IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt

Job Snijders <job@ntt.net> Wed, 05 October 2016 16:17 UTC

Return-Path: <job@ntt.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76F381297A3 for <idr@ietfa.amsl.com>; Wed, 5 Oct 2016 09:17:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.931
X-Spam-Level:
X-Spam-Status: No, score=-4.931 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.996, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Jhen_jukujy for <idr@ietfa.amsl.com>; Wed, 5 Oct 2016 09:17:48 -0700 (PDT)
Received: from mail3.mlpsca01.us.to.gin.ntt.net (mail3.mlpsca01.us.to.gin.ntt.net [IPv6:2001:418:3ff:3::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AA05129550 for <idr@ietf.org>; Wed, 5 Oct 2016 09:17:48 -0700 (PDT)
Received: by mail3.mlpsca01.us.to.gin.ntt.net with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <job@ntt.net>) id 1brot7-000Cto-K3 (job@us.ntt.net); Wed, 05 Oct 2016 16:17:47 +0000
Date: Wed, 05 Oct 2016 18:17:41 +0200
From: Job Snijders <job@ntt.net>
To: Jeffrey Haas <jhaas@pfrc.org>
Message-ID: <20161005161741.GY20697@Vurt.local>
References: <147531113077.4216.12599976309263776317.idtracker@ietfa.amsl.com> <20161001085434.GW20697@Vurt.local> <005b01d21d58$aaf869e0$4001a8c0@gateway.2wire.net> <20161003095936.GC20697@Vurt.local> <57F51937.70103@foobar.org> <4C5E4C28-E26F-44C3-A661-514328180F6E@pfrc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4C5E4C28-E26F-44C3-A661-514328180F6E@pfrc.org>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.7.0 (2016-08-17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/8_Ztt0tzaALssr4ScbbYFTP9hFg>
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 16:17:50 -0000

On Wed, Oct 05, 2016 at 11:46:06AM -0400, Jeffrey Haas wrote:
> > On Oct 5, 2016, at 11:16 AM, Nick Hilliard <nick@foobar.org> wrote:
> > 
> > This paragraph should be omitted completely. It adds nothing.
> 
> I agree.

Nick, Jeff, thank you for your feedback. I've deleted the section from
what will be -02.

> To the authors:
> Other things I note while reading the draft:
> "Global Administrator:  A four-octet namespace identifier.  This
> SHOULD be an Autonomous System Number assigned by IANA."
> delete "assigned by IANA".  That's not usually their business.

agreed.

> Similarly, I find the following sentence adds no value:
> "There are no routing semantics implied by the Global Administrator
> field."

This sentence was already deleted following feedback from Tom Petch
(https://mailarchive.ietf.org/arch/msg/idr/GF4yLYbWltrj8rKNtdPk1xxexv8)

Thanks for seconding the removal.

> I am also unclear on the semantics of why atomic aggregate impacts
> whether merging happens or not.  (Please don't make me break out 10+
> year old points as to why AA has been broken from day one.)

I'll leave this for others to comment on.

> I'll reiterate my objection to a mandatory representation format, but
> other implementations that actually are impacted will make my point
> for me.  Unless we're doing a yang module, IETF really has no business
> specifying UI.

There are more examples where the IETF (for better or for worse) has
specified canonical representations. For example, I'd be disappointed if
a major implementation ends up representing Large BGP Communities as
straight uint96_t's in the UI.

A challenge here is that there might be two issues at hand: one is the
canonical way to represent a Large BGP Community in a phone call, or in
technical documentation which is provided by one operator to another
operator. The second issue is what is actually typed/inputted into
network element configurations.

The "Textual Representation" section should provide any implementor with
enough freedom to use a prefix, suffix, or a separator of their
choosing. Given the current text:
https://github.com/large-bgp-communities/large-bgp-communities/blob/master/draft-ietf-idr-large-community.xml#L208-L232
should we change the first three "MUST" to a "SHOULD" to alleviate your
concern?

Do you consider my concern about a canonical format for inter-operator
communication valid?

> With regard to the security considerations, I'd drop the "and BGP
> Extended Communities".  While the generic ext-comms draft originally
> passed through IETF process with its somewhat weak session, I think
> any practical security analysis of it would point out that the
> signaling information covered by ext-comms is significantly greater
> than the base 1997 case these days.

You make a fair point, I have removed that string (unless someone
champions that it should remain part of the draft).

> Similarly, I'd drop "trust in every other AS in the path" section.  If
> you're going to dig into that issue, you'll end up in a world of
> security considerations hurt.  You still will courtesy of the way our
> security ADs function with their odd understanding of how protocol
> work and operations collide, but you're almost always better off
> starting with too little and let them guide you into what they want to
> see than give them fodder for confusion early on.

To confirm, you propose to change;

	"This document does not change any underlying security issues
	associated with any other BGP Communities mechanism.  Specifically,
	an AS relying on the Large BGP Community attribute carried in BGP
	must have trust in every other AS in the path, as any intermediate
	Autonomous System in the path may have added, deleted or altered
	the Large BGP Community attribute. Specifying the mechanism to
	provide such trust is beyond the scope of this document."

to

	"This document does not change any underlying security issues
    associated with any other BGP Communities mechanism."

correct?

I can agree to this simplification. The text was put in as an attempt to
preempt some security review scrutinity. It continues to be a challenge
to figure out how far one should go to scope expecations, and when to
write down something is out of scope, or not. Feedback from others on
this specific topic is most welcome, if case no further feedback offered
I'll remove that part of the section as per Jeff's recommendation.

Kind regards,

Job

v2.23.0 | Report a Bug | By Email