Re: [Idr] New BGP capability to advertise running daemon version

Donatas Abraitis <donatas.abraitis@gmail.com> Fri, 02 August 2019 07:27 UTC

Return-Path: <donatas.abraitis@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 041961200B5 for <idr@ietfa.amsl.com>; Fri, 2 Aug 2019 00:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzQHRtwyPhnI for <idr@ietfa.amsl.com>; Fri, 2 Aug 2019 00:27:48 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1142120137 for <idr@ietf.org>; Fri, 2 Aug 2019 00:27:47 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id s145so54070951qke.7 for <idr@ietf.org>; Fri, 02 Aug 2019 00:27:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=y5pBw34I56t6oYEUl+XAEzwtlZoee4PPDCWfQZ8RsRk=; b=fmqFeOrC960zhWj5Z2Hn9E4k5ZqN1Xl6erdAcYfe4Eb7i44OGoZRLobL5YBt05UUNO XvYtvkp/w6/cin83TZBsN3poqNy75i9Mr1cSxrK9nwi+mjexHxbQ9n2oZWe3TmWdqBE8 iS+LR1gSOJPyC73aNhM2asDUYtcgrxMKflIhgZFLQJLLeagk1RouaL7tDCAmxdOt9efi b+IEVrVAbjHhM0LFcb1wKkszkHLFUT3K2dqQcPP1WiK+j3K3vjWZ874n+haJkWy00PFd XX3wOJMStgFELYLh1UwXFWSMQxMuhDk2/O4n8kfmNwrCLsp6+dvD6/vC6Z19ebTzbcMR JA7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=y5pBw34I56t6oYEUl+XAEzwtlZoee4PPDCWfQZ8RsRk=; b=lWSV9GJvOYfnNU8Hbv4CJXhbW+bmGdW3lPSHJQfHqMIxvxpiimTrhNvo5FRmZRWDvN JKuC6YrPZdGtJe0KoYA5lTkvTrzHjEwlNvhvJ4nbfFRtZ79kuT52Ds77jO9pV+ow5PgK ojFup5/aveIT04BmECRE9RvwGpUwdQ/5+LZlm0v4lZl6QR1sh0KBueVxEHEzcH1qKV6b SMA3ocBSHWffVH2pW9D1Bs7rtBN9R+Mbb0gW+vVEnngD7Cxd+mAnoSUeTXSXzeAHfeZr 76KS0j+xZ/xbPqucoAfww7ToCsAspxwfgveif4p5IHEc6c+xBYTnAB7socDko1WMozDf cEAA==
X-Gm-Message-State: APjAAAVU8lhNfjeDfgJurv+UwN6oqCa89d0kUn9Pu5X6KIrbc/tUk1+5 1cJjFAayEL0tvv7x95lQxxxk/zXtl8rWScZbxGg=
X-Google-Smtp-Source: APXvYqyT0eLcRJz/99yHVKvfPjAz9YbmneMAdtOobWiC3/fiwtgnvL2xANL81PdXUvQRQqtkh9dPBznxfyZRwVyvNSQ=
X-Received: by 2002:a05:620a:16c6:: with SMTP id a6mr52862395qkn.413.1564730866976; Fri, 02 Aug 2019 00:27:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAPF+HwV3EEUza3FyiXsd_oSkj80OwY-tE2DgFWnynq1FL2tLHg@mail.gmail.com> <015d56c13d01436890da2b8a7179fac9@turkcell.com.tr> <CAPF+HwV2Df6qcRD+GrE_JFv8W5Yh3OACKZrdv1Bw4PXQbjtDyQ@mail.gmail.com> <543a6216785b4049883cc7cae7adde79@turkcell.com.tr>
In-Reply-To: <543a6216785b4049883cc7cae7adde79@turkcell.com.tr>
From: Donatas Abraitis <donatas.abraitis@gmail.com>
Date: Fri, 2 Aug 2019 10:27:35 +0300
Message-ID: <CAPF+HwWdBiy3GRk=jyWi5F=6DwaEt15HQ32f5GgMf3gR9Sx0yg@mail.gmail.com>
To: ERCIN TORUN <ercin.torun@turkcell.com.tr>
Cc: "idr@ietf.org" <idr@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/7WqMa36XWhXHlcsMc1sKTRfJkbQ>
Subject: Re: [Idr] New BGP capability to advertise running daemon version
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 07:27:53 -0000

I got your point, thanks :)

On Fri, Aug 2, 2019 at 10:25 AM ERCIN TORUN <ercin.torun@turkcell.com.tr> wrote:
>
> Hello Donatas,
>
> In FRR, profiles are a way of toggling mechanism but not all vendors implementations works the same way (e.g. toggling capability or its negotiation specifically). Anyway it is just a suggestion, not a crucial point.
>
> Regards
>
>
>
>
>
> -----Original Message-----
> From: Donatas Abraitis <donatas.abraitis@gmail.com>
> Sent: Friday, August 2, 2019 9:56 AM
> To: ERCIN TORUN <ercin.torun@turkcell.com.tr>
> Cc: idr@ietf.org
> Subject: Re: [Idr] New BGP capability to advertise running daemon version
>
> Hello,
>
> yes, it's risky and shouldn't be toggled by default, but in data center environments where you have full control, it's very handy. For instance in FRR has a few modes to operate like traditional and datacenter. By having datacenter profile enabled, it's safe enough to have this capability, IMO. Or as you suggested, just an additional knob for configuring this is considered as well.
>
> On Fri, Aug 2, 2019 at 9:39 AM ERCIN TORUN <ercin.torun@turkcell.com.tr> wrote:
> >
> > Hello Donatas,
> >
> > I do think that your suggestion is handy, but from security perspective it is risky if you are enabling such a feature in a non-trust environment. An implementation warning should be added for vendors/code developers not to enable this capability by default. Enabling such a functionality by default might result in your neighbors knowing your BGP implementation & its version, which might contain security risks.
> >
> > In security section you refer to RFC3552. In section 6.1.1.4 (https://tools.ietf.org/html/rfc3552#section-6.1.1) of mentioned RFC same suggestion exists but only for SMTP.
> >
> > Regards
> > Erçin TORUN
> >
> > -----Original Message-----
> > From: Idr <idr-bounces@ietf.org> On Behalf Of Donatas Abraitis
> > Sent: Friday, August 2, 2019 9:08 AM
> > To: idr@ietf.org
> > Subject: [Idr] New BGP capability to advertise running daemon version
> >
> > Hi there!
> >
> > I would like to propose a new idea of how to simplify the debugging process when dealing with lots of different BGP speakers and even more with different versions.
> >
> > Basically, the implementation is very trivial, but it would be handy in cases when you should debug why some functionality does not work between two or more BGP speakers. Having this in place would speedup troubleshooting time. Even better if that comes to automation to gather information around all infrastructure you have.
> >
> > The implementation and details are posted in this draft:
> > https://www.ietf.org/id/draft-abraitis-bgp-version-capability-00.txt
> >
> > Waiting for comments.
> >
> > Thank you!
> >
> > --
> > Donatas
> >
> > _______________________________________________
> > Idr mailing list
> > Idr@ietf.org
> > https://www.ietf.org/mailman/listinfo/idr
> >
> >
> > [http://www.turkcell.com.tr/downloads/bireysel/img/Tcelldis.gif]
> > <https://ddei3-0-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=htt
> > p%3a%2f%2fturkcell.li%2fiyaani&umid=4041BB64-8F1C-DC05-87C2-15D2846F2A
> > 9C&auth=54639621fcdd7e0f42d2a208112da27408386c06-c873efbf57aaf2ae8cad8
> > dceac16346b12df973d>
> >
> > Bu elektronik posta ve onunla iletilen butun dosyalar sadece gondericisi tarafindan almasi amaclanan yetkili gercek ya da tuzel kisinin kullanimi icindir. Eger soz konusu yetkili alici degilseniz bu elektronik postanin icerigini aciklamaniz, kopyalamaniz, yonlendirmeniz ve kullanmaniz kesinlikle yasaktir ve bu elektronik postayi derhal silmeniz gerekmektedir.
> >
> > TURKCELL bu mesajin icerdigi bilgilerin doğruluğu veya eksiksiz oldugu
> > konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin
> > ne sekilde olursa olsun iceriginden, iletilmesinden, alinmasindan ve
> > saklanmasindan sorumlu degildir. Bu mesajdaki gorusler yalnizca
> > gonderen kisiye aittir ve TURKCELLin goruslerini yansitmayabilir
> >
> > Bu e-posta bilinen butun bilgisayar viruslerine karsi taranmistir.
> >
> > ________________________________
> >
> > This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted.
> >
> > TURKCELL makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TURKCELL.
> >
> > This e-mail has been scanned for all known computer viruses.
>
>
>
> --
> Donatas



-- 
Donatas