[Idr] draft-ietf-idr-rfc5575bis-19, reverting to consensus text on opaque typed NLRI

John Scudder <jgs@juniper.net> Mon, 09 March 2020 20:30 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF2E23A168E for <idr@ietfa.amsl.com>; Mon, 9 Mar 2020 13:30:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=CpAMEu6g; dkim=pass (1024-bit key) header.d=juniper.net header.b=g/gcm+Ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apModc56JCxe for <idr@ietfa.amsl.com>; Mon, 9 Mar 2020 13:30:13 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02E963A1720 for <idr@ietf.org>; Mon, 9 Mar 2020 13:30:12 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 029KNOiq014966 for <idr@ietf.org>; Mon, 9 Mar 2020 13:30:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=Pl4bbyRM+Q8SjYSU7nCNeIZtha3lBi5/Ho1TIacaJF0=; b=CpAMEu6gUzk4TlqdiKatUsoiouHLEwfjPX1X7uh+kCJ8lTesSAffgvgILzurMEriWJTG EMhH44C8oFhtbFWhH5YsISdQYcCHo9k59b6SGZj75dnWCF2T4a7+yjtLTj0DqdViBhCx YX+/RHpImBbxnU/8cxkh04YY9YBulfQvcM0oHFcIccYIhB/T88tsxgxU1nqeulcaKmNc /378/wak9VOeBX4iHEPrCjJEzxVsoZ1xA8R9I5Wm99+phzyX1HJj5cqZrzeIi3kejvU1 1k2ehz061d2F1rdmYjAxw3elz2x/7ij7onDe3m0Xuh/TvTGKZ6gRfJVJfF0wH/AVnuIS dw==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2109.outbound.protection.outlook.com [104.47.55.109]) by mx0a-00273201.pphosted.com with ESMTP id 2ynetc9f7d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <idr@ietf.org>; Mon, 09 Mar 2020 13:30:12 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3Db/YGSUiehVUoZ8wSIC57+JQwQVnEJvqBn8hwByex74ToJYZaVU2auxN7hfpQp?= =?utf-8?q?GoMGWymEB+stTGrZyjqwPIpbFfECC5qmNugHuuaRb+sCiZqz+8Z9Vw9dzlPxPVLjF?= =?utf-8?q?5F6EQgPJtOrMgzG8abyIzbk2TpJm6WBK07Ub+rJFaoAB32Q832Y/zO+ZJedG8P24b?= =?utf-8?q?aO6CevH78DVcF/NnDSmASGB4zEbH1PoWVvdIxmCKzJ5u6CdbKHQiyTcDrRsYdEAVN?= =?utf-8?q?cyy+IpcSec3bFYxui59WEU7vH6Vri9tLT9amC39YxdYHuN/70we45A39vjyG1h6K+?= =?utf-8?q?ry5k32PO2Apq6Cd/JfEYQ=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DPl4bbyRM+Q8SjYSU7nCNeIZtha3lBi5/Ho1TIacaJF0=3D=3B_b=3DCaiSlw?= =?utf-8?q?4M9rr4Q1bHbBfzNa7Vq7YBZh6aDsXwmMbbFZ/ghnZOUiqdx1F4hmoTfAdOaEIjrba?= =?utf-8?q?RLD+10W5A8JZmjOl5wEXrZN8dJZZ7kaEQC6RhZwb1P34rMob348yLVf2RZwK84G2y?= =?utf-8?q?ZXImM2LFV3bJt6nR73OJM0TH+lM1uixdyRaMNnFs0A5lwm4CJfNY9Q0jvKYyGCR44?= =?utf-8?q?cUiV6uMxni+dfrLH/xvsOPQTVSgzOUfP8btdMbP7gI9QObvQoRnF4H+YR7FkqPzUp?= =?utf-8?q?hVeHkW/KMgeIvaMsR67rEKsrRYC546p/SZ29LHuIOfwcVy+4Xby29nrCPHJxE1yyO?= =?utf-8?q?OltcaHErAYA=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3AContent-Typ?= =?utf-8?q?e=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DPl4bbyRM+Q8SjYSU7nCNeIZtha3lBi5/Ho1TIacaJF0=3D=3B_b=3Dg/gcm+?= =?utf-8?q?Ch9lO71gNEq8ZHxdzHzYTuT/YvDt5Fl4i9luZjEpnsKGptuYfj7hj+LW4SoaCrBpO?= =?utf-8?q?3Xa7vL11kIE6uhQRrq20LcErxuF/Bj9Nk5OeTyAuYONqBl43SX8N1DCgRnEtJLkT8?= =?utf-8?q?fXhHYQoJ6HJ5yDOxRP0j3mKRJESM9XARaoQ=3D?=
Received: from BL0PR05MB5076.namprd05.prod.outlook.com (2603:10b6:208:83::12) by BL0PR05MB4692.namprd05.prod.outlook.com (2603:10b6:208:29::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.9; Mon, 9 Mar 2020 20:30:09 +0000
Received: from BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::3885:4802:94ad:b130]) by BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::3885:4802:94ad:b130%4]) with mapi id 15.20.2814.007; Mon, 9 Mar 2020 20:30:09 +0000
From: John Scudder <jgs@juniper.net>
To: "idr@ietf. org" <idr@ietf.org>
