Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

Robert Raszuk <robert@raszuk.net> Fri, 05 May 2017 09:34 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C035129490 for <idr@ietfa.amsl.com>; Fri, 5 May 2017 02:34:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jh-rQu_Eog17 for <idr@ietfa.amsl.com>; Fri, 5 May 2017 02:34:55 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17D69127058 for <idr@ietf.org>; Fri, 5 May 2017 02:34:55 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id x188so475553itb.0 for <idr@ietf.org>; Fri, 05 May 2017 02:34:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=E72W/kKIjXRIHRe+Cu/08ul15JvNWPjPxUaozr5QIjQ=; b=L+8AgENZ7yJrPbl9R2NuTJVZZMWLgqLztIDCvyzzL07L9EIE6iEXBm6qaIOqYKxHMU QJnQ9cg0A8SFMTjOIfCNakIA2tYiLqTiXbO79Q9VX/UlAnFVcqw1SXb5QUNLgXquAnpo AlPSGsptRdjI5SftzeCylrSlyhGjI9gYgLEJiYKxauwiAEJtzyCNwLleEbuH0hlLqsbn sGdvPq61dIPE57VGYDtnPGS44Aw5qQr2SbKLNFAJoeAyFWVLIvOOc9U8tdsHucFNGt7I MyI8Rjbv3gFlpfXrMNNpzWhdJl9alJ7L6dC0eYytTz6pDFwFBt25kvlZF99pyZ6tOv11 ZVFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=E72W/kKIjXRIHRe+Cu/08ul15JvNWPjPxUaozr5QIjQ=; b=BEB2Jybu/j3DNSoY/uz4ENZlACpwPnlSk89BiTfzuccg40ETkhvo7gQHcK37BmL68v snIHt9PcFZcmY72dIJsjueIM7eoPHZPa7eQf8TsmHsreX4RgII0ay++Xfr8vxJFjm+Xq 6TnOJQRG0y/e1dNEMB4W3PWUkX0IKwXiJZ2sNt09oN7Bq97xiOKjmU99no5xxiX+uBfX 542Q4qJlPJJZlmAzh0EIqNwOk9f4y3rTKTHbSXblIqvV9n2dvSl2jrWtKAGp7vbmC0/7 YZtrgp/L7O1NdEYtj3G1wASRW4chO+Y5xC3yI0CcqJzDKrYmPj2gvy5rlflEN2SrAiZz lvjg==
X-Gm-Message-State: AN3rC/50tmYddp+a89Kb+ZQnJc6ACEqKZdzGZgbxxEJYQO8I/y5CpmL3 GiOIHBzXZkeUqAwH7QqKvPKO6xslIQ==
X-Received: by 10.36.245.201 with SMTP id k192mr7808771ith.104.1493976894113; Fri, 05 May 2017 02:34:54 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.79.62.24 with HTTP; Fri, 5 May 2017 02:34:51 -0700 (PDT)
Received: by 10.79.62.24 with HTTP; Fri, 5 May 2017 02:34:51 -0700 (PDT)
In-Reply-To: <CA+b+ERkxwXS9u7Kt4uEA4=P6JA9M+8Ha96ny2+kOGFeDe+NYAA@mail.gmail.com>
References: <D4E812E8-AA7B-4EA2-A0AC-034AA8922306@juniper.net> <81424CC3-C4B0-487E-BF56-0113CA637239@juniper.net> <CA+b+ER=VYF3tZUgph8oxwNaw6ByENmctxOazjR7FGT-DdhgVwQ@mail.gmail.com> <CA+b+ERkt-B65dPrWRULBE1iOqHQpujjoEwqGxZjOWcR9OVbqPA@mail.gmail.com> <CA+b+ERmkEy2rJYLAGyaVVCBOxukjx8u2AJM9t8JkU1GThG0tNg@mail.gmail.com> <CA+b+ERmTVWRBt5RYhDXF9FRcL+zh0rMJbdDoodOueuiTqdO3pw@mail.gmail.com> <CA+b+ERkFXEGf9YXbFksvYvgcz8hEYsTZJP38GFFoWr8DSihDKA@mail.gmail.com> <CA+b+ERmMTq4gEu7s8_sBX-WQat8Fn2MUJUyXAbvdr0K=+WdPew@mail.gmail.com> <CA+b+ER=_WCeU_HPpBm5XFjEd1autFCnzVqV33pvXrOOjtuG=Nw@mail.gmail.com> <CA+b+ERmKT5PTJb7bdCG-vGjebAmvKYjWtyqRKPQiLP37RjFSmA@mail.gmail.com> <CA+b+ERmCruh1pr_22kF8OsLn0oW8reJfoe1nKjBd6kjAC1Y_vA@mail.gmail.com> <CA+b+ERm6UFgTrfkPA_wrbt9trUejyby56vvFedrmn5FP4Sg28w@mail.gmail.com> <CA+b+ERkmZZuU7W-n2CPtu0xfPGO=E3K9Gy9o8aOZqj5uf5duCg@mail.gmail.com> <CA+b+ERnRqisRs3sdtxTm9R7H_HpLw82qd+7kAqaTZbRFi1ZGww@mail.gmail.com> <CA+b+ERkxwXS9u7Kt4uEA4=P6JA9M+8Ha96ny2+kOGFeDe+NYAA@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 5 May 2017 05:34:51 -0400
X-Google-Sender-Auth: DhPZfl2b1LtFTT25Z7G5JGQAxxY
Message-ID: <CA+b+ERk6U1VZTdoNtve8b-HqxNBPkymF0i-++ixw5bN+yXAWcA@mail.gmail.com>
To: "John G. Scudder" <jgs@juniper.net>
Cc: idr wg <idr@ietf.org>
Content-Type: multipart/alternative; boundary=94eb2c041c70138ba8054ec39a6e
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/SaXOt_Pt5AIRn5LgZNYA72KSuj0>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 May 2017 09:34:58 -0000

Hi John,

If someone make a point of the discussion and stops arguing about it ib
next 100 emails does not mean that the rough consensus was reached on his
or her comment.

Honestly to me I do not see that rough consensus to adopt this change as
standard track document has been reached on IDRWG mailing list.

Moreover document does not define what policy is. Is accepting ORF a policy
or not ? No clarity will lead to very inconsistent implementations.

Cheers,
R.

PS I uderstand that forcing inbound policy is to push folks to apply BCP38.
But this at best is applicable only at the ISP inbound side ....

On May 5, 2017 12:41 AM, "John G. Scudder" <jgs@juniper.net>; wrote:

Hi All,

Below is my summary of this mail thread, FYI.

As I understand it the next steps will be for the GROW AD (Warren) in
consultation with the GROW chairs (Pete and Chris) to decide.

Thanks to all for your participation.

--John

The thread "[Idr] IETF LC for IDR-ish document
<draft-ietf-grow-bgp-reject-05.txt>
(Default EBGP Route Propagation Behavior Without Policies) to Proposed
Standard" started on April 19 and by May 1 had accumulated well over a
hundred messages from 27 or so contributors.

The thread defies a simple declaration of "there was consensus". However,
and somewhat to my surprise, after reading back through the history and
trying to give special attention to issues opened but subsequently
rebutted, I think we do have consensus supporting advancement.

There was quite a bit of discussion about the intended status of the
document -- Standards Track vs. Informational vs. BCP, Updates 4271 or not.
In the end, I think the best we can really say is that there was no
consensus to choose something other than what the doc currently says. I've
counted those who had document status objections under "con".

If it were up to me to call consensus (which it is not) I would say there
is rough consensus to advance the document on the Standards Track, updating
4271. I might consider offering a few extra days of LC for editorial
comments *only*, with discussion of the document status and general outline
and features of the solution being placed explicitly out of scope. This is
because there were, interspersed among the many other comments, a few
editorial ones, and I just don't have the energy to figure out if they were
all taken in (although I think the authors have been fairly diligent about
this). It's also because the most recent versions of the document have some
fairly significant changes compared to -05.

Several issues were raised and discussed as part of the thread, including
(but not limited to, I'm under no illusions that I've captured or even
fairly represented every single point):

1. A number of people, largely from router vendors, expressed concern that
changing defaults is difficult. These ranged from saying it was impossible,
to merely difficult and not worth it. In response to this, others
(including but not limited to other vendor folk) provided examples for how
a default could be changed without invoking a flag day. Greg Hankins, in
particular, provided a detailed explanation of his company's process. The
proponents of "it's hard to change defaults" didn't follow up to the
various rebuttals, so on the balance I would have to say they're "in the
rough". It's a bit dicey to make this call since failure to follow up can
also reflect simple fatigue, but in this case the conversation doesn't just
tail off, it ends with concrete arguments on the "this can be done" side.

2. Related, there is the position that "yes of course anything can be done
in software but the cost/benefit ratio isn't right". This is clearly a
matter of personal taste so can't be dismissed (or supported) solely on the
basis of logic.

3. Should the behavior be per-AFI/SAFI instead of global? Perhaps to apply
only to Internet routing and not other applications?
Pro: the motivation section of the document calls out the Internet use case
Con: there's no clear, unambiguous way to actually specify this (AFI/SAFI
1/1 can be used in a VPN context, e.g.). different defaults for different
AFI/SAFI is confusing for the user and the extra complexity not required.

4. How about "default no-propagate" rather than "default no-advertise"?
Pro: Keeps CE configurations more compact, less surprising behavior.
Con: Behavior is actually more surprising (since harder to explain, less
consistent). Doesn't cover all plausible use cases.

5. These defaults will hurt some deployments that want to rely on the old
defaults. Examples, data centers, CEs.
Pro: as stated.
Con: it seems unlikely anyone is actually relying on default behavior in
their data center, since defaults vary between vendors, can any examples be
brought forward? None offered, instead a couple DC operators stated support
for the draft as written. For CEs, discussion around upgrade strategies
without breaking existing deployments, see #1.

6. This should not update 4271, not be Standards Track, it should be a BCP,
should be Informational, etc.
Pro: It's not protocol, but just defaults, doesn't affect state machine,
wire encoding.
Con: Plenty of Standards Track documents specify defaults when considered
important to operation of protocol, and even more ephemeral things such as
textual encodings.
Pro: It should be a BCP and/or shouldn't update 4271 because it's bad to
make existing implementations nonconformant.
Con: Formally, it doesn't work that way. Also, the point is to ask
implementations to change.

7. There are various other proposals to mitigate route leaks and provide
BGP security features.
Pro: implied, "we've already got one"
Con: some of these are still in flight, not even WG docs. None address
exactly the same issues. Some don't even overlap.

8. Why not just do perfect filtering at the service provider border? It's
an education problem!
Pro: perfect filtering prevents harm from route leaks.
Con: decades of experience indicate strategies that require perfection are
not successful.

Taking a rough head count, here's here I understand people's positions to
have ended up:

Commented, no discernible position on advancing the doc -- 2

chris morrow
alvaro retana

Pro -- 16

john scudder
randy bush
brian dickson
joe provo
warren kumari
jared mauch
job snijders
gert doering
mik abrahamson
jeff haas -- support, though would prefer BCP
greg hankins
nick hilliard
jay borkenhagen
ian dickinson
martijn schmidt
keyur patel

Con -- On procedural grounds (should be a BCP, or should be Informational)
-- 3

eric rosen -- would be OK as Informational, opposes other statuses
tony przygienda -- it should be a BCP
enke chen -- fine if it's a BCP. changing defaults is infeasible ("in the
rough")

Con -- In the rough -- 2

acee lindem -- contrary to auto-discovery (rebutted, in the rough), should
have a 'backwards compatibility' section
jeff tantsura -- changing defaults "can not be changed". -- in the rough

Con -- Other objections, in most cases not explicitly stated as opposing
advancement but that's my reading of their mood -- 4

robert raszuk -- not explicitly, but has raised numerous "but what
about...", all or most replied to
alex azimov -- 'it'll just result in empty policy' and 'route leaks are
rare anyway', both later rebutted and not replied (so, "in the rough")
tom petch -- not explicitly, but generally skeptical tone to comments.
specifically requested an analysis of what harms the proposal might cause.
(not done or replied to AFAIK)
bruno decraene -- would rather improve route-leak draft, numerous other
points and suggestions, mostly replied to, too much to summarize
_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr