IETF Logo Mail Archive

Re: [Idr] WG adoption call for draft-abraitis-bgp-version-capability-08, to end September 25

Robert Raszuk <robert@raszuk.net> Wed, 11 January 2023 13:52 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5816C14CE4C for <idr@ietfa.amsl.com>; Wed, 11 Jan 2023 05:52:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2gBh4_P0Ur42 for <idr@ietfa.amsl.com>; Wed, 11 Jan 2023 05:52:40 -0800 (PST)
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EDB3C14CE4B for <idr@ietf.org>; Wed, 11 Jan 2023 05:52:40 -0800 (PST)
Received: by mail-wr1-x431.google.com with SMTP id az7so15090077wrb.5 for <idr@ietf.org>; Wed, 11 Jan 2023 05:52:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=u51677gfVY1kR8AoqXzhEF2jFVqKZEmsrfhN1vBZoZE=; b=CMTio3lK2DRruIU/YJcvkRQ1jA+mPYTf9Ukpzv62SMudzrZ79PWVMHG0F+dYif8cfp 276A7KZJG/PR8KPGxH/lmgyA3d7ahO04sztsnil+t3rgXlpgRyfVRxA/3ZfoWObSRjQE WDl00dRQX7q2Rv0l/zOF1QyMDhb/d4HIphWmUSb36rcbNgASVqCI3EkuSxDr2foIk8QD MzUTRPdjutzaUItfSNSgH3GhRAfbdniY4uf3/2GqK5kb43UNg1K9lSV+qCmyG2BcAyPL qcpZ/b1h9qsBJV6p8gtJLtmrSqivoWzjTplcNXdlyGMrhYLidAcqSfEvw8CSP7+oRITw 0ICg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u51677gfVY1kR8AoqXzhEF2jFVqKZEmsrfhN1vBZoZE=; b=I2//lqZOpZ6EA/J7QVJxkOHNwk59uj5eb+57Jfr2skEr4XCVpWWm8eciHZ4YLVAmh6 39oSS8rj1vF+XmdOt1BsSCJXyux7LzYGHfAIOsjF430EbBYbiRAfqvZbpv/Rwxum57pK CTuv5IpIs5yoK79Ol6ozMBoQF73z6fxkq8JZ+hLLiWvPJ7ZycfMGgoxus87nU+apjblv BkhX1DY6I7zxuFg+kJYH4GYvFL1vNiV7l68dC0aQWXvxfK5EHdLWYUa7TP+MWq/zA1zB cp5JSBDOlpEber/3aeBa4I7jpldAbNJ5p4eMTiZR8YXbmoCYj1Al8HyANa2W3cjIOCny DVPg==
X-Gm-Message-State: AFqh2kqPkh4oFYoL1Qac9AvWTB+4/WvvQXNgMqqr6OFlR6fGp1rVHdsi TkVWYQ5wKown5w8ka88rrTDz7uNgUWaf97hcGoNpb91SV8q9KInD
X-Google-Smtp-Source: AMrXdXtVc40r8C4JLG6OQuv4mMiFJ/2Dnk+ag7jnEQ3kYjAEsRW4P1MLYIZguHbvpjOzgDUwJMs3IFx2t7IGHhRYQm8=
X-Received: by 2002:adf:dc4b:0:b0:242:72d6:7708 with SMTP id m11-20020adfdc4b000000b0024272d67708mr3416194wrj.157.1673445157967; Wed, 11 Jan 2023 05:52:37 -0800 (PST)
MIME-Version: 1.0
References: <081E5E98-8D7B-452E-8517-EECBE72E3D7F@juniper.net> <64E754F4-CB63-4F2E-92A3-43ADEA1EC4AB@juniper.net> <20201028215313.GA8863@pfrc.org> <CAOj+MMFH35TB10gpeX80645qEZF3irFk0XVyyLZzkXagcTtwAA@mail.gmail.com> <20201029113316.GB8863@pfrc.org> <CAOj+MMHvVgP0SSTSLqcUHizfk_kR1tUjo0u8p3AnKiuHFr=VaQ@mail.gmail.com> <BYAPR11MB3207AE20610604C5310C0BBAC0140@BYAPR11MB3207.namprd11.prod.outlook.com> <007c01d6ae71$4513eec0$cf3bcc40$@tsinghua.org.cn> <8560_1604052018_5F9BE432_8560_210_1_53C29892C857584299CBF5D05346208A48FDBBFD@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <20201103163259.GC7455@pfrc.org> <CAJwpseXrj46EY7ccXYNH-aWqfykGD99obOaA5qLMNHfoWG7ptQ@mail.gmail.com> <CAMMESsx=c__3UR57zCXLUp62q2ua9YXPT90f-ThqDUJzCYiGjQ@mail.gmail.com> <CAOj+MMG+_aHkc0=+FNvJ8tcTu9W-GpmVxJf=6JeD=zZK+AyjUw@mail.gmail.com> <CAJwpseWAt5oUEMqUE85m+PNSEv_kfONScUSdGooq4XpP6EwFYg@mail.gmail.com> <CAOj+MMHCvyE7vDiP3iBOC+EHgpBsKUESXs4GvcHFbHj_VSChTg@mail.gmail.com> <CAJwpseWOaqP6zXYY2gPN3J47gEbDfcyCtt91C9PH5nZDnK6vJQ@mail.gmail.com> <CAOj+MMGTXB+XSyXCJKugVzKwEi=u8d7nP1LzKdYKJcSHXd9CiA@mail.gmail.com> <CAJwpseULj4_FTELt9WQbU8jqDVdO_GNUvcFxgxQONWViYzksVQ@mail.gmail.com> <CAOj+MMFnawJt=J2z0qWNmkPLoq6n+F9tKC+F+_hBtpJ=Xqe8iA@mail.gmail.com> <CAJwpseXG0SCN=+XZQqYavzu=i4sTetyKRDVDHrRg0mbD14BuCQ@mail.gmail.com> <65C185D6-D194-4865-A678-8F85EFB50DAD@pfrc.org> <CAOj+MMG6y0B6ZaPwLSn+5rvmuhtKWvEBw8MWAOgLWtw7n3dUag@mail.gmail.com> <A09C18C3-5038-4719-931B-2C86A3BCFF49@pfrc.org> <CAOj+MMFRKx5qHS5ZGaUcwwVMHB=sKnyxqP0F53XUeqhTR=tufA@mail.gmail.com> <BYAPR11MB3207F034217BE9E981B7D4CEC0FC9@BYAPR11MB3207.namprd11.prod.outlook.com> <CAJwpseU5_rUaC+PXgt=AU=DJ3umc-1DfH2pcNZ=We6iWHz_hrQ@mail.gmail.com> <FEF22BE4-8226-4286-AF7D-6B609D51E6BF@pfrc.org>
In-Reply-To: <FEF22BE4-8226-4286-AF7D-6B609D51E6BF@pfrc.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Wed, 11 Jan 2023 14:52:26 +0100
Message-ID: <CAOj+MMH5C8zXZB=c9v57=M2Aa16cuyJY1EEMDHmX+T5FYq51mg@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Donatas Abraitis <donatas.abraitis@hostinger.com>, "Jakob Heitz (jheitz)" <jheitz@cisco.com>, Alvaro Retana <aretana.ietf@gmail.com>, Bruno Decraene <bruno.decraene@orange.com>, IDR List <idr@ietf.org>, John Scudder <jgs@juniper.net>
Content-Type: multipart/alternative; boundary="000000000000312eb805f1fd5002"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/A3T8fuTR2Ve_X4pLweaJOdPf4aw>
Subject: Re: [Idr] WG adoption call for draft-abraitis-bgp-version-capability-08, to end September 25
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2023 13:52:44 -0000

