IETF Logo Mail Archive

Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-flowspec-capability-bits-02.txt]

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 15 April 2021 13:24 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B460D3A0DF9 for <idr@ietfa.amsl.com>; Thu, 15 Apr 2021 06:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.917
X-Spam-Level:
X-Spam-Status: No, score=-11.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=T9iByCtN; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=RPwG0xD8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYL1uPNPPlGH for <idr@ietfa.amsl.com>; Thu, 15 Apr 2021 06:24:48 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55E963A1F94 for <idr@ietf.org>; Thu, 15 Apr 2021 06:24:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22551; q=dns/txt; s=iport; t=1618493088; x=1619702688; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=+GRS1UfJ2Awct42SYcydoC+VuKr96lXPHflsps32f+c=; b=T9iByCtNTlmsI99Z41FmSy33nrnxCpz1aLAeQOJ/uO8A013Uth6VDMTZ 3YCOJV3/KgnxiGqg/+Nxc/H2LiSJHjOWEkDf0UiRFXTxzzqj1blJXUZ5Q nDVgOg3MUQDvEAJPG3neoR/fDpfiseDI6vErvFsNLB/j/P3ZKAwl2Xqt2 M=;
IronPort-PHdr: A9a23:xkvWgBWzjjm5MearkXAS6MIXxhfV8K0MAWYlgqEPgq9Scqml45XpNVDe4vMollLSQIHH8Jpsk+TMuObnQ2NTqZqCsXVXdptKWldFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBunOo5ngVABqsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8RN1
IronPort-HdrOrdr: A9a23:qLNwialr1ZTNqTu+QcXW6l3/m0TpDfN+jmdD5ilNYBxZY6WkvuiUtrAyyQL0hDENWHsphNCHP+26TWnB8INuiLNxAZ6LZyOjnGezNolt4c/ZwzPmEzDj7eI178ldWoBEIpnLAVB+5PyU3CCRGdwt2cTC1aiui/vXwXsFd3AUV4hLxW5Ce2GmO2dxQxRLAod8MZKa6NZOqTbIQwVoUu2QAH4ZU+/f4+DajZ6OW29JOzcLyimryQmp5rnzDgSC0n4lMw9n7L8+/QH+4nfEz4q5tfXT8G6460by6NBslMLl2p9/AqW3+7QoAxHNrirtW4h7Qb2Fu1kO0aCSwXInisPFrRtlH+kb0QKqQkiPrRHg2xbt3V8VgheIozL18BiTw/DRfz40B9FMgohUaHLimjcdleth26FG1X/xjeswMTr8nT/w79WNdxZmmlvcmwtbrccvjmdSWYZbVblJrYZ3xjItLL48GkvBmeQaOdgrKPuZyOddcFucYXyclHJo2saQUnM6GQrDalQeu+SOugIm3ExR/g89/ogyj30A/JUyR91v/OLfKJllk7lIU4s/cb99PuEcWsG6Y1a9Ai7kASa3GxDKBasHM3XCp9rc+7Mu/tynf5QO0d8UlIneVkhb8Uo/YVjnB8HL/JAjyGGOfEyNGRDWju1O7ZlwvbPxAJDxNzeYdVwom8y85/oFBMnWXOuyJYJWD/fvIXCGI/cM4yTOH71pbVUOWswcvdg2H3iUpNjQF4HsvuvHNPbfTYCdVgoMayfaOD8uTTLzLMJP4gSAQXnjmiXcXHvrZwj69ZJ0G67K4vgLxOE2R8txmzlQrW78ytCAKDVEvKBzVlB5OqnbnqSyonTz+33J4WVvMh9UFV1U/73kTnNPqWYxQgbJWIdGn+/aVXFZ3XOBKBM6ZdjRChRjq1N+/r/yM4ad3jk4C9WsMnuTinwaoH7ideZEpoSzoePePr8oBJcvX6J8UTjRHxtugABwtSNocwkfXHLSETvolISohJEZH/vkatF5mQunSPQk8U73hAG5n4UPTmFedyOyWcSX6DxeNgZ8txlUyesjp5au3RyoMnAyhewkNkYkUhXmPJt2SCKfZItVnbj3fhpXVmniv03AtzgDPkz36k4VmmvtaQqTdP2jOCsBhlloloD37VhzamKRO3hVV0k/m4h8GWPa00wDi9Ojbrav0meXd1sJyvwcNjaAejcJPgZy3bmMpW2osSfHGnM8ypo0OOvBSLwlbrHIw3uobJaFjKccApZvjdtYHcGrtu8ASuSEfQCJaDv+FuMywgSQz0xVcxVcuT0hkfny3gfi43X91HkjAeDKKFAjQ70AOdmT4yzlQPmPua8Jx+4drK+1Mm/rbMSBxrySZzlfKgnLqWrzVvo2s/lvzNQPnao2G4OeXSrD1XlB0hl7JMDolFkGSKA+5LzaIIdgc8EbZioxxCtkqP2faE8w9gDmCO43el8gy2XWON6E+LLEo7siCE/pnnq5BXCPtylGu/vVVSqK0rAXT78qKWNNcU4m9TBs+viBe4C4MnTkS8hTuF6hdnmzf79WRPLbRfEerhNm78qJmOHSfSziwwzUtSZ6JKUL82vPe7LHPCucXepTt9q9MhCQh6Hv5si5hjL+UyG6ZEQVnpctTz1YUu1Tzj05yJQq2S2zQLHtqk0rk1FC8Shq/2Sdr7SO8SPeBwVaKgXXjZVdQClLPnWJhcrD9/KE1H6V2kkz5bDTUEFKft9PHNAMTo/4ayd2QPJgzoKVww==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0APAABWPnhg/5xdJa1aGQEBAQEBAQEBAQEBAQEBAQEBARIBAQEBAQEBAQEBAQGCAAIBAQEBAQsBgVIjLgd3WjYxhEODSAOFOYhsA5RGhHaBLoElA1QLAQEBDQEBHQEKCgIEAQGEUAIXgVwCJTYHDgIDAQEMAQEFAQEBAgEGBHEThVANhkQBAQEDAQEBIR0BASwLAQsEAgEIEQQBAQEnAwICAiULFAkIAgQOBYJxAYF+VwMOIQEOoEYCih95gTKBAYIEAQEGhTEYghMDBoE5AYJ3hAgBAYZSJxyBSUKBEyccgl8+gmABAQKCC4JqNYIrgU8aW2oEFD8EDAQDRCoTQQQKHBsUGQInkDIhgzmHbYx8kWIKgwydBAQfg06RD40Qgw4ZhiUdiSKjbIRlAgQCBAUCDgEBBoFbATKBWXAVOyoBgj5QFwIOjh83GIMhhRSFRXMCNgIGAQkBAQMJfIlPLYIWAQE
X-IronPort-AV: E=Sophos;i="5.82,225,1613433600"; d="scan'208,217";a="615417307"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Apr 2021 13:24:47 +0000
Received: from mail.cisco.com (xbe-aln-006.cisco.com [173.36.7.21]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 13FDOjXG002308 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 15 Apr 2021 13:24:46 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xbe-aln-006.cisco.com (173.36.7.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 15 Apr 2021 08:24:45 -0500
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 15 Apr 2021 08:24:45 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Thu, 15 Apr 2021 08:24:44 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oZp+BNc8IQ2armLnV9JayLN0sFewJhBCV85GNb4WcvfZZGanhga0s2wPnBspr+wGEnQCbrHt9dhopj3jHNcB/lgvuuCN1wAwymx+ed6QXExIETOB6CfdmJ16V7Rn21F99Mm2eemQ1c0lbNsMzHm7DGWBbTHeI8SUgtyvHqs5DbOURvMCB8Z3r7osQ28Y4I5fhIhPcZL4cB9gvKz0rU+l4u08rMoHursnT3887EsysJsmMJiiPlxWmBA+ltySHRJWyj194SZLLXxvC+3+4nzfEWPwqJa1EAcr3ZiUoBxx3kr+d6DYqtla6Q4SZ/M0eCnyFDRdDrcGg9Gv2d0T5FBL7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+GRS1UfJ2Awct42SYcydoC+VuKr96lXPHflsps32f+c=; b=DFLZzlZLB1EwOGWqLsX1rOfA4SIPgQ0lXiF12ZkGGXFtW925fM4PVrdV7q8Di1hN9R9IinfYm3jK/92/AcrOzLyHyxBzLwMc7gH6C3pv9yiF+aJjwdyfYsof6h//ZtWNxxwQkz0VQrQOcC7SqmW9Y8JYSZi2QmwrwE2TTHdFNi9PzlN2l5q+Jv6SmEYRcMugJgAukEERkpzFjrv7hynseu6Ms+K9yDTG+EvvGKnUAoKjnlcsm3DdqlXb4pjNHqmzhmMyMymzcW1TOd8AVDRA/YBMBl8PKCMeuiEgVAHbBOivlTfsxhP2Y5UGNbnPvuaUVk/cxjXSB9OAoJd3qqzx5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+GRS1UfJ2Awct42SYcydoC+VuKr96lXPHflsps32f+c=; b=RPwG0xD8NGUDDH2zzrUdac4uUdI5kDHdbajHgZ6pLDyg4w0Ruf7jRBXnv5xt6SQ/dHC+hqGeGVm0yWXPessIgk0rJohy+4nCChK/gX7l3B6mWcA4lMSs9LrAzxFXzd1P53RE0vpzZSx84izw2thgco5UeFI6RZu4eLux4R+uweU=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by