IETF Logo Mail Archive

Re: [Idr] [sidr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

"John G. Scudder" <jgs@juniper.net> Fri, 06 November 2015 00:40 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5FB71A1A7D; Thu, 5 Nov 2015 16:40:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BJCHNZTVDMWh; Thu, 5 Nov 2015 16:40:24 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0130.outbound.protection.outlook.com [65.55.169.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5041B1A871E; Thu, 5 Nov 2015 16:40:24 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=jgs@juniper.net;
Received: from jfujimiya-sslvpn-nc.jnpr.net (122.216.203.186) by CO1PR05MB458.namprd05.prod.outlook.com (10.141.72.140) with Microsoft SMTP Server (TLS) id 15.1.312.18; Fri, 6 Nov 2015 00:40:17 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <CFC08F1A.1EE69%wesley.george@twcable.com>
Date: Fri, 06 Nov 2015 09:39:52 +0900
Content-Transfer-Encoding: quoted-printable
Message-ID: <F7C615DB-B773-41CA-8C37-901571E7152E@juniper.net>
References: <CFC08F1A.1EE69%wesley.george@twcable.com>
To: "George, Wes" <wesley.george@twcable.com>
X-Mailer: Apple Mail (2.2104)
X-Originating-IP: [122.216.203.186]
X-ClientProxiedBy: HK2PR04CA0011.apcprd04.prod.outlook.com (25.162.205.149) To CO1PR05MB458.namprd05.prod.outlook.com (10.141.72.140)
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB458; 2:+vyCRQIeYzq7rWV1hhq+L42TObmYj6KRaKO4pcWkO+khL0QrOdZYj2IkCK3SI2uvSL/ykTz0Tj9fqdpEXx2MagosWdya52cEAHPKmzR7+YZd9G1a6SBfTGXBZyM322r3FyKxLPYc9fqsBy9KPHoYqInIO3vaaqqoig8dvdZCgd4=; 3:d8US7USAXh8SsOFpvy/9hJhJWzerXSkmVSRy3XjGO8PXNJEmjUXB/meB4TQhO3LqwC5pPnnOvVis8+TCKcJ/IUgEB01kM74gVlnsQKZkWyngrYtusPBiBBUwVDctTS3G/SRnHzCfi4kninawMIIeTw==; 25:i7rTjPxjuoUp5f023gDTEVOmZ4GpdeO7vx5FmQxEI3aHmwk+ix5KbgNPOnm1q31xBFOTdvu9O4zcUjLZ9CikJFY8RLUY7idaURDIcrPZwxYE7kEVTjElabZKm9Bx1asSWhMnO62OSm4xVqdYuHRCW9rBTleZ6ecFv/R4e7EUBZOSfIV+3KTSAJf7ZM23pabhKTawQUgCwO4MuK2UAKViBcDdq+K/aPWKa+T6vy6IkABMEFXD/ExoH8GOoyaKTyHYEu30TaRc1cSnOc0VpH9mbQ==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO1PR05MB458;
X-LD-Processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB458; 20:W38PBzVs2WQeNfSOo9xb7Oid9duAO3sygOB6LkM1xQTa1589tohHyS8wvuHwM/Zyqr4DVgExgaB9VmPq7+U0V0bYW7UGHMnT8pe9IFdbPU2FwFKfDKzIXbT8BSjtqGm6bR2Eq96g2630vDPpRKpU9msBHCZ32npz+naX4Z23HEKSIUICUMkDauWuVtmlHJudaca2PWUZsRz9hS4XMZ0MtUIAh2NPwIHlxoIqdteEiIRnOKB8KuJPjS0dWpfqeFYM6wmgIP5/21md4UaZOlV+XBzLrhEnWnw80zGLHd8GL5HTygBMPZJJ7o9BfGqdbauRZ7+gHBTDPOGMabekJn+8sw1DEG7FvA0LwTCA+nN3zD7KZdDZ40265ZVxbBP/yIIGo+cnHfKt7Hbna7Ugi+oYVEELbX8yWpVVVzHVWPaEVIy9Qc9izxqqb0lBoQev7DMpRif7d7Qo5FGgpedobEI+zJAx55LRA2sl0uilZ+FB7wJmrthgPvsT35Y3X4AF43Dt; 4:3rAOhDHmXW77VkFzFCJR987PW0lWQj8WD/zKfAHIl39wBvrW6SQJmGwGgJ/Vbh91gJDf5ctCI7FNGeZnIH5f5DhH/GWDPwZntc3Old3NaIgwhIjYXFNmkGgSkpt1WwtpNSjpoUp6rGvL/k0Wx/gnATlU0a3GsQkN9nxyQ9ehhHIpwBoET+znf1lBeihULKJMxvu/+c/l9tgFaVPc+je4RTmHbFRPSwlGjh4pqBymwwfv4T2mxgmrAWtx9BWirVoMhDKZ1xtlT01YEIVKHDRcARtesVw4dng2xOLuvtsiacTc8KYIayyJLmbP6t4PXOI/bkH3UfQCmpO3sePqJoEzZ+wLTgUOGDztmFXCqJh1sa3+2U1OXPsbxyZV/rRIkggR
