Re: [Idr] BGP Auto-Discovery Protocol State Requirements
Jeffrey Haas <jhaas@pfrc.org> Fri, 19 March 2021 14:20 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 691373A1654 for <idr@ietfa.amsl.com>; Fri, 19 Mar 2021 07:20:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BBckToCsauK for <idr@ietfa.amsl.com>; Fri, 19 Mar 2021 07:20:40 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 56ADA3A1651 for <idr@ietf.org>; Fri, 19 Mar 2021 07:20:40 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 440E81E446; Fri, 19 Mar 2021 10:42:11 -0400 (EDT)
Date: Fri, 19 Mar 2021 10:42:11 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Robert Raszuk <robert@raszuk.net>
Cc: "idr@ietf. org" <idr@ietf.org>
Message-ID: <20210319144210.GN29692@pfrc.org>
References: <20210316210203.GC29692@pfrc.org> <20210318191936.GF29692@pfrc.org> <CAOj+MMH-=anssxmUCsMx53YSVsOPxVQ7WU_Kc0iPjNtemrJfwQ@mail.gmail.com> <20210319130532.GG29692@pfrc.org> <CAOj+MMEpTLNY5QZ2Je61KuATh=UJ+CoJtgBe1k-iig+piXDFPw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAOj+MMEpTLNY5QZ2Je61KuATh=UJ+CoJtgBe1k-iig+piXDFPw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/QJWlG4uDWX39CV5rzGBSQ6LMuR0>
Subject: Re: [Idr] BGP Auto-Discovery Protocol State Requirements
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 14:20:41 -0000
On Fri, Mar 19, 2021 at 03:00:03PM +0100, Robert Raszuk wrote: > > I think a point lacking in most of the proposals is how they're intending > > the feature to be used. That's setting a number of conflicting > > expectations > > in the heads of the authors. > > > > Examples: > > 1. Whatever you plug into this port will be fine, just connect me! > > 2. I'm willing to only connect to peers over ipv6 link local, or some > > specific family. > > 3. I'm only interested in peers that support specific AFI/SAFI > > 4. I'll only connect to peers that acceptable ASes in this range. > > 5. I only want one peering session with a given router. > > etc. > > > > Most if not all of that can be expressed in the auto peering policy > template. > If needed, operators can define rules managing auto peering and placing > some additional controls on it. See Section 2.5. > Also part of such a template maybe limiting one side to be passive only. Agreed. > > This is generally not a problem for existing BGP speakers because you > > don't > > configure what you don't want to use. But once you introduce > > auto-configuration, you end up with the same problem as hundreds of > > sessions > > that are misconfigured trying to get into your box every X seconds. > > > If you do not expose port 179 to those 100s of peers no one will ring your > door bell from that side. If you do then it is no different then today ... > anyone can send TCP OPEN on that port which you need to respond to in some > way. > > But again is that really a real risk if we scope it for DC use case ? See Section 5.2. Minimally, the Security ADs will require this stuff to be discussed. While we can think it foolish to do auto-discovery for "interface all", it'll probably happen. Knowing what occurs when it does will be one of their questions. Even for DC. -- Jeff
- [Idr] BGP Auto-Discovery Protocol State Requireme… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Tony Przygienda
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Acee Lindem (acee)
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Tony Przygienda
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Tony Przygienda
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Fomin, Sergey (Nokia - US/Mountain View)
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Robert Raszuk
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… heasley
- Re: [Idr] BGP Auto-Discovery Protocol State Requi… Jeffrey Haas