IETF Logo Mail Archive

Re: [Idr] Rtgdir telechat review of draft-ietf-idr-bgp-gr-notification-15

John Scudder <jgs@juniper.net> Wed, 18 April 2018 18:32 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05337124BE8; Wed, 18 Apr 2018 11:32:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LTxXtrZGvZ8f; Wed, 18 Apr 2018 11:32:20 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEF151200FC; Wed, 18 Apr 2018 11:32:17 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3IITmlG028844; Wed, 18 Apr 2018 11:32:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=PPS1017; bh=RXwy1b9iFwptnxE7C1hEOkiq333JQYWDFS1Sr8gagUE=; b=PoosVDwE/V3mqh0PZ8tI6MLMCwHOs2v6/TA56N9PSYWFPy8u2XV9e7TsF7EOpZy12SqR w2+FMDiQWrBeZxlygqDRF3AMyFxqxtzx2To8CyzF+w57Gzu93tzi2orwkVLhNU4sR9nl 34RmsALxBaS3vTWfb/gGn96Y9eB8jTTvdpMeSOe48Hht4f7wtBeWl6+JjaQK3/XVXRlf EcFKXjB6gCWDAJjc6eo8Yg9FUGLz+ZZMDQEXTsPoZo9Tscz/8WnegBxLxpOz8Y0Tbuhx 8/7db8EguSrreJxD4c1wK9/SKGQXfBFKEOw6SFhL/1vMsKTUGzUNsA12E5GUMth6ZPXd FQ==
Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp0056.outbound.protection.outlook.com [216.32.180.56]) by mx0a-00273201.pphosted.com with ESMTP id 2he90frbv2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 18 Apr 2018 11:32:17 -0700
Received: from [192.168.42.7] (75.151.14.9) by CY1PR0501MB2073.namprd05.prod.outlook.com (2a01:111:e400:c44d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.715.7; Wed, 18 Apr 2018 18:32:15 +0000
From: John Scudder <jgs@juniper.net>
Message-Id: <F65C1225-E134-4A23-9D16-2EF568D323C9@juniper.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BCAD70C8-0C5E-45C9-880E-C7CE243175FA"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 18 Apr 2018 14:31:48 -0400
In-Reply-To: <6EF20184-1A21-4D95-9114-F750D4394B55@juniper.net>
Cc: rtg-dir@ietf.org, "idr@ietf. org" <idr@ietf.org>, ietf@ietf.org, draft-ietf-idr-bgp-gr-notification.all@ietf.org
To: Bruno Decraene <bruno.decraene@orange.com>
References: <152361434369.26334.5582212241569156147@ietfa.amsl.com> <6EF20184-1A21-4D95-9114-F750D4394B55@juniper.net>
X-Mailer: Apple Mail (2.3273)
X-Originating-IP: [75.151.14.9]
X-ClientProxiedBy: BN6PR13CA0015.namprd13.prod.outlook.com (2603:10b6:404:10a::25) To CY1PR0501MB2073.namprd05.prod.outlook.com (2a01:111:e400:c44d::23)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7153060)(7193020); SRVR:CY1PR0501MB2073;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB2073; 3:GqnqvpG25W3ZoSQINS1vlTf3coA/HpCWuxWVvDONHtvLj33ALpr+la5zZ7n0Jekb683cNNnFIvQOkxDCziJ7x7vr6utWPxzUblB6p3msIb/d6e5y9tmQM274V9aKN8Ae7faJIq3NHqPVSQinKXhlSKGNAoS8vo7l6qvlfonwIXUSJeGjnc3UER90kPK/poDwS/xnw5txc0HE7RLvwCxXb6BbHH5MMJi+VuwJ4bekyiwk7yYSR4d3jA1m1OXDSknI; 25:mAmkJbW1Iv6xj4z0pKaN8XItmV+SHmLDqLsNfwdjoFCUgJ9oF+lQtYmSHUVORx4Z0WauDLM1397haVRRYtlqVmrGU1HCFRjwJeihOYI4WhjYsIlzuwVXIxpvf/yacVCwCK7cIKa1VkW0M0BRZaokT2knZoTImeFXix89U6SGeyndg2L4M3sQLG0gC6/G9ZSkue0f/cF0lVxg1dU/lqCyR2JX///JcE/aNhd1qU8Uwwv7e+OW/eqeVWBUjiTLYa4R/lBflRIG/pi14c5PQ1++A7nWC8xzDQ+HyneEdoYsrBzJZG1BkXikWN7Kz1OWjG7yJMCK7Qo9yx3aqu4j+gy6/w==; 31:fUt84Sf7Cs7bavxejHxgR36xgvyFngnOC42c1GgS7rtefPAXVSH+j/EgUwlBRJ71uiZqjcqKm1WYAmgix4mFN9/6l4gralgUdNwc8rDq7nnlO/n0uOVjpfatBXrqKIW4RIxVI6GQzo/sh4ZJZv3GXXHBOMbrs89PqOM2a8DDocsKuakWTkIt7Ke9jkLx+/W6QmPZeuVSOScCdam9uyHZulOITAGvSlDD6EyPCMfSkwI=
