of mentioned RFC same suggestion exists but only for SMTP.
>
> Regards
> Erçin TORUN
>
> -----Original Message-----
> From: Idr <idr-bounces@ietf.org> On Behalf Of Donatas Abraitis
> Sent: Friday, August 2, 2019 9:08 AM
> To: idr@ietf.org
> Subject: [Idr] New BGP capability to advertise running daemon version
>
> Hi there!
>
> I would like to propose a new idea of how to simplify the debugging process when dealing with lots of different BGP speakers and even more with different versions.
>
> Basically, the implementation is very trivial, but it would be handy in cases when you should debug why some functionality does not work between two or more BGP speakers. Having this in place would speedup troubleshooting time. Even better if that comes to automation to gather information around all infrastructure you have.
>
> The implementation and details are posted in this draft:
> https://www.ietf.org/id/draft-abraitis-bgp-version-capability-00.txt
>
> Waiting for comments.
>
> Thank you!
>
> --
> Donatas
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>
> [http://www.turkcell.com.tr/downloads/bireysel/img/Tcelldis.gif] <http://turkcell.li/iyaani>
>
> Bu elektronik posta ve onunla iletilen butun dosyalar sadece gondericisi tarafindan almasi amaclanan yetkili gercek ya da tuzel kisinin kullanimi icindir. Eger soz konusu yetkili alici degilseniz bu elektronik postanin icerigini aciklamaniz, kopyalamaniz, yonlendirmeniz ve kullanmaniz kesinlikle yasaktir ve bu elektronik postayi derhal silmeniz gerekmektedir.
>
> TURKCELL bu mesajin icerdigi bilgilerin doğruluğu veya eksiksiz oldugu konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne sekilde olursa olsun iceriginden, iletilmesinden, alinmasindan ve saklanmasindan sorumlu degildir. Bu mesajdaki gorusler yalnizca gonderen kisiye aittir ve TURKCELLin goruslerini yansitmayabilir
>
> Bu e-posta bilinen butun bilgisayar viruslerine karsi taranmistir.
>
> ________________________________
>
> This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted.
>
> TURKCELL makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TURKCELL.
>
> This e-mail has been scanned for all known computer viruses.



-- 
Donatas