Re: [Idr] New BGP capability to advertise running daemon version

Hello,

yes, it's risky and shouldn't be toggled by default, but in data
center environments where you have full control, it's very handy. For
instance in FRR has a few modes to operate like traditional and
datacenter. By having datacenter profile enabled, it's safe enough to
have this capability, IMO. Or as you suggested, just an additional
knob for configuring this is considered as well.

On Fri, Aug 2, 2019 at 9:39 AM ERCIN TORUN <ercin.torun@turkcell.com.tr> wrote:
>
> Hello Donatas,
>
> I do think that your suggestion is handy, but from security perspective it is risky if you are enabling such a feature in a non-trust environment. An implementation warning should be added for vendors/code developers not to enable this capability by default. Enabling such a functionality by default might result in your neighbors knowing your BGP implementation & its version, which might contain security risks.
>
> In security section you refer to RFC3552. In section 6.1.1.4 (https://tools.ietf.org/html/rfc3552#section-6.1.1) of mentioned RFC same suggestion exists but only for SMTP.
>
> Regards
> Erçin TORUN
>
> -----Original Message-----
> From: Idr <idr-bounces@ietf.org> On Behalf Of Donatas Abraitis
> Sent: Friday, August 2, 2019 9:08 AM
> To: idr@ietf.org
> Subject: [Idr] New BGP capability to advertise running daemon version
>
> Hi there!
>
> I would like to propose a new idea of how to simplify the debugging process when dealing with lots of different BGP speakers and even more with different versions.
>
> Basically, the implementation is very trivial, but it would be handy in cases when you should debug why some functionality does not work between two or more BGP speakers. Having this in place would speedup troubleshooting time. Even better if that comes to automation to gather information around all infrastructure you have.
>
> The implementation and details are posted in this draft:
> https://www.ietf.org/id/draft-abraitis-bgp-version-capability-00.txt
>
> Waiting for comments.
>
> Thank you!
>
> --
> Donatas
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>
> [http://www.turkcell.com.tr/downloads/bireysel/img/Tcelldis.gif] <http://turkcell.li/iyaani>
>
> Bu elektronik posta ve onunla iletilen butun dosyalar sadece gondericisi tarafindan almasi amaclanan yetkili gercek ya da tuzel kisinin kullanimi icindir. Eger soz konusu yetkili alici degilseniz bu elektronik postanin icerigini aciklamaniz, kopyalamaniz, yonlendirmeniz ve kullanmaniz kesinlikle yasaktir ve bu elektronik postayi derhal silmeniz gerekmektedir.
>
> TURKCELL bu mesajin icerdigi bilgilerin doğruluğu veya eksiksiz oldugu konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne sekilde olursa olsun iceriginden, iletilmesinden, alinmasindan ve saklanmasindan sorumlu degildir. Bu mesajdaki gorusler yalnizca gonderen kisiye aittir ve TURKCELLin goruslerini yansitmayabilir
>
> Bu e-posta bilinen butun bilgisayar viruslerine karsi taranmistir.
>
> ________________________________
>
> This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted.
>
> TURKCELL makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TURKCELL.
>
> This e-mail has been scanned for all known computer viruses.

-- 
Donatas