IETF Logo Mail Archive

Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

Eric C Rosen <erosen@juniper.net> Thu, 20 April 2017 20:00 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A969131654 for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 13:00:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vum2dqHCSpBP for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 13:00:47 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0101.outbound.protection.outlook.com [104.47.42.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62411131647 for <idr@ietf.org>; Thu, 20 Apr 2017 13:00:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+70a7CNobvHAaVHnZK9RxytOpslvhYDv8ZOgjIsl0wc=; b=GeqLVi/bV0yWRwFxv7MDAsx+gMa82FHYWjmWZ0B7bL4MtDXkAfyUpoPxFCJPv+gIZrO7MuuvhkkZP08VMvOeph54uUFGig87fOeDv05lL3Y+Yprkay3aEuqii3byi4Q76uFh5pjlnein/kSn2OP3+RSoIDPp/9StFJlPNxIzvgY=
Authentication-Results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=juniper.net;
Received: from [172.29.35.36] (66.129.241.12) by BL2PR05MB2177.namprd05.prod.outlook.com (10.167.98.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.6; Thu, 20 Apr 2017 20:00:40 +0000
To: Tony Przygienda <tonysietf@gmail.com>, Brian Dickson <brian.peter.dickson@gmail.com>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <abe393d3-d1e4-7841-4620-38dab751765b@cisco.com> <68B29403-9AD9-4F06-9FE4-3F077E793D9F@puck.nether.net> <275cf744-1f64-bcbc-dabe-a47479921230@cisco.com> <20170420154142.lacvtplusepy3qcf@hanna.meerval.net> <b57162ec-f806-6e86-7713-58608f72c468@cisco.com> <20170420160736.GB15676@puck.nether.net> <75AC1A50-3DF8-4852-8FC6-BC302B121946@cisco.com> <CAH1iCirf=ha1mrw8EUzPp34R-DF=4J+=aFyMwVn2udi1UKNifw@mail.gmail.com> <CA+wi2hMPYcwbNhHtuWKWUXb4Lg3x81p786yLqeNEHFV1okGRvg@mail.gmail.com>
CC: "idr@ietf.org" <idr@ietf.org>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <dc04fe80-f844-29b1-2676-8f2bbda0ecbe@juniper.net>
Date: Thu, 20 Apr 2017 16:00:39 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CA+wi2hMPYcwbNhHtuWKWUXb4Lg3x81p786yLqeNEHFV1okGRvg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [66.129.241.12]
X-ClientProxiedBy: BN6PR20CA0005.namprd20.prod.outlook.com (10.173.158.143) To BL2PR05MB2177.namprd05.prod.outlook.com (10.167.98.137)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9d39292f-8086-41fb-ef80-08d48827ebf2
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(201703131423075)(201703031133081); SRVR:BL2PR05MB2177;
X-Microsoft-Exchange-Diagnostics: 1; BL2PR05MB2177; 3:Ex8MonhLH6S5ShIr+tchMAml9YtOvt8HhcnfEEUng9mE76Q8JhkrZ66Aq5eAH+kBLceASdpFLTqiwFs4BOqsBq0GjWs4iAeproigV76Ba/8yQx+8gfVVaOrOV75GaPlme9xc0NQIpteU5ygTg117POgNbO+kI2vHaP2ITTJszaqfba3G6Kp5fZCZf6Ou3jloy0dv3AVJ6UG4N7cRr1ZnPpcalSh5NSzlV8biHlJIEkxuYBsT/GQJ0TR7zS4+B69mhqZjn993HB4SDciNGpP8da7HWkvWMCa85GFyL+nL9SEzID3eNXL3EAYUyBgLO8p0IN6Vd9F8KZiilwW1T7kSAKidibkjVjNlETbBf9dd0XE=; 25:oLPiL/yCpKDHgyYYjjB+oplm+iPYhgbINhZNRFhfpNcsGcBTdBD3TJVOly+t5OSYNGPnW75iy99LEiUw81x3c3N01MB+kV9T8R8EMpRNlq8rBbqEgmc4XYC5yBjnjdxULm9lusMS/5//PZxQWOB+mYO8yu1ACz8XqtKyoZJDEVJSzDePfn/53Bste/A59DVTjCM2SiOcEWupcL3g2/CX+5x3AuU44dI6pefYy8rkA0neVnDlamnve3+5lm9BU1evbsHuaoMfbhUGB8L98zDg+d+2PasovvYT9wWAqJxnH71JAAppKyDNB/CFM8RiDpmAw7GGS/5KNj8DcRRrgyH3rqD/qV4+wSK0aaePfF68vP9VqumkH/7zyM6ySMDx1KJ6421snO2rmr75YUuY5p/ydBvtc6aX9q4eALBzhUXCn7JlKsxTQEZJaz58ipRpqqUtYHaR6OrFt3Jb7lVoNKDF7paIvkC/uJdDqD/eltoC99M=
