IETF Logo Mail Archive

Re: [Idr] AD Review of draft-ietf-idr-ix-bgp-route-server-09

Nick Hilliard <nick@foobar.org> Sun, 07 February 2016 00:03 UTC

Return-Path: <nick@foobar.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C88B61A87A7; Sat, 6 Feb 2016 16:03:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KH2iUUXb8HWH; Sat, 6 Feb 2016 16:03:52 -0800 (PST)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 306EF1A8797; Sat, 6 Feb 2016 16:03:51 -0800 (PST)
X-Envelope-To: idr@ietf.org
Received: from cupcake.local (admin.ibn.ie [46.182.8.8]) (authenticated bits=0) by mail.netability.ie (8.15.2/8.14.9) with ESMTPSA id u1703iBI020930 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 7 Feb 2016 00:03:45 GMT (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host admin.ibn.ie [46.182.8.8] claimed to be cupcake.local
Message-ID: <56B689DD.1090808@foobar.org>
Date: Sun, 07 Feb 2016 00:03:41 +0000
From: Nick Hilliard <nick@foobar.org>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
References: <D2DBC736.10DD13%aretana@cisco.com>
In-Reply-To: <D2DBC736.10DD13%aretana@cisco.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/TZ0dg5zEes8-xVMo2u_T7ci2E-o>
Cc: "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>, "draft-ietf-idr-ix-bgp-route-server@ietf.org" <draft-ietf-idr-ix-bgp-route-server@ietf.org>
Subject: Re: [Idr] AD Review of draft-ietf-idr-ix-bgp-route-server-09
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2016 00:03:54 -0000

Hi Alvaro,

Yeah, sorry about this.  High work load and we weren't expecting a bunch
of major comments at this stage.  We'll get it sorted shortly.

Nick

Alvaro Retana (aretana) wrote:
> On 12/11/15, 3:15 PM, "Idr on behalf of Alvaro Retana (aretana)" <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org> on behalf of aretana@cisco.com<mailto:aretana@cisco.com>> wrote:
> 
> Hi!
> 
> It's been almost two months since I sent this review, but have received no answer. :-(
> 
> Alvaro.
> 
> Hi!
> 
> I just finished reading this document.  Please find my comments below.
> 
> As you can see, the comments I labeled as Major are mostly related to security considerations, where I think there's more to add, and clarity with respect to the behavior in RFC4271.  I don't think that any of the comment will be hard to address.
> 
> I will wait for your comments/discussion and/or an update before starting the IETF Last Call.
> 
> Thanks!
> 
> Alvaro.
> 
> 
> Major:
> 
>   1.  Should this document be marked as updating rfc4271?  There are several places in Section 2 where the behavior is different than what is specified in rfc4271.  Given that the route server functionality is an optional enhancement, I don't think this document should be marked as updating rfc4271 (I.e. It changes the behavior only for the functionality specified here).  I'm assuming the authors/WG agree since there is no indication of an update.  Please include a clear statement (maybe in the Introduction) to the fact that the mechanism is optional.
>   2.  Section 2.1. (Client UPDATE Messages). "The route server SHOULD forward UPDATE messages where appropriate…to its clients."  When is it appropriate?  I'm guessing that you mean something like "where local policy permits"..  Please be clear.
>   3.  Section 2.2.2. (AS_PATH Attribute)  Not prepending the route server's AS_PATH brings up a couple of issues/questions:
>      *   RFC4271 talks about prepending the local ASN (when advertising to an EBGP peer), and it doesn't mention any exceptions.  This document includes an exception.  Clearly indicate the modifications to Section 5.1.2. (AS_PATH) of RFC4271.
>      *   Section 6.3. (UPDATE Message Error Handling) of rfc4271 says that when an "…UPDATE message is received from an external peer, the local system MAY check whether the leftmost…AS in the AS_PATH attribute is equal to the autonomous system number of the peer that sent the message", and MUST send a NOTIFICATION if it doesn't.
>         *   Please be explicit about the required behavior for both the route server, and the clients.
>         *   Even though this check is optional in RFC4271, mandating that is not be done could be interpreted as a security issue.  Please include some text around it (and mitigation) in the Security Considerations section.
>      *   Independent of the check, not including an ASN in the AS_PATH could (in the general case) result in loops; which I also interpret as a potential security issue.  Please include some text about this too — a mitigation option is clearly to not check the first ASN only when known route servers are peers.
>   4.  Section 2.2.4. (Communities Attributes) says that Communities "SHOULD NOT be modified, processed or removed.  However, if such an attribute is intended for processing by the route server itself, it MAY be modified or removed."  How does the route server know if the sender intended for a community to be processed by it, or not?  Please add details.
>   5.  Section 3. (Security Considerations)
>      *   Besides the points above, because clients rely on the route server to implement outbound route filtering for them, there can be a privacy issue/route leak scenario where the route server can send routes to clients that it shouldn't have.  Not much can be done to mitigate this because it will mostly be due to a bad implementation or simply a "bad operator".
>      *   You should point at relevant sections of RFC7454.
>   6.
> 
> Minor:
> 
>   1.  Please be consistent:
>      *   s/exterior BGP/external BGP..or even just EBGP (yes, a nit..but that's how rfc4271 calls EBGP)
>      *   s/best path selection process/Decision Process
>      *   s/IX/IXP
>   2.  Section 2.2.3. (MULTI_EXIT_DISC Attribute) specifically calls out the MED, but you already said in Section 2.2. (Attribute Transparency) that all optional attributes "SHOULD NOT be updated by the route server…and SHOULD be passed on to other route server clients."  Is there anything special about the MED that I'm missing?  If not, then you should be able to delete the section.
>   3.  In Section 2.3.1. (Path Hiding on a Route Server) policy implementation is described in terms of outbound route filtering.  The description of the example says that if "AS1's policy prevents AS2's path from being accepted, then AS1 would never receive a path to this prefix".  To be consistent with the outbound filtering description, you might want to change that text to something like "AS2's policy prevents AS1 from receiving the path, …"

v2.23.0 | Report a Bug | By Email