Re: [Idr] Request to adopt draft-heitz-idr-large-community
"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 08 September 2016 10:50 UTC
Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6A7F12B1FB for <idr@ietfa.amsl.com>; Thu, 8 Sep 2016 03:50:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.029
X-Spam-Level:
X-Spam-Status: No, score=-16.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kM1IKKrtBh0Z for <idr@ietfa.amsl.com>; Thu, 8 Sep 2016 03:50:51 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9424712B2E2 for <idr@ietf.org>; Thu, 8 Sep 2016 03:50:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8519; q=dns/txt; s=iport; t=1473331836; x=1474541436; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=uAy7zzO3PQ7EMP/cn7MijihJSHK/ZALN4mor/WHOnhY=; b=LfoLyC22HUKJEea9VDGzwFv76m6X/LkL74j8sCODIju15koZNoIaryhH YQrfav43y2jgGzB1TNrUCYX322nZpQUirCTEHJI58GgoS1MWqWSGPDObH AsXvUuoY232oin4FUJ+D37w9ua6G2HHuiZGTC2KKFJpCS0yjG18r7PP4Q I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BdAQDsQdFX/4QNJK1dGQEBAQEBAQEBAQEBgy0BAQEBAR5XLU+NMqsQggMZC4V4AoFaOBQBAgEBAQEBAQFeHAuEYQEBAQMBAQEBNzICCAMFBwQCAQgVAQIeECcLJQIEDgUUB4gnCA68bwEBAQEBAQEBAQEBAQEBAQEBAQEBARcFhjCBeAiCToEignARAQYWgy2CLwWOKos0AYhfhmCBboRfiRBvi2KDegEeNoJnAggWgU1whTaCHwEBAQ
X-IronPort-AV: E=Sophos;i="5.30,300,1470700800"; d="scan'208";a="320983547"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Sep 2016 10:50:35 +0000
Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u88AoZEi021876 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 8 Sep 2016 10:50:35 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 8 Sep 2016 05:50:34 -0500
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1210.000; Thu, 8 Sep 2016 05:50:34 -0500
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>
Thread-Topic: [Idr] Request to adopt draft-heitz-idr-large-community
Thread-Index: AQHSCDP+9Gy6rPIW0USt867VcqfiL6BuXmaAgAAfcwCAAAPVgIAABqSAgAAddgD///s9xIABGsSA//+xdsw=
Date: Thu, 08 Sep 2016 10:50:34 +0000
Message-ID: <56420857-5B57-44D9-B5B1-99806FA5DAC2@cisco.com>
References: <20160906113919.GC17613@vurt.meerval.net> <F3BDAC77-FA01-4F90-9BC1-9F2F1B7B6029@ecix.net> <CAHxMReZxtHSHfavDaAm=JrBqQ+UHkbJoai52Zt3rFFSKgp=aLA@mail.gmail.com> <CA+b+ER=QOJXZoZaNhRhiHS2SgE88cBaxOb39eRshyA1TxnQXUg@mail.gmail.com> <20160907161113.GG5423@57.rev.meerval.net>, <CA+b+ERmfPrjbsAx42aKH_OVdZnf0WzqS_B1mJ6eTVni7T2s6xg@mail.gmail.com> <D2565063-A1DE-4AB0-9903-65AA2805D0D3@cisco.com>, <7547_1473330703_57D13E0F_7547_1505_1_53C29892C857584299CBF5D05346208A0F9C7061@OPEXCLILM21.corporate.adroot.infra.ftgroup>
In-Reply-To: <7547_1473330703_57D13E0F_7547_1505_1_53C29892C857584299CBF5D05346208A0F9C7061@OPEXCLILM21.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/5AfxShJUN21Avo16C0fQnVCI7do>
Cc: idr wg <idr@ietf.org>, Robert Raszuk <robert@raszuk.net>
Subject: Re: [Idr] Request to adopt draft-heitz-idr-large-community
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2016 10:50:54 -0000
I fully expect people to use the first 4 octets to encode the target ASN for all the reasons mentioned. However, I will not enforce it in the code or in the spec. It is enough to RECOMMEND it in the spec, stating the reason. Thanks, Jakob. > On Sep 8, 2016, at 6:31 AM, "bruno.decraene@orange.com" <bruno.decraene@orange.com> wrote: > > [re-sending in ascii] > > Hi Jakob, > > Please see inline, [Bruno] > >> -----Original Message----- >> From: Jakob Heitz (jheitz) > Sent: Thursday, September 08, 2016 12:40 AM >> >> Here is how I would treat the first 4 octet so of the large community. >> The community is normally used by an ISP to allow a directly connected customer to >> express its wishes about how to process the route. In that case, the first four octets and all >> octets are totally in control of the ISP. The ISP has total control of the definition of the >> octets. If an ISP is willing to carry communities that are destined to another AS, then it >> makes sense for everyone to agree on the encoding of the target ASN in the community. >> I would phrase it like this: >> >> The meaning of all octets in the large community is to be defined by mutual agreement >> between the originating and terminating ASes. However, if a large community is intended >> to transit an AS, then the ASN of the terminating AS SHOULD be encoded in the first 4 >> octets of the large community. > > > [Bruno] The problem is that in living networks, people start using a solution (e.g. large community) with a given use case in mind. Then once deployed, it's very hard to change (well, I guess it depends on how big and complex is the network). > So people start with 2 ASes (originating and terminating), then use one VPN AS to transit, then come