Re: [Idr] A proposal to add sequencing to BGP Flowspec v1

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Wed, 28 April 2021 05:43 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F01F3A1A17 for <idr@ietfa.amsl.com>; Tue, 27 Apr 2021 22:43:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.917
X-Spam-Level:
X-Spam-Status: No, score=-11.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=b3k3OStj; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=TNY4u2b/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AyXfDqhqvamb for <idr@ietfa.amsl.com>; Tue, 27 Apr 2021 22:43:49 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E8D33A1A12 for <idr@ietf.org>; Tue, 27 Apr 2021 22:43:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24562; q=dns/txt; s=iport; t=1619588629; x=1620798229; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=ED8q9uxrJCeot6Ock7ypwSh7NVG26idy6eN6qvMh/YM=; b=b3k3OStjGL+qNV83Qhsa7eZ9f8LFqtqGV67lEzDuSzjLQKqNoNtItdtR Ja35owH6sP/4O/5Q0tv6fE1Pwre7ninunRrNG5KgFPCUi0W9SutFwGG/f 81buYsyJcyVTPcMyNhOa8ejr3v+YgVJfbTQ1G8nrzLLykqxull4HbBWUU c=;
X-IPAS-Result: A0ANAACU9YhgmJxdJa1aGwEBAQEBAQEBBQEBARIBAQEDAwEBAYIEBQEBAQsBgSIwIy5+WjYxhESDSAOFOYhwA48uhSCEdoEuFIERA1QLAQEBDQEBHQEMCAIEAQGEUAIXgWQCJTUIDgIEAQEBAwIDAQEBAQEFAQEBAgEGBBQBAQEBAQEBAWiFUA2GRAEBAQQBASEKEwEBLAsBDwIBCBEDAQEBKAMCAgIlCxQJCAIEAQ0FCAGCaAGBflcDLwEOnVMCih96gTKBAYIEAQEGBASBNAEDAg5BgxoYghMJgToBgniECQEBgl2Cb4EHJxyBSUKBE0OBX1EvPoJVCwEBAQEBgSMFARIBIxUJDQkIglk2giuBTwkBLzxnAwQ4Cw4BARQMAg0sBREKSRIDEGIpkGsrgwaHdI0HkWoKgxCJdIcjU4tOEINRgUCJRpY7lSmCE4lmhkWMLwuEWgICAgIEBQIOAQEGgUEUATZrcHAVGiGCaQlHFwIOjh8Zg1eFFIVJcwI2AgYKAQEDCXyMEwEB
IronPort-PHdr: A9a23:k9vmlhYiMJeaY4FWHFnuYJv/LTDbhN3EVjU944c7i79IbqWo9ojjO 0qa//h2kVvVRu3z8ftfmffV9abtRT9I7ZWAtSUEd5pBH18AhN4NlgMtSMiCFQXgLfHsYiB7e aYKVFJs83yhd0QAHsH4ag7Iq2ag8D1UHBjjZkJ5I+3vEdvUiMK6n+m555zUZVBOgzywKbN/J Rm7t0PfrM4T1IBjMa02jBDOpyggRg==
IronPort-HdrOrdr: A9a23:RdVcBqObKgoj9sBcT5Px55DYdL4zR+YMi2QD/3taDTRIb82VkN 2vlvwH1RnyzA0cQm0khMroAsi9aFvm39pQ7ZMKNbmvGDPntmyhMZ144eLZrQHIMxbVstRQ3a IIScdDIfX7B1RikILe6A63D94vzLC8gd+VrM31pk0dKj1CQadm8gt/F0K/Gkp5WAFJCfMCZe Shz+BAoCetfmlSU9SjChA+Lqb+jvDotLajWx4JABY79BKD5AnJ1JfWGwWVty1uKA9n7qwl9Q H+4mnEz4Wl98q20xrNk1LUhq4m5OfJ7vtmKIiyhtMOKjPq4zzYJbhJf7GZpjg6rKWOxT8R4a PxiiwtNchy9H/dF1vdyXCGtmWQs0dN11bYxVCVmnflq8DiLQhKdvZpv55TcRfS9iMbzbdB+Z 9LxG6Qut52Ch7NjU3GlqD1fixqjUa9rD4el/cShRVkIPIjQYJWxLZvmH99IdMlJmbX+YonGO 5hAIX3//BNa26XaHjfoy1G3MGsdm5bJGbHfmEy/uiulxRGlnFwyEUVgOYFmG0byZ47Q55Yo8 zZL6VTkq1URMN+V9M/OM4xBe+MTkDdSxPFN2yfZX79ErscBn7Lo5nrpJI4+f+tY55N6Jcpgp