IETF Logo Mail Archive

Re: [Idr] Returning draft-ietf-idr-rfc5575bis to WG, new 2 week discussion period

Robert Raszuk <robert@raszuk.net> Fri, 14 June 2019 15:49 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F35C0120094 for <idr@ietfa.amsl.com>; Fri, 14 Jun 2019 08:49:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2Nn0N2-LuhK for <idr@ietfa.amsl.com>; Fri, 14 Jun 2019 08:49:48 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 034FE12012C for <idr@ietf.org>; Fri, 14 Jun 2019 08:49:48 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id c70so1953563qkg.7 for <idr@ietf.org>; Fri, 14 Jun 2019 08:49:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=niiiehH7Z2s3cKB6EASreuyqBAwRSCnXLJI8Wa2docc=; b=T/FHFo7o5GOudlu4AE6ORteeAQwFGVFkZ7qL7nU39ClAq8NCj2temtmLwNfX7cx8Hx /1VDsaN4O2NAExLi2cx2FR9+j/FjJS0XEmQhg7BWSkKJH6AKq5/KOfR44em1eC108z2C L5I3Su+isldS/xz+HDBkKbplYXRdpg62ZvemYIgvrvrTY8+CmbQkUCJZ2YBqu0E6Z64W oQfQi38Uh7aJgoQPgL2zS3zvixuAvVqy9xU2GH2Jb9/5wBoPl8T6dLWjvzINILbVJASe m4jq6x27GP5OOfTrpl9WUCcb23PMQq/jwY7OdvDj+OkBAtyhIMGbgi8cXxHm+TAy54W6 v6mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=niiiehH7Z2s3cKB6EASreuyqBAwRSCnXLJI8Wa2docc=; b=QF4eE/1IY87xuGGVXb+SUtnP5+Ib2ErHoSd0/yEqGbaXKnS8ZM9bij1f6mKqyamPIo krKElh5/tOBQ3i32W6Pbsj2RguAmm1NAP4tApoRHeBJ1j76Oz76/JXKs/Hv87Nnisqzc yqKzApwevkL1ef8iIz24N/8O86kUSis7+xly2Dth4+Ew5cOiE1l0wL1v03mEqpmOY4nN 9E0Db7ia2SluquhFOHGz3AuAzAqUffOLaxjAo3/MQvwWiQMU2Nmq997/52JQWQXSAnlz BVKQ5EtTntR4iBA5zNxUkeMFJ2fIIOZvA0ugTGC8ynwQmIZcouW2pNFHvq5bj8UwNW5T qG5g==
X-Gm-Message-State: APjAAAVk3jQ+RPxRC3fRgj1rs7MYNOLrARflwAP2IrVOxLqClbYmUofQ 3SXK1VQwkED9Zczer81USXhvF/QXlBUBriv5rl4WKA==
X-Google-Smtp-Source: APXvYqxiTW/WopYnEo2muOy7/OHxtPAwgRsYbPhN89JuneVBXNVu8GEQdQCf7QqMnUv9pgoK5jVxj85rnlzU6aGRWzw=
X-Received: by 2002:a37:b7c6:: with SMTP id h189mr76381307qkf.347.1560527386976; Fri, 14 Jun 2019 08:49:46 -0700 (PDT)
MIME-Version: 1.0
References: <A68BF050-9846-4E14-918D-297548E078A2@juniper.net> <99A607F0-84C5-4D3D-99EF-36B733DE205A@tix.at> <20190613205310.GI23231@pfrc.org> <374ACD0E-45BC-4416-AE8B-8D5C1AF6535D@tix.at> <20190614154743.GL23231@pfrc.org>
In-Reply-To: <20190614154743.GL23231@pfrc.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 14 Jun 2019 17:49:31 +0200
Message-ID: <CAOj+MMH8gb=6xSG1ju5gBkgAb+EYHLhHknfv+hzh+0vQ9pQKxQ@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Christoph Loibl <c@tix.at>, John Scudder <jgs=40juniper.net@dmarc.ietf.org>, "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009039d8058b4a98a8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/6F1q1mc9dyb3esXePiA0jeAB1iM>
Subject: Re: [Idr] Returning draft-ietf-idr-rfc5575bis to WG, new 2 week discussion period
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 15:49:52 -0000

> Juniper's implementation doesn't do useful things when the dest-prefix is
absence and validation is on.

I would classify this as deployment misconfiguration.

If you are using flow spec for other then DDoS use cases you should disable
validation.

Thx,
R.


On Fri, Jun 14, 2019 at 5:46 PM Jeffrey Haas <jhaas@pfrc.org> wrote:

> On Thu, Jun 13, 2019 at 11:54:22PM +0200, Christoph Loibl wrote:
> > I have no lab at hand (now) - but I am really curios how ie. Juniper
> (also
> > other vendors) actually validate FS without a destination-prefix
> component
> > (to be honest, I never tried this - but it is supposed to be easily
> > verified).
>
> I will somewhat coyly note that John's text does not come out of pure
> protocol pedantry. :-)
>
> Juniper's implementation doesn't do useful things when the dest-prefix is
> absence and validation is on.  This was noted during some internal testing.
> When we were approached for "what should we do, it's not in the spec", the
> proposed text arose out of internal discussion. (Including "well, it's
> effectively 0/0.)
>
> The pedantic behavior would be to say "it's 0/0", but it leads to the
> "originate default" as an answer.  This is not behavior we'd operationally
> encourage and thus we are having this discussion.
>
> -- Jeff
>

v2.23.0 | Report a Bug | By Email