Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

<bruno.decraene@orange.com> Thu, 20 April 2017 10:13 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C09E41294F0 for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 03:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NsSKxCrQ96mB for <idr@ietfa.amsl.com>; Thu, 20 Apr 2017 03:13:19 -0700 (PDT)
Received: from relais-inet.orange.com (mta240.mail.business.static.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8918E12EC73 for <idr@ietf.org>; Thu, 20 Apr 2017 03:13:15 -0700 (PDT)
Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) by opfedar25.francetelecom.fr (ESMTP service) with ESMTP id 2239C12062E; Thu, 20 Apr 2017 12:13:14 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.58]) by opfedar00.francetelecom.fr (ESMTP service) with ESMTP id 0224018005A; Thu, 20 Apr 2017 12:13:14 +0200 (CEST)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM33.corporate.adroot.infra.ftgroup ([fe80::3881:fc15:b4b2:9017%19]) with mapi id 14.03.0319.002; Thu, 20 Apr 2017 12:13:13 +0200
From: <bruno.decraene@orange.com>
To: Job Snijders <job@ntt.net>
CC: Enke Chen <enkechen@cisco.com>, Hares Susan <shares@ndzh.com>, idr wg <idr@ietf.org>
Thread-Topic: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
Thread-Index: AQHSubuMFx6qnNOc8UaJCUOYEKex/KHOBnQQ
Date: Thu, 20 Apr 2017 10:13:12 +0000
Message-ID: <4222_1492683194_58F889BA_4222_8830_1_53C29892C857584299CBF5D05346208A31CC0335@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <abe393d3-d1e4-7841-4620-38dab751765b@cisco.com> <CA+b+ERnRz8BEO3mb1fnsDPoiL6Wxjdfw9vQPbyODNEa+xCJdnw@mail.gmail.com> <D51D67E4.A9782%acee@cisco.com> <AF07526F-F08B-4084-937B-A9A2D2DD2813@juniper.net> <2b8a94bb-4f40-6c1d-05ff-9cf11ad93646@cisco.com> <20170420090941.c5yi72mzleto64ph@hanna.meerval.net> <25911_1492681251_58F88222_25911_625_1_53C29892C857584299CBF5D05346208A31CBFF52@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20170420095031.oxtnocmjkt3zavge@hanna.meerval.net>
In-Reply-To: <20170420095031.oxtnocmjkt3zavge@hanna.meerval.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/PQM0XtdA3qPywRXrt-z-4ogwUYw>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 10:13:21 -0000

> From: Job Snijders [mailto:job@ntt.net]  > Sent: Thursday, April 20, 2017 11:51 AM
> 
 > On Thu, Apr 20, 2017 at 09:40:50AM +0000, bruno.decraene@orange.com wrote:
 > > > From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Job Snijders  > Sent: Thursday,
 > April 20, 2017 11:10 AM
 > > >
 > >  > On Wed, Apr 19, 2017 at 04:34:10PM -0700, Enke Chen wrote:
 > >  > > I had "in this case" with the statement "the default can not be changed".
 > >  > > The reason is that the behavior change may completely cutoff connectivity
 > >  > > in this case.
 > >  >
 > >  > And very soon after the cutoff a customer may elect to roll back the
 > >  > change and read the release notes!
 > >  >
 > >  > The 'complete cutoff' only occurs after a specific sequence of events
 > >  > which together would represent a cascading failure in due diligence.
 > >
 > > The document is asking network operators which have correctly
 > > configured their network to retrofit the configuration of 1000s of
 > > EBGP configurations, in order to accommodate some operators which are
 > > not capable of correctly configuring their EBGP session.
 > 
 > No, the beneficiaries of this draft are the users of Internet at large,
 > not just 'incapable operators'.
 
My text was not discussing about beneficiaries, so I don't think that "No" applies.
 
 > It is ludicrous to argue that an operator has 1000s of EBGP
 > configurations but would not be able to accomodate any changes in the
 > software's behaviour.

That's your opinion, but you can't speak for others.
e.g. managing a few high bandwidth Internet connection, on a very few locations, is very different than managing 1000s of customers CE in 1000s of locations. Especially as breaking the connectivity would requiring sending a tech person on customer's site.

> A parallel can be drawn with the 'IOS
 > small-servers' which over time were disabled by default, rather then
 > enabled. I don't recall any outcry over that either.
 
It's not the same thing to disable a feature that is not used, than disabling a feature that is used and critical for the connectivity hence the business.
 
 > > Plus the solution is asking those later operators to do a
 > > configuration, while the assumption is that they can't be trusted to
 > > correctly configured their EBGP session. Why do you think that they
 > > won't just copy/past 1 additional line of configuration in order
 > > automatically distribute all the routes for each new EBGP session?
 > 
 > Ah, there may lay our misunderstaanding. We do not blame operators or
 > make any judgement on whether they can be trusted or not.

The point is not about blaming. The point if that if you don't trust X, you don't ask X to perform the check/policy insurance.
 
 > The problem is that there are some platforms which _immediately_
 > activate a line of configuration after you press enter

Here we comes.
If that is the problem, then may be this is the problem which needs to be solved.
Nothing related to BGP or even the IETF.

>, and a BGP
 > session may already come up before you get to the configuration line
 > which restricts what should be announced or accepted. This draft
 > rectifies that behaviour to 'start closed' (i guess this is a variant of
 > the "fail closed" concept) rather then 'start open', or differently
 > phrase: one should not start insecure.
 
If this is the problem, may be the CLI should first mandate for the BGP policy to be applied, and then allow the configuration of the peer (e.g. its IP address)
Again, not a protocol or IETF issue. (although netconf may help as I think it provide support for transaction)

Thanks for engaging the discussion and the useful chat.

Kind regards,
Bruno 
 > Kind regards,
 > 
 > Job

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.