inter-AS VPN. And those transit AS will see name space collision, which will be a headache. (e.g. who must be forced to renumber?) > Note that a transit AS may also be introduced between 2 peers, without VPN. > > So I would strongly prefer that the first 4 octets be dedicated to the AS number defining the usage of the community, just like RFC 1997 (BGP community) (and RT for extended community and RD in VPNs) > > [Bruno] > IMHO, I would interpret your proposition as a fear that in some future, the large-community, is found not to be large enough. If this is the case, it's not too late to make it bigger. e.g. 4*32 bits. > On a side note, I'm also a bit nervous that 3 days after the start of the WGLC, so extremely early for a solution that I would expect to be running for 20 years, we are already discussing that the numbering space may be too small. (full disclosure, I'm co-authoring draft-ietf-idr-wide-bgp-communities) > > Thanks, > Regards, > --Bruno > > >> For example, there is no reason that an invalid ASN (say 0 or 23456) should be disallowed >> as long as the intended recipients of the community understand the meaning. >> >> Thanks, >> Jakob. >> >> >> On Sep 7, 2016, at 1:57 PM, Robert Raszuk <robert@raszuk.net> wrote: >> Hi Job, >> >> Excellent. >> >> And my only point was to add that single sentence to the spec when next rev comes out. >> >> Suggestion for the sentence to add into bottom of the section 3: >> >> "The Autonomous System number used within the community field is an Autonomous >> System which understands the encoded meaning of the 8 octets which follow and which is >> to act on it." >> >> ... or something along those lines. >> >> Cheers, >> R. >> >> >> On Wed, Sep 7, 2016 at 6:11 PM, Job Snijders <job@ntt.net> wrote: >> Hi Robert, >> >>> On Wed, Sep 07, 2016 at 05:47:27PM +0200, Robert Raszuk wrote: >>> I agree with all statements made by Rob S. >>> >>> Kay's email however triggered the clarification question to the >>> current -03 version. >>> >>> What is the meaning of explicit AS number listed in the first 4 octets >>> of the community. I was under impression that originally it was the AS >>> number in which given community needs to be executed however it seems >>> that this sentence is no longer in the current version of the draft. >> >> The first 4 bytes contain the ASN in which the last 8 bytes have a >> meaning. Its not about what is executed where. Consider the last 8 >> bytes, the 'local opaque data', a namespace of sorts, the first 4 bytes >> indicate who owns that namespace. The owner of the namespace can >> publicly or privately document what the meaning communities are within >> his/her namespace. >> >> I welcome suggestions to improve the text on this aspect. RFC 1997 had >> language like "Global Administrator" and "Local Administrator" - but I >> think that is a somewhat archaic to explain this concept. In -04 we're >> talking about "Autonomous System Number" and "Local Data". >> >>> So it may be unclear if this is AS number inserting this community, if >>> this is target AS to execute it or perhaps like in the case of Route >>> Server is it AS acting as proxy for other ASes it peers with ? >>> >>> The answer could be none of the above - it's all local significant - but >>> then shouldn't it rather use a 4:4:4 description. >> >> What Kay described is that they today with RFC 1997 communities they are >> using a horrible kludge because there is not enough space. >> >> With Large communities, ECIX (AS 9033) could say "Dear customers, if you >> attach 9033:XXX:YYY to your prefix, our routeserver will do A", where >> XXX and YYY are values decided by ECIX. This way, there will never be >> collisions. What XXX and YYY are is up to ECIX, XXX could be the ASN of >> a peer on the route server, YYY could be an identifier which triggers an >> action, such as no-export. >> >> Given the above context and what Kay sent to the list: >> >>>> As we use 65000:XXX, where XXX is the ASN which should >>>> not receive the route, this proposal would give us the option to also >>>> extend the control-mechanisms towards 32-bit ASNs and not just 16-bit >>>> ASNs anymore. >> >> With Large Communities, the above example could be turned into: >> 9033:65000:XXX, where XXX is the ASN which should not receive the route. >> Suddenly they aren't overloading a Global Administrator field with a private ASN! :-) >> >> ECIX (and other Route Server operators) gain two advantages: There won't >> be a risk of collision because its in their own namespace, (in ECIX's >> case '9033'), and XXX can be a 4-byte value, meaning they can target >> 4-byte ASNs, which is something they cannot do today but clearly want to >> do for consistency. >> >> It is important to recognise that it is up to ECIX to decide how they >> use the 8 bytes of data available to them. They can put ASNs in there >> directly, or use a mapping table, or throw a dice and just publish which >> value means what on their Route Server. It is entirely opaque. >> >> Kind regards, >> >> Job >> >> ps. Large Communities' expiry date will be the moment the IETF starts >> working on 8-byte ASNs. If that ever happens, we'll hopefully remember >> this thread. >> >> _______________________________________________ >> Idr mailing list >> Idr@ietf.org >> https://www.ietf.org/mailman/listinfo/idr > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. >
