IETF Logo Mail Archive

Re: [Idr] Adoption of draft-djsmith-bgp-flowspec-oid-01 as IDR WG document

Keyur Patel <keyupate@cisco.com> Wed, 16 May 2012 21:17 UTC

Return-Path: <keyupate@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 606E821F8504 for <idr@ietfa.amsl.com>; Wed, 16 May 2012 14:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.532
X-Spam-Level:
X-Spam-Status: No, score=-8.532 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RPcAJbLZT+6C for <idr@ietfa.amsl.com>; Wed, 16 May 2012 14:17:21 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 975B721F85B9 for <idr@ietf.org>; Wed, 16 May 2012 14:17:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=keyupate@cisco.com; l=1774; q=dns/txt; s=iport; t=1337203041; x=1338412641; h=date:subject:from:to:message-id:in-reply-to:mime-version: content-transfer-encoding; bh=u8zvsYgGOSbMNtoZtQ7vq0fxjaN+KHZrGgxuI7H0s78=; b=Kl8vYqDuhQ3EKrhXUisA0/WXbRwKixThL50LerZHOkE0KQ1wJNOEbfSL XQBi3pFoKTcqTV7abt93agbA6hzq7IJKHRU1grBoC4OGHvmCcd4v6QhbX uU1wifMnUDNNIV+60T2V63h50jhAA+OXC5GswN+IqLM3EE0oOHd3RWAez 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Am0MAI8YtE+rRDoI/2dsb2JhbABEsmUEgR8CgQeCFQEBAQMBAQEBDwEnAgExEA0BCG0wAQEEARIih2cEAQubT59+BIsTO4UcA4hjjReOVyeBQoMJ
X-IronPort-AV: E=Sophos;i="4.75,604,1330905600"; d="scan'208";a="45085648"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-2.cisco.com with ESMTP; 16 May 2012 21:17:21 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q4GLHLXX016631; Wed, 16 May 2012 21:17:21 GMT
Received: from xmb-sjc-239.amer.cisco.com ([128.107.191.105]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 16 May 2012 14:17:21 -0700
Received: from 128.107.163.90 ([128.107.163.90]) by xmb-sjc-239.amer.cisco.com ([128.107.191.105]) via Exchange Front-End Server email.cisco.com ([171.70.151.187]) with Microsoft Exchange Server HTTP-DAV ; Wed, 16 May 2012 21:17:20 +0000
User-Agent: Microsoft-Entourage/12.31.0.110725
Date: Wed, 16 May 2012 14:20:12 -0700
From: Keyur Patel <keyupate@cisco.com>
To: robert@raszuk.net, "idr@ietf.org List" <idr@ietf.org>
Message-ID: <CBD9681C.253D5%keyupate@cisco.com>
Thread-Topic: [Idr] Adoption of draft-djsmith-bgp-flowspec-oid-01 as IDR WG document
Thread-Index: Ac0zqa2uy3+AM+aId0adsoJ2obNcqQ==
In-Reply-To: <4FB40BC1.1070604@raszuk.net>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 16 May 2012 21:17:21.0062 (UTC) FILETIME=[47CB7C60:01CD33A9]
Subject: Re: [Idr] Adoption of draft-djsmith-bgp-flowspec-oid-01 as IDR WG document
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 21:17:22 -0000

One comment and one question on the draft.

1) I believe the rule should cover checks for AS4_PATH as well.

2) Section 6 from RFC5575

<snip>
BGP implementations MUST also enforce that the AS_PATH attribute of a
   route received via the External Border Gateway Protocol (eBGP)
   contains the neighboring AS in the left-most position of the AS_PATH
   attribute.  While this rule is optional in the BGP specification, it
   becomes necessary to enforce it for security reasons.
<snip>

Do we need to do a complete aspath check instead? Otherwise, a neighboring
AS can inject a bogus flowspec route?

Regards,
Keyur


On 5/16/12 1:19 PM, "Robert Raszuk" <robert@raszuk.net> wrote:

> Hi,
> 
> I support the adoption of this draft as WG document.
> 
> However the new text authors added between -00 and -01 seems too
> restrictive to the original theme/direction.
> 
> It says:
> 
> ".. or the AS_PATH attribute of the flow specification is empty."
> 
> That precludes injecting and honoring the flow routes even within the
> same administrative domain in the presence of confederations.
> 
> I recommend that this limitation should be removed in next version.
> 
> Regards,
> R.
> 
> 
> 
>> Folks,
>> 
>> We have received a request from the authors to adopt
>> draft-djsmith-bgp-flowspec-oid-01 as an IDR WG document.  Please send
>> your comments to the list.  The deadline for comments is June 1, 2012
>> at noon EDT.
>> 
>> Thanks,
>> 
>> --John _______________________________________________ Idr mailing
>> list Idr@ietf.org https://www.ietf.org/mailman/listinfo/idr
>> 
>> 
> 
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email