SJ0PR11MB5119.namprd11.prod.outlook.com (2603:10b6:a03:2d6::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.18; Thu, 15 Apr 2021 13:24:43 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::106d:d229:f71b:b34f]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::106d:d229:f71b:b34f%4]) with mapi id 15.20.4042.019; Thu, 15 Apr 2021 13:24:43 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Robert Raszuk <robert@raszuk.net>
CC: Jeffrey Haas <jhaas@pfrc.org>, "Dongjie (Jimmy)" <jie.dong@huawei.com>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-flowspec-capability-bits-02.txt]
Thread-Index: AQHXLXls4c9PSdGr4USMoFAGvYibA6qxIN0AgAANFICAAvrpAIAAnNKAgAAvcsCAAGdJAIAAPgvP
Date: Thu, 15 Apr 2021 13:24:43 +0000
Message-ID: <37ECDC72-A91F-4E26-9FCC-D95BBCE9A65D@cisco.com>
References: <20210409201047.GA13742@pfrc.org> <4d862ff450b349e6bcdaf96bd4d09b99@huawei.com> <20210412175120.GA25856@pfrc.org> <8ab2391b8a8647d2a8319c71a140ccd5@huawei.com> <20210415004310.GA6652@pfrc.org> <BL0PR11MB3202A2A4CB44B853EC6BA0BEC04D9@BL0PR11MB3202.namprd11.prod.outlook.com>, <CAOj+MMHjdLH9RQRHTWuOJ_+qLvrSrE8PyXL_fK-zwb8oj13-Fw@mail.gmail.com>
In-Reply-To: <CAOj+MMHjdLH9RQRHTWuOJ_+qLvrSrE8PyXL_fK-zwb8oj13-Fw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: pfrc.org; dkim=none (message not signed) header.d=none;pfrc.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:1884:e9ad:8efc:b75d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f4fb3005-a213-4bdf-77d8-08d90011d519
x-ms-traffictypediagnostic: SJ0PR11MB5119:
x-microsoft-antispam-prvs: <SJ0PR11MB5119D54B01D0C4AAB693512CC04D9@SJ0PR11MB5119.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +iGbDEP14uktBBIhvRDC17lFDeLQHdZhylJkgbiJQCTu4IOyEhORVRTOW6nGcAfwowObrxWwJ0nSR6rO11quI+Ji8wD+W+wC+2Dhx3s80iK9XC36acAKvhJx5jLvK+nOuok67X5Hqru/W2ueuU2wgVn3dJiPL/042BPVv0GhEY0BaPloNssFbnBL1TQj/qOh8K7rweJJhA6YhXFnouS9EabndzlVd6eBW3fgZrUO6B5lGFMcZ43a2TNiqiUSOOng+EmpQ2qlCOkPbjUWaW9FcGsLULIpvjyrwFYoX/Up/FGVFsmmq3MhH/x9x/BGWsAC6TL1SlGGsUg6/zehm7goXTLTaIqf32Yox7EIaJBC1c/2jiBPJ/E0UrIhBDQ+x15gPTt/yKgVhcqUbneNm5aaZw8gcmWtwxO5DrsHvJtE7zdpsXTmwBOlfCJOzdljmOdyXHu6UO9D4QGERuW5nOnunPwGnysaud/cUNMYc4y7mFCFgU3xIeunlJzdASHDgb+2h0cMij8kbgg5XhwyPAkPlv1Y6K/MxE7KBp+AbDMJA6eFNZJnPTHpSg7o4wbJh2NxUQsmaUq+wE3Oo1CCyoMEbAiZq1chU17KTbqzdD/qrkGf6iBq5zCrG30nTmuc1RnII7xick3q8IKfgf/J2IVvmZcN0qKO6AzDGGLf2znWdTFYh3Q5ZMS+aNVRJ2yHwnH0SDcweZtJzmLe3ywAskWTTTXY