Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

<bruno.decraene@orange.com> Thu, 20 April 2017 16:47 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECEBC13147F for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 09:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ksEtUgP7KZ0j for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 09:47:17 -0700 (PDT)
Received: from relais-inet.orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C88C129B08 for <idr@ietf.org>; Thu, 20 Apr 2017 09:47:17 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id B36E6C03D0; Thu, 20 Apr 2017 18:47:15 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.21]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 6E9291A0064; Thu, 20 Apr 2017 18:47:15 +0200 (CEST)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM6C.corporate.adroot.infra.ftgroup ([fe80::d9f5:9741:7525:a199%18]) with mapi id 14.03.0319.002; Thu, 20 Apr 2017 18:47:15 +0200
From: bruno.decraene@orange.com
To: Jared Mauch <jared@puck.Nether.net>
CC: "idr@ietf.org" <idr@ietf.org>, Hares Susan <shares@ndzh.com>, Enke Chen <enkechen@cisco.com>, "aretana@cisco.com" <aretana@cisco.com>
Thread-Topic: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
Thread-Index: AQHSufA5Fx6qnNOc8UaJCUOYEKex/KHOdQgQ
Date: Thu, 20 Apr 2017 16:47:14 +0000
Message-ID: <28100_1492706835_58F8E613_28100_2329_1_53C29892C857584299CBF5D05346208A31CC1989@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <abe393d3-d1e4-7841-4620-38dab751765b@cisco.com> <68B29403-9AD9-4F06-9FE4-3F077E793D9F@puck.nether.net> <275cf744-1f64-bcbc-dabe-a47479921230@cisco.com> <20170420154142.lacvtplusepy3qcf@hanna.meerval.net> <b57162ec-f806-6e86-7713-58608f72c468@cisco.com> <20170420160736.GB15676@puck.nether.net>
In-Reply-To: <20170420160736.GB15676@puck.nether.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/5Tv49elEpkbAbRPsbpw93Ce67ZY>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 16:47:19 -0000

Jared,

> From: Jared Mauch > Sent: Thursday, April 20, 2017 6:08 PM
> 
 > On Thu, Apr 20, 2017 at 08:57:07AM -0700, Enke Chen wrote:
 > > Job,
 > >
 > > It depends on the customer base and also how long the software has been deployed.
 > > Just think about the scenario that a large number of customers would lose network
 > > connectivity unexpectedly due to a default behavior change in the code. Such outages
 > > could keep happening to different customers for years to come.
 > >
 > > Perhaps, changing "impossible" to "impractical" :-)
 > 
 > 	I'd like to call it well-considered. :-)
 > 
 > 	I'm operating a network with Juniper, NX-OS, IOS-XR, IOS-Classic, IOS-XE,
 > and various implementations that require custom policy to be implemented.
 > 
 > 	There can be a path forward plotted that would prevent currently
 > deployed people from having issues, we're surely bright enough to do that.
 > 
 > 	To make it clear: I don't want to break someones routers.
 > 
 > 	I do want to make it harder for someone to leak a table when they
 > have a new router.

Have you considered starting solving this issue with yang model? Although this is more long term, this should be the target/long term solution and hence this has a significant value. Also the installed based is smaller so change would be easier. And finally, this probably natively only applies to new EBGP sessions, i.e. would not affect existing deployed based.
e.g. the (mandatory) default import/export policy would be to filter all routes. 
 
Regards,
--Bruno (just trying to propose something, feel free to ignore)

 > 	I don't belive the bar should be high, it can be embedded in whatever
 > configuration/ZTP/automation/cut+paste template out there.  It could come
 > in the form of yang over netconf, or a DHCPv6/DHCPv4 option.  It could
 > come from a TXT record in DNS, or wahtever configuration method the vendor
 > invents that is new and unimagined by th WG today.
 > 
 > 	I don't feel it requires updating 4271 to attain that goal, it's
 > clear implementors have seen a path to do this today without having
 > a concern with 4271, and I believe that Alvaro is wrong in the presumption
 > this document updates 4271.  (I'm also willing to be told that I'm too rough
 > for consensus :-).
 > 
 > 	- Jared
 > 
 > --
 > Jared Mauch  | pgp key available via finger from jared@puck.nether.net
 > clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
 > 
 > _______________________________________________
 > Idr mailing list
 > Idr@ietf.org
 > https://www.ietf.org/mailman/listinfo/idr

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.