zOXBd5uAcJCgDTIPzL+KcO3gHGQW27Uzio4NpZ/YJFtrr1Q6euPjaETFwojsu8s/QSCsDWQJ +ISdZrKs6mCVGrNZdC3gX4VZUXA2IZStcpttEyXE/Los+jEPysisXrNNLoYJb9GzctXW3yRl EZWiLoGclG5ke3HnvxgB3bXWLxalXylKgAVpTyzqw28swgJ4dMug8ahRCS/ceQMwBPtaQwYQ 95O7PokqSyoGGs5mbW52B1Oh5QZ3wlpYnIYjdvn0snIkn0ebEMt5G0YmZJxkaKIRd5UofLCg JFvk92/qi2NpSUwignB7ucQzunpkpWgEjPY4YXm6WF68ugR4gxCYw+XrdtUS/REQZupApsoG BfSQMNS0PFDAnygaG9gJF8PpCGS/BMxCOQZe9dszb2qFiVr8BHfAprYxeeFeqsxTsIaxURrF tr6KMbiKeHgl+UWBsCqdV9FkZNZmSRCK9BFyKfauxv6+vWUTA1a3uWjjqHjBx2XWzm+ywp9z HcBBzRX+3XCVxAvX0d6ILWyRdfc2WQeF8YUAEhjaR0CXnGtnFv0eWCe6q01C+LZkEfx/wGWQ u1Egc6M0dgwcu62wWSnyvHHXI6xo82NuiYF7g7darPs0ndZbGghOUDH/VO+oxiO82ruugXUf iHcwv9FkKyN8o5nwiUrG0iIi96tT0tlu7pwgTs6Cy90GQkCfTfZFRgSLdzGaDX00H0A/KJ2o 5+l9Q7oK+5NXjwcMePzeXPdCFYQymj11KeXqUts9RZrKgyvLx8E93SVibJzmhO2FE7IN3vnE 0TTaxn6Nn6S8NSVt1Xfzgc8ksildyJIkduqADwD+MkdVwmjnPQPbqykvL1gKtqBlfEqBr7OF GZ/SEY4uzMWDGb06UGT603OmZbZSEHmTtf1fLHc5eVDgqkd+tOpgXndnC8daJQU6iDF/EbqA 1g79SBgu+QcG751WnrzE9GC7ML93ziR8W4RB+IE6pP9dexPFyXmKuk4MKpll7MOHKGQlVdgZ cAbFAaa8RIlyIrg4I22DWjU6CfmDNRr3JOpTV80kP30oeo4G3HDVhLPA3QjJJRRyRSOBGz/L P42Pnd0m/87jhD0YTCE0kVfsgmIaljcrTK
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,257,1613433600"; d="scan'208,217";a="728210198"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Apr 2021 05:43:48 +0000
Received: from mail.cisco.com (xbe-aln-007.cisco.com [173.36.7.22]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 13S5hm1n031287 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Wed, 28 Apr 2021 05:43:48 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xbe-aln-007.cisco.com (173.36.7.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Wed, 28 Apr 2021 00:43:48 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Wed, 28 Apr 2021 00:43:47 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 28 Apr 2021 01:43:47 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iBDgLSDI3ua3QQtaVNH5OTq4BIn9j7UZFeJfkMUGOck4HOjEwxNwnlL1SJSnpuhVsrD/N0SAxiU5VrF9IY0mNWj+xHKzsHw4MqtniQbKBjWe+9gl46IWOoqL6h7ji2aIoq7n1Vw4JZGbOozx1NEhUf9EWr4q5JNsuk8AyFDqltHkCwFs2meWoIUdGQBqFLEdCPUBgP5NwVDfrAom6T21O4iMFf20TFt8KiHtOLxZ2JG/RhOafqMhOtvBHQjPbiW/Kpc/I24LDyXqqUZKIqHcx6b89zznVs9QgSkm8o3Qd5Vxrg/HmA7iIyz5qr8W5aEyD3VqjUfFX/fXzPKoERlnvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ED8q9uxrJCeot6Ock7ypwSh7NVG26idy6eN6qvMh/YM=; b=FXhBVt3snxLT4wzsjKf96gj4A510FkxIBf+v8HKMEAMjjFswVcp5xj7hhONVujxS+OKznxJWEPJBg8TpqIlwl+owh2UCSKJRj5XoYnMMn1YCEEETgayq7h+xQQlDoa9VlVhRtruDvkYHOiWO6Py5NTVwgm3BsxOQfM7R66ZLeiwzGHQ82a9uz2LDLcb8/J42/HltIU49I+ugbBZeReSOJnBER4k1o3Lwf/5gKKjSIgzEFDCe8gD3NRZhrme5