Re: [Idr] New BGP capability to advertise running daemon version

ERCIN TORUN <ercin.torun@turkcell.com.tr> Fri, 02 August 2019 06:40 UTC

Return-Path: <ercin.torun@turkcell.com.tr>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01AF712008A for <idr@ietfa.amsl.com>; Thu, 1 Aug 2019 23:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NO_DNS_FOR_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fVzH799sHiZ0 for <idr@ietfa.amsl.com>; Thu, 1 Aug 2019 23:40:02 -0700 (PDT)
Received: from smtp1.turkcell.com.tr (smtp1.turkcell.com.tr [212.252.168.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD80312002E for <idr@ietf.org>; Thu, 1 Aug 2019 23:39:40 -0700 (PDT)
Received: from smtp1.turkcell.com.tr (unknown [10.218.130.46]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by Forcepoint Email with ESMTPS id 5E935F12938F8E62C59D; Fri, 2 Aug 2019 09:39:28 +0300 (+03)
Received: from GXMB3.turkcell.entp.tgc (10.218.130.32) by GXED3.turkcell.com.tr (10.218.130.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1713.5; Fri, 2 Aug 2019 09:40:26 +0300
Received: from GXEV1.turkcell.entp.tgc (10.218.130.48) by GXMB3.turkcell.entp.tgc (10.218.130.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1713.5; Fri, 2 Aug 2019 09:39:28 +0300
Received: from GXEV1.turkcell.entp.tgc ([fe80::7876:b4a4:f727:8a43]) by GXEV1.turkcell.entp.tgc ([fe80::7876:b4a4:f727:8a43%29]) with mapi id 15.01.1713.004; Fri, 2 Aug 2019 09:39:28 +0300
From: ERCIN TORUN <ercin.torun@turkcell.com.tr>
To: Donatas Abraitis <donatas.abraitis@gmail.com>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] New BGP capability to advertise running daemon version
Thread-Index: AQHVSPjxZ/A7/H7yQkaRZeYDyEbO9KbnYhJA
Date: Fri, 2 Aug 2019 06:39:28 +0000
Message-ID: <015d56c13d01436890da2b8a7179fac9@turkcell.com.tr>
References: <CAPF+HwV3EEUza3FyiXsd_oSkj80OwY-tE2DgFWnynq1FL2tLHg@mail.gmail.com>
In-Reply-To: <CAPF+HwV3EEUza3FyiXsd_oSkj80OwY-tE2DgFWnynq1FL2tLHg@mail.gmail.com>
Accept-Language: tr-TR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.218.130.4]
Content-Type: text/plain; charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/TbFmmhLOd0LQDupAzciW7eoLRjM>
Subject: Re: [Idr] New BGP capability to advertise running daemon version
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 06:40:30 -0000

Hello Donatas,

I do think that your suggestion is handy, but from security perspective it is risky if you are enabling such a feature in a non-trust environment. An implementation warning should be added for vendors/code developers not to enable this capability by default. Enabling such a functionality by default might result in your neighbors knowing your BGP implementation & its version, which might contain security risks.

In security section you refer to RFC3552. In section 6.1.1.4 (https://tools.ietf.org/html/rfc3552#section-6.1.1) of mentioned RFC same suggestion exists but only for SMTP.

Regards
Erçin TORUN

-----Original Message-----
From: Idr <idr-bounces@ietf.org> On Behalf Of Donatas Abraitis
Sent: Friday, August 2, 2019 9:08 AM
To: idr@ietf.org
Subject: [Idr] New BGP capability to advertise running daemon version

Hi there!

I would like to propose a new idea of how to simplify the debugging process when dealing with lots of different BGP speakers and even more with different versions.

Basically, the implementation is very trivial, but it would be handy in cases when you should debug why some functionality does not work between two or more BGP speakers. Having this in place would speedup troubleshooting time. Even better if that comes to automation to gather information around all infrastructure you have.

The implementation and details are posted in this draft:
https://www.ietf.org/id/draft-abraitis-bgp-version-capability-00.txt

Waiting for comments.

Thank you!

--
Donatas

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr


[http://www.turkcell.com.tr/downloads/bireysel/img/Tcelldis.gif] <http://turkcell.li/iyaani>

Bu elektronik posta ve onunla iletilen butun dosyalar sadece gondericisi tarafindan almasi amaclanan yetkili gercek ya da tuzel kisinin kullanimi icindir. Eger soz konusu yetkili alici degilseniz bu elektronik postanin icerigini aciklamaniz, kopyalamaniz, yonlendirmeniz ve kullanmaniz kesinlikle yasaktir ve bu elektronik postayi derhal silmeniz gerekmektedir.

TURKCELL bu mesajin icerdigi bilgilerin doğruluğu veya eksiksiz oldugu konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne sekilde olursa olsun iceriginden, iletilmesinden, alinmasindan ve saklanmasindan sorumlu degildir. Bu mesajdaki gorusler yalnizca gonderen kisiye aittir ve TURKCELLin goruslerini yansitmayabilir

Bu e-posta bilinen butun bilgisayar viruslerine karsi taranmistir.

________________________________

This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted.

TURKCELL makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TURKCELL.

This e-mail has been scanned for all known computer viruses.