IETF Logo Mail Archive

Re: [Idr] ttRE: FW: New Version Notification for draft-ietf-idr-bgp-open-policy-22.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Sun, 20 February 2022 18:18 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8172C3A091D for <idr@ietfa.amsl.com>; Sun, 20 Feb 2022 10:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.027
X-Spam-Level:
X-Spam-Status: No, score=-8.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.351, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SBWDIzfZ6Z0T for <idr@ietfa.amsl.com>; Sun, 20 Feb 2022 10:18:05 -0800 (PST)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2070c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d05::70c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 412433A0917 for <idr@ietf.org>; Sun, 20 Feb 2022 10:18:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=npi+Z06shoiTj0TrwPs6+b0ndQsTTCKFNKJTg+ikWcg6Ygfw5o9IHUkqF6zhBpBhY6whsJzGRgNoVAZhQPDld8t0Xu08+KXbQaiD4r+cHVrDqzRJVg0jda5xRHTH2Tau3DJPyEK0J9tqvq/7lIG/qVoBz82No3fdmaLoMYXXMN2sbl4H6xtgv+W/E2q3C8ostGuPJS0bIveNS5rXR+LDd1uYEycDgb1h52RJIQpw3hYVlN+F2qOiXJUBSAV9XaLywvQH/r5WtGgqeyI+qs4OCCWqL0LsU4huR3uFTS0OOkSKJKRK0zgFiARMYGVyIwsFc+ANemeDQumsUUAsETpO5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7JpKUMJGDNMbrZtWWapg0SX5Ob7/CkskTchOaA7B1R0=; b=RvtqcbezXOflAW8RrP4wW/CNgb8762c0dMFhQV5xbAHteK5g1eK1Z6FwqNu15B/CU0+OBQxJjb3O+7N8lytRMoiWpSs1uvbXDUu4PHfjPJlCpC0X0Qqta9VDRG6yVddiBhwds34gsaC7QbtpZ68kewMFaAEnU57RV4ZAmuNKNWTm115U8wN+Ge9vGH0RFalZZ284kg16kcmQs67UThqsC6ClX4PXkLlvTxpaEq+nK1yBzLvJc63JgiTy1vfstOEbyyP7BUbpS6gk+/znaqpNey07mu8t1qTEviA7u9dqZPtSLO6PazgDqD4HMizzvrv5Nhi0Web9eUsmNJvyiTrpLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7JpKUMJGDNMbrZtWWapg0SX5Ob7/CkskTchOaA7B1R0=; b=GJNWe5ybalAI7zy5VYFNc346amtMmBnHoGfv94S4jrEb4yiqKIskG7eSRdxVuNQF44ehfCX/Gug79LeeabSRyXLhZPVhYYa6nIh3U4qXgeq4r4N75l+BtldtajCo/qPpctoh/bI/7jXchQHdRsV3W+1rKmcuBTct554JdPS2oCY=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB8752.namprd09.prod.outlook.com (2603:10b6:806:176::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.16; Sun, 20 Feb 2022 18:18:00 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::c99c:1af3:8454:5d6a]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::c99c:1af3:8454:5d6a%6]) with mapi id 15.20.4995.026; Sun, 20 Feb 2022 18:17:59 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>
CC: "idr@ietf.org" <idr@ietf.org>, "Alvaro Retana (aretana)" <aretana@cisco.com>, Susan Hares <shares@ndzh.com>, Jeffrey Haas <jhaas@pfrc.org>, Alexander Azimov <a.e.azimov@gmail.com>
Thread-Topic: ttRE: [Idr] FW: New Version Notification for draft-ietf-idr-bgp-open-policy-22.txt
Thread-Index: AdgjO6Hd4mxgnZS+RDKSQPqN3aFrQgAFfuuAAAC1M4AAPMZOgAAavEAAAAXtiQAABB5oAABo/gYQ
Date: Sun, 20 Feb 2022 18:17:59 +0000
Message-ID: <SA1PR09MB81424B8BB97B01C6B1307EA784399@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <23467_1645021138_620D07D2_23467_279_1_61ab1378871c454881d0d6ad5f6605be@orange.com> <CAEGSd=DiW_b4qZO=WZYmf4b8Y4pn==eK+BV+VsH0+HoeAxyLHA@mail.gmail.com> <4418_1645029861_620D29E5_4418_232_1_6ad5c38aeb624e74b6739e26067ecb25@orange.com> <CAEGSd=Bu98xQ24d4Twmv6Qd3awJ3Dnh5UJ_tdL_9Bv4fe3BpwQ@mail.gmail.com> <6912_1645180203_620F752B_6912_303_9_1585a3a8e34f4c02bc24c09760c735c9@orange.com> <CAEGSd=A2CajhFjdM0Cm+kwJQdAr=Y1Wii=+P-LKVdTYx4hwk3Q@mail.gmail.com> <24787_1645197463_620FB897_24787_433_1_ce01630c1aab43818a3303b6e91df2e4@orange.com>
In-Reply-To: <24787_1645197463_620FB897_24787_433_1_ce01630c1aab43818a3303b6e91df2e4@orange.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_SetDate=2022-02-18T15:17:41Z; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Name=Orange_restricted_external.2; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=2
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4ab464eb-0d46-438b-3e47-08d9f49d53a1
x-ms-traffictypediagnostic: SA1PR09MB8752:EE_
x-microsoft-antispam-prvs: <SA1PR09MB87529531BBDDD69A37C9EA7084399@SA1PR09MB8752.namprd09.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0N+GJpUfWHpVFXaX/m4ARN4dEnZV/7HtvVR8cGxdkMekeQAgHloc/pW509/CEsYSMJgi2cK5H8pqdGA5MWg5UnHhdR52s/l7z7Ak0u55RQfDCTnk44PlaRJy0qCyxEZ1LFglQN60VII38Ludn65m2IAsI0kKsF3D4mNQZaxGKqSbgLE6aIvbXOzakx3qAuj1uZwERF7kTfuELmGYPLUiFvJb1kRXTK51C6n5CQoOYvi+WMpHhHVNrGWiuS6CxfsAm3SAQphUtQNfynnwF0dDchX+84Mof2pP9fHgGlnyPhApvWYnVruj0TPFFZ9pG8RsDkyEIoPxt5OOr/xymxIJUQLqJzF6jzIfCWyMs9D/dAOannFxbwiG3n+DddBagr/dgCqxKt0E5dRTKlqpvWqBG+wkQWX+ojziBmpTMzoCRInC8qkaRQ5fhF1olB4/aBbA+xBkvpBAbBGPk5NqeZPCiCpd+rhWFP2L05B4DDi6tvSVnvvETMqIagOOz2UT5x/DgBto0Ln05NHYiTy9NGkH7zJ9DQr4uTfVzJQ2Mn0PE1xe7tBnEi3cZwYaKHaxv32vnfmro6/rAyDEjBEp52Yyxm614adp4E9GPNeAV6WJBUw4PMs0UynRAlP7rw2lFabGhb7t1XsTYsKpUUjJj06NgzAIPQT9ctPtm3IWDBrBElo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(8936002)(52536014)(122000001)(99936003)(9686003)(7696005)(5660300002)(6506007)(38070700005)(2906002)(86362001)(38100700002)(71200400001)(83380400001)(4326008)(8676002)(82960400001)(508600001)(66574015)(66946007)(66556008)(66476007)(66446008)(64756008)(76116006)(6916009)(33656002)(55016003)(316002)(186003)(26005)(54906003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MNIR9+4LLmtvY5SRPvMEPdJYqu/pcqwFy7hE/OShyNLREEm5LxfYpLM9aCxXGDuDDbqRxJ+dkRjDSMT1JYVmqdFP939WC9frpaOa/KM+ShHVlaK0QRPyXaOH4CeEgKWBrESOzU9oFnh66ZTa2pfVTx3HK/BngDRiPMAd0seVakolhf+j67fGo8quxx//yV1LmWVtTF1hTR6/sbuzXVCwvkTtTw584UuAIVnSEYe4iPwKPWMmVZSVV9mdkF9EAoLH0dVfQrPfOrXqs7KknRYwm62XPP7Wi66ROTGMQNrcLyxtp2Bgu7tF0ZnA/pstIgFpKJlbmNDuo1K8GHjBVb1PknDgy01TiB+ErlKJuKOFGdvdg3ioNpQmLAaXcc5YyOkYKs8comztRajNJnBa0a5yJ8KXWlHawn3d/iLSNgNnT557A/IjrRcLLSd07TjJi6mERJ96LcM8mt4aRdS5DGpNrokJQWV+XiwPVx150qSJWl0bgjOMYT4BJV7eDGLGw/RIgAN7ppVUWv9S0l+VZJISZjwISgX/Lwu/Rh9t/JXiDxczlUYAREaAv5ve+aBV35wkDdPHldoDhgSTAjM8HhK0DXDiW4ujUIC8z9Rh6KRXooZQrArLA/4f98uknWPZCd3egAwH/JJWtHFeBdV4yboIhC68tA3MkxkFHEoyLxjAXMod864VdChy7y8DSCmJ3lNIiP+JhE28QMHR+sjUbvO+n4GHlI0358rvweRYtY+vGEQPXKuYTVAs7rs8Vv4BHtIgQE0HmCPFgNFYUGYjRjsDnI8FbIxpYJ5C7xMRWTlhF0oMgOgp/OGI7MvmJ5JVxVKnwkAAKNftfWtkHC17Ayszdgc2NFqSu6wrHMwxOD98U7o8EMdUWGTpBXHSkr1R3vnZKTxfLSOOKMJ4KJBbH1bOuUJcLZTyQ4NlRhukkYK/wzxezwlMPyLxTQcitSB05yNLEe7J41c0VCjpkCYi3cESuzC1uccHpuZyZUFvRVpst2DZmHKzAmyYbNe+w2572UAMCu5Oj8cZJXDxPopfa8iGE+H9a9P9gzqAhiDlOUbTxCq+lh3ccKlPc70JCaUL/J6iefn0Y08G9OqyWbZ34OYXjMG5htcihi8f0xCc0JiHnUhicPkPFHVwMzvqXKy+8E9JARn6Fe1qs2iVvm6PHcpmlagYs+URAtpHQ15PuCEkICbzMsOsuOtGPsJAUsIi1a/srKemA38OtEg1uJy2LMoVHPXh782yJl28MMFjCp+uY0ny32QJh4fyl+gl4n3IhePX/mrnvxxW5Mjgt3LrxWQugGa5GHP3VvhK+OwMbG+lme/y+ttHSKmdMkC0JlTCdbA7
Content-Type: multipart/mixed; boundary="_002_SA1PR09MB81424B8BB97B01C6B1307EA784399SA1PR09MB8142namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4ab464eb-0d46-438b-3e47-08d9f49d53a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2022 18:17:59.8348 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB8752
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/HwvXa1lND_x1CknrZQI_WE2K8dE>
Subject: Re: [Idr] ttRE: FW: New Version Notification for draft-ietf-idr-bgp-open-policy-22.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Feb 2022 18:18:11 -0000

Hi Bruno,

>High level status is that on my side I'm fine with current version (-22) hence if you can also live with -22 we are good.

Alexander and I think that the only viable solution for error handling for the malformed OTC case in IBGP is treat-as-withdraw. The attached figure (.pdf) provides an illustration and explanations. Let us know if you agree.

We feel that the data-loop scenario with malformed OTC has low to very low probability because it requires *all* of the following conditions to be *simultaneously* true:

1. An implementation has an error that causes the OTC length value to be not 4. (prob. = p1)

2. The same implementation has a second error that causes the OTC value to have incorrect #octets to match with the incorrect length value. (prob. = p2)

3. AS in consideration has partial/inconsistent deployment of OTC (at routers/ASBRs within the AS). (prob. = p3)

4. There are no alternate routes available that are free of a malformed OTC. (prob. = p4)

5. The IBGP topology and the data link topology between routers do not match. (prob. = p5)

6. No data tunneling is used to match the data link topology with the IBGP topology. (prob. = p6)
      
The total probability for the data-loop scenario to occur = p1*p2*p3*p4*p5*p6. 

You may pick some reasonable numbers for the pi values and see what it works to be.

RFC 7606 also comments about the expected rarity of data/forwarding loops: 
   
   While lamentable, this issue is expected to be rare in
   practice, and, more importantly, is seen as less problematic than the
   session-reset behavior it replaces.

RFC 7606 goes on to include the following advice in "Operational Considerations":

   When a malformed attribute is indeed detected over an IBGP session,
   we recommend that routes with the malformed attribute be identified
   and traced back to the ingress router in the network where the routes
   were sourced or received externally and then a filter be applied on
   the ingress router to prevent the routes from being sourced or
   received.  This will help maintain routing consistency in the
   network.

Thank you.

Sriram / Alexander

v2.46.0 | Report a Bug | By Email | System Status