IETF Logo Mail Archive

Re: [Idr] WG adoption call for draft-ymbk-idr-bgp-open-policy (5/20 to 6/3/2017).

Alexander Azimov <aa@qrator.net> Fri, 09 June 2017 20:57 UTC

Return-Path: <aa@highloadlab.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5175129482 for <idr@ietfa.amsl.com>; Fri, 9 Jun 2017 13:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=highloadlab-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRpneB0E6X2U for <idr@ietfa.amsl.com>; Fri, 9 Jun 2017 13:57:54 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0772128656 for <idr@ietf.org>; Fri, 9 Jun 2017 13:57:54 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id 83so32125546pfr.0 for <idr@ietf.org>; Fri, 09 Jun 2017 13:57:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=highloadlab-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Gilf0NpFaHOjUboTTe0A0/hpRLeKODILeY046dfwYBA=; b=JXq9NbWzUiNzQXtla9e3Dyp+O3bZIKyOYfm0Ag7rv95KPsdmr3zLjkC+jodn8sKlU2 v8On1d9PdLh/3naNfH8gSG5LqHP2jxZ35X/xeTCFI0DHEkJXefFHQKyeDftxUZ9AleR6 zh658pqaN9NJZa0BQ5Pmvib4fru+ZxNSlH1akh+IKUXIPalh7WyPCA5MsiI6xHojw8Ed jWGkPv192uL4JmRxjPkPTxVlk9mf7Jy3KxrXvYPaBOdWTVOcRCg33eN2JEQ+rv52qfm9 JvBEzbr/Dv/iOYBnXsaFwpgN3utiZebKmgS9ny8rCwk0yM+s7PEB1eD8TDLK8pMxlNv+ kbQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Gilf0NpFaHOjUboTTe0A0/hpRLeKODILeY046dfwYBA=; b=bG3IBHJdN70Cov/6U16xggUu6LLUaylKCkaQI8NxseJDrOVhbUspV6fgcp83K2QpQX DaiJywhpbLt668zbbJfBtSkissmpVVpUlSwVmYSqj65gpOOSGHLGTuh2T2qLSYuV2iPq j72qRd4K5mnnxCMqxNC0Ady27ajX2BI6m7oXI9h435x63CmEzDvSdqhf7oCo8ysTKqiE 86BjO6B7h2lHFw0TpW4XKe4Bu3zLVItv8l1P3VVNBHEphMGIp68mHWXA8o2U66iMCC3R xE5xF5/Wt1T9J4uKZ91MXS5LDKhP5jUbNp2SqVQATN/0TuZ4WiMNF1MYRuB8WcGk0F2m z1ug==
X-Gm-Message-State: AODbwcDr9HRLvJ3qFIFIOXby1iABpWGfsdTg9onErcvWuaZQzSbs5S4Q Fgj/D9S5D5YTHG5AZPD1YqyW8kLkn7r7Ma8=
X-Received: by 10.84.224.135 with SMTP id s7mr43413611plj.1.1497041874254; Fri, 09 Jun 2017 13:57:54 -0700 (PDT)
MIME-Version: 1.0
Sender: aa@highloadlab.com
Received: by 10.100.162.194 with HTTP; Fri, 9 Jun 2017 13:57:53 -0700 (PDT)
X-Originating-IP: [46.188.121.23]
In-Reply-To: <3e0388db-38c6-cf03-b01c-c7b25b696a58@futureinquestion.net>
References: <001e01d2d14c$32ed2e10$98c78a30$@ndzh.com> <19180.1496426777@x59.NIC.DTAG.DE> <CACWOCC9Ar8aJdGEOYPTnQ_h6q6FqKizM2qqw6QLuo+7ywaCVCw@mail.gmail.com> <3e0388db-38c6-cf03-b01c-c7b25b696a58@futureinquestion.net>
From: Alexander Azimov <aa@qrator.net>
Date: Fri, 09 Jun 2017 23:57:53 +0300
X-Google-Sender-Auth: _BGh9--kP0oO1W0ow0u4_Z7XeSQ
Message-ID: <CAHgCvCNHRhvFsNONdF3_0N6DjVeEE6e-4c35mXsRb0dGaRPd4A@mail.gmail.com>
To: David Monosov <davidm@futureinquestion.net>
Cc: idr wg <idr@ietf.org>
Content-Type: multipart/alternative; boundary="f403043619222113ee05518d39cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/C4NbGdm7AsmS2Bt05iHtzQaXVLc>
Subject: Re: [Idr] WG adoption call for draft-ymbk-idr-bgp-open-policy (5/20 to 6/3/2017).
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2017 20:57:57 -0000

Dear colleagues,

Thank you for your feedback!