X-Microsoft-Exchange-Diagnostics: 1; BL2PR05MB2177; 31:SrovBfrZgHKqYOs5ARvZ0UmObulyhAq+xT/PjBP/QUAUq2oEBd+3tsWdkzDG0FCVWPwP7nqdxNBV27K6mtE4oi25DAjcjPOd+8QNFQLewVfWr8Nh7cgodtivvzn3Aj++s0pBz2du+PXrm9168n0xak2+xrIi1+h++ry9CJ1Wv3xvJX2OrNfELrI624758R+musWrVn+029D6oDYVHRi7MTei0qx6oLTnTEe9BJMO9Zw=; 20:gwkrbsH64RE2wczW6QrajdG+GSCcJIPeWSNdY3BIRI4PC0htTg2CNYF2eQiIxpZaoy1feX9VomY32sGIDAuqSvwVYZ3Bex4eGQEB6au3FLkDkeqi9PlvRCl44f2iiTZja2q827gGa5XreoqcLvDskEAxuVSY94Pm6Vzbpy4422v9PPd45Su3tAdw3a3+7qG2y5CX49cjg0FnlTYLYGpZvRot+BhjIUTxf+UJ6k79/AcJypIYt14faEygs9R8nrs42iLfqsXxmM7QdChhDTBMvGH6Y/CR38s5Vr9mkBXeh82iQmFFIqSbidyFTd8fBPtrNFuSQ501NFsY7Q4sQDljG9S9W1hI86id8ZzrAoWoI5yiQfr8mGpObk3vL6g/lV26OXnQdikzVz1i88YnKrYGp+LIaS/S+TUr0sS0M7OjsC2RTcwt/asPEUWIbkNdsaI0HaC2l9rgDT7j+lk2mszmht2/SmIFNJxb963uLC2+wIaC8ZO+YTuvlLkKav7um746KpfPKKXEt4GAviiwLIq7TUPO/u7ZgrCSurSdcUpcfs7fNRourlRYVcvt4EXNb5WcfFMEK8VV+HxfoIwk60zChvbk1sWni2+5rU79PjWoX+4=
X-Microsoft-Antispam-PRVS: <BL2PR05MB21770A92F0FA16C899624D4FD41B0@BL2PR05MB2177.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123560025)(20161123562025)(201703131423075)(201703011903075)(201702281528075)(201703061421075)(20161123555025)(6072148); SRVR:BL2PR05MB2177; BCL:0; PCL:0; RULEID:; SRVR:BL2PR05MB2177;
X-Microsoft-Exchange-Diagnostics: 1; BL2PR05MB2177; 4:DquUcI4SFFh3KGHa/tK7ZRFR1b8ZE8VYOUhMPpX+9G2vxclGP0mgNwWst5mCrjXghsSeIkBBmMVDNL0ZaCufdCfKNAaZNrXAlYOt6lHCPJb4dMEhtas3anWiJw6s+w4royLsapK/rahfbdS81JqoCXbusS1CkHNlF5Yx48SNJ7zb2mVBq1eMFpLsGydvMGEyWXf0VbVFsJ1+JnPigv6bWDJfpvTYzP/IHc6sjDpBR2LnbqVTBfBoYnTIcBN2h7tDVWGLrG/RY+rBVApFgixrnIdgJucBQmbch7GtD49ZmDsade6KPsp44l+jkVR80kUTVfq8DqggIf+/9J3M6uqsBbRj2pp0NOoPGsC1uKc1zV/iAQDPuCxvcyWaaEvDRnKblSGcKzBTXRj3MgblGTKOj4keqKRI0CII8MpoihnIjI3EY9Ua/4zm/SZ2Wh7T7M1qBxls/02HHlAe4My5AOJilNIkzgxRumlDkdeh3oAGaM0ozj6l6yTjaB496qL5Qdt4+h9KNJAGUNDAYndPdyjySJixok5FcDff4u/JdzGwDU6xdgGlBaBxz0xQEgqmwUUjKJSlernK8DSh4zWAYvw1TvSkk4Rc2F+QkqSNCm7SsSr7dYW9EnSWkDuplLCM4RcacGhQYjVjdtodlgxQJwfDhu8CYc5DKbf937nds6nAWAKpEF1+AeLoyzOiI3SRmxZI3rx4++fDie4P3ThLFYugoNMYodObtu64fLrlh5rN0ikXeBBaVtYs2hCuvpSl0QD288384x2VAe44XgrzmWL79/GYBVzb8GUee+bnKe64UKLn+M+9B228z1BhoDhUnYnz
X-Forefront-PRVS: 02830F0362
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(6049001)(39860400002)(39450400003)(39400400002)(39840400002)(39850400002)(39410400002)(377454003)(24454002)(6116002)(3846002)(2906002)(561944003)(305945005)(189998001)(7736002)(230700001)(4001350100001)(54356999)(38730400002)(76176999)(50986999)(31696002)(36756003)(86362001)(53546009)(25786009)(5660300001)(42186005)(6246003)(6486002)(77096006)(23746002)(53936002)(47776003)(93886004)(90366009)(65956001)(65806001)(66066001)(2950100002)(50466002)(31686004)(33646002)(83506001)(4326008)(81166006)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR05MB2177; H:[172.29.35.36]; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2PR05MB2177; 