Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

<bruno.decraene@orange.com> Thu, 20 April 2017 09:29 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A04E12EBC3 for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 02:29:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62e2bmzWIoh0 for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 02:29:02 -0700 (PDT)
Received: from relais-inet.orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5189712EBBF for <idr@ietf.org>; Thu, 20 Apr 2017 02:29:02 -0700 (PDT)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id AEFC7204BB; Thu, 20 Apr 2017 11:29:00 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.58]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id 7A4C21A0084; Thu, 20 Apr 2017 11:29:00 +0200 (CEST)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM33.corporate.adroot.infra.ftgroup ([fe80::3881:fc15:b4b2:9017%19]) with mapi id 14.03.0319.002; Thu, 20 Apr 2017 11:29:00 +0200
From: <bruno.decraene@orange.com>
To: Job Snijders <job@ntt.net>
CC: "John G. Scudder" <jgs@juniper.net>, "idr@ietf.org" <idr@ietf.org>, "Hares Susan" <shares@ndzh.com>
Thread-Topic: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
Thread-Index: AQHSubQ1Fx6qnNOc8UaJCUOYEKex/KHN9lnA
Date: Thu, 20 Apr 2017 09:28:59 +0000
Message-ID: <8442_1492680540_58F87F5C_8442_1101_11_53C29892C857584299CBF5D05346208A31CBFD43@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <19878_1492639968_58F7E0E0_19878_13298_1_53C29892C857584299CBF5D05346208A31CBE742@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20170420085755.sbzdtcjhirdoi3b3@hanna.meerval.net>
In-Reply-To: <20170420085755.sbzdtcjhirdoi3b3@hanna.meerval.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/9Qn2bHQw1QIruWMCJIoEN0Z-qC4>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 09:29:04 -0000

Job,

> From: Job Snijders [mailto:job@ntt.net]  > Sent: Thursday, April 20, 2017 10:58 AM
> 
 > On Wed, Apr 19, 2017 at 10:12:48PM +0000, bruno.decraene@orange.com wrote:
 > > Thanks John for bringing this in IDR.
 > >
 > > I admit that I was not following this subject so my comments might be redundant or even
 > stupid.
 > >
 > > 1) Am I missing something or would this break all existing EBGP
 > > sessions deployed with no policy?
 > 
 > Yes, you are missing the fact that a wild variety of defaults has been
 > deployed in the wild:
 > 
 >     o some reject on ingress, promiscuous on egress
 >     o some reject on both ingress and egress
 >     o some accept and announce everything
 > 
 > This documents aims to align those on a singular safe default: on EBGP
 > you'll need to configure a policy for something to happen.

My comment still applies to some implementations and some deployments.
 
 > > If so this would definitely not be deployment friendly. Especially for
 > > BGP/MPLS VPN networks using EBGP for PE-CE routing and which have
 > > little use of filtering policies.
 > 
 > This is what release notes are for.

Possible awareness does not change the point that this forced change of default behavior is not deployment friendly for non Internet applications.
 
 > > 2) BTW, what is exactly eligible as an "import policy"? e.g.
 > > - is an explicit policy capping the number of received routes eligible as an "import policy"?
 > > - is Route Target filtering (either automatic or manual) a routing policy?
 > >
 > > Same question of "export policy". e.g.
 > > Is an expert policy tagging community eligible?
 > 
 > i do not understand what you mean. Can you elaborate or phrase
 > differently?
 
Can this document define what he means by "configured export policy".  Possibly by referring to standardized yang models.
Alternatively, it looks like the document means that "by default a BGP speaker MUST NOT advertise any routes to an EBGP peer". Which would solve the problem by not referring anymore to configured export policy.
 
 > > 3) From the introduction
 > > "   There are BGP routing security issues that need to be addressed to
 > >    make the Internet more stable. [...]  This document provides guidance to BGP [RFC4271]
 > >    implementers to improve the default level of Internet routing
 > >    security."
 > >
 > > Does this mean that this proposition should be restricted to Internet
 > > routing? (while BGP is used for many others applications)
 > 
 > It is restricted to EBGP.

Yes, also, but this seems orthogonal to me.
So to rephrase, does this mean that this proposition should be restricted to EBGP sessions used for Internet routing? (as EBGP is used for many others applications)

 > 
 > > 4) Alternatively, there could be a (capability) signaling during the
 > > OPEN of the EBGP session. With one end requesting this behavior to its
 > > peer. (or alternatively it's peer advertising the presence of a policy
 > > and the receiver taking its own decision).
 > >
 > > Possibly, some of the requirements may already be addressed by
 > > configuring a policy limiting the number of routes acceptable from a
 > > peer/customers, and closing the EBGP sessions when this limit is
 > > reached. This seems this would catch customers/peers advertising the
 > > full routing by mistake/misconfiguration.
 > 
 > no.
 
Can this document better describe the problem statement?
Please find below my reading of the current text

"   There are BGP routing security issues that need to be addressed to make the Internet more stable."
Agreed, but not very specific.

"  Route leaks [RFC7908] are part of the  problem, but software defects or operator misconfigurations can  contribute too."
- Route leaks seem to be already worked on by draft-ymbk-idr-bgp-open-policy or draft-ietf-idr-route-leak-detection-mitigation. Plus this document is not a solution to route leak
- Software defect won't probably be addressed by this proposal
- Misconfiguration won't probably be addressed by this proposal.

So, although I agree that requiring explicit export and import for EBGP session used in the Internet is probably an improvement, I disagree with changing the default of existing deployed EBGP sessions for non Internet usages, as this would breaks current deployment.
At minimum, this should be restricted to new configured sessions ... but even this would break existing provisioning scripts so this is still not so deployment friendly.

King regards,
-- Bruno 

 > Kind regards,
 > 
 > Job

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.