IETF Logo Mail Archive

Re: [Idr] AD Review of draft-ietf-idr-rfc5575bis-17 -> Updated Version -18 and Flowspec v6

Alvaro Retana <aretana.ietf@gmail.com> Thu, 23 January 2020 14:52 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2B91200DE; Thu, 23 Jan 2020 06:52:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWwCCNg0Nj6r; Thu, 23 Jan 2020 06:52:38 -0800 (PST)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C032112004D; Thu, 23 Jan 2020 06:52:37 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id m8so3506426edi.13; Thu, 23 Jan 2020 06:52:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc:content-transfer-encoding; bh=TYdinNzlrNHsKi4wxiyrZQSyb7QidNiFjNiSDoOqxVQ=; b=UmlxR2MOcg7XvEgPJMfzmeU8FQYP8QDhqBA7pIcSM+oEZ5HoXymaJmUXd3qYiFcFzM danD8JuSnAdGKlPUp8CL9s3QpTkIe4XcgflzcSPQ9uhZDNa7u2/XB1+w+ILeXojhOdNl KTxwZO1kdvaL4zjHpYvwpq5JOByjbeH3C9sGPXQdQVZnsVoJ+wW5Kp32r317RzGZz+vT xmptyajr2GK44NkToEyCj1Sc8/QLtDIpsBN0rinT0TuFYLQ6ZV+CxUuhp4mSsFe3iMqC /6OW1KAEpJtbut7LoSgFuMSTQaUKWTCXEkgAlDMhJiWGYGi8CeXGL4qnIg7Fv9YAM2dn XKCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc:content-transfer-encoding; bh=TYdinNzlrNHsKi4wxiyrZQSyb7QidNiFjNiSDoOqxVQ=; b=YKh+rAOCXhcPInUj1aClO13LHXZPk3HZBFlybBNcMotvpxEbWPzM5/hOe6qKgizSUu uPRU1e6auGq+36ILCajf3noJVsSg/cGJrELhTCX1bvTF+RmObNWurpyzxoVXuEMyUevW wKFwygjG6dnhlYMnltv2RjlGqrJRY173197rBC8RG2Ra9syGlyOyF3s66W383fDA8KQJ MEl3MsJ3j3K0W6yJ6xcTqvosUqxbkUxS/yaW1HlQ+1ZeU3oin+ZSo730264iMFwwBFVY oz6dBkivnrVHjCc/ZQQXFOhb2RHKimnp2FwgfSR2jBEda/nHxr1Z1gfqka3aL4IN6gQw MU8g==
X-Gm-Message-State: APjAAAXxp7Sl7iy9HEOZuH4OpOjtGiKT3430+bxA/N49MyFypbeoK5eS U0iqN+8g7YMPAxjf87bl4hTRShcZn4gRryas1Sw=
X-Google-Smtp-Source: APXvYqyj+QVO46PGXhuOn2aoP2Dhm/AhfM/KsC2By/2T4661UaicUDQzOIC5Jn6Ko6xpKqndTJBp2+FbuJcWYVFqKgk=
X-Received: by 2002:a17:906:b855:: with SMTP id ga21mr6962467ejb.186.1579791156167; Thu, 23 Jan 2020 06:52:36 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Thu, 23 Jan 2020 15:52:35 +0100
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <188DFC4F-7A19-433F-AD3A-A2CC961774B0@tix.at>
References: <CAMMESsxHXUB_jQk7E9FkeNef2C7DDcbiEvnROFdbEjAVtMqcFA@mail.gmail.com> <F9C8F51F-FB7C-4530-93EA-BF188D007C98@tix.at> <CAMMESsxDYo2JPQ=tw3m9EQrDwyGCjWMem_oiH4WZy4FHRBOFtQ@mail.gmail.com> <188DFC4F-7A19-433F-AD3A-A2CC961774B0@tix.at>
MIME-Version: 1.0
Date: Thu, 23 Jan 2020 15:52:35 +0100
Message-ID: <CAMMESszoWihRecBLhC0FDp88P3xBORi+t4_5h=hSWJxq39Ciqw@mail.gmail.com>
To: Christoph Loibl <c@tix.at>, John Scudder <jgs@juniper.net>
Cc: idr-chairs@ietf.org, draft-ietf-idr-rfc5575bis@ietf.org, "Dongjie (Jimmy)" <jie.dong@huawei.com>, "idr@ietf. org" <idr@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/DjHdkrka9_ZLE2HuwR0Jq00TyDU>
Subject: Re: [Idr] AD Review of draft-ietf-idr-rfc5575bis-17 -> Updated Version -18 and Flowspec v6
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 14:52:40 -0000

On January 17, 2020 at 3:55:14 AM, Christoph Loibl wrote:

Christoph:

Hi!

