IETF Logo Mail Archive

Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

<bruno.decraene@orange.com> Thu, 12 November 2015 14:18 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 845211ACD8B for <idr@ietfa.amsl.com>; Thu, 12 Nov 2015 06:18:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpnkNc63Danf for <idr@ietfa.amsl.com>; Thu, 12 Nov 2015 06:18:22 -0800 (PST)
Received: from relais-inet.francetelecom.com (relais-ias244.francetelecom.com [80.12.204.244]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDE711ACD82 for <idr@ietf.org>; Thu, 12 Nov 2015 06:18:21 -0800 (PST)
Received: from omfeda07.si.francetelecom.fr (unknown [xx.xx.xx.200]) by omfeda13.si.francetelecom.fr (ESMTP service) with ESMTP id 2B9C0190099; Thu, 12 Nov 2015 15:18:20 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.72]) by omfeda07.si.francetelecom.fr (ESMTP service) with ESMTP id EA5FF15804E; Thu, 12 Nov 2015 15:18:16 +0100 (CET)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541%19]) with mapi id 14.03.0248.002; Thu, 12 Nov 2015 15:18:16 +0100
From: bruno.decraene@orange.com
To: "John G. Scudder" <jgs@bgp.nu>
Thread-Topic: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
Thread-Index: AQHRGCkv0LcxO4TcLUanEBBj3HdQVJ6YcgQw
Date: Thu, 12 Nov 2015 14:18:16 +0000
Message-ID: <644_1447337897_56449FA9_644_166_1_53C29892C857584299CBF5D05346208A0F6B6DD1@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <002a01cf84b8$b0f55230$12dff690$@ndzh.com> <29140_1402414807_539726D7_29140_10276_1_53C29892C857584299CBF5D05346208A0716175D@PEXCVZYM11.corporate.adroot.infra.ftgroup> <0CE20ABC-B920-48B5-AB75-4E41AC1D6067@bgp.nu>
In-Reply-To: <0CE20ABC-B920-48B5-AB75-4E41AC1D6067@bgp.nu>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A0F6B6DD1OPEXCLILM21corp_"
MIME-Version: 1.0
X-PMX-Version: 6.2.1.2478543, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2015.10.16.122716
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/BfjrB8cvdKI39Iu1XpY7V6zN9U0>
Cc: idr wg <idr@ietf.org>, "Murphy, Sandra" <Sandra.Murphy@parsons.com>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 14:18:31 -0000

Hi John,

Thanks for taking the time to take my comments into accounts.
-06 address all my comments.


Following the changes, I have some further comments. Please feel free to silently discard/update as you wish.
*) §2  :s/TBD/0x00


*) Following the removal of the change to the BGP Decision Process, the 2 first sentences of the abstract & Introduction could probably be removed or rewritten. (Currently is “As part of the origination AS validation process, it can be desirable
   to automatically consider the validation state of routes in the BGP
   decision process.  The purpose of this document is to provide a
   specification for doing so. »

*) §2 “An implementation SHOULD NOT send more than one instance of the
   origin validation state extended community.  However, if more than
   one instance is received, an implementation MUST disregard all
   instances other than the one with the numerically-greatest value.”

Sorry for nit picking, but since this may impact interoperability, I would prefer if you could explicitly specify what “numerically-greatest value” refers to. IMHO “validationstate” but some people could understand “extended community”

*) §2 For the same reason, explicitly specifying what to do with the Reserved field would ease my mind. (I assume Reserved: MUST be set to 0, and SHOULD be ignored upon receipt)

Thanks,
Bruno

From: John G. Scudder [mailto:jgs@bgp.nu]
Sent: Friday, November 06, 2015 1:22 AM
To: DECRAENE Bruno IMT/OLN
Cc: Susan Hares; idr wg; Murphy, Sandra
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

Hi Bruno,

We believe -05 has addressed these issues, see below.

On Jun 11, 2014, at 12:40 AM, bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> wrote:

Hi,

Thanks for the cross WG review. Please find below some proposed comments.


1)      For people not following SIDR, could you please elaborate on why http://tools.ietf.org/html/draft-ietf-idr-custom-decision-04 has not been used? (via the registration of a new Point of Insertion specific to origin validation) (as I though draft-ietf-idr-custom-decision was intended to be the last time BGP decision process would be modified)

We didn't register a new POI, but did remove the decision process change. It would be possible to register a new POI as part of follow-up work if demand for that exists, but we didn't think it necessary to move forward.



2)      Could the document specify the action to be taken when multiple “Origin validation state extended” community are present with different validation state? And how are handled validation state value > 2. (from current text, it would not be considered an error, just lower priority. But I would prefer an explicit statement to avoid surprising error handling behavior)

Done. (Drop the community.)



3)      Rfc 6811 is referenced twice in important sections. What about moving it to “normative reference”?

Done.



4)      Following discussion triggered by http://tools.ietf.org/html/draft-decraene-idr-rfc4360-clarification-00 I understood that the IDR conclusion was that a non-transitive community may be attached on the outbound policy of an eBGP session; hence may received over an eBGP session. Given this, IMO the security consideration needs more text. (assuming that the ability for a neighboring AS to influence/force the origin validation state is considered acceptable, which would probably need to be discussed in SIDR)

Leaking the community across EBGP is now specified as off by default.

Thanks,

--John



Thanks,
Regards,
Bruno


From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Susan Hares
Sent: Tuesday, June 10, 2014 4:32 PM
To: idr wg
Cc: Murphy, Sandra; 'John G. Scudder'
Subject: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

IDR:

The SIDR WG has asked for cross review of the draft-ietf-sidr-origin-validation-signaling-04.  This draft changes the RFC 4271 decision process in the following manner:




If a BGP router supports prefix origin validation and is configured for the extensions defined in this document, the validation step SHOULD be performed prior to any of the steps defined in the decision process of [RFC4271<http://tools.ietf.org/html/rfc4271>].  The validation step is stated as follows:



      When comparing a pair of routes for a BGP destination, the route

      with the lowest "validation state" value is preferred.



In all other respects, the decision process remains unchanged.

The draft is at:

http://tools.ietf.org/html/draft-ietf-sidr-origin-validation-signaling-04

John and I would like to hear your comments regarding the RFC 4271 revision.  Please send comments that include “support”  or “no support”.

Sue and John

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email