Re: [Idr] [BULK] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?

John Scudder <jgs@juniper.net> Tue, 06 October 2020 22:47 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DCDF3A152A; Tue, 6 Oct 2020 15:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_NOVOWEL=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=YE+Jc0WK; dkim=pass (1024-bit key) header.d=juniper.net header.b=JUEcxWPp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kF8xyGqx-LLr; Tue, 6 Oct 2020 15:47:31 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 020833A152C; Tue, 6 Oct 2020 15:47:30 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 096MhYCe025643; Tue, 6 Oct 2020 15:47:29 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=4v6PxVYwey7k6JtoVCGYsyLMEiRHYlE11Gs6P5yh9NM=; b=YE+Jc0WKltkByxx8NZvugeG66TZhO8U4HcrDnJIRaS/+2oWfo/SyyaiFKD9cbLfBrKce OO8NQ2azY/SQ7oeb5g5UtiHux1LKWxuypqtB5Oo0eUljDSsjEpDmnVn7L6A+45polSze pOMjcn0EIvvauQBUU1QoqbSEQD0IW+cylxXlURHsQfDmhV+zIBoJT2OJVYdcli5rTSxW HOdMb/YnlsC0MIzCWGhNo40nAStC3mxsebuApxUcvx5NN9hnJ0sFKOxBtMIRGbDL6H6Y 2+teBv0PsLIvjz9MtPPI6oKUlnskBluF2O4ipJRcM8LuOpAMXSMTYcwQe6dxo3N/yHGp kA==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2169.outbound.protection.outlook.com [104.47.56.169]) by mx0a-00273201.pphosted.com with ESMTP id 340u1s8neq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 06 Oct 2020 15:47:29 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gl/Xu0ZzibwGRapenKx2Ea9uyxclx5SpV48oBKvMSsQF7xbKFwuE0jCsnf6/FsqkHdCBNqCj6TVIhu/hdg4ZnfB9k0t+1U19d21JCALUz3HJWGYPbFSU8w7ZxZbVZXcyl5VbKK3wujlDNAbyRsFDzD3kg2Lu1oThGsrnvBZrk/5gEooZRNe6KP9pSlyO4Weho6j5CrBao7RIB/QXhN/uguQEbnr5IdT2dy2cXavuSmR4+bK2JYxZm/MvAWKorfn6psLwNVQpQIgdA2Z30WzAErELXh4Zrq4jFegwQKAV5vpyu/giflNKhraYEkusEhPQgau/2RdDQ7QBOajmonN0DQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4v6PxVYwey7k6JtoVCGYsyLMEiRHYlE11Gs6P5yh9NM=; b=eRqD6oE7SPz3M+fj9wHDmBMfBjR04ZGTs71kfbKAN9I9zWpMOTVaRUFaLfuxokWmYWIEOJaDCUX9/vspnokvn3FWznVCRj4VzEclbE3LWwWhWc/1Qsqqca5Dtotkgp6z7XcAruT4BQUdqiYeYeMiqBLobM1ZSj6ww849x831mGE1kzYpKBUB4X8y8gk9ERsGi+9SDHJhQZV7dIe/qsyVWCpHjqi52edJH4lhN9QxuXq4jfOcZToLg2cbqOt6SnTbPmXqvodVN6V4vqLQVbizPDDvLRDFRA/JKYouthnThgZxu5qGXa2wLD4/KE+uVMkY/2S2zdn7RAewPlWM/awfPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4v6PxVYwey7k6JtoVCGYsyLMEiRHYlE11Gs6P5yh9NM=; b=JUEcxWPpgdnZCzHB8n+9RVNI5mLSZ8wwf9zxMQwMA1g8X8VO0IYsA5rj/InZPXlYYVHfQ7E9cKbGPcjOX+j57gj/KGoRoRNXkw4OF3sKJ91Eo6/7h4aG5tccxsolIe3o8i/1/SAPQSTWHETqrcLQ+XmHdH+QAwQ3mSmwtR6kq30=
Received: from BL0PR05MB5076.namprd05.prod.outlook.com (2603:10b6:208:83::12) by BL0PR05MB4738.namprd05.prod.outlook.com (2603:10b6:208:28::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.13; Tue, 6 Oct 2020 22:47:25 +0000
Received: from BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::e542:8237:ac48:ef5c]) by BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::e542:8237:ac48:ef5c%7]) with mapi id 15.20.3455.020; Tue, 6 Oct 2020 22:47:24 +0000
From: John Scudder <jgs@juniper.net>
To: Hares Susan <shares@ndzh.com>
CC: Christoph Loibl <c@tix.at>, Robert Raszuk <robert@raszuk.net>, "Jakob Heitz (jheitz)" <jheitz@cisco.com>, "idr@ietf. org" <idr@ietf.org>, "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>
Thread-Topic: [BULK] [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
Thread-Index: AQHWli3Z/qPOebMOlECvdzVaisoXpql/u6wAgAABFACAAALRgIAAAnIAgAAneACABOd0AIAGaAUA
Date: Tue, 6 Oct 2020 22:47:24 +0000
Message-ID: <5FD2CB44-364D-4DC6-8424-3981AE65A455@juniper.net>