23:0QTn+AaoEflhtHeHKq3MC3YTErvJuo1nom7+XY/j0qEJrhfQ+DedpBWuiVqakcAtJrDYVP44ulyxqAKU53UhJAQTtUtyqSQYg8DeMlHmN9LSLVlUxFP9gkZvICXtl9oFcaPGNWMSi7CMVzKZgwGFINK8ndBxAWINtrz7sZN68Fs/uKsMclTKQDO8C0Pt8Mh99cOKpXx4B8vZLTEa5VbeUA2ymwsgDbGkTJft374TIllPtFVvEH1di6GH6dZ6dMwweW4Cx4igFZRpxAalMYiyDYOBWjpXqbUePD/urh0oCrQ0LAhJuE7K2FcKIt0Cyn/bFBVeCZJOUvi9aKmU4UV7V1+62SsT9N/Q7wo3uVZb9LLjiky7n7zQxp/laoqugWaS3O2gzmh9kJBxXvDOrPb0WO+k5e7X3q65PC0aEZGgMIp4D8fWABZLOvf8t5UnnoXdntuEHbEmmLV6lWiO6hR00dvvpk715f3BKoL1VhgUfd9sPyiUkMkBuGNXR57vjqtmL4Oi07gyiKxcTDiAPjOa2B7iZPf9pI14GOrX5rsnLuwl+eJJWEfUAbsHoONR0cvItOy0PQ2kHXAkyq7BE0MySVVtKkEZvnGqS1F8mzUJQUgW4yiMHaGRUdi+hnalF7sLF0asI6nzWtj3AXPTHxOW8w2A1uG95A2kmAFWZfQrN1TUWM+D9j5ekQFyFxJKSfQF4aTmMm1zpdb7ULZoD8GAg6OQHeSGpTouW5w23+WmGUrSWWh5RPnwWVQdUWRDBJREEBfskWTnZFF0/BxJf+CJteaYs9l1LaZOTHpBZ+mPQAT+ROb9gbJhDbF3sOfSRFmJe5zARpTuqT9g+mMPjnGmmHPo7SegoG/QWsFPhBGNqzowN8YXixiij2oo3Um7PNMY0JX2DQQXHmePxjgGeIg0LVp4FAAo5B5Kgxr7jD78nfotowiZNxXy3aFwzOPh9D9WSVrekQuEz8hapRkVYs9hNQTQvgxyZlem2CVJ6ztYyAYIGKupOqHa/zALVw32jCb6NRIpGO2f+D26jFqSV6ULmhoLrV/BRmJVveN10FqstWgYJ21F9YXEk/1DdpbQ5jeb965DACa22eNYfe5f2N1QfuxeWtTyBJbRYndh8Jgzo2xMh3KQBnGkWr08k7QbKXkxw53q28rONWcDnHsZoJmIIgA7O9cv+O5BgaCTcbDOOvu1jflNUexkr9sL50FxoCLUmg37Jafk2g4e1FkvQTYrOF+qA3/6Z0kIsvigsNjWjp4=
X-Microsoft-Exchange-Diagnostics: 1; BL2PR05MB2177; 6:aEX5xopCZWhWxr2eiImtmQSge64ZRTTN9N6RV4+Rx7lV4QG1ul2mk1GdAqsGIKjgM2uF1xKtnvKqDAtE6hD/nqLgtjJ3sLZuQcIzaQ9s9d10crSfQyaKDCyMosgELes/vAZvG25uRIg3wUOTTIqYkj5xjb4GKzKU0WAOe2u80batwgdNyqQJV7s7aIl6TFni5Jpi8zmeS+Kd4MjMAgZDJ5S545GGDOhZUgJK/fKTorl0qTizsyaTt9KEU0KtBVSQKzcHgSWnm7TU/d9poVyXb6NUubYZ32nQClRNyNe00j1p6aBPkoOU73iSs87aLN6Q0WkvKUN3TWnPVIme3OX7khSWkRbDHdI+tE5aOw/5L7xO1MRhLIW3EG+uT9/IYFxst/o1r1Jakb9NfcuazhtvBe1Cbtwe6mLJGLrzq65rbzxwXG6yvKW4xukAuWm9wKnkQtq3XE6Wid2z6fTOFsZmM89+qaOyP05722lCQwARtuCVQ61BiXMz+uKjoKmOk0vOERVdiysuGurN7CBfqkf3OtXUT0T7lLQAlX5mE53YMr4=; 5:7f00t8qMe98fXdSRKteEoAMiAmxspnxnA5rB4rE9T5UMYZl5CbAnl1XBvpZE6fLBtVqM1nUn91PkYIwFziqfyZaBILZ8KXenWAgG6aHPr7UAqkvJ9VlWD/mDrSNPj+vp3hylzG1FYDOdQpZNex06Xg==; 24:oaE9psLL2DO33Mk1jrB/CClbQpB2mTwKnh0cd67Ea0oZkaIcYSbGTzCQhy3ac5+jQfOceu8RKOhm74/lvtp0zRpDq9lS6gMj7yVBMr3+D88=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL2PR05MB2177; 7:LiTq/O+2r+/NkBJeV4jkpqo01JMVXueEfThp2C09VF4j9YQZKkFuYo4qSngPjDmuzLgQKrC2NBQsxIt5KXYoztIoPaHm3wjSsEWZrA8wQ26+Zg14M2VRbKY/dC2THphe+gNg2+9UDCsTb4w81RDKKktCszsOS2mNTzs3nwcCI4Nh8EuaF6jGHJtdluqlhrExzCrEBfaqbU9RSLjy0t60iqQqq1UBHT0CqNGJ1CNX0vXXN1hUToIHaaI0U2UmOxX7qN7CBCOSaI+5oSNPRx1MtDdy/opLr7iSMsXk1RD53vrvKVM6lyhiTEQ4PY2SnFHi6VZXhXyA5fUR8Lp5lYaMpg==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2017 20:00:40.2975 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR05MB2177
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/8-JLRbEtzHlFuOAIu2xrDdJvSwo>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 20:00:50 -0000

