Re: [Idr] Adrian Farrel's Abstain on draft-ietf-idr-as-migration-03: (with COMMENT)

Jeffrey Haas <> Tue, 24 February 2015 18:56 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 445CF1A8858; Tue, 24 Feb 2015 10:56:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.122
X-Spam-Level: *
X-Spam-Status: No, score=1.122 tagged_above=-999 required=5 tests=[BAYES_50=0.8, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fPcP3ur4_ytO; Tue, 24 Feb 2015 10:56:43 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 3E6111A87B2; Tue, 24 Feb 2015 10:56:43 -0800 (PST)
Received: by (Postfix, from userid 1001) id EF0FCC212; Tue, 24 Feb 2015 13:56:42 -0500 (EST)
Date: Tue, 24 Feb 2015 13:56:42 -0500
From: Jeffrey Haas <>
To: Adrian Farrel <>
Message-ID: <20150224185642.GA25639@pfrc>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <>
Cc:,, The IESG <>,,
Subject: Re: [Idr] Adrian Farrel's Abstain on draft-ietf-idr-as-migration-03: (with COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Feb 2015 18:56:44 -0000


On Thu, Feb 19, 2015 at 06:25:42AM -0800, Adrian Farrel wrote:
> The documentseems to address four topics:
> - Requirements for and circumstances of AS migration
> - Behavior needed from a BGP system when migrating AS numbers
> - Mechanisms that a BGP implementation can use to provide the
>   behavior
> - Description of the mechanisms and configuration options contained in
>   specific implementations
> As Alvaro wrote:
> > o The Introduction is very tentative about the purpose: it wants to
> > document de facto standards for future implementations and so
> > that new features (BGPSec) take them into consideration..but it is
> > not expecting all implementation to follow exactly (at least not the
> > existing ones).  My question is: should this be Informational instead
> > of Standard?
> I would say that the first two bullets are classic descriptive 
> requirements text. They are good to publish as Informational.
> The third bullet is somewhat suspect. Maybe it is an advisory appendix,
> but the list of ways to provide the function is unbounded and there is
> no requirement for interoperability. I am not sure that publshing this
> information is a great benefit. Maybe it is not harmful although it 
> might tend to reduce innovation and give vendors and operators
> expectations about mechanisms that should be used within
> implementations.

Wes already covered a primary motivation for having this document in the
first place: SIDR needed something written down in order to not have their
bgpsec protocol design negatively impacted by operational reality.

The majority of AS migration mechanisms are ugly twists of protocol behavior
within the service provider that is utilizing them.  However, once an
appropriate administrative boundary is reached, the observed behavior is
largely transparent. Where such administrative boundaries lie will depend on
the migration mechanism in question.

Use of such mechanisms is not without its risk in terms of being what should
ideally appear to be a BGP black box outside of that boundary.  An example
of this is when the "replace-private all" mechanism is used, there will be
apparent loops in the path.  E.g.: "2 64512 3 64513" becomes "2 2 3 2".
Pedantically reading the RFC 4271 AS_PATH modification rules will lead one
to assume that such a loop could never happen and an excessively aggressive
implementation may choose to drop the path as tainted.

That obviously doesn't happen.  Healing partitioned ASes through a second
service provider is a known trick.  as-override for VPN purposes is a known
trick.  In my opinion, such tricks aren't even necessarily well covered in
the SIDR companion document since VPNs are out of scope at the moment.

While I certainly appreciate your point about the lack of normative
interoperability between several of the mechanisms, the fact that the
behavior may be transparent outside of a given domain boundary has made it
less important to operators to have the mechanisms standardized.

What I believe I see in the above comments from you are:
- Requirements may be fine.
- Descriptive behavior may be fine.
- Be more clearly normative about the behavior changes we are discussing for
  each mechanism.  

And that the above should probably consistute a document while the
implementation details may constitute a second document as an implementation

With regard to your "harmful" comment, I believe leaving these long-standing
mechanisms undocument is far more harmful.  Simply writing them down and
discussing the impacts of the various options will likely lead to wider

-- Jeff