Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
Job Snijders <job@ntt.net> Wed, 05 October 2016 16:17 UTC
Return-Path: <job@ntt.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76F381297A3 for <idr@ietfa.amsl.com>; Wed, 5 Oct 2016 09:17:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.931
X-Spam-Level:
X-Spam-Status: No, score=-4.931 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.996, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Jhen_jukujy for <idr@ietfa.amsl.com>; Wed, 5 Oct 2016 09:17:48 -0700 (PDT)
Received: from mail3.mlpsca01.us.to.gin.ntt.net (mail3.mlpsca01.us.to.gin.ntt.net [IPv6:2001:418:3ff:3::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AA05129550 for <idr@ietf.org>; Wed, 5 Oct 2016 09:17:48 -0700 (PDT)
Received: by mail3.mlpsca01.us.to.gin.ntt.net with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <job@ntt.net>) id 1brot7-000Cto-K3 (job@us.ntt.net); Wed, 05 Oct 2016 16:17:47 +0000
Date: Wed, 05 Oct 2016 18:17:41 +0200
From: Job Snijders <job@ntt.net>
To: Jeffrey Haas <jhaas@pfrc.org>
Message-ID: <20161005161741.GY20697@Vurt.local>
References: <147531113077.4216.12599976309263776317.idtracker@ietfa.amsl.com> <20161001085434.GW20697@Vurt.local> <005b01d21d58$aaf869e0$4001a8c0@gateway.2wire.net> <20161003095936.GC20697@Vurt.local> <57F51937.70103@foobar.org> <4C5E4C28-E26F-44C3-A661-514328180F6E@pfrc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4C5E4C28-E26F-44C3-A661-514328180F6E@pfrc.org>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.7.0 (2016-08-17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/8_Ztt0tzaALssr4ScbbYFTP9hFg>
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 16:17:50 -0000
On Wed, Oct 05, 2016 at 11:46:06AM -0400, Jeffrey Haas wrote: > > On Oct 5, 2016, at 11:16 AM, Nick Hilliard <nick@foobar.org> wrote: > > > > This paragraph should be omitted completely. It adds nothing. > > I agree. Nick, Jeff, thank you for your feedback. I've deleted the section from what will be -02. > To the authors: > Other things I note while reading the draft: > "Global Administrator: A four-octet namespace identifier. This > SHOULD be an Autonomous System Number assigned by IANA." > delete "assigned by IANA". That's not usually their business. agreed. > Similarly, I find the following sentence adds no value: > "There are no routing semantics implied by the Global Administrator > field." This sentence was already deleted following feedback from Tom Petch (https://mailarchive.ietf.org/arch/msg/idr/GF4yLYbWltrj8rKNtdPk1xxexv8) Thanks for seconding the removal. > I am also unclear on the semantics of why atomic aggregate impacts > whether merging happens or not. (Please don't make me break out 10+ > year old points as to why AA has been broken from day one.) I'll leave this for others to comment on. > I'll reiterate my objection to a mandatory representation format, but > other implementations that actually are impacted will make my point > for me. Unless we're doing a yang module, IETF really has no business > specifying UI. There are more examples where the IETF (for better or for worse) has specified canonical representations. For example, I'd be disappointed if a major implementation ends up representing Large BGP Communities as straight uint96_t's in the UI. A challenge here is that there might be two issues at hand: one is the canonical way to represent a Large BGP Community in a phone call, or in technical documentation which is provided by one operator to another operator. The second issue is what is actually typed/inputted into network element configurations. The "Textual Representation" section should provide any implementor with enough freedom to use a prefix, suffix, or a separator of their choosing. Given the current text: https://github.com/large-bgp-communities/large-bgp-communities/blob/master/draft-ietf-idr-large-community.xml#L208-L232 should we change the first three "MUST" to a "SHOULD" to alleviate your concern? Do you consider my concern about a canonical format for inter-operator communication valid? > With regard to the security considerations, I'd drop the "and BGP > Extended Communities". While the generic ext-comms draft originally > passed through IETF process with its somewhat weak session, I think > any practical security analysis of it would point out that the > signaling information covered by ext-comms is significantly greater > than the base 1997 case these days. You make a fair point, I have removed that string (unless someone champions that it should remain part of the draft). > Similarly, I'd drop "trust in every other AS in the path" section. If > you're going to dig into that issue, you'll end up in a world of > security considerations hurt. You still will courtesy of the way our > security ADs function with their odd understanding of how protocol > work and operations collide, but you're almost always better off > starting with too little and let them guide you into what they want to > see than give them fodder for confusion early on. To confirm, you propose to change; "This document does not change any underlying security issues associated with any other BGP Communities mechanism. Specifically, an AS relying on the Large BGP Community attribute carried in BGP must have trust in every other AS in the path, as any intermediate Autonomous System in the path may have added, deleted or altered the Large BGP Community attribute. Specifying the mechanism to provide such trust is beyond the scope of this document." to "This document does not change any underlying security issues associated with any other BGP Communities mechanism." correct? I can agree to this simplification. The text was put in as an attempt to preempt some security review scrutinity. It continues to be a challenge to figure out how far one should go to scope expecations, and when to write down something is out of scope, or not. Feedback from others on this specific topic is most welcome, if case no further feedback offered I'll remove that part of the section as per Jeff's recommendation. Kind regards, Job
- [Idr] I-D Action: draft-ietf-idr-large-community-… internet-drafts
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jared Mauch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… i3D.net - Martijn Schmidt
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Gert Doering
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Robert Raszuk
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Gert Doering
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Peter Hessler
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Ben Maddison
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Gert Doering
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Robert Raszuk
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jay Borkenhagen
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Robert Raszuk
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Christopher Morrow
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Julian Seifert
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Sander Steffann