6v4coERAbkdleVYg/8o=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(366004)(136003)(39860400002)(396003)(2906002)(2616005)(6916009)(76116006)(316002)(8936002)(5660300002)(122000001)(166002)(38100700002)(6512007)(54906003)(6486002)(4326008)(66574015)(71200400001)(966005)(53546011)(66556008)(66446008)(186003)(66476007)(64756008)(66946007)(478600001)(36756003)(33656002)(86362001)(83380400001)(8676002)(6506007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: qzbwj0fD8jJxlLLV+0aQQ+0LT+BQxYzeJsJ7FMng2AgX/u82qWJt4RQqFGH7YD0/Ed/XgKW2I/+NbvuLxaPzFmqZq75HIkUZsUnIVObpPXnshYdnAnmadlN/mXvY2XnQZwlePSmSNlk1UYv9IMFeMnmeg/3+5gHq5xMrlVcTRdsw97FslEMI5LaNhwMkwcfsNjI6B02ZRrbm50WVo3HwqN/j+z79ABD4VvhduMOYgY9l/cDdCRwWss+Sbrb9RoeTAtn20lSkz/oBn+djQqTVyHV1ule7sAvr9ABV+nhqKLNTj1l9lTL/s12HvtCoW9kQXM66nKE+3SyQn1xXpKu/EeaxESGHPEH9COzZEqT2uh5xDD2Pyyj/Cadx87xACsPdorwLkCh86cv2wUdXEBNli7IrJKKHHzCe0DByCF1xP3eLRfUw0OQK+9syjpHGfX6PBxrTFeMjsG6GwJDDJD64pjs4GVEhB33Nd/jovDkdaPH/4a/7QYXVoEGNLyBtZdgR2paI19hKTjcZAFQS1lrifKeKIrauXDtE9BZUNFM95MXGzDPJAvgCr/CTIL7t4Xidksa7qcBlwp9wJsIen0m81qy6bzRtBycjaXY5oIIztksETCOxPQ//k+l6jSPxZPVgiDEWhh0/e5EBcnnugY0uF//rDAaPvDXtRlCS1vSOhBnuAK9g8dQgf3RKTWJ9wsxXCt/x8yfN8gb1lBuDI5lYeOkONq6ikUYZMNtpTcLFvKas9lQFHVAruv+KeI9reQnFS4KhHx9oY4fsn0AXAd57vlSEZe0DK2pib8LWaQMStLEmiFNyFoAyeyDeMFBOmdvK1rLgi6gkbOnG0qJqARbH0tkGM88YG5LB/X4yobUatd2KaeuPeHYmIEAdgYdoUk6co4UYcRMtWLHziNij/j3iHbDRUbYVZN/FLBUw+WGviOSe6V8Ova9zRrTlVSz3G1xdf18pxvHm0kMglfcmJKhP8FdvH95Zomol6oBRsDASW65FOz0IX1HPTVB04fVPpO0ZQ5gAdG87rIFSqUbmX1RbyF6fB8NW5fSzAj883dHu0EW6VY4DI8j+HNN/oPFRBKhUs2YV5QetuczeACmUd6rJtGkv0ORa4SszIKuLJcebYjVxjWEbhPVlT5rmg7O1LVApYl75fNVUgia0x9h6i/AgKjuCE0BQqITkjSLeW5uzL2aIWM/FC+cut9eYfFu+8OoFZ6IEON58Yl7CPIqNLt5ROBav24P4II3+VCz25o0YQtYWvUqA4QBoZNdldywPgR/aIUnC2ApVVmWQqEckrJz1LdWvUgNJ+CJIaN5Cd8pr9JIuokpIrDYIDFuAZvs1uV+NIUAzIrCurl2afOWFFBloZxW2my9USsMzOAb3cAOCqFDJaWMmk15St9VrdUD5FM9T
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_37ECDC72A91F4E269FCCD95BBCE9A65Dciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f4fb3005-a213-4bdf-77d8-08d90011d519
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2021 13:24:43.7956 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TUIgkvRYtw146OT1yLsMcQmehdwKF2SAFD+GWurPO9AWElXRlOgkP9LpdTNSmug/jUalPx32sk2spDBNPumLOg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5119
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.21, xbe-aln-006.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/9t0NLwQVXIL5D11-gTUPuo_2w1o>
Subject: Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-flowspec-capability-bits-02.txt]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 13:24:53 -0000


