IETF Logo Mail Archive

Re: [Idr] Choice of Large vs. Extended Community for Route Leaks Solution

Brian Dickson <brian.peter.dickson@gmail.com> Wed, 31 March 2021 22:10 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C9B73A391B; Wed, 31 Mar 2021 15:10:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wqwLsS1ZZg6S; Wed, 31 Mar 2021 15:10:22 -0700 (PDT)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DF743A3919; Wed, 31 Mar 2021 15:10:22 -0700 (PDT)
Received: by mail-ua1-x92a.google.com with SMTP id g5so6616736uan.8; Wed, 31 Mar 2021 15:10:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TpyQtr6pRIOV6nnSYWWs9SQQE+ahpiwKcH6YvYK+AVM=; b=L6aSO6Ff2ZlwcU27vg1nycokIAr1waF8C/+VP3/KdG87ZyRNVDaD+QdsfDMBN3pEk+ eAf81lw6kLHTIKBOPa7+eA6qN2vlTzHh9v6iptnB61NOfsH+RVFbHwatk5HJvQm1E54l cdIjW+hDhm44oiLWJ/PhVMwNrlUTqlaRh35WEEmd2KT9B/YPN9KceA2/3SIQjotdvZCm qzjWaLu+EqwPKrGnpFPc+QrlVEGtZjM+tiSpqP1w+rN8odoff4LtIY6dJuaMqgGbnsCL Ubg0JGf93LcizGqS2b3FyKxhW8A7+OJFzAP5ZdLtJsxMpfS6Dfsk9t0fTJn8gG1k6GvP VeKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TpyQtr6pRIOV6nnSYWWs9SQQE+ahpiwKcH6YvYK+AVM=; b=Nbxo645R1iFYEUOMiwDno8oeCfbWet/7P5iOOc04ksvw9lGxi3ZhdxrMSWdyKJO+FA KHsd+XGbBi6Zo5jUMyvTSUCPEy6fAz/VmMhgkoG73nu94gw/cUI7/0LtZD0Fo3bcA9ut mt9iFk7au0A8atU3VVO1GY9FSJ0oYzkyDbj9savXL/KDsWrZRUE7OyTXJbauUWYjfXGn gsJcLpgmGJkF34y2m2Oh/P3FSrGJfGp3dqeq48zE6dEXvk/8zKm5pGvuPfXzqN0iLxj3 FOEskHlL3843arCEOzorYYVr/hkj0SqKf6noM7T995y0PbwnjhFdppQlAoFycUoxuzA2 tuGg==
X-Gm-Message-State: AOAM531hNX4aGZPETSP/PKYqHgJ37yESqYXk06r9SpYXUsLfmBT8Z1H5 SDtSVtHT0LSKuCJqZlaz/KIQtfsuq5K4e7CZ9wbICETX
X-Google-Smtp-Source: ABdhPJzdR9yUgSa2NHvVJ8tbdS8DWQ+u3/fu9HUa7JujoIg+jWzYUhMmiyMF9+i7qTG/F1uFfUF8hY95vrqHnDV8Pdk=
X-Received: by 2002:ab0:3149:: with SMTP id e9mr3033827uam.48.1617228619620; Wed, 31 Mar 2021 15:10:19 -0700 (PDT)
MIME-Version: 1.0
References: <SA1PR09MB814269138AEE1567CEED703B847C9@SA1PR09MB8142.namprd09.prod.outlook.com>
In-Reply-To: <SA1PR09MB814269138AEE1567CEED703B847C9@SA1PR09MB8142.namprd09.prod.outlook.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Wed, 31 Mar 2021 15:10:08 -0700
Message-ID: <CAH1iCip6WaQFaBM2DAjf++vW3WTm_NHmXvLTgOhpTdpRdFKigg@mail.gmail.com>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
Cc: Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>, "draft-heitz-idr-wklc@ietf.org" <draft-heitz-idr-wklc@ietf.org>, "grow@ietf.org" <grow@ietf.org>, "a.e.azimov@gmail.com" <a.e.azimov@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000064a70b05bedc6177"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/TdUCVLoWYcMNNSuilCa7t-nMdSc>
Subject: Re: [Idr] Choice of Large vs. Extended Community for Route Leaks Solution
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 22:10:27 -0000

On Wed, Mar 31, 2021 at 7:57 AM Sriram, Kotikalapudi (Fed) <
kotikalapudi.sriram@nist.gov> wrote:

> Hi Sue,
>
> Thanks for the detailed thoughts you have shared on the IDR list about the
> WKLC draft and route leaks solution draft (while also responding to Brian’s
> post).
>
> At one point in the past, the route leaks solution needed 8 bytes of user
> data space to accommodate two ASNs but then there was a design change (more
> than a year ago) and the current draft [1] requires only 4 bytes of user
> data space (one ASN). So, it seems possible to use a Transitive Extended
> Community instead of WKLC.
>
> We (authors of the WKLC draft) can continue working on creating an IANA
> WKLC registry for the future but I think the route leaks solution draft can
> switch to using Transitive Extended Community. Especially, if that could
> help expedite the route leaks draft and its deployment? I would like to
> seek advice regarding that (I'm cc'ing GROW also here).


Sorry to argue in public, but I disagree very strongly on the second part
here.