X-Microsoft-Antispam-PRVS: <CO1PR05MB458CA81D8E434402424E2E4AA280@CO1PR05MB458.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(3457453519779)(18271650672692);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(10201501046)(3002001); SRVR:CO1PR05MB458; BCL:0; PCL:0; RULEID:; SRVR:CO1PR05MB458;
X-Forefront-PRVS: 07521929C1
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(377454003)(24454002)(164054003)(51694002)(479174004)(82746002)(19580395003)(33656002)(81156007)(97756001)(86362001)(105586002)(69596002)(66066001)(97736004)(76176999)(50986999)(83716003)(42186005)(46406003)(110136002)(50226001)(101416001)(47776003)(2950100001)(40100003)(5004730100002)(50466002)(23726002)(57306001)(92566002)(19580405001)(5007970100001)(5001960100002)(77096005)(122386002)(87976001)(53416004)(230783001)(36756003)(189998001)(106356001)(5008740100001)(42262002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR05MB458; H:jfujimiya-sslvpn-nc.jnpr.net; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB458; 23:ZnYobpg1aHhU/VUj5Zpgb/pvMzE272q4Ua+GBVH/pKashqITcOVL+NLG+mWMjxHrEEkcpAujQoSxX4acGYDNHbCzETHPAuOS673XA+nApD5phQ81nzU5p+ZmyKWJA4ZuB/mc5G7poKcg+t9kT/jJ0ngKzYxAYRbCSIwW7pIs1lOb2GtKeYBjdydZo42+eFAcvJkOeXAvX9sBMWUb7NLipdzS1fI5gcJZiMzt97Q/1yxgJk9FmE6fkQ/gtvucTr7nQ0QpX0isM4qF0nfM6W8TbXWuIWOl9umm727f0+ZAwgH6C18kxsE7Y03TTPZTBF1tvTp7YsgdxEd4qLZ89wsmZAQBbyCaVM0IgMb3VOnW890muxvla5TK0VPgVFyxpNnMdCftU3qdYJ2oiawirB3BAk+I8ef/VaRuCfjV26WdjH4ouDcWQZNAmk8V4CaV4Uj6EDs6nl9dWdcbHxNJ+3wlOH3bj2bZFAbWkhXxwdhfPB+JPSpDsrDCMg67zH11lJXTBZ0B+WaZHUE8W55gL56v032bnbg+iAfrTyTCfLZVum/eiMgP+J8H+Neh8QXQ96zwXgvXPUw7QRFoMM7PbvZslCGEuO04grFBvpRtjvN2Q1ruv2ca6ccMWfuMg3m5QD9pYKBm1h+EIigWRmJBSPsg0W9Bc9a7MjM0acnJn2bTnONrTx2RPqwyUy0+W5uttCjC5NzSa1u3tRoP8iPVp0Bd1KEZ48NiOTrAFXXvivcPsmajr1KslE0B1laIRVNDlGcaSky6RhxNhLEaMesmNrsTn4ia99rwde/C28d+v0vmrlfDm1UHxoCYOXIcMRJt515wp8h2raM3vCRK1f+5uMIxQVtH4qqBbYWf8iQSCAuK9J05bCobcrxtpmoJ5RVm9U3B1XKZ3DLGOexoUK4FYFIwWEqxmyJpTY0JpSmGvN/Bz9LrKonGzIIR5P3PvxkUti3PxI8pwNj8bS1UCF1DCPSupM/w0aZTeOb7hmMb24LY5NCO01usAUcaAzjcP/Fg8+ZvIrhB9dRWD7ZKUafo//RI8V2wWOZ9Wnf/2Szakl/EZ2Tnqj5jk3n2tmGFdHIKh6502EzHcgqXYa5SwZygREPB1CyhErMHTZSsPkYVzwR+NAjIwaVDyZ2zWrj3SqjdY88cHfYdWHZy2ififKnPyf8oSpiG/5HlwE673MnWMLLVNjugAt80q3HAQh+qpdVe0ucXRF6n36NWyniBWq7Xnf7cdbm9tTnREfucky9i/Y0jqmA=
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB458; 5:eK7TApeDkKi8S/dc5qtxxzeBmrnJFKfZZntpzD1MWOPq7yiRgazgrE7NqGeZMtkJwW9y0nsMvxh8IOdxVqAZfyDEdzCKpyqeznFJJo/1vRYm/k046VsytmBaHaUl2Sw1UkX5xNNaP+dpc6vFnGqmvQ==; 24:7FJwMFvL2EmBENftcOIajSccpLVIgQcM3TFaV98E/gwgHsIE2l1t5WAUOGpvDeSeN+5hCC6XWZEhLzXrqlFJMPFnsBU82q+U50VWb3G5zKk=; 20:nLFoNMjKsuTTcwkWj9FypqgF0LMUe0Zt1vUvOObYnYJuo9NqyijpbyVbJRWnFk7OPYYa3N1i51EhXWbqFBs2qw==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2015 00:40:17.9365 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB458
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/QBbBeYoFQjNovESVWbz_8oGshxs>
Cc: "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "Keyur Patel (keyupate)" <keyupate@cisco.com>, "sidr@ietf.org list" <sidr@ietf.org>, idr wg <idr@ietf.org>
Subject: Re: [Idr] [sidr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 00:40:29 -0000