I agree with Job, that every new technology should be suitable for both
"big" carriers and smaller ISPs. And in field of route leaks it is even
more crucial. The work on this draft is in process, and IMO, the current
version of draft is not ready for WGLC. I hope, that if this draft is
adopted, it will result in more comments, more feedback and will speed up
the process.

At the same time I disagree with proposal of movement toward BCP. BGP
already have all one need to prevent network from leaking routes. Still the
problem is here and it becomes even worse. Here are few noteble examples of
route leaks that took place during May:

   1. Route leak by Rostelekom (AS12389), the biggest ISP in Russia, more
   then 1k prefixes leaked from HKIX to NTT;
   2. Rote leak by Incapsula (AS19551), DDoS mitigation provider, more then
   1.5k prefixes in multiple directions;
   3. Route leak by Onlanta Ltd (AS56631), small stub ISP which leaked more
   then 50k prefixes between its providers.

While first two anomalies were short lived and affected only network
latency, the last one lasted more then two hours and resulted in channel
exhaustion and partial DoS for a number of networks. Please, correctly
understand me, this is not wall of blame, this is wall of BGP problem
itself. And a significant change in protocol design is required to avoid
existence of such mistakes.

PS: There was a comprehensive comparison between communities and path
attributes usages by Brian Dickson. While iOTC MUST not be propagated
outside ISP border, eOTC/RLP MUST not be dropped by some AS in the path.
For me it seems that in both scenarios path attributes are more preferable.

2017-06-04 19:28 GMT+03:00 David Monosov <davidm@futureinquestion.net>:

> On 6/4/17 1:59 PM, Job Snijders wrote:
> >
> > On Fri, 2 Jun 2017 at 20:06, Ruediger Volk, Deutsche Telekom Technik -
> FMED-41..
> > <rv@nic.dtag.de <mailto:rv@nic.dtag.de>> wrote:
> >
> >       > This begins a 2 week WG Adoption call for
> draft-ymbk-idr-bgp-open-policy
> >       > (5/20 to 6/3/2017)
> >     I strongly support adoption,
> >     and consider it a worthy candidate for the being progressed quickly.
> >
> >
> >
> > Unfortunately, as it's currently specified, I still cannot see my
> affiliation
> > deploying this technology in a meaningful way.
>
> Concur. Despite a laudable goal, in its current form this technology would
> significantly constrain the flexibility afforded by community based
> policies,
> which are widely deployed.
>
> Attempting to "codify" the nature of relationships between autonomous
> systems
> into 4 broad categories is an oversimplification that has limited overlap
> with
> operational reality (as demonstrated by increasingly broad and expressive
> selection of policy communities implemented by sophisticated networks).
>
> Having to firmly constrain the nature of each relationship in advance, on a
> session level rather than prefix level, requires the operators to make a
> choice
> between two less than ideal alternatives:
>
> - Correctly select a conservative definition of their current relationship,
> reducing the operational agility if the nature changes in the future - as
> now
> both operators must agree in advance and implement a change in the
> definition of
> this relationship, flapping the session, prior to modifying policy.
>
> - Err on the side of caution and tag all sessions as "complex" to maintain
> that
> agility, eliminating the benefit of this technology.
>
> Regardless of the alternative initially chosen, it seems plausible that an
> autonomous system with an evolving set of roles and interconnects will find
> itself over time drifting toward ever more of them marked "complex" as its
> policy sophistication requirements evolve.
>
> Perhaps a better direction for this initiative, in lieu of BGP extension,
> would
> be toward a BCP outlining a checklist for defining the nature of each
> relationship as part of the on-boarding process for new interconnects - and
> providing some policy implementation examples for various cases.
>
> --
> Sincerely yours,
>
> David Monosov
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>



-- 
| Alexander Azimov  | HLL l QRATOR
| tel.: +7 499 241 81 92
| mob.: +7 915 360 08 86
| skype: mitradir
| mailto: aa@qrator.net
| visit: www.qrator.net

v2.23.0 | Report a Bug | By Email