References: <303E54F6-833A-4458-B3E6-DE90E7CA121B@juniper.net> <22341_1601052988_5F6E213C_22341_268_1_53C29892C857584299CBF5D05346208A48F82C17@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <DEE76A95-339B-433C-BD46-AD0243F72FBE@juniper.net> <3366_1601300732_5F71E8FC_3366_6_3_53C29892C857584299CBF5D05346208A48F86028@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <21B4E52C-38F4-4C94-985C-8C1DF88F4A92@juniper.net> <CAMMESsxG+ASdax1USizop-1bzYELcSdvND-f3RNEJ78zDUPrng@mail.gmail.com> <A9128F3D-948E-4F22-B000-7B470AFAC219@tix.at> <CAOj+MMESP=1EtTcuptE9xdyb+g36kDiD4sH6wSLezeZX74v2vw@mail.gmail.com> <BYAPR11MB32079E5730B9B170C1ADF7E1C0350@BYAPR11MB3207.namprd11.prod.outlook.com> <CAOj+MMFrFhwF1D=j1KS5wJXzc-ULEA6Ne-n296LYvit5fKUB+w@mail.gmail.com> <57A5696C-4AD1-46E3-85C8-21867D821A3D@juniper.net> <CAOj+MMENOtZ2tEJYRUq8EXizJNZ75+r3YWFDp7yOBka_hgj-UA@mail.gmail.com> <493732DD-ADAE-44F2-A5BE-2AE7FEAA3222@tix.at> <E3FC039D-83DD-4997-AFDE-EC7DB3B0744B@juniper.net> <1A29EA15-3585-4F26-8AAC-BD926FA2CD17@ tix.at> <02d801d698fe$a6683290$f33897b0$@ndzh.com>
In-Reply-To: <02d801d698fe$a6683290$f33897b0$@ndzh.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.4)
authentication-results: ndzh.com; dkim=none (message not signed) header.d=none;ndzh.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [162.225.191.192]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: f0d2385f-8a97-4da4-f866-08d86a49cb52
x-ms-traffictypediagnostic: BL0PR05MB4738:
x-microsoft-antispam-prvs: <BL0PR05MB4738E2C240A41A6E43AD93E6AA0D0@BL0PR05MB4738.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YwcQVRIz3r2lmEQgvry2hnYYcgn1mZ2ds5Iz7OF4sDvBfwl9w+3C+wBWt8haYWSm/IysYYxod/lWT8H71BQ6otpfOfCoJkhGm2xFjo0xjJyOeqzf3CbmhEO2N98cgpOInjB8PFgb7qWuSf/JtVGwmXql4/SiVliA0roxMaYa73qfe1D0cqj7qLrhfraESU3sjtBDZnEJ7NmwUaFXwi/YiHmVhlpm7aN79jkwvMTESSpdnpZKZ6F7BD2Z7HMk1WWC7jTbhi/+t2y7YFoH0jiXFM+m30RQIoOV7khv1Sg4ZjFQmaJ4x3UMOmORHW0HT5aNSULA0+cjW2DfKYOaFBbCfbx9fsYctt+8WQd0x3gbRONzJZdwYtG21HV8Kpr6PMVx5PYxZWAza0Kp1QgiwVMg4A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5076.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(136003)(346002)(376002)(366004)(83080400001)(71200400001)(2906002)(478600001)(86362001)(83380400001)(966005)(166002)(4326008)(5660300002)(66946007)(316002)(91956017)(76116006)(66446008)(8676002)(64756008)(2616005)(6506007)(54906003)(66476007)(66556008)(186003)(6486002)(8936002)(53546011)(33656002)(6512007)(26005)(36756003)(6916009)(579004)(559001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: IBUlfQYxXYI79vCtqY29uBTvAA7+QlzfF/nJ3bHGxPnIE7QA/HCsVUhrmbHggZEOtx808tsY3plgGBnYHOsXD7XMMZijKafGSXcmdqUd7raFSLiGZ+HD1pNe4emyafOyWCcesETtXmxcQlQyA38IsLcg1QNX70VJDWB2x8OI8xCnSjRIuuvdaOIRB5+BsmBUt4Cn34kcHa84NfH9o8aiba8yCpIxLtDE/PW3RT4K5DNi8tKpZBRhym0l32mwkcAn176YIMMx6WEHrKmphMwLdg7yjXMwFEwhe6BNQwUK4oVDLMSaBujcGcJx9vCFJN4PSTt5ENrldiQTSJgn8V11QTCpROxfl9VlqXkzgC7Bu+WvdhOl4A/sNrGgzkNVeYJogvO6QYdKMKL2fLaiTQWLeAjt5DWIgj0PXFl+ThP6KOG1gwoXxhVGE1a9q3KQ3E6XLOyRCPxImj6hOu7D0rVZ1DEVAFM3ezQrLz/IexPlmxJT0+DAayD+iX822BSwIjZeLMy6wk8ViiIJsU9yJqfzG9+qH9trr+zvI7wrczKQ7mUe7LAPPhoi9zI8XzB5UiI86EjxAqBWdzpYduGiGyMjXVj4dZ3KnOJoL27UQet6iu7hZLxfnwa/Be7lwNYImaveZ0V0HTJGOk999ZxJPYEDkw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_5FD2CB44364D4DC684243981AE65A455junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5076.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f0d2385f-8a97-4da4-f866-08d86a49cb52
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2020 22:47:24.7775 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: n42s+2bm4tGd3eke4kDw8o50LsCwhdWBAHaDDE3VGPNpnufQv/8VTNpbBQxhmVkr
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB4738
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-06_15:2020-10-06, 2020-10-06 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 clxscore=1015 malwarescore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2010060148
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/9cs6ybCZfk_eNMPaGDZQha27eIM>
Subject: Re: [Idr] [BULK] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2020 22:47:33 -0000

Hi Sue, Christoph, and all,

I think you are right that between these two we have captured all the changes for which we have unambiguous WG consensus. I wish we could also fix the error handling ambiguity, but I just don’t see how we could do that without pulling the document all the way back to the WG and reopening the topic in earnest. I don’t think the benefit for doing that justifies the demands it would place on the authors, so let’s proceed forward with the document with the small and noncontroversial changes only.

Thanks,

—John

On Oct 2, 2020, at 4:57 PM, Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>> wrote:

[External Email. Be cautious of content]


John
<WG-chair hat off>
<co-author hat on>

On Tuesday 9/29/2020, Christoph sent this request to confirm these are the changes for the document.

The only other changes suggested was a clarification to:

4.2.2.12 Type 12 - Fragment

Old text:
/
  IsF -  Is a fragment - match if [RFC0791] IP Header Fragment Offset
     is not 0
/
New text:
  IsF -  Is a fragment other than the first - match if [RFC0791] IP Header Fragment Offset
     is not 0
/

Please confirm that we have all the changes between these two.

I think it time to close this discussion.  Christoph has agreed up provided an updated draft (-27) so the RFC editor can published the document.

The rest of the issues point up the need to begin Flow-spec v2 with TLV and other improvements.

Thank you, Sue


-----Original Message-----
From: Christoph Loibl [mailto:c@tix.at]
Sent: Tuesday, September 29, 2020 2:04 PM
To: John Scudder
Cc: Robert Raszuk; Jakob Heitz (jheitz); idr@ietf. org; draft-ietf-idr-rfc5575bis@ietf.org<mailto:draft-ietf-idr-rfc5575bis@ietf.org>; bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>; Hares Susan
Subject: Re: [BULK] [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?

Hi all,



On 29.09.2020, at 17:42, John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>> wrote:
(Co-chair hat is on)

Yes, agreed. This is not subject to re-litigation now, we are trying to clarify things if needed, but not change decisions that were made.

Thanks,

—John

Which brings me back to the point where this discussion started:


John suggested to extend that sentence from the doc:

OLD:

  A NLRI value not encoded as specified specified here is considered
  malformed and error handling according to Section 10
  is performed.


NEW:

  A NLRI value not encoded as specified here,
  including an NLRI that contains an unknown component type,
  is considered malformed and error handling according to
  Section 10 is performed.


He also pointed out that a malformed NLRI (even when considering RFC7606) should lead to a session reset. If we want to make that even more clear (and based on all the discussion about opaque, non-opaque on the list (over months - if not years) this had very strong support) we can put it into the draft explicitly:

OLD:
10.  Error Handling

  Error handling according to [RFC7606] and [RFC4760] applies to this
  specification.

  This document introduces Traffic Filtering Action Extended
  Communities.  Malformed Traffic Filtering Action Extended Communities
  in the sense of [RFC7606] Section 7.14. are Extended Community values
  that cannot be decoded according to Section 7 of this document.


NEW:
10.  Error Handling

  Error handling according to [RFC7606] and [RFC4760] applies to this
  specification. It needs to be pointed out that a malformed NLRI even
  when considering RFC7606 leads to a session reset.

  This document introduces Traffic Filtering Action Extended
  Communities.  Malformed Traffic Filtering Action Extended Communities
  in the sense of [RFC7606] Section 7.14. are Extended Community values
  that cannot be decoded according to Section 7 of this document.


I agree with the change since I want to make it as clear as possible, maybe someone can come up with a better solution/change to clarify what the WG already agreed on.

Cheers Christoph


--
Christoph Loibl
c@tix.at<mailto:c@tix.at> | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | https://urldefense.com/v3/__http://www.nextlayer.at__;!!NEt6yMaO-gk!SuqdO1D5ZfCCAgMSTN1ZRMsbbZrNGanPOuCT1faGULVBM0GMFaCiBnwVX9xpwA$