IETF Logo Mail Archive

Re: [Idr] WGLC on draft-ietf-idr-as-private-reservation-00

David Farmer <farmer@umn.edu> Thu, 20 December 2012 16:15 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0308921F88E1 for <idr@ietfa.amsl.com>; Thu, 20 Dec 2012 08:15:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jHcuKlAWaGE for <idr@ietfa.amsl.com>; Thu, 20 Dec 2012 08:15:32 -0800 (PST)
Received: from vs-m.tc.umn.edu (vs-m.tc.umn.edu [134.84.135.97]) by ietfa.amsl.com (Postfix) with ESMTP id 3BE2521F88DD for <idr@ietf.org>; Thu, 20 Dec 2012 08:15:32 -0800 (PST)
Received: from mail-ie0-f198.google.com (mail-ie0-f198.google.com [209.85.223.198]) by vs-m.tc.umn.edu (UMN smtpd) with ESMTP for <idr@ietf.org>; Thu, 20 Dec 2012 10:14:46 -0600 (CST)
X-Umn-Remote-Mta: [N] mail-ie0-f198.google.com [209.85.223.198] #+LO+TR
X-Umn-Classification: local
Received: by mail-ie0-f198.google.com with SMTP id c10so14702069ieb.1 for <idr@ietf.org>; Thu, 20 Dec 2012 08:14:46 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:message-id:date:from:reply-to:organization :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding:x-gm-message-state; bh=EEfZXEkYZ609xBZFwCQXsI2DRdVeL7RyD/PSPoJNcHo=; b=LBsigJK3k2SUXDCu4UVijcAmrGtVJBLLtAUIWUJt+bfwsKjIM7k0GQw05YyrjRJecj w2oRoa5+jsvk4hbaxkoKeQu1esyO43WTeaswrho+geIza976r2QhrCKvDCYkGzOPvjTv wieVD0j9O8AUnK/sDNShRgkT3tgPcHTxrTW1RlwHVUd+aUVgIkvrYTZP0oFV/aeWT9Bm g1/8YxKgXgBJ9vf2qLkJPOzJ+pUU+oVK54Yf6IEf4J/shI8m5bea0jfQtW+w/r3ZCOF8 oIiLS2mJkDf/hptWmZmdMwRsD6vOlUTW1s6Ptpf9dqyeElu8eoFs0MVOnOuZbeCS2mJK 2vUQ==
X-Received: by 10.42.75.6 with SMTP id y6mr9385208icj.30.1356020086096; Thu, 20 Dec 2012 08:14:46 -0800 (PST)
X-Received: by 10.42.75.6 with SMTP id y6mr9385199icj.30.1356020085979; Thu, 20 Dec 2012 08:14:45 -0800 (PST)
Received: from oit201651646.local (c-24-118-200-23.hsd1.mn.comcast.net. [24.118.200.23]) by mx.google.com with ESMTPS id pr7sm13449239igc.16.2012.12.20.08.14.44 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 20 Dec 2012 08:14:45 -0800 (PST)
Message-ID: <50D33972.8090302@umn.edu>
Date: Thu, 20 Dec 2012 10:14:42 -0600
From: David Farmer <farmer@umn.edu>
Organization: University of Minnesota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Jon Mitchell <jrmitche@puck.nether.net>
References: <B6B72499-E9D0-4281-84EB-6CA53694866E@juniper.net> <D704E7E3-3A95-4696-9757-9E17605E670C@tony.li> <378E396E-3F4B-4ACC-83D1-C4931524FECD@puck.nether.net> <CA+b+ERneavhy1gzKRSnCfN+YjYcU0+3WgBg6f68gq=tpx8yV5g@mail.gmail.com> <1AC79BDA-C088-47B4-888D-4B0428FB7C4F@puck.nether.net> <B549F708-0D5E-4B22-AC91-B6CE61B258FE@tony.li> <CAL9jLaZdX_jem0JdSGHzuhc3GDZXMDR0kvMKq5xr3D-EWYbNVQ@mail.gmail.com> <20121129191043.GA9189@puck.nether.net> <50D328DC.2020906@umn.edu> <20121220152721.GA3551@puck.nether.net>
In-Reply-To: <20121220152721.GA3551@puck.nether.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQlJ3gfLwmt1chsJCplWVaEYg5AVDlufpC/VikeRBwp3bdSwqy/Xq/X/cWUuRNSF7GU6u7amCOOD2l+6lN1GOnrw6s912LbsdNyQez0gMaHPeuTTBjsnk7iakHapdr+94Ec+727m
Cc: idr wg <idr@ietf.org>
Subject: Re: [Idr] WGLC on draft-ietf-idr-as-private-reservation-00
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: David Farmer <farmer@umn.edu>
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2012 16:15:33 -0000

