IETF Logo Mail Archive

[Idr] draft-heitz-idr-large-community

Robert Raszuk <robert@raszuk.net> Thu, 08 September 2016 09:03 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECA6212B0F4 for <idr@ietfa.amsl.com>; Thu, 8 Sep 2016 02:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id caTNMGIBvtar for <idr@ietfa.amsl.com>; Thu, 8 Sep 2016 02:03:04 -0700 (PDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214B512B074 for <idr@ietf.org>; Thu, 8 Sep 2016 02:03:04 -0700 (PDT)
Received: by mail-wm0-x22f.google.com with SMTP id w12so23151279wmf.0 for <idr@ietf.org>; Thu, 08 Sep 2016 02:03:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=uJXuxAK+MoMueNxHiIwGqJKRyJF+XKxeJWY7eLG6tdY=; b=MrrZRrHp4e2z36OkBXbGFqfuOvYCY5t94ooLfJggO3jxjf1tlOlb/wmzxkOLPLOxeP lcNpXlqs9UQxO0WmI49OpNToIGOB+iVTvveJRWYin9QAD2JDv6rMU1VnebkOT0C/xEW2 fy81NkrBULrmg1WEiS6X670b8kERgnwhp2v5GRWCqkKAkhURTrShujB0haD6I7nD5Kyx vbt8xSPN+nfUUKk6YeNdYJHXPrNHgB42KXR0th0S/o6ZV8O5qGa97jSZpOu8y3Plufjf PHwgfBoLw1bSs3aIPtt59VH8/MfMlmf9/kxpryyqsDuXvhFy4jL2npsk+4Op0PlMP10U AHag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=uJXuxAK+MoMueNxHiIwGqJKRyJF+XKxeJWY7eLG6tdY=; b=WkzCJnt93xP+TvKK7QVkb+7VBlgycS+2HlJK4bkGnk9W3w0KplPOdqkutoMTZxxyPQ iYkiG243sVCxCjaar9F/qrLfIBsaTNM37v+nrtovDCzUKAWKB5RMs1Z74GK4U6DSIKWw 7EwZYeDtTNkNeAu/qnuOnJCjlK/02dmcR/O9078bKbOyNHDpoi6FmaaGMdiica3UhgMv MjYbO3KZDMF4tAPsHEugjfRqGO0MKDiSqBUmtDCbLPLwJruH7TLp9IlnWSWn9cBYnIYE TDIt4F8jGO2k0x71Q7pjoPzELdWPxprA7zrjcvqoZfiRlqV76bZdjah1o7sfm9qb5c0U b75Q==
X-Gm-Message-State: AE9vXwNVKOiFfs5eA3LDoQyqH19R/ueY2St+WnpRLtm2UyRKcPc+qNjaUvxBoD41lCk1Q2+pC5kXAL0RghOjAg==
X-Received: by 10.194.97.129 with SMTP id ea1mr29877504wjb.107.1473325382590; Thu, 08 Sep 2016 02:03:02 -0700 (PDT)
MIME-Version: 1.0
Sender: rraszuk@gmail.com
Received: by 10.194.235.36 with HTTP; Thu, 8 Sep 2016 02:03:01 -0700 (PDT)
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 08 Sep 2016 11:03:01 +0200
X-Google-Sender-Auth: BdUlLHKd5jZS4El5eWwu1txGC_c
Message-ID: <CA+b+ERmLQ+HqH=P-6E+frF1SiHybCVrtQM3=HiwH4+7400NLRA@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Content-Type: multipart/alternative; boundary="047d7bfceaea116794053bfb4c32"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/UQYgURmOqBhSIwjz1kr_r9WvGpU>
Cc: idr wg <idr@ietf.org>
Subject: [Idr] draft-heitz-idr-large-community
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2016 09:03:07 -0000

/* Renaming this conversation as this is no longer about accepting it as WG
doc, but rather general discussion about this proposal. */


>
​
Q2. If your ISP offers the service to transit communities,

The point was that we have learned since RFC1997 published 10 years back
that there is no trust in the Internet any longer. But this is perhaps more
of an SIDR issue so let's talk about it when this draft becomes WG doc.

But how to assure integrity and correctness of originating AS intention via
untrusted transit ASes ...

The security aspect of wide communities have been discussed in the past. I
am interested in this as will be very glad to use the same solution as we
accept for large communities in the wide community document. Both are
transitive via multiple ASes hence the issue.


> Q3. The spec must not enforce any stripping.

I respectfully disagree.

Sending community containing in the first 4 octets of an AS outside of a
given AS over eBGP session to me is a clear and direct indication that such
community is meaningless any longer. If so why then to allow to send it ?

Local policy of send-all would not help. Would we need soon another draft
along the lines of draft-mauch-bgp-reject to deal with large community
default pollution ?

If you rename this entire text into 4:4:4 all being of mutual agreement
between parties then my point is gone ... but till that happen I am willing
to understand the rationale.

> ​
BTW, this all works the same way as it does with regular communities.

Is that supposed to be a feature or a bug ? ;-)

Cheers,
R.


On Thu, Sep 8, 2016 at 3:08 AM, Jakob Heitz (jheitz) <jheitz@cisco.com>
wrote:

> Q1. My implementation as it stands uses ios-regex to filter, so you can
> filter whatever you want. I have an optimization in mind that will make it
> easier to match on each field individually, but it's not done yet.
> Your example: delete largecommunity not in (ios-regex '^2914:')
>
> ​​
> Q2. If your ISP offers the service to transit communities, then that ISP
> will be able to transmit the large communities unchanged with my
> implementation.
>
> Q3. The spec must not enforce any stripping. It is up to a receiver to
> strip whatever it does not want to receive. In my implementation, large
> communities are dropped by default by EBGP senders. You must
> configure send-community-ebgp if you want it to send large communities. You
> can use the delete statement of Q1 in a neighbor outbound route-policy if
> you want to selectively remove large communities.
>
> ​​
> BTW, this all works the same way as it does with regular communities.
>
> Thanks,
> Jakob.
>

v2.23.0 | Report a Bug | By Email