Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

<bruno.decraene@orange.com> Thu, 20 April 2017 07:20 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C177129440 for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 00:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.4
X-Spam-Level:
X-Spam-Status: No, score=-5.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FkunzgX_zX2n for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 00:20:11 -0700 (PDT)
Received: from relais-inet.orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCC2C127599 for <idr@ietf.org>; Thu, 20 Apr 2017 00:20:10 -0700 (PDT)
Received: from opfednr07.francetelecom.fr (unknown [xx.xx.xx.71]) by opfednr27.francetelecom.fr (ESMTP service) with ESMTP id 87740A010D; Thu, 20 Apr 2017 09:20:09 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.41]) by opfednr07.francetelecom.fr (ESMTP service) with ESMTP id 4DEA61C005D; Thu, 20 Apr 2017 09:20:09 +0200 (CEST)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM31.corporate.adroot.infra.ftgroup ([fe80::2cc9:4bac:7b7d:229d%19]) with mapi id 14.03.0319.002; Thu, 20 Apr 2017 09:20:09 +0200
From: <bruno.decraene@orange.com>
To: "John G. Scudder" <jgs@juniper.net>, "idr@ietf.org" <idr@ietf.org>, "Hares Susan" <shares@ndzh.com>
Thread-Topic: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
Thread-Index: AQHSuSz83ZOTfNxQXEupYB1KLWck6qHNOHCwgACf9zA=
Date: Thu, 20 Apr 2017 07:20:08 +0000
Message-ID: <22424_1492672809_58F86129_22424_6810_15_53C29892C857584299CBF5D05346208A31CBF5DB@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <19878_1492639968_58F7E0E0_19878_13298_1_53C29892C857584299CBF5D05346208A31CBE742@OPEXCLILM21.corporate.adroot.infra.ftgroup>
In-Reply-To: <19878_1492639968_58F7E0E0_19878_13298_1_53C29892C857584299CBF5D05346208A31CBE742@OPEXCLILM21.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/G2bXXr1te9QsAk0swMOOAGgQiqI>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 07:20:14 -0000

5) Isn't this problem statement/proposed solution a sub-part of the route leak issue?
IOW, wouldn't it be better addressed by/in draft-ymbk-idr-bgp-open-policy or draft-ietf-idr-route-leak-detection-mitigation ?