Regards,
Jakob.


On Apr 15, 2021, at 2:43 AM, Robert Raszuk <robert@raszuk.net> wrote:


All,

Yes what Jakob and now Jeff are saying makes sense. If we are to introduce this capability it should be only about what BGP peer understands as part of the NLRI. Nothing to do with data plane and filtering. Just observe that even if data plane supports it and even of operator enables it filter may still fail to get installed due to no space. So we never know at BGP level what got installed and what not.

That's being just a little over dramatic. It's the case with all BGP. For any use case where it really matters and the originator must know exactly when and where its originated NLRI got installed, we don't use BGP.


Now - I am still seriously concerned to add this to v1. Well unless we also add the notion of optional types. That means that when setting up a filter (manually or programmatically) types have an "Optional" flag - which means that if a peer does not support this type it is ok to drop it and sent all remaining types in NLRI instead of not sending the entire NLRI at all.

That would provide some tools to make sure that v1 deployments are intact.

Thx,
R.





On Thu, Apr 15, 2021 at 5:37 AM Jakob Heitz (jheitz) <jheitz=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>> wrote:
I agree.
The capability is exchanged only with neighbors and thus is
not capable of informing the capabilities of all BGP speakers
in the network. A more capable network management method
is needed for that.

The BGP capability is only useful to avoid sending a flowspec
to a neighbor that it would consider as malformed.

Regards,
Jakob.