Hi Wes,

I believe -05 should work for you -- we updated it to say 'don't leak across AS boundaries unless configured to do so'. Presumably in your case you would do that configuration.

Thanks,

--John

> On Jun 14, 2014, at 12:25 AM, George, Wes <wesley.george@twcable.com> wrote:
> 
> 
> On 6/13/14, 5:07 AM, "bruno.decraene@orange.com"
> <bruno.decraene@orange.com> wrote:
> 
>> If this is the choosen way, draft-ietf-sidr-origin-validation-signaling
>> should also say that:
>> - ASBR should remove such community from routes received over eBGP
>> sessions (possibly modulo confederation, 2 AS from the same
>> organization/trusted...)
>> - this community must not be used in the AS until all ASBR are upgraded
>> to support draft-ietf-sidr-origin-validation-signaling
> 
> Just wanted to note that as an operator of a network where my Autonomous
> System (i.e. The span of the network under common control) spans multiple
> Autonomous System NUMBERS, these carve-outs to handle confeds and multiple
> ASNs from same org are pretty important if I am to implement Origin
> Validation. Being able to validate at external ASBRs and keep that info
> across the internal ASN boundaries would make a deployment in networks
> like mine much simpler than if we have to revalidate at the internal ASBRs.
> 
> Thanks
> Wes George

v2.23.0 | Report a Bug | By Email