Re: [Idr] John Scudder's No Objection on draft-ietf-idr-bgp-open-policy-19: (with COMMENT)
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Thu, 20 January 2022 00:22 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6473A0E6E; Wed, 19 Jan 2022 16:22:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.026
X-Spam-Level:
X-Spam-Status: No, score=-3.026 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.351, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jwz7G4IAW_xU; Wed, 19 Jan 2022 16:22:32 -0800 (PST)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on20705.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d05::705]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E956C3A0E6B; Wed, 19 Jan 2022 16:22:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GNbxKHCi9BjO3m2ciRqFmCd5jXtG7h/GaJh/11gNga7HQBa2/PkgcdWHIKEybMj7U5Y+xT7jup8AHjj736VVZgFjZhjQGhhVN09skT0kAhZm9MQMp+vimuO3+imwzUVGNGGGO1t/ka/3Nc5t+DsVEZ9416cacF6MjM0CTHSNXo/x2MPASzP7LysPnQFobPABrEhuYqFdLdoIasC0VJO3OH66y2VAUueBbzDYP0YCk/htBDD5sv9Nf3YYkTFOQwOE6cIaMO2Mz8Gf0BTt/akaoY40apw8dlY8b05ELbwIjTeL0Evd+Fu5ukaQ0D3gQjUQOljOKWULPApxrXIC2YGDEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CoPGp9LAyy4CM2Cksz149PZBS/6Za4TFmr6uXWDTbmY=; b=KmdG8ZPBYdguzmsvxi5A/OZOhOsxMi+I5orCpU6kkWG633+TbaMWUQmd4FvlIe2PsOEsfkSQDiAFBAa4hH/1qLpEo7L3ej8c4oNqmRRuk4JdMYtor8iW0JLCyZ1uDWrpwLIP8BRzmN9wl013AH7UIY8WmGe/jPclWiDvJD/pzOvK0cn953jOU6aXS47sYTmS2W268KPr0lBVTud06ZRrZEKGYiKwD7JduvZGo8YK9D6b2MJYUYOpl2Cx3rt9aqw77Wc2KAGLEcf3mvNEwZuWTZmKTmf09QWZZ0qaFgGVECOx/bNHV35+9KU0M05iUM5ubGPu8SxobseE3vZD2+rbnw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CoPGp9LAyy4CM2Cksz149PZBS/6Za4TFmr6uXWDTbmY=; b=B9EiihsolbKX0NUzYa4MZkzeeEMdOwnq0pg2tea+vj3AiagKjcCBfqAR9OxwQUrd8AACFkczd/mtB7HjI9X4evZdingl/xS/zq7EJ9D7bSXtGD0mJk179i/EWBU8r60LqIKYgFhC0qNR/6N/HN49/LgOpysiOM1SpK3DTzlSZYE=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB8350.namprd09.prod.outlook.com (2603:10b6:806:170::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.7; Thu, 20 Jan 2022 00:22:25 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::717a:2702:70fb:6225]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::717a:2702:70fb:6225%4]) with mapi id 15.20.4909.008; Thu, 20 Jan 2022 00:22:25 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: John Scudder <jgs@juniper.net>, The IESG <iesg@ietf.org>
CC: "draft-ietf-idr-bgp-open-policy@ietf.org" <draft-ietf-idr-bgp-open-policy@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>, Benjamin Kaduk <kaduk@mit.edu>
Thread-Topic: John Scudder's No Objection on draft-ietf-idr-bgp-open-policy-19: (with COMMENT)
Thread-Index: AQHYB/tGKS6hopQCJEyrXeoPWked6KxrFGiw
Date: Thu, 20 Jan 2022 00:22:24 +0000
Message-ID: <SA1PR09MB814273665372A0B502061088845A9@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <164202281158.27552.16009318123438640343@ietfa.amsl.com>
In-Reply-To: <164202281158.27552.16009318123438640343@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6fba1953-c8c7-4163-d395-08d9dbaaef00
x-ms-traffictypediagnostic: SA1PR09MB8350:EE_
x-microsoft-antispam-prvs: <SA1PR09MB8350181DCFCC6E3F0F7FEB9A845A9@SA1PR09MB8350.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hsqbGIq1eoVtrRrexB0o9ExmZr14oQp7a6kM98lztGAVz2WAGgRFwVwmnOmCw9ZsR4rZIDPGK3LDncrxyonode7O9EFT/THYiTvd1VBq/tM180g1H57n7gbpcxwg+TEXdJzlmelDS6lM3Rp09LhZDf+tlhI6oBJVuJ3WlzfLMrAF80qdxUV9+OHBkTmBZAuv1WcpcvxKNI8p/rIhQxeI7b4vZMqEsEaAGOjuf04ouaMNT8gncvNV+CBIunYTJf7a82mOh7JIR67N3znSVxGwP2LRWmfimqEPt2j66K6PA/bbQdvydR9dHg0MX//sIODVXKwTiCJNsvP4RQ9Q9/HYauus2aMNxwgbfzwjCNrAl3zYTmOEAksvxLf2a1rgqnJN0AU9j7o3HM22BCXTNcwkit3wrTLoPusb3cm6pC+bj0hb0AfotJiJJIxakFaCSfhqtO5D1BI3XRft/sKSEeWospuooODXr4CC4wp5rrQoHLH99pWmEHyzBZOSybMO3/hezsVa5Du4AtHp6DDc/nuhFo1PjZ/vf8qYOOwrl1sCK/1dkL2v3IE41K+34gZ6uOkbz4/3DTZgIGpwG+i3MOeTFCPcuMnIP7SreD0VX/tEpPJqjKiRVKQyh8OaY2Lvcww+TyVVlj7Zfjthq3jzY60i9vBXgppmTJr25H6dhjGyJvRbuJG1lboq/v6CSHJLxONL//N/2C3WcP3YRyjpRd9JE/C+6oCfrOb2pvYgRh/uSJJuhbPXr6kRptz56u/YqHhoegN2dnzjuemcoeD03rVK/mgq4zlfNDs5xDSbKWLOakY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(166002)(33656002)(7696005)(52536014)(83380400001)(8936002)(66946007)(54906003)(66556008