On 4/20/2017 2:24 PM, Tony Przygienda wrote:
> Can't miss that food fight ;-)

It did seem to degenerate rapidly into "if you don't agree with my 
proposal, you don't care about security".  ;-(

I agree with Enke that surprising your customers with a change in 
behavior due to altered defaults is generally considered to be a big no-no.

When the customers complain about a change in behavior, it is not 
considered appropriate to respond with "it's not my fault, you should 
have read the release notes", or "it's not my fault that you don't know 
how to troubleshoot BGP", or "it's not my fault that you didn't do your 
due diligence".

Phasing in a change of behavior over several releases is not a practical 
solution, because:

a) Customers will still be surprised when the default behavior finally 
changes, and
b) Many customers won't deploy all the releases anyway.

>
> Having said that, I think this is BCP material at best and if this is 
> a BCP then
>
> i) a "backward compatibility a.k.a which end of the stick is sharp" 
> section is very advisable

I would agree that something more than "figure out how to configure the 
new release to behave like the old release" would be helpful.

> ii) the BCP should describe which customer segment is best served with 
> which default
>

But then operators from different segments would have to get together to 
understand each others' requirements, and they'd have to respect each 
others' opinions as well.   I can't wait to see what happens when the 
"trust nobody" folks get together with the "zeroconfig plug and play" 
folks ;-)

The dilemma is that there is a real security problem in certain 
environments, but the proposed solution seems to have unintended 
side-effects that are problematic.  Then the question becomes whether 
the benefits are worth the cost, and this is not really a question that 
can be resolved by IETF consensus.

v2.23.0 | Report a Bug | By Email