IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt

Brian Dickson <brian.peter.dickson@gmail.com> Sat, 08 October 2016 20:14 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6017129532 for <idr@ietfa.amsl.com>; Sat, 8 Oct 2016 13:14:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NatKmh-o_Tsp for <idr@ietfa.amsl.com>; Sat, 8 Oct 2016 13:14:16 -0700 (PDT)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43DAF126FDC for <idr@ietf.org>; Sat, 8 Oct 2016 13:14:16 -0700 (PDT)
Received: by mail-pa0-x231.google.com with SMTP id rz1so35464852pab.1 for <idr@ietf.org>; Sat, 08 Oct 2016 13:14:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gVA1B161Ag2mKex0fVyOErzP0BQZJJQFb3H+Dt2D5IY=; b=aYziLQF5+mPVy/lo1kCmYcmVYIF36BrGiOjT80mfiAl5f035+XYUTWAvxQbr9rmoFV cIbBDohg5umQqK/Uvz9HSpWnMxdxvYpw1PuP4xrtq1uWNK9GmFKDXTmMQX0FplRFY+ek bGIyyZH9o/biCD9cU8YnoN6VJiT5+YkVHPPbzf0WObspAeByzNN8peHI7ojxGuFod/Im Eu1I/WZ/zyG3lB9rXkWTsiB4osEZqvyPTGy7QlPompSeyddGSf661YnumpAQx0TqSfyc 8l9IbyWHGaSSH+iYmPr+eFZOGgZCvHz0kGQDoyhWga16NFEiXSzlUYtT+2pSilsExuGr vI3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gVA1B161Ag2mKex0fVyOErzP0BQZJJQFb3H+Dt2D5IY=; b=FQIFOdkAmWEir6c9aqnsjaA+EdqGNbshkTriHzBvmyB7CWuHm80JKGvmQCryaxZ05U rkQHn1LDkbcKTI91eMdsP/q3OE4O+WF/4ZPpP5cJ/+WCOl+NmjNU4A4xtfcvj7gHvz6E 03C14moinhroGvaps2nKSeR2UMZ+475x7zxjb0w1oKrdibNH9BwStUjdg7OjsE6SfScC i8s2GNONgW7DDC0kTmBMh3nELVDL6/JOmv/JaY98mbnkc1J5z68KpMgZie3JvFb05Rox OQQtuK7lWMAZwwM+P5gejLRngb5G7an0G5m59y/wQk6b5rmF18A/qTT5/42c7Ap9C1Rt xAgQ==
X-Gm-Message-State: AA6/9Rl0hyChlXhZuHnjmQqzQeOiqsYiqchB5qZzdBL/cYPoH2bhzTHjT8cX5/eOH1YhNA==
X-Received: by 10.66.230.199 with SMTP id ta7mr32789968pac.86.1475957655460; Sat, 08 Oct 2016 13:14:15 -0700 (PDT)
Received: from ?IPv6:2001:569:72b9:1f00:2845:91ab:4ad0:9234? (node-1w7jr9qj3jdopeoyqeg712r04.ipv6.telus.net. [2001:569:72b9:1f00:2845:91ab:4ad0:9234]) by smtp.gmail.com with ESMTPSA id sa1sm40236970pac.34.2016.10.08.13.14.13 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 08 Oct 2016 13:14:13 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Brian Dickson <brian.peter.dickson@gmail.com>
X-Mailer: iPhone Mail (14A456)
In-Reply-To: <57F92043.20301@foobar.org>
Date: Sat, 08 Oct 2016 13:14:12 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <A9BBA442-361F-444F-9AFC-33FAAF5F6061@gmail.com>
References: <147531113077.4216.12599976309263776317.idtracker@ietfa.amsl.com> <20161001085434.GW20697@Vurt.local> <005b01d21d58$aaf869e0$4001a8c0@gateway.2wire.net> <20161003095936.GC20697@Vurt.local> <04cf01d21d68$52c656a0$4001a8c0@gateway.2wire.net> <20161003115723.GD20697@Vurt.local> <57F27D3F.7090404@foobar.org> <00da01d22085$4f0f2ee0$4001a8c0@gateway.2wire.net> <57F78B7D.609@foobar.org> <333030E6-0422-4A34-B07B-90D5F8E9F116@gmail.com> <57F92043.20301@foobar.org>
To: Nick Hilliard <nick@foobar.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/S91Lz6kR73s37N__zCiyF4FUTD4>
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Oct 2016 20:14:18 -0000


Sent from my iPhone

> On Oct 8, 2016, at 9:35 AM, Nick Hilliard <nick@foobar.org> wrote:
> 
> Brian Dickson wrote:
>> Is there anything you envision in use of large communities that
>> cannot be supported by use of ASNs and private ASNs? I can't see
>> anything that would not fit into those two use cases.
> 
> There are plenty of situations where the semantics of what you're
> suggesting would be troublesome to define, for example, confederations,
> asn translation or asn migration, leading to cases where there would be
> multiple asns being legitimate on a single router.
> 

The operator setting the community would need to know the intended semantics. The other operator would need to establish what acceptable communities could be used and the corresponding semantics.

The operator doing anything complicated will already need to understand the ASN gymnastics; the corresponding communities follow those same gymnastics.

> And even if these cases could be cleared up easily, what happens when
> someone injects a prefix tagged with a community which isn't the same as
> their ASN?  

I said ASN. I didn't say THEIR ASN.

That is the apparent disconnect.

Nothing should enforce what ASN value is used.

> You're then stuck with the situation where you're defining
> one thing as a MUST in the semantic specification section of the rfc,
> while down in the Security Considerations section, it's going to need to
> be admitted that there's no guarantee whatsoever that the global
> administrator field in the large community was actually set by the ASN
> which announced the prefix.

Correct. That is the intended behavior.

The ASN value will rarely be the ASN setting the community. The cases where the sender uses its own ASN can already be handled with extended communities.

>  Worse still, once it's been changed, there
> is no practical way for a neighbor to detect this change, as s-bgp isn't
> a thing.
> 
> Realistically, vendors are going to implement ways of modifying the
> field in exactly the same way as rfc1997 communities can be set to
> anything at all at any policy specification point in a bgp-enabled network.

Yes, and this is the desired state of affairs. Complete parity with 1997.

Brian

v2.23.0 | Report a Bug | By Email