Jeff,

> My personal preference?  Capability, adopted by the WG.

Just to make sure I got it correctly ...

You are willing to send free form text as BGP Capability ?

You are ok to burn 25% of space designated for BGP Capabilites ?

You are ok to punch holes in BGP Capability Negotiation for it ?

You are willing or not willing to suppres Unsuported Capability when such
is received on non upgraded node ?

etc ...

What if tomorrow we will see another draft asking for FCFS type from
https://www.iana.org/assignments/capability-codes/capability-codes.xhtml to
support other free form text there ? I bet there is tons of other stuff
compute nodes are willing to share with the network ...

Many thx,
Robert








On Wed, Jan 11, 2023 at 2:27 PM Jeffrey Haas <jhaas@pfrc.org> wrote:

> Donatas,
>
>
> On Jan 11, 2023, at 7:49 AM, Donatas Abraitis <
> donatas.abraitis@hostinger.com> wrote:
>
> >Roughly the right idea, but your examples probably don't quite hit the
> level of specificity that you're looking for.  For example, Juniper has
> different products that ship as a given version number and may vary
> slightly by platform.
>
> That's why a free form is IMO just a way to go because who knows what's
> gonna happen with the format vendors are planning to use?
>
> >If we would use URL to carry a pointer to the information the URL can be
> shortened to be a fixed length of a few characters which could be really
> easy to process and presented  to users in a pretty uniformed way
> across any receiver.
>
> I don't think this is the right place to show URLs and even more, waste
> the operator's time (automated or not).
>
>
> I just flipped through some of the past commentary on this thread. The
> main reason to point you at the SBOM work is it seemed to overlap with some
> of the issues other operators who are a bit more rigorous about their
> software component work are currently working through.  Given discussions
> I'm seeing at the day-job, it's likely we'll end up with some flavor of
> that proposal sooner or later.
>
> That said, I'm not going to try to push you to put it into your draft.
> You want free-form text?  Go for it.  I'm of mixed opinion whether I'd
> recommend my employer deploy the feature in that form.  You can see the
> tension on a desire for structured content vs. free-form from the original
> thread.
>
> Taking a step back and putting on my chair hat:
> - If you want this as an optional parameter, the barrier is higher since
> the code point is IETF Review.  It's not insurmountable.
> - The capability format you had originally still has first-come,
> first-served space widely available.  If you want to deploy this
> immediately, flip your document back and just send a note to IANA to ask
> for one.  You'll likely have an allocation in a few days.  You can then
> ship in a registered code point in very short order whether or not the
> obstructionist faction in IDR wants you to or not.  Submit to ISE soon
> thereafter if you like, or feel free to take your solution through the rest
> of the WG process.
>    + I still recommend extended optional parameter support as a required
> feature.
>
> My personal preference?  Capability, adopted by the WG.  While I'd prefer
> to address the wider work the SBOM stuff will be taking IETF through over
> the next two years, that can come later.
>
> -- Jeff
>
>
>
> On Wed, Jan 11, 2023 at 2:13 AM Jakob Heitz (jheitz) <jheitz@cisco.com>
> wrote:
>
>> I think if we can settle on a way to avoid collisions, it should be fine.
>>
>> So, in my case, for example: “
>> cisco.com/XR.7.9.1/optionalstringtoencodefeatures”.
>>
>> I promise not to send my customers’ peers to malicious websites.
>>
>>
>>
>> Regards,
>>
>> Jakob.
>>
>>
>>
>> *From:* Robert Raszuk <robert@raszuk.net>
>> *Sent:* Tuesday, January 10, 2023 3:20 PM
>> *To:* Jeffrey Haas <jhaas@pfrc.org>
>> *Cc:* Donatas Abraitis <donatas.abraitis@hostinger.com>; Alvaro Retana <
>> aretana.ietf@gmail.com>; Jakob Heitz (jheitz) <jheitz@cisco.com>; Bruno
>> Decraene <bruno.decraene@orange.com>; IDR List <idr@ietf.org>; John
>> Scudder <jgs@juniper.net>
>> *Subject:* Re: [Idr] WG adoption call for
>> draft-abraitis-bgp-version-capability-08, to end September 25
>>
>>
>>
>> Hi Jeff,
>>
>>
>>
>> Very good points.
>>
>>
>>
>> But I am not sure if they are really applicable here ?
>>
>>
>>
>> Keep in mind that we are talking about p2p BGP OPEN Msg between PE & CEs
>> (computes with lot's of machines - bare metal or virtual). Moreover what is
>> proposed is really informational with little to no bearing into operational
>> aspects of the subject BGP session.
>>
>>
>>
>> So while I am all for making right, robust and secure protocol encoding
>> decisions it seems that especially in BGP we have lot's of other security
>> holes which if exploited could have a much bigger negative impact.
>>
>>
>>
>> Regards,
>> R.
>>
>>
>>
>> On Wed, Jan 11, 2023 at 12:11 AM Jeffrey Haas <jhaas@pfrc.org> wrote:
>>
>> Robert,
>>
>>
>>
>> Please note that the points I'm about to make is intended to more broadly
>> discuss the URL issue and isn't saying you're making these recommendations.
>>
>>
>>
>> On Jan 10, 2023, at 5:47 PM, Robert Raszuk <robert@raszuk.net> wrote:
>>
>>
>>
>> I would like to just highlight one IMHO very cool property hidden in yr
>> note ... If we would use URL to carry a pointer to the information the URL
>> can be shortened to be a fixed length of a few characters which could be
>> really easy to process and presented  to users in a pretty uniformed way
>> across any receiver.
>>
>>
>>
>> Before we move forward with any specific shortened-URL proposal, it's
>> likely we'll want to get comment from those with expertise in the security
>> implications of shortened URLs.
>>
>>
>>
>> Certainly, many vendors maintain a domain name for shorter URLs for
>> various contexts.  That's likely not the main concern.
>>
>>
>>
>> URL shortening services are probably a Very Bad Idea since they're in an
>> entire vector of attacks on their own.
>>
>>
>>
>> (We also introduce all of the interesting headaches about interaction
>> with the PKIX certificate infrastructure.  See my prior comments in the BGP
>> autoconfiguration discussions if you're interested.)
>>
>>
>>
>> One possible mitigation for some of the attacks given the problem to be
>> addressed is to permit an IANA registered prefix for the URI/URL.  This
>> means rather than carrying a potentially long URL to a specific resource,
>> you carry something like the Private Enterprise Number's[1] instance of
>> your registered prefix and a suffix portion of the URL.  The rest of the
>> data is contained in the structured data at the other side of the expanded
>> URL.
>>
>>
>>
>> I'd encourage Donatas to continue the discussion on such structured data
>> before we worry over-much about how to point to it in BGP. :-)
>>
>>
>>
>> -- Jeff
>>
>>
>>
>> [1] https://www.iana.org/assignments/enterprise-numbers/
>>
>>
>
> --
>
> *Donatas Abraitis*
> *Principal Systems Engineer*
> @: donatas.abraitis@hostinger.com
> W: www.hostinger.com
>
>
> This message and its attachments may contain privileged and confidential
> information. If you are not the intended recipient, do not use, copy, or
> disclose this information. Please notify the sender and permanently delete
> the message from your system.
>
>
>

v2.23.0 | Report a Bug | By Email