Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-idr-extended-experimental-00.txt]

"John G. Scudder" <jgs@juniper.net> Mon, 07 November 2016 18:15 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F57412948D for <idr@ietfa.amsl.com>; Mon, 7 Nov 2016 10:15:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpPPUuGVkVKR for <idr@ietfa.amsl.com>; Mon, 7 Nov 2016 10:15:25 -0800 (PST)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0128.outbound.protection.outlook.com [104.47.41.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FE6E124281 for <idr@ietf.org>; Mon, 7 Nov 2016 10:15:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WArl7CwG6SENKI3vvwuzxtavWfYyYijp2CsbKp8JQa0=; b=fnnUpgxH9clc+uqYgopvEMDhVU0sRw/jQR/jKQy6tCFmMPWoBUYa19uEc8DMVQ2GDwHPNZ7QGZovjJvFapDAwOJ75lqMKBvK97k+TuSPCRDJcyk9K1gOnYtc0RU1QWKULu189gd1sZvDcXIzAN3YXJGrEAbxzHcPnIQLRGeXqno=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=jgs@juniper.net;
Received: from choy-sslvpn-nc.jnpr.net (66.129.241.13) by CO2PR05MB2503.namprd05.prod.outlook.com (10.166.95.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.5; Mon, 7 Nov 2016 18:15:23 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <20161107152616.GB25256@pfrc.org>
Date: Mon, 7 Nov 2016 13:15:17 -0500
Content-Transfer-Encoding: quoted-printable
Message-ID: <6FE43655-81D0-45E9-9817-D5583213DE2D@juniper.net>
References: <20161031205515.GA25507@pfrc.org> <5818E126.2090202@foobar.org> <20161101185759.GA23458@pfrc.org> <CAO367rUUHO5zDLMzeLYbka_04k7WyFrw6BM83tyJeM4rZ8RZKQ@mail.gmail.com> <20161107152616.GB25256@pfrc.org>
To: Jeffrey Haas <jhaas@pfrc.org>
X-Mailer: Apple Mail (2.3124)
X-Originating-IP: [66.129.241.13]
X-ClientProxiedBy: BN3PR11CA0040.namprd11.prod.outlook.com (10.162.169.50) To CO2PR05MB2503.namprd05.prod.outlook.com (10.166.95.149)
X-MS-Office365-Filtering-Correlation-Id: 7b8e8123-1e8b-49f6-cd4f-08d4073a0ae8
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB2503; 2:9KfqvADOJX9n+J7l/O+YkRnUBqO5xmccold/01qX8B2Xu0VQqbOWCzffd3OnFGbNsYu4fgnhOWqwxpkj+GTjGpnXCTxKpJmttoTiNXGL2iOqyUt4re3TXEPou1oKKZI3zGvd0cYy9yhrpkWn1TBpGyZ7VIegi8CJePCY1ofwKPl5RBbc28uIiQPmvKXDyWUYLltCmnT0wm4fEVJFFd3pLA==; 3:R+u9zQH1xbxFwpZPAC0FHLC22ntO6D2cHuOsGp3fnTI1blwJaWx1N1HUbRiMvkKZ7FRnmAIQOYzjt3zZ12vGfJiLwF6HyTP8tLb58BkAW6WeYvHtQ8fQHtcD85Vxo0ycRtHEkeZGv7no7hJ0i3D6uw==; 25:vNa+y/oseB9PW+oJC/56UJVMdBTtZ6L47N++kumsEZ/3YJOcaRK7yP4T9DZjuJ3TdCbFDb95JZZaq+2dcKq2Pou3oe1I/Hp8NCj1NOhjVubOZqOQWIIn8TEI3Muw4JFECkNC/6BLXfH4J1I+JjwUOoPhiTZLlOVRwriie5p6tsppac6MzWFljFZaaBin10pPC/coORbC3LDvhcHd0e0Be0wIG6qvrzlxLr5vRz7yCNgu1Lmo+uQ/1409zi6pUbYJdPcXkx08dZhXIoPrjGQcz+KutKsmoRLsr3asI9ygNmiPIvOyqo1CHZGhKU/XOV3pXx0OPfw90FwUBcvSraL9dux00XhSzia8rbgp86+nF+RXIL0jU868mDbmnLuGhom1H/8X21022s1zP8qol43s6CwaieahVMi7lrd4voTNcWKBoA5sLVyOnMGhng5q/L3Z
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO2PR05MB2503;
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB2503; 31:GB5ya3fObvz0zTkGXmwH/Epo1X8uY33Chq6ySGZgoT8r4HzUCeW3rLo+IQXrzeX4FwRMdUsfBjSuuzlZz/ahGDfdRIYLvzW9VI2ViV52YsiGELtcH3d49hWP0Vxt+wQTFwE/eUh+pd4+9MmsCUjejzWoIA5YAF2XIVlMlLhZW3TOkRm7k8iDhE5CXFPq96rvMEUsi4ePD55yw/JWHKobHD6ZqiVxqzZVOyywLUcWnf7ZjpVialeTDvp0Huu2hizE; 20:lFcoayd5AvRn/TH9PRcXWrpr5kfY69wlPOtGBllzVQNMJyHe3idvwZ07JX9F3zWdKAxlGqjJdNbRWzThSnu9mLyK+AhLNTt7yXixze0PNG889G6uwoKOwgtidg1G6JC4ArXnkIl2mkGicHi+/lGy2QRjcCOODOYniEAhrwePFM2xbUk4lRuYOWcIrgJUA1VGEnE14xlUCniaczxbq3j5u8VQJ7dRqiwf0NGx7lnR2ey5lMNU/mfwnkmNGYPY7PNAiAAsqn0r6HpJnTqPgP9puOCIkNZCzFSX+2sKJsarnMpRQCBy/aogC/1MFO+zn1WCc5nz4q78xJKwxDDMWHaok5ZwUgsypFlOLUEt3lgXayXquVn1aAOWcx5rSeXExuB6oGTJ5NWTZicbc3q45/6A4vU4aBxApv62bq/JsbLtzgOalggwPYTydi3rewxopWGnAqmHNtMAVuKrWj+KsIus7KRLTbYKQ7zQ+FqokbEy7OZmGSwckEJ4ZkEKEM/9kEDDV0gMz9+6MW/H1V0KNWSNNU7aBnnuu4LE818YZzX55pVLh3fkrL6fkWvGRPFnGhQgTn3u+rr9y7hMIHBnK0nafHaOs8aqNvjGf9dokLyChUQ=
X-Microsoft-Antispam-PRVS: <CO2PR05MB25037F0C65E8E51941C1D1F3AAA70@CO2PR05MB2503.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(190756311086443);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:CO2PR05MB2503; BCL:0; PCL:0; RULEID:; SRVR:CO2PR05MB2503;
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB2503; 4:r/AyniksYrwwTrfVM7UYqXx6zSnArLv5gDe/Hm36Xavvh+AYczZHu0UdYoBH/+Lw5D5n24qrf7EDUPenBV/0OXlJd/w5d5sVTEfpwWAemnzffCh+n1bXl8Brad5dEdNbhU6uI8U11TyuYe7RJghY3eqM5dZRbpentS/qQ2Le2yjYakjbKunLVjB8ApjaMa5Tgwus4fCHLWu3ZvKAYSqc0Svi+35dNSHl8Ej2pfbqiCjfkQPM7KbqXNU5gtWHtR4NOxwPF5rs19kqfpCejzVFETfXKhfasKSi2kFHQrNXLfoCTk5PS83U0Iu4tvgaqkpoaDi8TBr51rAGH4aSckW7YdE19RnJNEy4GdQ9pw+Kpabc2XF7dbQ9XdmQlhxAlCYsKrcxGbKvRJRzxiQYLVoRt2ljdb5yD3RfGkb2arfBshUj0FUpahodMmt+WmxVnIUNGZRWhpvS9+Mqau5chnSORQ==
X-Forefront-PRVS: 0119DC3B5E
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(377454003)(189002)(199003)(24454002)(110136003)(23726003)(33656002)(66066001)(42186005)(586003)(47776003)(189998001)(6116002)(3846002)(5890100001)(19580405001)(19580395003)(5660300001)(92566002)(8676002)(561944003)(81156014)(82746002)(81166006)(230783001)(46406003)(83716003)(53416004)(86362001)(7736002)(97736004)(106356001)(8746002)(77096005)(36756003)(6916009)(2950100002)(101416001)(105586002)(7846002)(57306001)(69596002)(50986999)(76176999)(97756001)(93886004)(68736007)(50226002)(4326007)(2906002)(305945005)(6666003)(50466002)(42262002)(104396002)(222073002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR05MB2503; H:choy-sslvpn-nc.jnpr.net; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CO2PR05MB2503; 23:aauWGpQ7RG+4epISY7ZCTAXkIj1vqqhRwOpQ/+DHT?= =?us-ascii?Q?GHZ41SLqnHhnmY/VCBFKALX43J/Q+fkiXLOC/KDxuT0oTdzm4A7BGQ6ssS/y?= =?us-ascii?Q?wJChn0H9OWIMu/rGIld/eaT209k9IHBYr8VTrWf073LnINAbc1rN/nB5Z2sP?= =?us-ascii?Q?M+H+3/Vfc4RqDnDqksPd0FnChyIotjtn2YTueApH5TbJWb0EmsBEGTFSqXkE?= =?us-ascii?Q?nvFISoxoL0+w7p4FnrMUHptCiiSQ2SDnL2ugbwqLz3yx+PDZD/sT7tleiyp/?= =?us-ascii?Q?VzWkJbJMfvZvL9yNY9k8qKt4VdPvqRZ2rGKTwTombTTEncTdB1X7pCOprWyW?= =?us-ascii?Q?Jmq5OB/LOvgG5Ik7WA/MBNYgoaYObqfpP+4lVjJxJo5dV38Fuwjv8+ZSyaRG?= =?us-ascii?Q?sNLHj6b2Mgs1bTNPiPg0/bnCjP5ul7k5f/jk0GnuSTeJC/6pkocBxKhoRy8J?= =?us-ascii?Q?xfmVDN8mdY/uV0MDTwDFPqYXk2RZhYSvLfg0fVCqtEL2AQi131zBOiCcVMZF?= =?us-ascii?Q?s2NCcrtNC0jGGQtPx7WncE5t95W+oy0zpPL3zQUAIKc0d7wioEi6725FRjnY?= =?us-ascii?Q?Yi/FSQsw9oTIK2+AxgXXhUDhTM3HB8RdYEqpTo5Fwja/BHnscCcznvL6I4Mb?= =?us-ascii?Q?Yg4rKMdensYn7UDF9xaD2J9EMw+YI/KkNQhTUuRY/VgcsAV3UX+sbzIJ8I7W?= =?us-ascii?Q?bJtkKdAil/Y0WvIr9QJj7sxKC+VqR2HmcExy0XRW8t3BWA9NKYw/Q54LTiQs?= =?us-ascii?Q?2VWFVpBcx3GeiMAHsmRI1SkEGgkVPxAtLhhcDU9TUFDcrWO4IgDesODmFlvK?= =?us-ascii?Q?P7BDEbCpMikACXb5LZ6zM/p1BgOkLVOV/F/N3T1EvVk+Tf4VRoszvhrjbYYd?= =?us-ascii?Q?4ZNqB6RzPg3aQgcSTu1LkVy3OaD/Um5yW7iqhsZyZi9hX/WioZ1POI/wKMYy?= =?us-ascii?Q?HmBEELQ+D9YaeQ0cXu+2De+u6LHp4lPiJKeCnMS9Zm1Szhfs1sH+v4EcVqVQ?= =?us-ascii?Q?rfpEuQsZSUFi6YnYOpCetV4lY0fPhCE650ICOZ+dooKNvNoWQdJEg2k0bt4Y?= =?us-ascii?Q?FRD6J7P4EcKJZ/XyHeTyyc8nXmXa1iSF6Uz2l+EXbZ4e1sjMnB3mx0cwPDWo?= =?us-ascii?Q?i0Taktp7sEtqa1q4tiPHI3xVTtKoIMKSq8X9G8k/RzuLXlVjEAnSn9YavKrb?= =?us-ascii?Q?G9rO98dtRVs2MCE0xqKUyIkLx92KdqhQS9wGrNcUwiNPmos64hwDGG+2g8VC?= =?us-ascii?Q?1uzrJM6Insn098LTvvy0Xv+WWUfXRT93PjZ3OHPOCz1+B8U3ZXCZEF12dit7?= =?us-ascii?Q?ID+AjP4tl1vPa9sp/9XLZzD2nuvcVjKYqXIG+qQj4KwGcBftaWvLY+aF9Pnf?= =?us-ascii?Q?eItzr0OcCP27EV+ku5JU9417N8CVowwwnzT1Iq2+2jVzLqa?=
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB2503; 6:Wjo4DOAm867QADqJW3+ix4TVPnA3hlFqAgUuez5epY6SnLdqmXdRADg+jUw3pjqGevja8SgLytKnaUFdMkJgAId7DG2ivJfjSJe1hPESE5euAOi4Y0/EV+OSg/bRjVHo0KBS7b2YJvsvJDfWhEO4YM1P5iC9ikaNEv8hgsaKI+rVv9wUNJQRljChg67U/K4v3cbAubOG3JQTlmASxMKX7ptHiLmsQylPiksqrJXUSAhwu+7oj6lDoZhm83GTxIYl9TONQ1uIszR9o+Rg2UlbIb23un9ZBARcgGMEUInN4BBcg/dkiYTHpEfmrcQazSNWjJitVdJo2CwTUxo1FaPNDu3U42HFL4t75/WXaNII3GM=; 5:4KylHzHjhTcUgNI6sylsvyQ8+YC005jpgvsh1b6ekWHj9PaoWpCCWsDnX4ds6G7JQEuxxPMhhTneU0vEm7HQctboo4TDc+NtELls/4WirbtyMp9SebV2722a+Jir9OwlWJVL9N8EEVrfvFAo2EBBoYGO+Pro4rj8Msq9fUD3FcE=; 24:n3Jha+FgY9ceTsUod/uiG2yLPq5/IHHIfq1UBceiDa8vHqjZHeJXBOHbT1kBgz84IemJZR6UrK5RDTHVvpk0h7SKQ/JrQAAwl1JV8oMBGTQ=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB2503; 7:KBn/sNWxWb3/BedYqNPxh9cCZScWuruwY7/14qoHOGN4m3YHYYVEZljmO3WzhjSCMmcNB10j3qHYWViVzjvZ1gfk8eIFB7RvzGaIout9MAtwn3IFJq5N4sSVH2tYnTL9UcQBfDC8oirvVe4arWmDNnzSpvMI/cy95Dg0mJz/fjkPLPKqFcPX8zREbD4mUubYPprczjGX6rDGADLTNr9vNPALdlHQyD1CwSz5A62Dvr/u1MYUob4TpWREAUMwhI6UripoO5dFzoPhgJcWuegQKCYt9qVJcqAhXU0TXqQlqke+2n8Su6Xdy7t5U6QfGkIkr1JUwlwrOadbbBVzmcryiQ4jWMumMahpWCSAbxqF1Eo=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Nov 2016 18:15:23.1793 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR05MB2503
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/MeNuNQ01rdp6bJ69AlsyqteB9CI>
Cc: idr@ietf.org
Subject: Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-idr-extended-experimental-00.txt]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 18:15:27 -0000

> On Nov 7, 2016, at 10:26 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
> 
> Marco,
> 
> On Sun, Nov 06, 2016 at 08:23:36PM +0100, Marco Marzetti wrote:
>> On Tue, Nov 1, 2016 at 7:58 PM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>> 
>>> 
>>> A feature such as this one, perhaps extended with a per-attribute form of
>>> draft-ietf-idr-bgp-attribute-announcement along with enough information to
>>> figure out when filtering wasn't done could provide some safety.
>>> 
>>> The related changes to this proposal would be to simply add the 4-octets of
>>> the attribute announcement scoping and potentially the attaching AS.
>>> However, given even such vendor features are likely to need to work in an
>>> inter-as fashion, generating scopes of containment become tricky.
>>> 
>>> 
>> I have always wondered if we should add and N bit to
>> draft-ietf-idr-bgp-attribute-announcement to limit the advertisements to
>> neighbor ASes only.
> 
> Such a thing was discussed among the authors of the attribute-announcement
> draft.  What this would mean is such a bit would need to be set and then
> automatically reset into the M-bits (C+A) at the next boundary.

I'll also observe that we already have the NO_EXPORT community which has virtually the same semantics if you apply it as you're sending the route to your peer. And then there was AS_PATHLIMIT, which never achieved escape velocity. Regarding NO_EXPORT, you might remark that you have to apply it at your border router instead of at the origin, and that's true, but I'm not sure if it's a big deal. You might also remark that NO_EXPORT doesn't survive if your neighbor strips inbound communities (or explicitly blows away NO_EXPORT), and that's true too -- but if operators are deliberately dishonoring NO_EXPORT, is there any reason to think they wouldn't insist implementations have a way to dishonor the mooted N bit?

--John