Thread-Topic: draft-ietf-idr-rfc5575bis-19, reverting to consensus text on opaque typed NLRI
Thread-Index: AQHV9lGGx15DvRl1WU2YVZ26ApR6zA==
Date: Mon, 9 Mar 2020 20:30:09 +0000
Message-ID: <E10898AF-C1D6-49AA-88E4-2CB66EB7B3B4@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.60.0.2.5)
x-originating-ip: [2600:1700:37a0:3ca0:6164:c230:b1e4:bad0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 8ce7a7be-4380-4869-06b5-08d7c468a992
x-ms-traffictypediagnostic: BL0PR05MB4692:
x-microsoft-antispam-prvs: =?utf-8?q?=3CBL0PR05MB469278DD83C0552B7E8C673CAAF?= =?utf-8?q?E0=40BL0PR05MB4692=2Enamprd05=2Eprod=2Eoutlook=2Ecom=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0337AFFE9A
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810019020=29=284636?= =?utf-8?b?MDA5KSgzNDYwMDIpKDM2NjAwNCkoMzk4NjA0MDAwMDIpKDEzNjAwMykoMzk2?= =?utf-8?b?MDAzKSgzNzYwMDIpKDE4OTAwMykoMTk5MDA0KSg4NjM2MjAwMSkoNjY1NzQwMTIp?= =?utf-8?q?=2881156014=29=2881166006=29=28478600001=29=2836756003=29=2865120?= =?utf-8?b?MDcpKDg5MzYwMDIpKDY2NDc2MDA3KSg2NDg2MDAyKSg4Njc2MDAyKSg5MTk1?= =?utf-8?q?6017=29=2866946007=29=2866556008=29=2866446008=29=2864756008=29?= =?utf-8?b?KDc2MTE2MDA2KSgzMTYwMDIpKDY5MTYwMDkpKDU2NjAzMDAwMDIpKDE4NjAwMyko?= =?utf-8?q?2906002=29=2833656002=29=282616005=29=286506007=29=2871200400001?= =?utf-8?q?=29=3B?= DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR05MB4692; H:BL0PR05MB5076.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?zIlo3ARbtwoNugWR8ig+196aNBs99kZ?= =?utf-8?q?0K9m/lH4J+9e7vPPOwGUuz90+c4x8XyslywsmSFJ/E9aixCjOWTdQoe2M4QwDwQ6o?= =?utf-8?q?j0jOK8CO55gpVKHyJE5tJ11Z1njgDCMBOjmfh8I6RLeFKoHN36s93oxxsPkPDhpL0?= =?utf-8?q?OuioBCxu0MDpyzUXyXkN51CcKZwrBLlYg/8QDw2Z8MmjrNOcU8lm5v+uq0gy2VqyU?= =?utf-8?q?w06I6LHLrQjDwOmEu477ZZCN++yuktzGUjUKBssWZlP4lyuqoOxvevNzfGpeTUE9l?= =?utf-8?q?AgOVI97Q5i89UQ0EKHv2CBjhK/fja8c6P3qUnNyaRJppZYQBSzkHBfiHKA6Fkhff0?= =?utf-8?q?hRpFk6VUKQ1DhRrq43IwW1m+tztPo1ADRtyuvxrF343ZUyPEASPCKrJuHLUoTQL+U?= =?utf-8?q?yStEdCPXyK/MRP2s1nEYJlnFDyf?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?jHNybZCt7f1USzrJJdv7Nbu6umHOzf?= =?utf-8?q?zRj7oEL3hqiUSp/xq8fL8JskUrZcKRZkIJFqS9zO2SsvdxD3fZ6FJcBOWzwDq066I?= =?utf-8?q?f1ohFieGjtOUOlKPG7RCcZNWrDBdzgosCpo4Bieihq7J/tYiEfu93kQ1L29FvKTrs?= =?utf-8?q?nwE3opN2BDLXNUU1TYUwaTTS8zym7F9VSkuxeVAm0bLdXQVOpb2r0w=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <BDAFCC041094064187E5F1A052D15922@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 8ce7a7be-4380-4869-06b5-08d7c468a992
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2020 20:30:09.5167 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4CgAUMkKYe6ZfrZAzutM3FaArOYHeyqZQbn+j7HS59DV/Hhxr05r/ilXE7mxpGSE
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB4692
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-03-09_09:2020-03-09, 2020-03-09 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 suspectscore=0 impostorscore=0 bulkscore=0 mlxlogscore=370 mlxscore=0 malwarescore=0 adultscore=0 phishscore=0 clxscore=1015 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2001150001 definitions=main-2003090125
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/9U0GpYTqqy6Oyiokmz72tSNZyOE>
Subject: [Idr] draft-ietf-idr-rfc5575bis-19, reverting to consensus text on opaque typed NLRI
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 20:30:22 -0000

Hi All,

A while ago we had some debate on the list regarding opaque typed flowspec NLRI, which was introduced post-WGLC. It seems to me the consensus is that what we WGLC’d is what’s right and that we should essentially return to it. After a side conversation with the authors and AD, I agree. I’d like to ask the authors to make the necessary change (see the draft changes Christoph was so kind as to provide, below) and we’ll consider it closed.

This doesn’t mean we should consider extensibility a dead letter, but that we should address it in Flowspec v2 (or whatever name we end up choosing for that work).

Thanks,

—John


Section 4.1., paragraph 0:
REMOVE:

    The Flow Specification NLRI is considered a Typed NLRI in the sense
    of Section 5.4 of [RFC7606].  See also Section 4.2 on unknown
    component type handling.
 

Section 4.2., paragraph 6:
OLD:

    An advertisement containing an unknown Flow Specification component
    type should be discarded as specified in Section 5.4 of [RFC7606].
    It needs to be pointed out that the encoding of the NLRI as a 2-tuple
    <length, NLRI value> allows to skip over a NLRI value (the NLRI that
    value should be discarded).
 
    Except for an unknown component type (see above), a NLRI value not
    encoded as specified in Section 4.2 is considered malformed and error
    handling according to Section 10 is performed.

NEW:

    A NLRI value not encoded as specified in Section 4.2 is considered
    malformed and error handling according to Section 10 is performed.



Section 10., paragraph 3:
REMOVE:

 11.  Future NLRI Extensions
 
    Future Flow Specification extensions may introduce new Flow
    Specification components.  If a receiving BGP speaker decodes an
    unknown Flow Specification component type it is unable to continue
    decoding the following Flow Specification components in the same NLRI
    value and MUST discard this NLRI value and all its components as
    described in Section 4.2 for further processing.  Since the NLRI
    field encoding (Section 4) is defined in the form of a 2-tuple
    <length, NLRI value> message decoding can skip over the NLRI value
    and continue with subsequent NLRI and message decoding.
 
    The specification of a new Flow Specification Component Type MUST
    clearly identify what the criteria used to match packets forwarded by
    the router is.  This criteria should be meaningful across router hops
    and not depend on values that change hop-by-hop such as TTL or Layer
    2 encapsulation.
 
    Such extensions SHOULD also specify a way to encode an "always-match"
    match condition within the newly introduced components (this is a
    match condition, encoded with the newly introduced components: If
    present on its own, matches all flows).  This match condition can be
    used to propagate (and apply) certain Flow Specifications only if a
    specific extension is known to the implementation.


 
12.  Security Considerations
Section 1000., paragraph 2:
REMOVE:

    When BGP decodes an unknown Flow Specification component type, as of
    Section 4.2 it needs to discard the NLRI and skip over the remaining
    undecoded octets to the following NLRI or to the end of the list.
    Skipping over unknown octets of the to be discarded NLRI is the
    specified behaviour for a Type NLRI in Section 5.4 [RFC7606].  While
    this is not intrinsic to the Flow Specification NLRI in particular,
    it needs to be pointed out that, carefully crafted wrong NLRI length
    fields may lead to synchronisation issues between BGP senders and
    receivers.


 
Appendix B., paragraph 2:
OLD:

       Section 1 introduces the Flow Specification NLRI.  In [RFC5575]
       this NLRI was defined as an opaque-key in BGPs database.  This
       specification has removed all references to a opaque-key property.
       BGP is able to understand the NLRI encoding.  This change also
       resulted in a new section regarding error handling and
       extensibility (Section 10 and Section 11).

NEW:

       Section 1 introduces the Flow Specification NLRI.  In [RFC5575]
       this NLRI was defined as an opaque-key in BGPs database.  This
       specification has removed all references to a opaque-key property.
       BGP is able to understand the NLRI encoding.


Appendix B., paragraph 10:
REMOVE:

       Section 11 describes graceful handling of unknown Flow
       Specification components to allow future extensions.