On 12/20/12 09:27 , Jon Mitchell wrote:
>
> David -
>
> I just posted a new rev of the doc which I hope is final incorporating
> the changes discussed on the list previously (must have just crossed in
> the wires with this email).

Yep, I saw it right after clicking send.

> I made slight changes to the section you
> describe, although I put the focus on filtering on the user of private
> ASNs (outbound).
>
> I think whether or not filtering inbound or not is a good idea is
> largely operator preference (I'm personally in favor as it pushes the
> drop closest to the source of the error which I'm generally in favor of)
> and the draft is not meant to dictate specific behavior (this is not a
> BCP doc) in this regard however it seems like if you are using private
> ASN's, it will simplify things a bit from a troubleshooting standpoint
> to not mis-identify a leaked private ASN as one of your own by inbound
> filtering at your border, but the impact in either case is the same and
> minimal (routes that are leaked are the ones impacted only - encouraging
> those who leak to fix their issues).

I'm OK with the focus being on outbound filtering and outbound filtering 
and being required with a "MUST" clause.  However, I believe that 
inbound filtering should be explicitly allowed, but not required, with a 
"MAY" clause being included as well.

However, there is the old mantra of "trust but verify".  So I think we 
need to be explicit that any other operator "MAY" filter inbound.  If 
you get the balance right this can be use to reenforce your focus that 
operators "MUST" filter outbound.

I'll agree my suggested text below did not get the balance right and 
focuses to much on the inbound filtering.  However, both your original 
and new text don't make it explicit that an operator "MAY" filter 
inbound if they wish.  That is what I would like to see added somehow.

> Also, it should be noted none of these issues are new (related to the
> new range), although some of them may have to be revisited as Pradosh
> pointed out if remove private implementations are not updated, and that
> is the focus of the text change I did make.

Completely agree, not a new issue.  However, we are touching the text, 
and vendors are going to need to touch code, so now is the time to fix 
issues, especially if they lead to divergent interpretations.

> Jon
>
>
> On Thu, Dec 20, 2012 at 09:03:56AM -0600, David Farmer wrote:
...
>> So here is some suggested text.
>>
>>     Operators may drop or disregard any prefix received from the global
>>     Internet that is originated from or that contains a private use ASN
>>     in the AS_PATH.  This may result in unpredictable connectivity for
>>     any prefix originated from or containing a private use ASN in the
>>     AS_PATH.  Therefore, all operators using private use ASNs to
>>     originate prefixes or passing an AS_PATH that contains private use
>>     ASNs to the global Internet, must remove all private use ASNs from
>>     the AS_PATH before being advertised to the global Internet.
>>     Furthermore, operators are cautioned to ensure any filters or
>>     implementation specific features that recognize private use ASNs
>>     have been updated to recognize both ranges prior to making use of
>>     the newer, numerically higher range of private use ASNs.

-- 
================================================
David Farmer               Email: farmer@umn.edu
Office of Information Technology
University of Minnesota
2218 University Ave SE     Phone: 1-612-626-0815
Minneapolis, MN 55414-3029  Cell: 1-612-812-9952
================================================

v2.31.3 | Report a Bug | By Email | System Status