--Bruno

> From: bruno.decraene@orange.com  > Sent: Thursday, April 20, 2017 12:13 AM
> 
 > Thanks John for bringing this in IDR.
 > 
 > I admit that I was not following this subject so my comments might be redundant or even
 > stupid.
 > 
 > 1) Am I missing something or would this break all existing EBGP sessions deployed with no
 > policy?
 > If so this would definitely not be deployment friendly. Especially for BGP/MPLS VPN
 > networks using EBGP for PE-CE routing and which have little use of filtering policies.
 > 
 > 2) BTW, what is exactly eligible as an "import policy"? e.g.
 > - is an explicit policy capping the number of received routes eligible as an "import policy"?
 > - is Route Target filtering (either automatic or manual) a routing policy?
 > 
 > Same question of "export policy". e.g.
 > Is an expert policy tagging community eligible?
 > 
 > 
 > 3) From the introduction
 > "   There are BGP routing security issues that need to be addressed to
 >    make the Internet more stable. [...]  This document provides guidance to BGP [RFC4271]
 >    implementers to improve the default level of Internet routing
 >    security."
 > 
 > Does this mean that this proposition should be restricted to Internet routing? (while BGP is
 > used for many others applications)
 > 
 > 4) Alternatively, there could be a (capability) signaling during the OPEN of the EBGP session.
 > With one end requesting this behavior to its peer. (or alternatively it's peer advertising the
 > presence of a policy and the receiver taking its own decision).
 > 
 > Possibly, some of the requirements may already be addressed by configuring a policy
 > limiting the number of routes acceptable from a peer/customers, and closing the EBGP
 > sessions when this limit is reached. This seems this would catch customers/peers advertising
 > the full routing by mistake/misconfiguration.
 > 
 > Thanks
 > Regards,
 > --Bruno
 > 
 > > From John G. Scudder  > Sent: Wednesday, April 19, 2017 6:50 PM
 > >
 >  > IDR folks,
 >  >
 >  > As many of you have already noticed, draft-ietf-grow-bgp-reject-05 has completed GROW
 >  > WGLC and is now in IETF LC.
 >  >
 >  > As nobody other than Alvaro noticed (thank you for noticing, Alvaro!) draft-ietf-grow-
 > bgp-
 >  > reject-05 represents an update to RFC 4271, in that it mandates what a BGP
 > implementation
 >  > MUST do. See section 2 of the draft for the details. It's short and easy to read.
 >  >
 >  > If we had noticed this earlier, we would have either chosen to home the document in
 > IDR,
 >  > or explicitly made an exception to have GROW do the work. Given that we didn't, though,
 >  > the plan is to continue progressing the draft as a GROW document. However:
 >  >
 >  > - As I understand it, the authors will add the Updates: 4271 header in addition to
 > potentially
 >  > taking in other comments from AD review.
 >  > - If anyone has a strong objection to the unusual procedure, please say so (either on-list,
 > or
 >  > to the chairs + AD).
 >  > - Please send any last call comments to the IETF LC (see below) although it's also OK to
 >  > discuss here on the IDR list of course.
 >  >
 >  > Many IDR participants are also active in GROW and have had their say, but if you haven't,
 >  > now's your chance.
 >  >
 >  > Thanks,
 >  >
 >  > --John
 >  >
 >  > > Begin forwarded message:
 >  > >
 >  > > From: The IESG <iesg-secretary@ietf.org>;
 >  > > Subject: Last Call: <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation
 >  > Behavior Without Policies) to Proposed Standard
 >  > > Date: April 18, 2017 at 5:16:05 PM EDT
 >  > > To: "IETF-Announce" <ietf-announce@ietf.org>;
 >  > > Cc: grow-chairs@ietf.org, grow@ietf.org, draft-ietf-grow-bgp-reject@ietf.org,
 >  > christopher.morrow@gmail.com
 >  > > Reply-To: ietf@ietf.org
 >  > >
 >  > >
 >  > > The IESG has received a request from the Global Routing Operations WG
 >  > > (grow) to consider the following document:
 >  > > - 'Default EBGP Route Propagation Behavior Without Policies'
 >  > > <draft-ietf-grow-bgp-reject-05.txt> as Proposed Standard
 >  > >
 >  > > The IESG plans to make a decision in the next few weeks, and solicits
 >  > > final comments on this action. Please send substantive comments to the
 >  > > ietf@ietf.org mailing lists by 2017-05-02. Exceptionally, comments may be
 >  > > sent to iesg@ietf.org instead. In either case, please retain the
 >  > > beginning of the Subject line to allow automated sorting.
 >  > >
 >  > > Abstract
 >  > >
 >  > >  This document defines the default behavior of a BGP speaker when
 >  > >  there is no import or export policy associated with an External BGP
 >  > >  session.
 >  > >
 >  > >
 >  > > The file can be obtained via
 >  > > https://datatracker.ietf.org/doc/draft-ietf-grow-bgp-reject/
 >  > >
 >  > > IESG discussion can be tracked via
 >  > > https://datatracker.ietf.org/doc/draft-ietf-grow-bgp-reject/ballot/
 >  > >
 >  > > This IETF LC, which originally concluded on 2017-04-18, is being
 >  > > extended to allow for additional input to be provided. Ops AD (for GROW)
 >  > > and Routing AD (for IDR) wish to ensure that cross WG discussions have
 >  > > had a chance to occur.
 >  > >
 >  > > No IPR declarations have been submitted directly on this I-D.
 >  >
 >  > _______________________________________________
 >  > Idr mailing list
 >  > Idr@ietf.org
 >  > https://www.ietf.org/mailman/listinfo/idr
 > 
 > ______________________________________________________________________
 > ___________________________________________________
 > 
 > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou
 > privilegiees et ne doivent donc
 > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par
 > erreur, veuillez le signaler
 > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant
 > susceptibles d'alteration,
 > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 > 
 > This message and its attachments may contain confidential or privileged information that
 > may be protected by law;
 > they should not be distributed, used or copied without authorisation.
 > If you have received this email in error, please notify the sender and delete this message
 > and its attachments.
 > As emails may be altered, Orange is not liable for messages that have been modified,
 > changed or falsified.
 > Thank you.
 > 
 > _______________________________________________
 > Idr mailing list
 > Idr@ietf.org
 > https://www.ietf.org/mailman/listinfo/idr

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.