Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

Job Snijders <job@instituut.net> Fri, 21 April 2017 09:58 UTC

Return-Path: <job@instituut.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84A05129B18 for <idr@ietfa.amsl.com>; Fri, 21 Apr 2017 02:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=instituut-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id brgbCMK8A1r0 for <idr@ietfa.amsl.com>; Fri, 21 Apr 2017 02:58:42 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C867129480 for <idr@ietf.org>; Fri, 21 Apr 2017 02:58:42 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id m123so12924113wma.0 for <idr@ietf.org>; Fri, 21 Apr 2017 02:58:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=instituut-net.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=xbd7rpvvrNOeR3Efs64DD9aZtJoUNFbkz/odJeJAvAA=; b=EItVHeTYNvkkDW1aQuWodm5r5aUqtYhKlK6ceijgtsoCvlVo6PL0s2fREjJPHX8IrU Ad2sdiWippMeAj7ksMSGpzBERjlfpCYgqqau+u6EV1C2s9TDYGchmGl3i9J2HHvxtp8m t8aEYam32dd0HTTcv/3TSdm/scTkXIQ70oh2SeffgnAQCsHij4CMr3bIU1O1o/mu0Z7I vChrG1Liegxzrhpt06NNrCBMcnNrk5swashwdsULdXkZ7Tnmy5+5ucy9HJN2CE6/zsL/ SKiIqAk9o+qQIMIFVosKzxWxVg3hYMZpfGk8b4dtZTCBJZEauIf8ssAjq9BOaRwWjYI3 iVOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=xbd7rpvvrNOeR3Efs64DD9aZtJoUNFbkz/odJeJAvAA=; b=UMMp4B30XJiK/jOb+AWImjaxUbQm9cJhLa3XnOUqH5p8544FG8IzHikZtZEdZ0uQBI 9vjA8CEnLMn1AjpC36F5mZmWId+hla6vBlLEwlEms3s5txC3OC+Q6ZY8MO3De2cAq8MZ K8VRquqXnTCgN9jp7TyM6kVyXu6x7k9iZT1n6mF20KpBswn4xogfp0wh3TQDWFW28QzD uyiMJijLyor3qU34vohwRU76sDMCbiaFqMS7I0kYPJiA+KQz0kJSnwrR3ScDZAuQBV3H NIi/TqDmFDlJvJrV8P2L5K8Mi9exBgETlkUN6lbUhzCfQRMAMMAaGo7YniGaoYkZF55+ kZ0g==
X-Gm-Message-State: AN3rC/7gER1xUd5Z5mF+kXOZsN8T0p51Yjook981vMh2eaQSc+YljCRQ QEbNlc9NNw8uP8IasW2bmQ==
X-Received: by 10.80.165.107 with SMTP id z40mr50192edb.60.1492768721129; Fri, 21 Apr 2017 02:58:41 -0700 (PDT)
Received: from localhost ([2001:67c:208c:10:154d:67d1:53a6:3be]) by smtp.gmail.com with ESMTPSA id o19sm294946edo.16.2017.04.21.02.58.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Apr 2017 02:58:40 -0700 (PDT)
Date: Fri, 21 Apr 2017 11:58:39 +0200
From: Job Snijders <job@instituut.net>
To: bruno.decraene@orange.com
Cc: John Scudder <jgs@juniper.net>, "idr@ietf.org" <idr@ietf.org>, Hares Susan <shares@ndzh.com>
Message-ID: <20170421095839.sralcy7aos5mzzic@Vurt.local>
References: <68B29403-9AD9-4F06-9FE4-3F077E793D9F@puck.nether.net> <275cf744-1f64-bcbc-dabe-a47479921230@cisco.com> <20170420154142.lacvtplusepy3qcf@hanna.meerval.net> <b57162ec-f806-6e86-7713-58608f72c468@cisco.com> <32C0B4EE-6241-49F9-97F2-7107AC68678D@juniper.net> <e513849d-f895-0499-7bf4-5ecb24cadab7@cisco.com> <4CE4AF1E-0C80-423E-B19D-5750FCAFAD89@juniper.net> <23283_1492759950_58F9B58E_23283_375_1_53C29892C857584299CBF5D05346208A31CC352B@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20170421084638.l6pbvtznfsxnq2wy@Vurt.local> <23291_1492766305_58F9CE61_23291_9725_1_53C29892C857584299CBF5D05346208A31CC399E@OPEXCLILM21.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <23291_1492766305_58F9CE61_23291_9725_1_53C29892C857584299CBF5D05346208A31CC399E@OPEXCLILM21.corporate.adroot.infra.ftgroup>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170306 (1.8.0)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/TaWuXsPTrNlq_IJ6YZid1Vhd97I>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 09:58:47 -0000

On Fri, Apr 21, 2017 at 09:18:24AM +0000, bruno.decraene@orange.com wrote:
>  > 
>  > So, going forward, any IDR proposal that requires a change to any
>  > provision system is a no-go?
>  
> It's not about a no-go. It's about understanding and considering the
> tradeoffs.

Bruno, through this thread I have learned:

    - Release notes are not read, and it is unreasonable to expect
      people to read them.
    - Software will not be tested prior to deployment, not even to see
      whether it boots.
    - We cannot expected staggered software deployments, people will
      upgrade all their BGP speakers at the same time (again, without
      testing the software).
    - Any change to a provisioning system is an insurmountable
      imposition.

I'm sure you appreciate how these new insights will affect all future
IDR work. I assure you that if such weak rethoric continues to be
admitted as valid justifications for lethargy, this will affect IDR's
productivty the coming years.

If you want to play the game of 'tradeoffs have to be made', I have not
seen any appreciation in this thread for the cost on the Internet as a
whole resulting from insecure defaults. Robert Raszuk even went as far
to argue that we'd be doing the "little guys" (surely that was not meant
in a belligerent way) a favor by allowing insecure defaults to persist. 

I theorize that for instance this outage was the result of a 'fail open'
rather then 'fail closed' (as proposed in bgp-reject) implmentation
choice. See https://www.theregister.co.uk/2015/06/12/level_3_down_after_routing_through_malaysia_like_idiots/
or https://bgpmon.net/massive-route-leak-cause-internet-slowdown/

Outages like these affect everyone, whether they were a directly
involved party or indirectly involved. Did you notice this event in your
own network? Or perhaps you did notice it because payment terminals in
some countries stopped working?

The BGP Default-Free Zone is composed of roughly 55,000 autonomous
systems operated by as many organisations, who are densily
interconnected with each other through milions of EBGP sessions. When DC
equipment is connected to Internet, or when a CLI-style makes accidents
easy, or when a lack of education results in a common misconfiguration,
there should be checks and balances in place to dampen the negative
effects on the Internet as a whole. The Internet Engineering Task Force
(notice the 'Internet' in IETF) has a responsiblity to promote and
define safe and secure default behaviours.

Kind regards,

Job