)(66446008)(38070700005)(966005)(66574015)(64756008)(6506007)(66476007)(508600001)(316002)(9686003)(55016003)(2906002)(110136005)(122000001)(26005)(82960400001)(186003)(71200400001)(4326008)(30864003)(5660300002)(8676002)(86362001)(76116006)(38100700002)(579004)(559001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RDYMDkeij9Te2VNqXcSIk/wjnnXSQF4MJQW3Xr9TtQFQFmwYq1qAH14zqPmBvgfftcgEl1B0RQtmYcmMSuoKM96JNxg0ErV/QXlpX2OwRYdpWFGJsCA94tqTfh1r6rYuQuSQ2DNmf//BOU2+LvkT7X4AGIuLS/DV4W9LxjSEqnbor5XPwMjgEe151Fjopg+Xb1TE7J8VbemCCakc0YrygA8AgWezHtvna4rV9ZkkfRlDKFKW4Eb4WrHTlaphSK0lUnEJlBmSgPdjyNXiv33pN4oODLk9Yc0W+g4nI11iwd8IzwoZnRmgXmyleoog1SrzR5SvAPO2fnzBjKCnddnxadFCerW96GWcEne9nhPN3WOncFYPDwdwAwLY7nFdmxpRE3OuiyYqpwmuhb3GsM6ejPMMd1dj8vPfURpnbCQMTG2IHmFHoMQV+mcUNkBiTZTHCJNVVNP/B6NuqN2RjOHhiyNGEeGggfZ1J+IVNfzTvLeWBkFPjaqT+it7lHpdcrhEWbNe1KpqV+sLXJ3mk+zbHSdkiit9V6Xb1w7D7vZCcOHCUaNEqN662Av3RzVziU1t2IcB6VvdU2liTx8aTpe0BJxmC0MDEbA/C46ehZBojs2BghDm6pbPUmplZDtE+Fzs9Pu9Q5BU/uXvHJdJJqbibsi2rr4/e7b+Qw9JUnF8oR8vkPyH32+OzxeZbFez8lLOfNIt65GbM8gOoZkQl2bdldXlIuZ8kCExYfpQVm0CMzGNtJo42k2iIRRfyU9BEqIQAdm6AoQcTA+y1Yyfp/fTrjHHFmO7QPD2pvTGE88RG3YEPqnxEnPmD5lhPGDURRynvd5eVcS5mGcCsbr3a/1Ht3GXZUmCLt6RUgZdKHfoW6rXGNBwwm4K/LMM00y/KgEto3zt7sIPvo3Lf7FCAiQNFwz+zdN3291/mNFpBdMl2cln8Qpdtp+ilgxgZCk8G+I0rzMuTSlQVFtFeCfNGbbOnrDwRHqRFP5XwhtpoGzFBKQRcu/Sq4Ue5Y9KdZNw+cAfWt9Wy6e97QmbcxZ6ZdT2OyRKlgcBQQHyTURlAk1yCetbf+xImNw5e/TdBkuW27NoUSVMFZJ6miPUUSH82C6j/2fHEnDjY/B46euFU+w3nyeJwYU2y7PJDVN4JZ9/f32K0MeHtbwCINOXAvNA8alwqg0tgchiYGYvhEk+IjizPrXCF4V+kkQvD4+xLSkurh3RJOI+/SJ9aEhkKF0Q3SyhCUKEFV8lE83XO2Qm+JmUMfY2rtc7xDZatAhSX7IQUbZ6t0+On2LDVqFovH3ocKEVBPvHGFWSzS06JF2H0svl6QJJlj6/VOZltRYQiOpZGByP
Content-Type: multipart/alternative; boundary="_000_SA1PR09MB814273665372A0B502061088845A9SA1PR09MB8142namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6fba1953-c8c7-4163-d395-08d9dbaaef00
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jan 2022 00:22:24.9430 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB8350
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/B4gZmi8eEwLSFcXbv9qBxruSgM8>
Subject: Re: [Idr] John Scudder's No Objection on draft-ietf-idr-bgp-open-policy-19: (with COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2022 00:22:38 -0000
Hi, John: Thank you for the careful read and very thoughtful comments. Your comments help improve the usability and readability significantly. We (authors) discussed off-list with you and closed the loop on all your comments. Now reporting back here on the full list. We (Alexander and I) have updated the draft and uploaded version-20. The changes have been made as agreed with you off-list. We have also made some minor other editorial changes that we felt were needed. The diff file can be viewed here: https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-bgp-open-policy-20.txt Note: We used ‘built-in’ in a couple of places. Benjamin suggested replacing ‘built-in’ with a better phrase that is not vague. We’ll do that shortly as we respond to his comments. Just in case others find it useful, inline comments marked with [AA/KS] are offered below. Regards, Sriram / Alexander ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I’m happy to see this document proceeding forward. Thanks for all the work that went into it, and into the shepherding. I do have a few points I’d like to raise. 1. Section 4 talks about policy in several places. As you know, “policy” is a term with quite a bit of baggage in BGP, and without further qualification, it’s likely to be interpreted as “routing policy configured by the router’s operator”. I wondered at first if your choice of “policy” was deliberate, to imply that the specification is not expected to be hard coded into the implementation, but rather configured (or not) by the operator? But, the whole point of the spec is to move away from using policy configuration to protect against route leaks — requiring configuration to enact the import and export “policies” given in §4 would fly in the face of the document’s raison d’être. Furthermore, you close §4 with “the operator MUST NOT have the ability to modify the policies defined