aj9NSLd+0XKJcagTyrNdIL255DP+6IPfJiBsJ2j7B/v5neTDlooQ28KdsYguIv7J20pFTNZ4T/y4VPVyp+DqP9vNWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ED8q9uxrJCeot6Ock7ypwSh7NVG26idy6eN6qvMh/YM=; b=TNY4u2b/jNCIjcF8S4BEEeZi8mEknwnRtJI537ryf/UEJv4h5MFD0kmFx1uWCP7IDlqVneNsIP+ewWkUHGuXJl6ZlLEZKcGlShes1VDTSYRRhnnpkzAcIV0G+zRf+JnnJWQin1KS32aT3sSlzFK8ccdZwyIt8j8Ed9UtNOa5Ru0=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB2887.namprd11.prod.outlook.com (2603:10b6:a03:89::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Wed, 28 Apr 2021 05:43:44 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::106d:d229:f71b:b34f]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::106d:d229:f71b:b34f%4]) with mapi id 15.20.4065.027; Wed, 28 Apr 2021 05:43:44 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Robert Raszuk <robert@raszuk.net>, Jeffrey Haas <jhaas@pfrc.org>
CC: "idr@ietf. org" <idr@ietf.org>
Thread-Topic: [Idr] A proposal to add sequencing to BGP Flowspec v1
Thread-Index: AQHXO5DgwqH/5wQ9sk2i99YsvwADmKrIxEAAgACnL/A=
Date: Wed, 28 Apr 2021 05:43:44 +0000
Message-ID: <BYAPR11MB32073E748125AC6CD31B4D3BC0409@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <20210427183448.GA10541@pfrc.org> <CAOj+MMEg_p_yEqbmtC+kNosbWYW0Fpc6fLwj5X88HP3B2Vqjug@mail.gmail.com>
In-Reply-To: <CAOj+MMEg_p_yEqbmtC+kNosbWYW0Fpc6fLwj5X88HP3B2Vqjug@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: raszuk.net; dkim=none (message not signed) header.d=none;raszuk.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:b91e:f303:24d2:db05]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1b069af4-3973-422c-36fd-08d90a089655
x-ms-traffictypediagnostic: BYAPR11MB2887:
x-microsoft-antispam-prvs: <BYAPR11MB28871E8E0705DA64435D5B0DC0409@BYAPR11MB2887.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: A2FGVKgDRxnW7KdpwHILu78WvL5wYMvNLj8Lbw+8p5gFqpC5UMKr3AgqbZm2raJqDruDtVf/DilwGW8gc05tSs6WwsXqBR+PMEkLTprzNAc8nbv0UM+SD6kumqWsui1Z5dUdJxFqE7u7yIl4p2sBD/D/6Yp9XSnhs9ylaRD+cbqoect1bEN9dASOz2+q0A2qk/3RtKEBUHYI4s649nqb2FqMRgOX3wMgMK1NZbQKYYgAiKAV2cVZFYa7Y6jKUuE4Y0kESm/yxwxgrZpLMXa9rFWwjiU/zOx0Ew0uGT6MjrKXZKDAYVAn99/MrsvFbTysHoSeS/F8Li4xTAc0WuZJoPtjnI+VXCLocWsyuacTDn6a00eDOU6Q8Q6ZdUSaUy5lEQtaNmKzULNQudPFeDr1CeBK7rt9AOcM2donbqTnnH9Y0rKLQOENDjMzA+xDWoYRSdqfHM2COMs24aSdX3A7i5yMoAEyq6SzvVBFAlTdVyKlEkENKD9UOiCPb5o+HGJ5bfKUnzDlNtns2eUN8zVSqOJjOml6P5NZHJFBfndTPjqdiaCmoZm+K3jzxUv8EcOqaXkDVUT0TJ64QaeCIN6GduJFgn2wINOLNqPYx7gXMWxVw6fRxGTyYiEO0oExBcCo5B5QXKJQCF5wijEKXnDJELau+h21QZOCVjeJmUK4iVm5ZaIr7q9pjAez83jIDGsa
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(136003)(376002)(39860400002)(396003)(366004)(66446008)(21615005)(64756008)(83380400001)(66476007)(66556008)(4326008)(2906002)(66946007)(7696005)(9686003)(76116006)(166002)(52536014)(33656002)(186003)(53546011)(8676002)(8936002)(86362001)(316002)(110136005)(66574015)(122000001)(6506007)(966005)(38100700002)(5660300002)(71200400001)(55016002)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: FRk4BW3iSb8uZCtrfP+bDxRj/w8CzAiDBjteg5QNwRps9ShN4ERrOI5PaTnW4zKNF3jDqr64Kc7TUGL5WM8pUqCxj1JAucEuG56wNXPs5mn9C4q/sRDd22yX0Fo2mZjSFDcjy/oHmmwvm9y9pxIP2E4wxj1x5+yzQv3frxZchPdEbWJIDh9jUPovhPj4q8IFts9QN0Gz13O3HeQP5WVmoQ/C1FYn5y9Vvc1+baX+WVYxcIjlIU0s90bKQn7/uMUOovGTP0wfUJD9s/M9D6DGuVrdFUKn4WOTr1oueTanwofLFLLgsabZv8IJh9T0teDd69/hYLAgeTt6QfiT8mIkSy/QJh8edqN27M7HL1B0crnNOH3yTCJYObIrNjEDDBBvUYNbQuNzwAuYOBC3KFCspS2QX4qbt2D2OoGV4r81sqsjEVR6wYM9s+/czjprq9P5dh5LQnZe9C7fYS5KZOAFTA/eCHfriN8db2+wEQ8eotcD0ro8eOMVE4eGK3UbHVia2LU5u7/oHBbiuaJxPaDMnTacKPJt0vhDux2zpK/uJyQtsR5kYsunFHo0qAS3fdYEu3+THeFYELMJQQOVmZnAUh7L5g69n4/NBmNZne+QmjeBgabjy5z3EecIIeZGeOKdlqkEo6d0xmgoIS1Yd+PGn6FnapMoEibdDNQZKdbmMkCKSffV0xyL+99a4bEezEcnjkjDSpG4C4aQyb+W+4pfMojdfmgI7qKi1LkPnbLGDBdhiTgMTUaSdBD+tnb1UE3A5GXmxmzN2zLG8Y+zZL/kahDkF3FOAdzwg6RJV2m7owZtDmMv3z+xPcQzh+F9leloABmVZtMKTd2LvNVGMig/pUSNbJjYbpeDldy3bFjLCAqLpwwmu5LT8LXB9DCs79ZciHjD5YuorDsnD5tNH6dJw4bSTN0WttypXeAnYJISK+6yubxt2YzpC/0T7YueWIiw34Qf2a49+cvqTJ53uptu2yGG3VPb4FBDYC0YN+GhsanIMeP34ySmCIQonUCBM9x4gTmzDH8WLv8AVThfj/LOyXBcFh+E/B9L7JH4Zg3o55PixgyCZqpSZrzwoiRWuQKsqJ/DkgHTlFkeOf0R3zGSSuDvb8C+pBh6Dkqgk9hHgsX+ghJTX9Q4qjUN+4vDBm9nRB5ohdE8jDstBoPJ2dT8TopuAHVvOMC0T5+sLbgj22rsHglsP+W1s2FD5lbsO/HAUmuWJvU626/chkoN/XJne0NrN8KbYiuT3LRmE1eZjXoJZZvvX297Gi2nU/RjBrgRsUAN7gydBv4npca6dqsReOTnbvpJ2LSChZY+/qQWnKEuz9UbSUT+jbm7tEhVTjzxPAHSqdsRIIxnydgz6m5w51baSSYobKMVEn6q1qNuubR1x221Dbjlx8396/NdcHsZ
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB32073E748125AC6CD31B4D3BC0409BYAPR11MB3207namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1b069af4-3973-422c-36fd-08d90a089655
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2021 05:43:44.6669 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZYB9ZYEpj48OjbbK1lDyikHkgQtCyB/qQewEaoxWfXC9OK3rPoAmVVf7KArwNz4+ZKjf5sXVHEbO1D46XWbc9A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2887
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.22, xbe-aln-007.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/B_POmsEZVbjJSXkvag5JWMINppE>
Subject: Re: [Idr] A proposal to add sequencing to BGP Flowspec v1
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Apr 2021 05:43:54 -0000

