IETF Logo Mail Archive

Re: [Idr] AD Review of draft-ietf-idr-ix-bgp-route-server-09

"Alvaro Retana (aretana)" <aretana@cisco.com> Sat, 06 February 2016 23:53 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB6F91A87A3; Sat, 6 Feb 2016 15:53:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lg5wjOHYRO1V; Sat, 6 Feb 2016 15:53:31 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D09551A8796; Sat, 6 Feb 2016 15:53:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20315; q=dns/txt; s=iport; t=1454802810; x=1456012410; h=from:to:cc:subject:date:message-id:mime-version; bh=8wPJaXaRJGf5I+KlK+hgDxopqUiWnYZKGTg6j5dixQs=; b=Rws1K2g9BIhPZVkp0mPcpYt6L/b2KaiTw2ECz2D4Ddl7t245Y6TuuNI7 aYz3Mkf/jknBC1FncAeRMA+CnuzBbI3uqvz6MAJ82hIeQQC01Wo9KuWhq zt0A/3oB/WCyWX/4ytUvJp8q/x9rYN1mQe+Roo7kGmhtmo5ndh3KpRO+1 E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AWBQAth7ZW/49dJa1egm5MgT8GiFWyfIYNgSQ7EQEBAQEBAQF/C4RCAgR5EgEIPzkUEwQOBRSIB74kAQEBAQYBAQEBAQEahhIBhDaEGoRSBZJuhAcBjU+BW4RDiFWFboR+g1EBNiyCAxmBSGqHGgUCNnwBAQE
X-IronPort-AV: E=Sophos; i="5.22,407,1449532800"; d="scan'208,217"; a="70895113"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2016 23:53:29 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id u16NrTcl030227 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 6 Feb 2016 23:53:29 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Sat, 6 Feb 2016 17:53:28 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.009; Sat, 6 Feb 2016 17:53:28 -0600
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "draft-ietf-idr-ix-bgp-route-server@ietf.org" <draft-ietf-idr-ix-bgp-route-server@ietf.org>
Thread-Topic: [Idr] AD Review of draft-ietf-idr-ix-bgp-route-server-09
Thread-Index: AQHRYTmT70VvWdDyrUy3K4QkMQ61Uw==
Date: Sat, 06 Feb 2016 23:53:28 +0000
Message-ID: <D2DBC736.10DD13%aretana@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.21.127]
Content-Type: multipart/alternative; boundary="_000_D2DBC73610DD13aretanaciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/ImC1g8wbDCpO8Aziu2ng2aI4xuk>
Cc: "idr-chairs@ietf.org" <idr-chairs@ietf.org>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>
Subject: Re: [Idr] AD Review of draft-ietf-idr-ix-bgp-route-server-09
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 23:53:34 -0000

On 12/11/15, 3:15 PM, "Idr on behalf of Alvaro Retana (aretana)" <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org> on behalf of aretana@cisco.com<mailto:aretana@cisco.com>> wrote:

Hi!

It's been almost two months since I sent this review, but have received no answer. :-(

Alvaro.

Hi!

I just finished reading this document.  Please find my comments below.

As you can see, the comments I labeled as Major are mostly related to security considerations, where I think there's more to add, and clarity with respect to the behavior in RFC4271.  I don't think that any of the comment will be hard to address.

I will wait for your comments/discussion and/or an update before starting the IETF Last Call.

Thanks!

Alvaro.


Major:

  1.  Should this document be marked as updating rfc4271?  There are several places in Section 2 where the behavior is different than what is specified in rfc4271.  Given that the route server functionality is an optional enhancement, I don't think this document should be marked as updating rfc4271 (I.e. It changes the behavior only for the functionality specified here).  I'm assuming the authors/WG agree since there is no indication of an update.  Please include a clear statement (maybe in the Introduction) to the fact that the mechanism is optional.
  2.  Section 2.1. (Client UPDATE Messages). "The route server SHOULD forward UPDATE messages where appropriate…to its clients."  When is it appropriate?  I'm guessing that you mean something like "where local policy permits"..  Please be clear.
  3.  Section 2.2.2. (AS_PATH Attribute)  Not prepending the route server's AS_PATH brings up a couple of issues/questions:
     *   RFC4271 talks about prepending the local ASN (when advertising to an EBGP peer), and it doesn't mention any exceptions.  This document includes an exception.  Clearly indicate the modifications to Section 5.1.2. (AS_PATH) of RFC4271.
     *   Section 6.3. (UPDATE Message Error Handling) of rfc4271 says that when an "…UPDATE message is received from an external peer, the local system MAY check whether the leftmost…AS in the AS_PATH attribute is equal to the autonomous system number of the peer that sent the message", and MUST send a NOTIFICATION if it doesn't.
        *   Please be explicit about the required behavior for both the route server, and the clients.
        *   Even though this check is optional in RFC4271, mandating that is not be done could be interpreted as a security issue.  Please include some text around it (and mitigation) in the Security Considerations section.
     *   Independent of the check, not including an ASN in the AS_PATH could (in the general case) result in loops; which I also interpret as a potential security issue.  Please include some text about this too — a mitigation option is clearly to not check the first ASN only when known route servers are peers.
  4.  Section 2.2.4. (Communities Attributes) says that Communities "SHOULD NOT be modified, processed or removed.  However, if such an attribute is intended for processing by the route server itself, it MAY be modified or removed."  How does the route server know if the sender intended for a community to be processed by it, or not?  Please add details.
  5.  Section 3. (Security Considerations)
     *   Besides the points above, because clients rely on the route server to implement outbound route filtering for them, there can be a privacy issue/route leak scenario where the route server can send routes to clients that it shouldn't have.  Not much can be done to mitigate this because it will mostly be due to a bad implementation or simply a "bad operator".
     *   You should point at relevant sections of RFC7454.
  6.

Minor:

  1.  Please be consistent:
     *   s/exterior BGP/external BGP..or even just EBGP (yes, a nit..but that's how rfc4271 calls EBGP)
     *   s/best path selection process/Decision Process
     *   s/IX/IXP
  2.  Section 2.2.3. (MULTI_EXIT_DISC Attribute) specifically calls out the MED, but you already said in Section 2.2. (Attribute Transparency) that all optional attributes "SHOULD NOT be updated by the route server…and SHOULD be passed on to other route server clients."  Is there anything special about the MED that I'm missing?  If not, then you should be able to delete the section.
  3.  In Section 2.3.1. (Path Hiding on a Route Server) policy implementation is described in terms of outbound route filtering.  The description of the example says that if "AS1's policy prevents AS2's path from being accepted, then AS1 would never receive a path to this prefix".  To be consistent with the outbound filtering description, you might want to change that text to something like "AS2's policy prevents AS1 from receiving the path, …".
  4.  Section 2.3.2.2. (Advertising Multiple Paths) says that if the route server sends "more than a single path to a route server client,…the path hiding problem described in Section 2.3.1 would disappear."  That statement is true, but only if all the paths are propagated, not just "more than a single" one. [You do talk about that in 2.3.2.2.1, but not the general case.]
  5.  Section 2.3.2.2.2. (BGP ADD-PATH Approach)
     *   This section says that if "the route server client propagates multiple paths for the same prefix to the route server, then this could potentially cause the propagation of inactive, invalid or suboptimal paths to the route server, thereby causing loss of reachability to other route server clients."  I can see how suboptimal (= non best) paths can be propagated by the clients, but what about invalid?
     *   To be consistent, there's no such thing as send-only and receive-only modes negotiated with ADD-PATH.  For the result in the text (having only the route server send), the route server should advertise the Send/Receive field in the ADD_PATH capability set to 2 (only able to send).  It doesn't matter what the client sets the value to (as long as it is not 2).
  6.  References:  I think the following can be made Informational: RFC1997, RFC4360

Nits:

  1.  Given that Section 2.3 is "included for information purposes only", you might want to consider making it an Appendix.
  2.  Section 2.3.3. (Implementation Suggestions) seems superfluous to me.

v2.23.0 | Report a Bug | By Email