IETF Logo Mail Archive

Re: [Idr] draft-ietf-idr-bgp-extended-messages-12 WG LC (5/24 to 6/7)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 25 May 2016 20:21 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 836EF12DC03 for <idr@ietfa.amsl.com>; Wed, 25 May 2016 13:21:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cV9L5wlT9WQB for <idr@ietfa.amsl.com>; Wed, 25 May 2016 13:21:03 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0091.outbound.protection.outlook.com [23.103.200.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AA7212DCF0 for <idr@ietf.org>; Wed, 25 May 2016 13:21:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=I61/xPtPF/i7PLBqSj1CWgyx2kFMZglyJ9YkZGamIno=; b=RYFUOKJRqrZ5/gMzRNHjCjkLyLK4sQk+vCOvtoh/NAJVxyJcpQ86ZATyV7LZ6C+PigG0q90Ieb8NggLV88KNMYsxUEjQZgscfVhrEwWvWQxSDQNMNxun21qkshFwDsmsb/+gxUeT4B/98MspAVz0XaYxAmfRb/FlhsnndHBMLlY=
Received: from SN1PR09MB1134.namprd09.prod.outlook.com (10.166.68.152) by SN1PR09MB1133.namprd09.prod.outlook.com (10.166.68.151) with Microsoft SMTP Server (TLS) id 15.1.497.12; Wed, 25 May 2016 20:21:00 +0000
Received: from SN1PR09MB1134.namprd09.prod.outlook.com ([10.166.68.152]) by SN1PR09MB1134.namprd09.prod.outlook.com ([10.166.68.152]) with mapi id 15.01.0497.022; Wed, 25 May 2016 20:21:00 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Robert Raszuk <robert@raszuk.net>, Keyur Patel <keyupate@cisco.com>
Thread-Topic: [Idr] draft-ietf-idr-bgp-extended-messages-12 WG LC (5/24 to 6/7)
Thread-Index: AdG2uc9G2atAblYvQ1Cxo6CIqPvd8g==
Date: Wed, 25 May 2016 20:21:00 +0000
Message-ID: <SN1PR09MB1134E093A4939317439A5E5C84400@SN1PR09MB1134.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: raszuk.net; dkim=none (message not signed) header.d=none;raszuk.net; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.140.122]
x-ms-office365-filtering-correlation-id: 166277b1-6562-4b41-fbd7-08d384da168e
x-microsoft-exchange-diagnostics: 1; SN1PR09MB1133; 5:Cuu9jGJFKZvF/JxGw0sQeC+9KV+45ZSIAfptMl0JnKY7dZi0eQdmcaTZgLgHDmEMYWiNqBL3SSQ9LVSnjzzlodQoQ1gOM1RP7gh8yrdqCsCA1C4PK8kuSuD/cZq1yWFaD/3kNM6II3fAsSKQcMRJzA==; 24:z5PVyHxIlsi6E2/q4cqoLL7lyv9sFozbAcj58agNvYD+IsM7vJ2s6/5k7XZrDyPz8HLup3seWf6FKv7NGFUYisLz/MS2BGPKkf6G0c1xJNs=; 7:mKogzTD07Hhzw5jvA8VNEnDXi1OLFOp28O3eB0WSdve8peTQvJDyVm4SWB3RvkNsJwtXEABZ+FN4Q+jGpfOPpDzGs99eZk5Y1Spr0CLmcqGPHX0Edv4KF0rc0mRZLULXebUJvBrXR+WFIRUMZ8mjzvNLlVLb3jRh/Snd77BsqKCsI6J+gLhwdpQ+urd3T2Pm
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR09MB1133;
x-microsoft-antispam-prvs: <SN1PR09MB1133CE36F862A25BCB3449DB84400@SN1PR09MB1133.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:SN1PR09MB1133; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB1133;
x-forefront-prvs: 09538D3531
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(15650500001)(9686002)(3660700001)(2420400007)(10400500002)(4326007)(3280700002)(8676002)(5002640100001)(2900100001)(54356999)(10710500007)(74316001)(99286002)(2906002)(230783001)(50986999)(76576001)(81166006)(122556002)(33656002)(8936002)(87936001)(15975445007)(5008740100001)(1220700001)(19580395003)(77096005)(5003600100002)(5001770100001)(3846002)(189998001)(7110500001)(102836003)(586003)(6116002)(92566002)(11100500001)(66066001)(5004730100002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR09MB1133; H:SN1PR09MB1134.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2016 20:21:00.2453 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB1133
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/Rl3m3tOioMX2sLFwAlc5PfyZm84>
Cc: "idr@ietf.org" <idr@ietf.org>
Subject: Re: [Idr] draft-ietf-idr-bgp-extended-messages-12 WG LC (5/24 to 6/7)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2016 20:21:05 -0000

Robert,

>I listed 4 alternative solutions earlier in this thread already :). 
>Dropping NLRI no matter how rare it would be is not one of them.

I don't know what other BGP protocol enhancements would 
ever need to use extended message;
but so far we know that BGPsec "may" need to use it 
(though very rarely, if ever) -- see note below**.
And it seems clear that BGPsec would never need to drop the NLRI 
(including when the peer has not negotiated extended message capability).
This is because it is designed so that a BGPsec speaker can convert a BGPsec 
update with path signatures to an unsigned BGP message (for forwarding).
BGPsec speaker can/will certainly do this conversion under these 
two circumstances that matter for this discussion:
1. The BGPsec message (that is being forwarded) has a size larger than 4096,
and the peer has not negotiated extended message capability.
2.  The peer has negotiated BGP capability but not BGPsec capability.


**Note about BGPsec update size: A BGPsec message size 
can exceed 4096 octets if there are 40 or more unique ASes 
in the AS path (given that each AS's signature size is no more than 
72 octets with the ECDSA P-256 algorithm). 
The currently seen Maximum AS Path Length (eliminating prepends) is 15 
http://bgp.potaroo.net/as6447/ 

Sriram

v2.23.0 | Report a Bug | By Email