IETF Logo Mail Archive

Re: [Idr] Vendor Defaults (was Re: Review of draft-ietf-large-community-06.txt)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Sun, 06 November 2016 05:43 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F7B129579 for <idr@ietfa.amsl.com>; Sat, 5 Nov 2016 22:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.018
X-Spam-Level:
X-Spam-Status: No, score=-16.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rYBhB_wvG4Cp for <idr@ietfa.amsl.com>; Sat, 5 Nov 2016 22:43:43 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B9DE129532 for <idr@ietf.org>; Sat, 5 Nov 2016 22:43:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1580; q=dns/txt; s=iport; t=1478411022; x=1479620622; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ncZEF1VBIjBDizTXTVpqruC6LY6mW8F79GaCLa7reLs=; b=KvBRSrKyV7OP8mY6H7NhZSYbbTVu99dyqJauziON/JkvTLuFHucetCIl XVFdDP3VnQnRmnkzoBkyCXl5K01lbY3BD4dnlIEeRDjbx2dqb7rGIt1/m XRzbqYrRXQ2T2yXleUC73ymolDugZld4FWP+WXYdbIsL6IJ3GfQYIL1QX 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DaAwDSwR5Y/40NJK1cGgEBAQECAQEBAQgBAQEBgy4BAQEBAR+BVKQ2llqGJAKCCUIRAQIBAQEBAQEBYiiEYQEBAQMBOj8FCwIBCBgdARAyJQIEDgUUiDwIskeLMgEBAQEBAQEBAQEBAQEBAQEBAQEBHYY+gX2CWIRHgzGCLwEEmicBkEOQEI0qhAUBNCF6hSpyh0wBAQE
X-IronPort-AV: E=Sophos;i="5.31,600,1473120000"; d="scan'208";a="170883225"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Nov 2016 05:43:42 +0000
Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id uA65hgga008139 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 6 Nov 2016 05:43:42 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sun, 6 Nov 2016 00:43:41 -0500
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1210.000; Sun, 6 Nov 2016 00:43:42 -0500
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: heasley <heas@shrubbery.net>
Thread-Topic: [Idr] Vendor Defaults (was Re: Review of draft-ietf-large-community-06.txt)
Thread-Index: AQHSN546iba0WaPSYk6woE67Sz8aq6DLBUg9gAC3BID//7Xu+A==
Date: Sun, 06 Nov 2016 05:43:42 +0000
Message-ID: <5BD3C90E-CC0E-42D2-9ACD-5787FC75BF0A@cisco.com>
References: <CAH1iCiq6jNtnkta0Bt952EQ9zOKSGt=_cCySsT5XuOKuHYO2nQ@mail.gmail.com> <86860386-9C2B-4BD5-B457-2A6DA5446CF3@cisco.com>, <20161106040849.GB18931@shrubbery.net>
In-Reply-To: <20161106040849.GB18931@shrubbery.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/9oodL2FTg2O7Wk7AxY2wyq9EM3Q>
Cc: "idr@ietf.org" <idr@ietf.org>, Robert Raszuk <robert@raszuk.net>
Subject: Re: [Idr] Vendor Defaults (was Re: Review of draft-ietf-large-community-06.txt)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Nov 2016 05:43:45 -0000

It does not change my opinion. My opinion is that we should filter by default at the EBGP boundary. IOS-XR does that. Cisco recognized the problem addressed by draft-grow-bgp-reject back when IOS-XR was designed. Unfortunately, it was too late to change the default in IOS. If IOS changes that default, it would break many existing deployments.

Thanks,
Jakob.


> On Nov 5, 2016, at 9:08 PM, heasley <heas@shrubbery.net> wrote:
> 
> Sat, Nov 05, 2016 at 11:13:46PM +0000, Jakob Heitz (jheitz):
>> IOS-XR does not send communities or extended communities to eBGP neighbors by default.
>> To send communities, you need to configure
>>  send-community-ebgp
>> Under the neighbor address-family.
>> To send extended communities, you need to configure
>>  send-extended-community-ebgp
>> 
>> The reason is that many operators use communities internal to an AS for many reasons and we don't want these to accidentally leak out to the wider internet. If an operator intends to send communities outside of their own AS, then they need to make a conscious decision to do so. Along with that conscious decision, they should filter out all the internally used communities in a route-policy.
>> 
>> In my large-community code, I have lumped them under send-community-ebgp. At this point, I am very open to suggestions for configuration. Once the code is released, it gets much harder to change configs.
> 
> If you consider draft-grow-bgp-reject, does that change your opinion about
> filtering needing to be the default?

v2.23.0 | Report a Bug | By Email