> > On 12.12.2019, at 20:38, Alvaro Retana wrote:
...
> > There is only one significant item remaining that we should resolve
> > before moving the document forward: the handling of unknown
> > components; take a look at the comments in §11 (of -18).
> >
> > Thanks!
>
> This issue has been discussed before Christmas on the mailinglist. The main
> points in that discussion were that we do not want to propagate any garbage,
> while allowing a certain degree of extensibility of the NLRI (given the zoo
> of FS drafts and expected AFI/SAFI pollution out there this seems to be
> reasonable - extension Authors may still choose how they extend the NLRI this
> is not specified in this draft) and keep backwards compatibility.
>
> In this context Alvaro pointed out that the behaviour explained in the draft
> fits closely RFC7606 Section 5.4 (Typed NLRI) and Jeffrey explained that
> walking NLRIs may lead to synchronisation issues between a buggy FS sender
> and a receiver.
>
> The document that we now uploaded clearly references RFC7606 Typed NLRI as
> the mechanism to treat unknown FS components and to allow the receiver to
> skip over (and discard) a single NLRI if it hits an unknown component type
> (previously the very same behaviour was explained in the draft without
> referencing RFC7606). We also added a paragraph to the security
> considerations section to explain that RFC7606 Section 5.4 allows to skip
> (and discard) *unknown* octets and carefully crafted/misbehaving BGP speakers
> may exploit that fact.

<personal opinion>

I think I was advocating for discarding the whole UPDATE, not a single
NLRI.  But, re-reading what I wrote, maybe I was not clear.

I don't think Jeff liked the Typed NLRI approach.

I am ok with the current text -- I think I understand the risks that
Jeff is pointing out.

</personal opinion>


<AD hat back on>

However, I cannot call consensus on my own suggestion, specially based
on having only 3 people speaking up, with 2-3 different approaches.

WG Chairs (John): Please start a separate thread (not everyone reads
"AD reviews") to poll the WG on this item.  This shouldn't be a long
discussion (1 week should be enough), but if should also be long
enough to get some thoughts/discussion.

Note that the result also affects the treatment of out of order or
duplicate components.


Once the Chairs call consensus we'll be ready to go.  I put a couple
of no-action-needed comments below just to close loops.

Thanks!!

Alvaro.


...
> > > > 742 6. Validation Procedure
...
> > I'm still not happy with the contradiction: MUST means "an absolute
> > requirement" (no exceptions!), but then we say MAY, which makes the
> > MUST optional...even with the "by default"... Please s/MUST/SHOULD
> > The MAY will then explain the "valid reason" to not...
> >
>
> <-- AUTHORS
> Tracked via issue #135: https://github.com/stoffi92/rfc5575bis/issues/135
>
> The point to stress out is that the "default" behaviour MUST be "validate"
> according to the spec. Not the default can be changed but the "validation"
> MAY be relaxed by configuration.
> -->

Needless to say, I'm still not happy as there was no change.  But I'm
ok with letting go -- and dealing with comments later in the process,
if any. :-)




...
> > > > The reason/history doesn't matter anymore, but the current use does. The
> > > > mechanism described in this document is clearly not experimental. Given
> > > > that changing the Type values is not an option because of the deployed
> > > > base, etc.., then I think we should clean up the Registry and move
> > > > 0x80-0x82 from the Experimental Use range to the FCFS range. This
> > > > change would mean an Update to rfc7153.
>
> [..]
>
> > > <-- *** Authors ***
> > > Tracked via issue #99: https://github.com/stoffi92/rfc5575bis/issues/99
> > >
> > > This is not to be solved within this document. I note that I should
> > > propose a update to RFC7153 to cleanup the registry independently. - As
> > > noticed moving the values around is not an option.
> > > -->
> >
> > So, are you working on this already? ;-)
> >
>
> <-- AUTHORS
> Tracked via issue #138: https://github.com/stoffi92/rfc5575bis/issues/138
>
> Seriously. IF the only thing that is needed here is a IANA considerations
> draft I will look into this later. If this can be done easier. I think after
> the 5575bis changes have been made in the registry. There is a good chance to
> have this cleaned up.
>
> -->

Independent of this document...  Yes, all we need is an IANA
considerations draft.  If you will look into it, that would be great.
If not, then let me know and I'll take care of it. ;-)

v2.23.0 | Report a Bug | By Email