Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)

<bruno.decraene@orange.com> Mon, 06 February 2017 15:07 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 535BF129E2A for <idr@ietfa.amsl.com>; Mon, 6 Feb 2017 07:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BjtQGE18k6e8 for <idr@ietfa.amsl.com>; Mon, 6 Feb 2017 07:07:00 -0800 (PST)
Received: from relais-inet.orange.com (mta241.mail.business.static.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E69EC129E28 for <idr@ietf.org>; Mon, 6 Feb 2017 07:06:59 -0800 (PST)
Received: from opfedar03.francetelecom.fr (unknown [xx.xx.xx.5]) by opfedar22.francetelecom.fr (ESMTP service) with ESMTP id 6B7C960444; Mon, 6 Feb 2017 16:06:58 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.32]) by opfedar03.francetelecom.fr (ESMTP service) with ESMTP id 514A6180066; Mon, 6 Feb 2017 16:06:58 +0100 (CET)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM32.corporate.adroot.infra.ftgroup ([fe80::8924:188:2124:a046%19]) with mapi id 14.03.0319.002; Mon, 6 Feb 2017 16:06:57 +0100
From: <bruno.decraene@orange.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Thread-Topic: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
Thread-Index: AQHQfOJEbzqBqbwli0WLinaFdrSzRp5/NkAAgCBzp+CAALACAIAAziXggrqjygCABEjCYA==
Date: Mon, 6 Feb 2017 15:06:57 +0000
Message-ID: <9107_1486393618_58989112_9107_17700_1_53C29892C857584299CBF5D05346208A1ED3A87C@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <015e01d07ba1$0042bff0$00c83fd0$@ndzh.com> <25797_1429696420_55376FA4_25797_3139_1_53C29892C857584299CBF5D05346208A0EBAA545@PEXCVZYM11.corporate.adroot.infra.ftgroup> <D24E929A.E0D85%aretana@cisco.com> <30646_1447691076_564A0344_30646_2291_1_53C29892C857584299CBF5D05346208A0F6BC240@OPEXCLILM21.corporate.adroot.infra.ftgroup> <D26F8B7E.EA6BA%aretana@cisco.com> <9781_1447749309_564AE6BD_9781_1504_1_53C29892C857584299CBF5D05346208A0F6BD227@OPEXCLILM21.corporate.adroot.infra.ftgroup> <CFE79035-2FFA-4B7A-9574-80D46137E3DF@cisco.com>
In-Reply-To: <CFE79035-2FFA-4B7A-9574-80D46137E3DF@cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.3]
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A1ED3A87COPEXCLILM21corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/AhOZeNkuIp1Z4LD_n7YA7AzpjjY>
Cc: "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2017 15:07:02 -0000

Hi Alvaro,

Thanks for your answer and for the updated draft.

I can live with the current text. Yet, stricto sensus:
- the second sentence only applies to communities received over EBGP, which does not address the case where this ASBR do not support Cost  Communities
- the first sentence only talks about “propagation”, not “use during the Decision Process”.

On my side, I’d propose
OLD: the propagation of Cost Communities MUST be disabled by default
NEW: the use of Cost Communities MUST be disabled by default

Note that I removed “propagation” as, if the goal is to minimize the routing loops, removing Cost Community during iBGP propagation is debatable, as some upstream (related to BGP message propagation) BGP speaker may have already used the cost community; hence removing it may also create loops. However, feel free to add it back as in both cases, we really can’t fix this issue of inconsistent configuration.

FYI a typo   :s/ its oen field/ its own field

Thanks
--Bruno

From: Alvaro Retana (aretana) [mailto:aretana@cisco.com]
Sent: Friday, February 03, 2017 9:17 PM
To: DECRAENE Bruno IMT/OLN
Cc: idr@ietf.org; Susan Hares
Subject: Re: [Idr] 2 week WG LC for draft-ietf-custom-decision (4/20 to 5/4/2015)

Bruno:

Hi!

We just refreshed the draft…and (I think) clarified your point below in the Security Considerations:

Section 6., paragraph 2:
OLD:

    To minimize the potential of creating routing loops (Section 5) or
    otherwise affecting the Decision Process in unintended ways, the
    propagation of Cost Communities MUST be disabled by default and MUST
    be explicitly enabled by the network administrator.  Furthermore, all
    transitive Cost Communities received across an Autonomous System
    boundary without explicit configuration MUST be stripped off the BGP
    update, and ignored during the Decision Process.

NEW:

    To minimize the potential of creating routing loops (Section 5) or
    otherwise affecting the Decision Process in unintended ways, the
    propagation of Cost Communities MUST be disabled by default and MUST
    be explicitly enabled by the network administrator.  Furthermore, all
    Cost Communities received across an Autonomous System boundary
    without explicitly being enabled MUST be stripped off the BGP update,
    and ignored during the Decision Process.


That is probably the main part, but there are other changes resulting from your comments.  Please take a look at the complete diff: https://www.ietf.org/rfcdiff?url1=draft-ietf-idr-custom-decision-07&url2=draft-ietf-idr-custom-decision-08


Thanks!

Alvaro.

On 11/17/15, 3:35 AM, "bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>" <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>> wrote:

My concern is for an AS not using this cost community:
a) compliant routers will, by default, modify route preference based on the community
b) non compliant routers will, by default, accept this community over eBGP sessions.

a+b: we have an issue as untrusted AS may influence my routing policy or create loops.

We agree that we can’t do anything about “b”.
So I am asking to address “a” by having compliant routers to _not_ change route preference by default. i.e. MUST be explicitly configured to change their route preference based on this community.


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.