in this section” — and that does help, but not before considerable potential confusion is created by the unfortunate choice of terminology. So, I think you mean that import rules (1)-(3) and export rules (1)-(2) MUST be hard coded into any compliant implementation. I strongly suggest you find a term other than “policy” to express what you mean. For example, “procedures” seems like a good replacement. You could say something like “the following procedures apply to the processing of the OTC Attribute during route reception” and “the following procedures apply to the processing of the OTC Attribute during route transmission”. (You could also try to put it in terms of RFC 4271, but it might be a bit painful.) I just grepped through §4 and a simple replacement of “policy” with “procedure” throughout seems like it would be almost sufficient. I was ready to make this a DISCUSS until I came to the final sentence of §4. That sentence does clarify matters sufficiently to reach the minimum bar, but I think the document would be even more usable if further edits are made along the lines above. [AA/KS]: All your suggestions above are incorporated. s/policy/procedure/ and s/policies/procedures/ done wherever appropriate. 2. Section 4 says The OTC Attribute may be set by the egress policy of the remote AS or by the ingress policy of the local AS. First, my earlier comment about “policy” applies here as well — you could maybe say “on egress from the remote AS or on ingress to the local AS”. Beyond that, I suggest changing the “may” (which is admittedly lower-case”) to a “might”, which has even less risk of confusion with any kind of normative meaning. Presumably what you mean is actually that if the remote AS is noncompliant with this spec, the local AS will have to set the attribute, and this is a feature, not a bug. [AA/KS]: We agree. Done. The new wording for that paragraph is now as follows: The OTC Attribute might be set at the egress of the remote AS or at the ingress of the local AS, i.e., if the remote AS is noncompliant with this specification, then the local AS will have to set the OTC Attribute if it is absent. In both scenarios, the OTC value will be the same. This makes the scheme more robust and benefits early adopters. 3. In Section 4 you write, The same OTC Attribute which is set locally also provides a way to detect route leaks by an AS multiple hops away if a route is received from a Customer, Peer, or RS-Client. I don’t understand this sentence, as written. I think maybe it needs to be several sentences. I don’t think it’s needed, or even desirable, to explain in detail in this document how you might make use of the OTC Attribute for troubleshooting, but if there’s a different document that does explain it, an informative reference might not hurt. I’m pretty sure I remember this being covered in one or more IDR and/or GROW presentations, but I don’t know if it got written down beyond slide sets. [AA/KS]: Good point. The following is the expanded wording in place of the wording you cited above: …The same OTC Attribute which is set locally also provides a way to detect route leaks by an AS multiple hops away if a route is received from a Customer, Peer, or RS-Client. For example, if an AS sets the OTC Attribute on a route sent to a Peer and the route is subsequently received by a compliant AS from a Customer, then the receiving AS detects (based on the presence of the OTC Attribute) that the route is a leak. 4. In §1 you say “This document provides configuration automation using BGP Roles”. The document, per se, doesn’t provide any such thing of course — an implementation of the specification would provide such. “This document specifies” would be more correct I think. A second point related to the same sentence is that it feels like a poor fit to refer to what you do in this spec as configuration automation, a term more usually associated with automatic, typically database-driven, generation and management of (router) configurations. In the second ¶ of §1, you identify configuration as the bad, error-prone, legacy way of preventing route leaks. So maybe something like, “This document specifies a means of replacing the configuration-based method of route leak prevention, described above, with a more automated method using BGP Roles,” [AA/KS]: Done. The following wording changes have been made: Old text: This document provides configuration automation using BGP Roles, which are negotiated using a BGP Role Capability in the OPEN message [RFC5492]. An eBGP speaker may require the use of this capability and confirmation of BGP Role with a neighbor for the BGP OPEN to succeed. An optional, transitive BGP Path Attribute, called Only to Customer (OTC), is specified in Section 4. It prevents ASes from creating leaks and detects leaks created by the ASes in the middle of an AS path. The main focus/applicability is the Internet (IPv4 and IPv6 unicast route advertisements). New text: This document specifies a means of replacing the operator driven configuration-based method of route leak prevention, described above, with a built-in method for route leak prevention and detection. This method uses a new configuration parameter, BGP Role, which is negotiated using a BGP Role Capability in the OPEN message [RFC5492]. An eBGP speaker may require the use of this capability and confirmation of BGP Role with a neighbor for the BGP OPEN to succeed. Note: We’ll replace ‘built-in’ with a better phrase per Benjamin’s comment. 5. In your Terminology Section (§1.1) you define a number of terms that are defined again, immediately, in §2, namely Provider, Customer, RS, RS-Client, and Peer. I think the definitions provided in §2 are better than those in §1.1, and sufficient unto themselves, and that you could remove the first ¶ of §1.1. [AA/KS]: Done. The paragraph of concern in Section 1.1 has been removed. The rest of Section 1.1 has been moved to Section 2 which is now titled Terminology. 6. You refer to transit and non-transit providers in many places throughout the document. Although these seem to some of us like well-known terms of art that need no reference, I have the feeling that may not be true for our entire community, or worse still, different people might all “know” what it means but with different definitions, and so it might be desirable to provide a citation. [AA/KS]: We agreed (off-list) that the wording and reference to RFC 7908 in the top paragraph in the Introduction are good and sufficient. 7. Have you given any thought to Autonomous System Migration Mechanisms (RFC 7705)? Mostly, I just have a free-floating unease here, because with the hacks described in RFC 7705, a given router may represent itself as any one of several different ASes, and your spec does ASN embedding and enforcement. Most likely there would be no problem, since the egress rules in §4 suggest the OTC attribute is to be attached as part of route transmission; therefore, a router might be expected to attach whatever value is appropriate based on the ASN it’s currently representing itself as. It might still be worth adding a note cautioning implementors about this, though, since implementations tend to do things for the sake of efficiency that spec authors aren’t expecting. One optimization pattern is to pre-build updates and copy them to many different transport connections; in such cases the OTC value might be prepopulated and the implementor might need to give extra attention to the exception case where a particular transport connection is representing a different ASN from the router's "real" ASN. [AA/KS]: Good suggestion. As agreed in the off-list discussion, we have added the following paragraph in the Additional Considerations (Section 5). In AS migration scenarios [RFC7705], a given router may represent itself as any one of several different ASes. This should not be a problem since the egress procedures in Section 4 specify that the OTC Attribute is to be attached as part of route transmission. Therefore, a router is expected to set the OTC value equal to the ASN it is currently representing itself as.
- [Idr] John Scudder's No Objection on draft-ietf-i… John Scudder via Datatracker
- Re: [Idr] John Scudder's No Objection on draft-ie… Sriram, Kotikalapudi (Fed)