-----Original Message-----
From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> On Behalf Of Jeffrey Haas
Sent: Wednesday, April 14, 2021 5:43 PM
To: Dongjie (Jimmy) <jie.dong@huawei.com<mailto:jie.dong@huawei.com>>
Cc: idr@ietf.org<mailto:idr@ietf.org>
Subject: Re: [Idr] [internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>: I-D Action: draft-haas-flowspec-capability-bits-02.txt]

Jie,

On Wed, Apr 14, 2021 at 03:21:54PM +0000, Dongjie (Jimmy) wrote:
> > On Mon, Apr 12, 2021 at 05:04:32PM +0000, Dongjie (Jimmy) wrote:
> > > Hi Jeff, all,
> > >
> > > I've read the recent discussion and the updated version of this draft, here are
> > some thoughts and comments:
> > >
> > > I fully agree that incremental deployment of new flowspec components is
> > important, and it does not need to wait for Flowspec 2.0.
> > >
> > > Regarding a BGP flowspec component, there could be three different
> > capabilities:
> > >
> > > 1.        The capability of parsing and implementing the component as a filter
> > >
> > > 2.        The capability of parsing and propagating the component, but not for
> > local use
> > >
> > > 3.        The capability of propagating the component further even it is not parsed
> > >
> > > The first two capabilities are discussed in this thread and the updated draft,
> > and to me it makes sense to distinguish these two capabilities.
> >
> > Operationally, how would you expect a BGP Speaker to differentiate these two
> > cases?
>
> The assumption here is that not all the nodes are required to implement
> the filters (or some just don't want to), while they may be on the path of
> the flowspec rule propagation. If this is true, it may be useful for the
> operator to know the set of nodes with the first capability and the set of
> nodes with the second capability, although the capability of parsing and
> propagating is more relevant to this document. These two capabilities may
> be advertised using different mechanisms, as the first capability may be
> needed by nodes not directly peered.

Understood.  My question is what should a BGP Speaker that has been told
that the adjacent BGP Speaker can parse a certain set of Flowspec components
but not use some of them do about it?  Is it strictly advisory?

If it's strictly advisory, I would advocate that we not worry about
publishing that part in BGP.  One motivation is that capability space is
still at somewhat of a premium without extended optional parameters.

A second motivation is there may be better mechanisms to publish the network
wide capabilities for using the filters.  I'll likely share a proposal in
the upcoming weeks.

> > The third case is unfortunately problematic right now.  Deployment
> > experience has shown implementations aren't willing to deal with fully
> > "opaque" NLRI.  We've had a number of outages resulting from parsing bugs
> > as it is.
>
> I understand the problems with the "opaque" NLRI, while if the rule
> specified in the NLRI is not required (or not capable) to be implemented
> in data plane on a transit node, will it cause less harm to the network?

My draft tries to make clear that any device that filters a rule, either
because it doesn't receive it because of lack of capability of an upstream
node, or lack of local ability, can have potential to result in
mis-forwarding.  Whether it does so or not will depend on the independence
of the rules.

If my use of "independence" is unclear, I'll share an example next round.

> > With flowspec v2, the primary obstacle toward opaque but still able to be
> > checked for NLRI high level syntactic correctness can be done.  We know this
> > is still problematic once you hit a node where the inner contents are validated
> > and found to be problematic, but at least in this case "treat as withdraw"
> > procedures are capable of being done.
>
> Agree flowspec v2 can help with the syntax validation to some extent.
> While if the NLRI is considered malformed, the "treat as withdraw" error
> handling may not always work.

I think lengths in structured BGP NLRI will likely give us a hybrid
situation.

Consider an NLRI that has a known prefix length.
Consider that it has components that have individual sub-lengths that are
clear in the protocol.

It is possible that the length of the individual components summed together
are still a valid "length" from the top level (the prefix-length) from a
high level syntactic level, but individual components may be of invalid
length or syntax.  This is similar to the situation for path attributes.

In such a case, the NLRI is malformed, but may be of enough integrity to
properly handle as an ignore/discard.

The BGP-CAR proposal and perhaps some of the evpn NLRI error handling cases have
some similar overlap to this case.  (RFC 7606 tries to be too generic about
"typed NLRI" and I think got it somewhat wrong.)

-- Jeff

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email