Robert, you make valid points.
However, none are arguments against this draft.
I think the draft is good.

Regards,
Jakob.

From: Idr <idr-bounces@ietf.org> On Behalf Of Robert Raszuk
Sent: Tuesday, April 27, 2021 12:44 PM
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: idr@ietf. org <idr@ietf.org>
Subject: Re: [Idr] A proposal to add sequencing to BGP Flowspec v1

Dear WG,

As someone who has spent a substantial amount of time on FlowSpec definition I recommend that we leave Flowspec v1 alone and all the subsequent extensions should aim to go into Flowspec v2.

Reason #1 - Flowspec v1 intends to address a missing gap and offer mitigation of DDoS attacks as close to the src. The more stuff we load onto it we will effectively kill this use case. Sure network are evolving but last time I checked typical DDoS protection today is blackholing entire destination at best within an ASN and phone/email to adjacent NOCs to do the same there. This is stone age. While I am not claiming that we should keep Flowspec v1 forever I am also not able to see alternative dynamic protocol signalling for DDoS mitigation. Till then I recommend we keep FlowSpec v1 as is and alive. When better signalling is defined we can deprecate it.

Reason #2 - Most modern Flowspec extensions turn BGP into configuration push protocol. Worse, they ride on the p2mp spray distribution model to push configuration into p2p fashion. That is misuse of BGP in its fundamental roots. We have netconf, configuration management and bunch of other tools to do this job, but just for convenience and new RFC glory we see endless proposals in this space popping up. If this can not be stopped let's at least contain it and mitigate damage to other BGP useful components.

Kind regards,
Robert

On Tue, Apr 27, 2021 at 8:11 PM Jeffrey Haas <jhaas@pfrc.org<mailto:jhaas@pfrc.org>> wrote:
[Speaking as an individual contributor.]

IDR,

As a Working Group, we set out to finish Flowspec v1's -bis document before
taking up the work for Flowspec v2.  We finished the -bis work in RFC 8955.

It's been several years since the conversations we had that motivated
Flowspec v2.  Sue had submitted a proposal that was intended to capture the
thinking of the Working Group at the time.  There were three high order
pieces of work to be done:

1. Address parsing issues by moving to an explicit length field.  (PCEP
adopted this idea when they embedded Flowspec in their protocol to leverage
our encodings.)

2. Provide for explicit sequencing of terms.  This was motivated by there
being a need for other firewall-like applications to have ordering different
than those provided by the default sort function.

3. Provide for a better way to manage Flowspec actions, especially when
they may have interactions based on ordering.

draft-haas-flowspec-capability-bits was submitted to try to address the
first issue incrementally for Flowspec v1.  It's gotten good discussion.

Below, please see a proposal that attempts to incrementally address the
explicit sequencing problem.

Why not wait to do this in Flowspec v2, you might ask?  It's certainly an
option.  I will offer two initial points of consideration why we might want
to consider this proposal:

- We now have multiple BGP Flowspec features that share more history in the
  format of v1 (especially after the -bis work) than they do with v2.  This
  includes extensions for nvo3, l2vpn.  If those features will want to
  leverage explicit sequencing, they either need to wait on v2, or update
  after v2 has come into being.
- This proposal is also compatible with those additional drafts.

We look forward to your feedback.

-- Jeff (for the authors)



----- Forwarded message from internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> -----

Date: Tue, 27 Apr 2021 10:47:36 -0700
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
Subject: I-D Action: draft-haas-idr-flowspec-term-order-00.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : BGP Flowspec Explicit Term Ordering
        Authors         : Jeffrey Haas
                          Susan Hares
                          Sven Maduschke
        Filename        : draft-haas-idr-flowspec-term-order-00.txt
        Pages           : 7
        Date            : 2021-04-27

Abstract:
   BGP Flowspec (RFC 8955) provides a mechanism for matching traffic
   flows.  The ordering of the Flow Specifications defined by that RFC
   is provided by a sorting function that uses the contents of the
   received BGP NLRI; that NLRI does not contain an explicit ordering
   component.  The RFC's sorting function permits for origination of
   Flowspec NLRI from multiple BGP Speakers and is generally appropriate
   for mitigating distributed denial-of-service (DDoS) attacks.

   There are circumstances where the implicit RFC 8955 sorting order is
   not appropriate.  This document defines a mechanism that permits
   individual Flowspec NLRI to influence their sort order.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-haas-idr-flowspec-term-order/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-haas-idr-flowspec-term-order-00
https://datatracker.ietf.org/doc/html/draft-haas-idr-flowspec-term-order-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

----- End forwarded message -----

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr