Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

<bruno.decraene@orange.com> Tue, 25 April 2017 08:32 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 199E7128DE5 for <idr@ietfa.amsl.com>; Tue, 25 Apr 2017 01:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.399
X-Spam-Level:
X-Spam-Status: No, score=-5.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FdQDBUB-qqls for <idr@ietfa.amsl.com>; Tue, 25 Apr 2017 01:32:07 -0700 (PDT)
Received: from relais-inet.orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D80231293D8 for <idr@ietf.org>; Tue, 25 Apr 2017 01:32:06 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr21.francetelecom.fr (ESMTP service) with ESMTP id 621C8C053F; Tue, 25 Apr 2017 10:32:05 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.62]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 38AB71A0064; Tue, 25 Apr 2017 10:32:05 +0200 (CEST)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM5E.corporate.adroot.infra.ftgroup ([fe80::2912:bfa5:91d3:bf63%18]) with mapi id 14.03.0319.002; Tue, 25 Apr 2017 10:32:04 +0200
From: <bruno.decraene@orange.com>
To: Mikael Abrahamsson <swmike@swm.pp.se>
CC: idr wg <idr@ietf.org>
Thread-Topic: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
Thread-Index: AQHSvZrF/UOdCRuRk06fXrEppErHB6HVu5PA
Date: Tue, 25 Apr 2017 08:32:04 +0000
Message-ID: <9917_1493109125_58FF0985_9917_13726_10_53C29892C857584299CBF5D05346208A31CCB014@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <abe393d3-d1e4-7841-4620-38dab751765b@cisco.com> <CA+b+ERnRz8BEO3mb1fnsDPoiL6Wxjdfw9vQPbyODNEa+xCJdnw@mail.gmail.com> <D51D67E4.A9782%acee@cisco.com> <AF07526F-F08B-4084-937B-A9A2D2DD2813@juniper.net> <D51D6AD2.A9795%acee@cisco.com> <CAL9jLaa1UQ5A1FwRKVw5RJCBQO+0j0BW4vUNaPXHB0_JB0j76Q@mail.gmail.com> <1058_1493105140_58FEF9F4_1058_786_3_53C29892C857584299CBF5D05346208A31CCAD43@OPEXCLILM21.corporate.adroot.infra.ftgroup> <alpine.DEB.2.02.1704250930500.5591@uplift.swm.pp.se> <20393_1493106881_58FF00C1_20393_19903_1_53C29892C857584299CBF5D05346208A31CCAEB1@OPEXCLILM21.corporate.adroot.infra.ftgroup> <alpine.DEB.2.02.1704251000070.5591@uplift.swm.pp.se>
In-Reply-To: <alpine.DEB.2.02.1704251000070.5591@uplift.swm.pp.se>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/DcpaCY68UU-QoWwz75FEdF5qbZM>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 08:32:09 -0000

> From: Mikael Abrahamsson [mailto:swmike@swm.pp.se]  > Sent: Tuesday, April 25, 2017 10:06 AM
> 
 > On Tue, 25 Apr 2017, bruno.decraene@orange.com wrote:
 > 
 > > > From: Mikael Abrahamsson [mailto:swmike@swm.pp.se]  > Sent: Tuesday, April 25,
 > 2017 9:33 AM
 > >> On Tue, 25 Apr 2017, bruno.decraene@orange.com wrote:
 > > >
 > > > > If this is indeed the goal to make no protocol change, including no
 > > > > default behavior change in the protocol, could the document be updated
 > > > > to state this. In which case, Standard Track may be required.
 > > >
 > > > I re-read https://tools.ietf.org/html/draft-ietf-grow-bgp-reject-05
 > > >
 > > > As far as I can see, it doesn't do any protocol change. It changes the
 > > > default behaviour a router comes with when it comes to treating routes
 > > > sent/received when there is no policy map applied on the neighbor.
 > > >
 > > > So it suggest a behavioural change, not a protocol change.
 > >
 > > So we now have 3 readings:
 > > - protocol change updating RFC 4271 (base BGP spec)
 > 
 > Change? As far as I can see, 4271 has nothing on route-policy (just
 > reading the TOC). So it seems to me that this would be an addition, not a
 > change. Or am I mistaken? So this doesn't seem correct.
 > 
 > > - a behavioural change, not a protocol change
 > 
 > I agree with this.
 > 
 > > - no default behavior change in the protocol
 > 
 > Protocol, no. For me protocol is what goes on-wire, what goes into the
 > statemachine, route selection etc.
 > 
 > This is a change in what is the default policy when none is explicitly
 > configured. I can't find anything in 4271 that talks about this. So it's
 > not a change per se, it's an addition and it's more operational than
 > protocol change of behaviour.
 > 
 > So really, this is GROW stuff. It's not necessarily touching core BGP
 > protocol documents, unless we absolutely want to.
 > 
 > https://datatracker.ietf.org/wg/grow/about/
 > 
 > "(v). Document the operational aspects of securing the Internet routing
 > system, and provide recommendations to other WGs."

Looks good.
But this seems that this would call for an Informational document (vs STD track currently), providing _recommendations_ (i.e. not directly any protocol change) to IDR, and/or vendors, and/or operational community. 

e.g.
1) documenting the operational issues.
My reading would be "Implementations which by default advertise all their BGP routes over an EBGP session plus have a CLI not allowing the EBGP session and its associated policy to be configured atomically create frequent involuntary route leaks in the Internet, including in the absence of any configuration error.
Possibly, this may be only one part of the problem, but here would be a good document to explicit those operational issues. (rather than complying that IDR do not listen to operational feedback)

2) propose recommendations
(e.g. 
- Implementations should support a mode where BGP routes are not advertised unless explicitly required by a route policy.
- As some configurations tasks may require multiple lines, Implementations should support a mode where multiple configurations items are configured atomically
- network operator operating on the Internet routing system should use/enable those 2 features.

 > So this is exactly what's happening as far as I can tell.
 > 
 > --
 > Mikael Abrahamsson    email: swmike@swm.pp.se

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.