Re: [Idr] BGP Auto-Discovery Protocol State Requirements

Robert Raszuk <robert@raszuk.net> Fri, 19 March 2021 14:17 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 719A03A1643 for <idr@ietfa.amsl.com>; Fri, 19 Mar 2021 07:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbk9P7jfbt2d for <idr@ietfa.amsl.com>; Fri, 19 Mar 2021 07:17:33 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2315A3A1642 for <idr@ietf.org>; Fri, 19 Mar 2021 07:17:33 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id s17so12182677ljc.5 for <idr@ietf.org>; Fri, 19 Mar 2021 07:17:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6rafzZnVgJ/nsyq1TGcY0KULurzTRp/xJWPYSXrSlTk=; b=G0RJSndjN7dgsbRFBL900Lu03CQ6onTo6Vfq2GnGuAi0PnG2mSRq46RxCHITXzjzrw Kl+dpv/GH6istWtgSOAlZZdK9iNN9OBO86Om/VAw6m9csmZXNcaDLJ6gjliQzFkECj8R PftbKkFk2W37xEltl1fI/M934SxfywcVkLF5xR27ehrymmtY3WT+/fICQPt8LWCu/Vc+ A8j/k3xOShsLlVFlKV5W4O0PFyoV9xZZPAUGg4NYBoCK3oPNlRcJn9u5RuSWBZW2zo0i mWkJIcqXPhXTcco8T7OZbpWs1TBJXJbACABzvnwjuVdxUdCc6GmSQCJK7fifQ+hTIuhG ze6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6rafzZnVgJ/nsyq1TGcY0KULurzTRp/xJWPYSXrSlTk=; b=iU9Tryg+CUkDdfCj0wgGk9jensCJWy2qGstKs1Ci/9VE6bpPxZD4D+fJwr7Z5q/fiu D43roIOt6+zkNL6cqFITql2J/rH2zEBtwmhmdbFguqUOTdV3iIczHMQ5qDBZ2GVwhXwe fli8hu07ovMRchZNdbGg6kVy6+q/HaTcjw6hOOXZsVThBQ/cepupiffQhKa5jAS+QAHj QFP1e5fuybrbB4hBnW6hvQKs+LDhZ7WkaMImh9BfQzMzgPfQCIaNKLbgR1h/dzhEjXTI cBeMw8w8L4g/e7EXJRb8XvM57y0eJZ7fKhoRkVumvJw9JizY4H+5gDj4Eu2cwJk1Qknm IOHw==
X-Gm-Message-State: AOAM530+Um+nSPofVwB2WC2Tk9K9PnDJbNg0Idn6/DbJxDZtMg7710Wx nvJEjy3TPED6d5rpOxm81D2DFvEHmjWTFUSEkzD+PQ==
X-Google-Smtp-Source: ABdhPJxrdtbYwcJHSnDk8ttKMbx1cEzcJxfqmJGeMuuOT1o7HS2bvy+DBr6qOkzl+MsmykUpKSuVBWGv/6PNjNX6hNI=
X-Received: by 2002:a2e:87c9:: with SMTP id v9mr1067503ljj.321.1616163449932; Fri, 19 Mar 2021 07:17:29 -0700 (PDT)
MIME-Version: 1.0
References: <20210316210203.GC29692@pfrc.org> <20210318191936.GF29692@pfrc.org> <A288921D-0DB5-413D-B3E9-4DAA9334C5D3@cisco.com> <CA+wi2hNUYkmruBSq4Up4e84H__d48Phxj5TuZXh7wii0QrS3dw@mail.gmail.com> <20210319135025.GK29692@pfrc.org> <CAOj+MMGndgwqLoV_Un_1Bu3F3xPkg9ZD6=4V5FmYJgQiPD_1yw@mail.gmail.com> <20210319143448.GM29692@pfrc.org>
In-Reply-To: <20210319143448.GM29692@pfrc.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 19 Mar 2021 15:17:19 +0100
Message-ID: <CAOj+MMEeHpbNHOD+Wq8pcOZEJzvDhtNH1GbqLw55yiBq4pyR7Q@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Tony Przygienda <tonysietf@gmail.com>, "idr@ietf.org" <idr@ietf.org>, "Acee Lindem (acee)" <acee=40cisco.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000551e9a05bde46073"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/G_9luMHo5BqRcmTthMLW4ydx_wQ>
Subject: Re: [Idr] BGP Auto-Discovery Protocol State Requirements
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 14:17:36 -0000

> 2. L2 encapsulated unicast to a well known MAC?
>

That one + broadcast.

Thx,
Robert (who read the draft).




> 3. L3 multicast targeted to a single link (e.g. all-routers)?
> 4. Other?
>
> > And if you take that as a base then to automatically establish BGP
> session
> > is not that hard. In fact you may not need any protocol at all.
> >
> > *All you need is two steps: *
> >
> > *Step 1 - Find out who is on your link (directly via ICMP or by looking
> at
> > likely already running LLDP or CDP :)*
>
> See Appendix A.2.
>
> ARP/ND can provide such a mechanism, but triggering them can be tricky.
>
> "Ping the broadcast address" can cover this as well, and is an old and
> common hack.
>
> LLDP has a proposal. It had to add some of the state discussed in the
> design
> team draft and is somewhat incomplete.  See Appendix A.1.1
>
> CDP is proprietary and isn't a good candidate for IETF work.
>
> Coworkers working on our implementation of A.2 note that "Router
> Advertisement" works fine for this property, although it has extra
> semantics
> that are possibly not desirable for this use case.
>
> > *Step 2 - Among peers discovered in step 1 for each address you check if
> he
> > is listening on 179. If so you send him an OPEN. *
>
> "check" how?
>
> As noted at the beginning of this thread, you may not be able to get your
> SYN+ACK if you don't agree on security mechanisms or GTSM.  So, you need
> that state either in your discovery mechanism, or your provisioning.
>
> If you require it in your provisioning, you're making a design choice for
> your mechanism.  Other implementors may not want to require explicit
> provisioning for those things.
>
> > Done.
> >
> > Some suggested to add this info to LLDP from step 1 which is not bad idea
> > either. But maybe IDR has no power to recommend additions to LLDP.
>
> I suggest you read the cited appendix A.1.1 for a proposal.
>
> I'll leave it to IETF's IEEE liaisons to comment on what happens if we want
> a L2-specific protocol.  IEEE has previously had concerns over where such
> work happens, and is one of the potential reasons we keep our proposals to
> L3.
>
> L3DL will have worked through part of this already.  They also handle
> authentication and fragmentation considerations.  See appendix A.1.2
>
> > Side comment: When we worked on single side BGP we had very similar
> > discussions. But large SP was very clear with the requirements ... If I
> > enable auto peering on my LAN towards customer all I care to accept his
> > sessions is MD5 match.
>
> That's certainly one of the valid use cases.
>
> Some providers may be fine with no security.
>
> Other providers may want to limit peering based on some property of the
> session.
>
> The mechanism we specify needs to accommodate them.
>
>
> -- Jeff (in general, read the draft)
>