- [Idr] Request to adopt draft-heitz-idr-large-comm… Job Snijders
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Nick Hilliard
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jared Mauch
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Van De Velde, Gunter (Nokia - BE)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… marco
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Eduardo Ascenço Reis
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Mark Schouten
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Paul Hoogsteder
- Re: [Idr] Request to adopt draft-heitz-idr-large-… i3D.net - Martijn Schmidt
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Greg Hankins
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Acee Lindem (acee)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Bertrand Duvivier (bduvivie)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Barry O'Donovan
- Re: [Idr] Request to adopt draft-heitz-idr-large-… heasley
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Grzegorz Janoszka
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Linda Dunbar
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Marco Davids (IETF IMAP)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Gaurab Raj Upadhaya
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Teun Vink
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jeff Tantsura
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Theodore Baschak
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Pier Carlo Chiodi
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Nabeel Cocker
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Dickinson, Ian
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jan Baggen
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Dunc
- Re: [Idr] Request to adopt draft-heitz-idr-large-… David Farmer
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Job Snijders
- [Idr] Moderating "+1" messages John G. Scudder
- Re: [Idr] Request to adopt draft-heitz-idr-large-… David Farmer
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Randy Bush
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jakob Heitz (jheitz)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Henderickx, Wim (Nokia - BE)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Kay Rechthien
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Stefan Plug
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Rob Shakir
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Robert Raszuk
- Re: [Idr] Request to adopt draft-heitz-idr-large-… heasley
- Re: [Idr] Request to adopt draft-heitz-idr-large-… David Farmer
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Job Snijders
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Adam Davenport
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Robert Raszuk
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Warren Kumari
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Gert Doering
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Thomas King
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jakob Heitz (jheitz)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Robert Raszuk
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jakob Heitz (jheitz)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… bruno.decraene
- Re: [Idr] Request to adopt draft-heitz-idr-large-… bruno.decraene
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jakob Heitz (jheitz)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… bruno.decraene
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Jakob Heitz (jheitz)
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Mikael Abrahamsson
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Wesley Steehouwer
- Re: [Idr] Request to adopt draft-heitz-idr-large-… brad dreisbach
- Re: [Idr] Request to adopt draft-heitz-idr-large-… niels
- Re: [Idr] Request to adopt draft-heitz-idr-large-… John G. Scudder
- Re: [Idr] Request to adopt draft-heitz-idr-large-… Tom Daly