X-MS-TrafficTypeDiagnostic: CY1PR0501MB2073:
Authentication-Results: outbound.protection.outlook.com; spf=skipped (originating message); dkim=none (message not signed) header.d=none; dmarc=none action=none header.from=juniper.net;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB2073; 20:ALGYBExTmajusv9eR/tbEDjSx+o0xEs23nyeqJGOPtN5NLy5oLaVQX+DZkTjlBrIR3RYYiz0W3U4kDsgY7bCCOBhBP+yynI9vpaFmGCHT8W+jhs+K6UUYWNyZbhxSnjYdh2fQ8pp9382vOOPKXWStioLj08xLE3I3zloo8K5HHqdg99cS/ENfd7KP+PJox+QoGPCP/YJAht8PRG08L7ytzA71ApLyJLqepJI5dH1q9KoTHRfvxsy2l1y+g6/SJszy+Ad3qwpYG9fxwaP2SvdKR9xYfBvUnOw4BSWz5yw8aHNycRGW8Nv/Y5qhYHbLQZdMCZflPJ9saqMLzasnpZog1jp9AV2ybfmNtFmugnx2VJPE7+7iXY+FDkHbRoht2Gu0mcBaePxFHoEm83MYAb5tA37Z4CQ3T18BkLDdVsiYouONTEC9UYPxv8Fxmf3H8QTgqS7gt2osxThuKhEraYthibbLmt7SXFVmVhkQ0Ae8FMXIuLyEdh11jltewx9ypWK; 4:aDnKmKTAhnfbqdv0QNvJghGw4uQpdBAt1ozqvXf6OL7hk6dtm1RphyDZHtxhQOW/1/qvbRy6x/7lLyguZ6PNbIBtrqTzui+U87GpZ1kbFL0geHJvsHbjx7x928dPmErIQdziKWboWBui+YxcLxJVr3KMcraEadIfKN0X5lgupuCYHn8JNC4vCar0Dp44c0OSLwD2tS7gVGq48ZapMdwyxZVy0iykgt3ay6+6fkEY634sxOBwPHqtiQrm8YqaN1CXyyB5tJExHLv/V9H9fABZmhhm82tx7kkEjaj6L5JS2t1NdpMEFsyUvd7tSz7Jmxi+24F57WmlplflFXhwPHRrZczHswjijs0381awR4PI+60=
X-Microsoft-Antispam-PRVS: <CY1PR0501MB207354AE7F013EFCBA707574AAB60@CY1PR0501MB2073.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(138986009662008);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231232)(944501368)(52105095)(6055026)(6041310)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:CY1PR0501MB2073; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0501MB2073;
X-Forefront-PRVS: 06469BCC91
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(346002)(376002)(366004)(39860400002)(39380400002)(478600001)(76176011)(4326008)(50226002)(2906002)(8936002)(8676002)(7736002)(81166006)(66066001)(476003)(446003)(84326002)(53546011)(11346002)(2616005)(956004)(83716003)(386003)(52116002)(77096007)(57306001)(236005)(59450400001)(26005)(86362001)(36756003)(6246003)(16576012)(16586007)(316002)(186003)(16526019)(33656002)(53936002)(63394003)(82746002)(6916009)(15650500001)(229853002)(6666003)(6486002)(69556001)(5660300001)(25786009)(3846002)(6116002)(117156002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0501MB2073; H:[192.168.42.7]; FPR:; SPF:None; LANG:en; MLV:sfv;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB2073; 23:DOpAlOsa6ZTX8nl9TNORgDFzXvCV8OCEjho2Z//vCvMwn5qinmrie1I1omMuVmhtCHv0q2Q46GvyDpSGtUjz/SIO+/ScxzB/+DrL0ojibHymSbjP6Mn45ZFKb12RmYpLdCzR9rofT11axEbf/VUUbmnKUUsheS2GqdcBe05UHTzk2y/YB2zwFypa/EFJPbXH0TJRjvKGCHSBqQ/4oVdvq2kxZ22pmpsZyqIMSeNXnDDFILve8Gk4ivVxLGiRBi47emBUKHOodUTQkTwukAWjCI3/9qygag3ObMR9gq51KhdiZFjP1ZxuQYji9ax40MlVHQu40QDMNi1KlwS0KdGK5n9Gk8Sc+ZFMpmHGNOFV/M8xCTbYf+T5mZqVgUTnscvXjMzKpSaN/eAutG2Z3dA2saGfDqPk8qlGbYYnXzjOj2V0CPVGXSGyHQRa1Gzj/37cnt928jQ2lHQEkS1nN2DHxN11fACtRwnhJsqkTV8Ottl/i5jWy7LKU0SpObeoXaL/N20Jr0levUPkbqsT/hWWIOsiEUUsCxPpkW1NntCCqQEH/unrzrVoToS3AlRKj/v26uhgz/4ajNYMYsirzFD6CRC3vGnBR14gydr6kDN2e2E6FD2awBc3/Tgm6vbr0pp78MBqnstv7H1BdD7kQpj2eKboXsL+RicsM47PAc48qT6ZumE7Ms3Rs6cF6r+8BPzS/04HZ8NJKayunHiB2L6r2rB6taix2/3QGn13JKqo0nFo76EC9EfgLIGfTU0QePPeWx3THMDIfPXExxLHKGjYoaF/y5fakaouRhV3P+n/2zMl5ORbjLfEVHwOwn2uag9Ols2GglIzSdelVz1V9qJ6u/8fv07ARYucAtQ3fK47JyRtCag04a2OMWCWWh3VfoogHelc1gYI6fL7dT0BQts6wExVHcpAVRSGuK2gln6n/ve76eOh2q7g/PpIbfb/gYqHwvLFvk0TCy8CCzHii14oe7JQvJkzeYFlgMwD97qOXRHr/18d4a8L6zwqAFnWUb6SeMZKa+kp6nJegbzRiRtx6BGVX9/O8xVGB31ksh6bXhVKIIkzUTqd7SPmbud3j52/w9Q6W15fEg4jiomkMnA00G8Rz+sWuAN1MCvIQTFAAfG50+C4u9U4SGKYBrLeGCplim77f5sQCig0X2KXU9LXktPQrMoz5DGidz+W5kmp/yDaUKEw74hHneMVjaJR1eK6WDn9daaze8u/ZYy9wjUzqCVU8jtZV5TRoqxRPkEO9tw=
X-Microsoft-Antispam-Message-Info: fx3Y8VKT7x5/Xp6f3PFtRJZGbqWry4oUHSM5etc8RIrlq0eEJlrb3qnjLBgrzDfLPp6Rk6HFHWTxH06YyA2EBhurMeQUuU/rDqbPNkrKoJ74NLphtDcO1kQqQqEwLBATANOOjWc8FR64ExlLCUViqLAdwbewFkInJkFfZ2wEtZa6EkQTaxOxSGD8v+hawxQS
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB2073; 6:FK/8BZzDDYLagm65ziPPHqbAD+mjqEwgaT5FnSY4zM6WpBHiCxZ4iMzolg0Aw8JQYxX35JN/gvFbbRjB9N6cKwXQ4/OrvGAWfsp1QvW6PcnNDKGyQ1u3AGhgfJFwAyasGTPeoAGvrrJeP0LjXqbfX7s87GML5zLjg/Bz7UvRVTC1ZTRpSez2Bzd/FJVEP6eEsnBf8T7c5p+Td3y/dK4Zts+J+7Z0hjzvu+uqae9V/CoOkEDWwWmpRCxyfOpnOE14GTINP52ipyL4GQ+m5cf3y+Um9BcM1TlAcNz1gwH8k/SVGLqlsq5+yMeAu+Til8JS9T1qkiUQpDX/u/adZpWIO+Bnh5JhMblZ8Cj1as2Ea3/StOOY8OVokgNwAifgGonSgwrlvT2KMcrZA8iU0a2gz2SKxwCAqWaYF1A3WqhMA7pdxKkAyJuWHknE6cHTYx4BA+RD0O9g6EeJxB8kIkmc+Q==; 5:9mBDQJRrVm94k9eZ3NnfIe7JPXkRgttyPVh/Ptb/gxcUOCjtMaJU+SrLZChZvJBy9jrSPKcLJ3mObG8l1SaS7OfcE9Dq7NkO3WiQyna+Xq9iQvr3DFtTp6EiYdyeuK59N4TJ/f6XrNr8oJZVLzIrqL4J1i1FgU+L2qZRHhmyrRs=; 24:A2ErQbjMrn16lcQ2y49THKdBicCXrVKSLelNEW4BI/uh5b0Irs0sEOPfR25pNAHpEZuiCLYD/n2FWgEtgUsxPWUEgyP/Mkb0moLjBNENbkM=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB2073; 7:tnjOvrdcZlDyKX13e5g2abEkspawWx/YNHU4qmQAHGl+j0D9P2l11Rh/WP1pKGnuvMX1gq1lAhITqxOyegOnVOGoye/4YNb0IHtqKv1De79ZQ/1BW5iblpJIiCltmqQs1nBKefP4n8q2keTGDJBZddrh2QeL0MbSff+IqYmpzdrDONxquE3JT5wjAsCHh7dgDfxfyrle7Ihc5fHaEuT2vqUtzFVXkpV57TRW1YWryY2t4+SBq5Dzjbly7gV/zjFH
X-MS-Office365-Filtering-Correlation-Id: f4d5f5b3-5152-4ceb-0627-08d5a55ab5de
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2018 18:32:15.3409 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f4d5f5b3-5152-4ceb-0627-08d5a55ab5de
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB2073
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-04-18_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804180166
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/HvY9SPwt_ztQsreH4fv-i991psU>
Subject: Re: [Idr] Rtgdir telechat review of draft-ietf-idr-bgp-gr-notification-15
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 18:32:22 -0000