We would like to continue proceeding with use of a LC range for
implementation, using a single (or small number) of Global Administrator
values.

I think we should request that a small block of GAs surrounding the initial
assignments be tentatively marked something like Reserved for IANA
assignment.
That is different from actually establishing a registry or assigning them
specifically for WKLCs, but would be compatible with subsequent WKLC work.

The move to using LC values was precipitated by the observation that the
path for getting attributes deployed would be very long, and that operators
(actual network operators) are looking for a solution which can be deployed
*now*.

Nothing has changed in this regard; the WKLC draft is IMHO still the right
path, and only the size of the initial allocation is problematic.

Having 1-4 GA values (from the 32-bit range of potential values) is not
burdensome IMNSHO, and is a lot less of a concern than the 1/64 (or 1/16)
of the range of 32-bit ASNs originally requested/suggested.

If we can all agree that 1-4 GA values assigned for this is acceptable, I
suggest a revised version of the draft and assessment of consensus on the
revised draft for adoption and last call.

LC is the ONLY viable path, given the nebulous state of implementation and
use for EC/WC or attributes. LC is already deployed, and assigning a few
GAs by IDR is the only roadblock to the draft in GROW getting approved.

Brian


>
>
> One question is… even after IANA allocation of a Transitive Extended
> Community for route leaks, there may still be additional effort needed to
> get the operators to truly treat the EC as *transitive* so that it
> propagates at least a few hops. How do we accomplish that? Write a BCP in
> GROW strongly recommending operators to implement default policy to ensure
> transitivity? We would like to hear people's thoughts about that?
>
> Thank you.
>
> Sriram
>
> [1] Route leaks solution draft (in GROW):
> https://datatracker.ietf.org/doc/html/draft-ietf-grow-route-leak-detection-mitigation-04
>
>
> ---------------------------------------------------------------------------------------
>
> Susan Hares <shares@ndzh.com> Fri, 26 March 2021 21:28 UTCShow header
> Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to 3/23) - no
> consensus for adoption
>
> Brian and co-authors:
>
> As I typed my response to Brian’s questions, I found it was turning into a
> copy of my chair’s response to the WG adoption call.   Therefore, I have
> just included my review as the shepherd to Brian’s request.
>
> Cheers, Sue
>
> <WG chair hat on>
>
> Summary:
>
> There is no consensus on adoption this draft in its current form.   The
> IDR co-chairs remain committed to the route-leak mitigation work and large
> communities.
>
> <WG chair hat on>
>
> Would 255 ASNs instead of  original request:
>
> Even requesting 255 ASNs needs substantial justification.  For the route
> leaks, we  anticipated 2-8 would be sufficient.  As you recall when we
> started this approach,  I talked with Alvaro (our AD) and IANA to determine
> if IDR could request these special ASNs.
>
> However, asking for 255 ASNs you would need:
>
> a) a draft indicating the request for the ASNs,
>
> b) support of the draft from grow (WG adoption, WG LC)
>
> c) support of the draft from IDR (WG adoption, WG LC)
>
> 255 ASNs should be vetted IDR, grow, and operator community.  If you go
> this way, I would suggest the Grow chairs also ask the *NOGs (NANOG, RIPE,
> JANOG..) if allocating 255 ASNs is ok.
>
> Route leaks:
>
> As you indicated, the route-leaks needs a small amount of ASNs.  As you
> recall from our discussion the IDR chairs at the time (John Scudder and
> myself) felt would could use the drafts in IDR and Grow to push for 2-4
> special purpose ASNs.   My current co-chairs agree to support this initial
> allocation.
>
> Large community changes:
>
> I quietly listened to the WG adoption call on this draft because it
> mattered what the ISPs and implementers said.  The Large communities
> (RFC8092) had overwhelming support from the operation community for 12
> octet value with simple encoding.
>
> The RFC8092 encoding does not have support for transitive nature because
> the operator community wished to have a simple encoding.  After placing the
> WG LC during IETF and immediately after I did not hear an outcry from the
> operations community to change the simple nature of Large communities.
>
> Well know community registry:
>
> The original large community (RFC8092) creation did not take the time to
> create a “well-known community” registry.  My reading of the community
> effort that time was a “well-known community” registry was acceptable to
> the community, but not at the cost of slowing down deployment of large
> communities.  The hard work of getting consensus on the size and range for
> large communities needs to happen prior to asking IANA to create the
> registry.
>
> Possible next steps:
>
> 1. Break the -4 ASNs away from the draft and append the request to
> existing grow drafts.   Section 6 of
> (draft-grow-route-leak-detection-mitigation-04.txt) could request specific
> ASNs.
>
> 2.  Working with IDR/Grow to create a well-known Large Community registry
> discussing whether well-known community are just values registered or a
> range.
>
> 3.  Work to get 255 ASNs approved through IDR/GROW
>
> 4.  Use a BGP attribute to solve the transitivity.
>
> The authors can contact the idr co-chairs as a group or grab one of the
> IDR co-chairs for a chat.   The IDR co-chairs meet weekly.   Let us know
> what we can do to help you.
>
>  <WG co-chair hat off>
>
> <WG participant hat on>
>
> In my personal opinion, GROW is a good place to discuss the large
> community registry as operations people know the requirements for the size
> of registry.
>
> Cheers, Sue
>

v2.23.0 | Report a Bug | By Email