Hi Bruno,

I have a -16 in preparation that takes in the various nits you raised, including removal of the sentence with reference to RFC 4486 (I always like it when I can take something out and make the document better. :-) With respect to the security section I think we came to the conclusion to leave well enough alone. That leaves me with one unresolved comment:

> On Apr 17, 2018, at 3:06 PM, John G. Scudder <jgs@juniper.net> wrote:
> 
>> "If the "N" bit has not been exchanged with the peer, then to
>>       deal with possible consecutive restarts, a route (from the peer)
>>       previously marked as stale MUST be deleted."
>> [...]
>> "To put an upper bound on the amount of time a router retains the
>>       stale routes, an implementation MUST support a (configurable)
>>       timer, called the "stale timer", that imposes this upper bound."
>> 
>> In order to fully respect the semantic, in case of consecutive restarts (with
>> partial route readvertisement), it seems that the stale timer would need to be
>> on a per route basis. I don't think that this is the intention of the authors
>> (nor that this is desirable). Altough this is a local consideration, hence not
>> affecting the peer, the "MUST" make this statement strong. Eventually, a text
>> could be added saying that the timer only needs to be on a per session basis.
>> e.g., :s/this upper bound/this upper bound on a per session basis.
> 
> I'll give this some thought, thanks.

Having done that, I'm not sure the suggested text clarifies things, although I think it was a good point to raise. I'm not sure what it would mean to run the timer on a "per session basis"? Does that mean that I only age stale routes when the session is down, and when the session is re-established the timer gets reset? If so, I think the imagined attack could indeed work -- if my attack lets the session re-establish, but then knocks it over again before it can send EoR, then the timer wouldn't ever fire. 

FWIW I think you are right that a good implementation would age routes on a per route basis. IMHO this is OK. The other alternative I can think of besides that, or the option I argue against above, is to have a per-peer stale timer that once started, is only reset if it expires or if EoR is received for the associated session (but it's not reset by session restarts). When it expires it purges all stale routes ("stale" could be a single bit flag per route, in any case the stale state has to be kept somehow already). This would bound the lifetime of stale routes to no more than the timer duration, which I suppose is the definition of an "upper bound". Possibly the text as written already implies this, although maybe that's asking too much of the reader.

For now I will leave the text as written, pending further discussion. I'll also hold back from publishing -16 pending any more input from the IETF LC or IESG.

Thanks,

--John

v2.23.0 | Report a Bug | By Email