IETF Logo Mail Archive

Re: [Idr] [sidr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

"John G. Scudder" <jgs@juniper.net> Fri, 06 November 2015 00:38 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EF451A854C; Thu, 5 Nov 2015 16:38:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7k0x4UhVQ-jQ; Thu, 5 Nov 2015 16:38:50 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0115.outbound.protection.outlook.com [207.46.100.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A2851A854B; Thu, 5 Nov 2015 16:38:49 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=jgs@juniper.net;
Received: from jfujimiya-sslvpn-nc.jnpr.net (122.216.203.186) by CO1PR05MB459.namprd05.prod.outlook.com (10.141.72.146) with Microsoft SMTP Server (TLS) id 15.1.312.18; Fri, 6 Nov 2015 00:38:43 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <CA+b+ERmAK1PGV19ssKGrGG7gSQWG=PjuBS9p6_3yWjhwybz8BA@mail.gmail.com>
Date: Fri, 06 Nov 2015 09:38:16 +0900
Content-Transfer-Encoding: quoted-printable
Message-ID: <A948FC9F-49FF-45D9-997A-9D0AF00E57AE@juniper.net>
References: <002a01cf84b8$b0f55230$12dff690$@ndzh.com> <11159_1402415346_539728F2_11159_3728_16_53C29892C857584299CBF5D05346208A07161787@PEXCVZYM11.corporate.adroot.infra.ftgroup> <8DE674B8-45B5-4102-B974-B9312106E2A8@parsons.com> <CA+b+ERmOpnss0BUfBoDwFEn9c5c-z+9NNFF-buuiaiLiR8vc1g@mail.gmail.com> <3364_1402559139_53995AA3_3364_2738_1_53C29892C857584299CBF5D05346208A07162318@PEXCVZYM11.corporate.adroot.infra.ftgroup> <CA+b+ERmAK1PGV19ssKGrGG7gSQWG=PjuBS9p6_3yWjhwybz8BA@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
X-Mailer: Apple Mail (2.2104)
X-Originating-IP: [122.216.203.186]
X-ClientProxiedBy: SIXPR01CA0035.apcprd01.prod.exchangelabs.com (25.163.105.163) To CO1PR05MB459.namprd05.prod.outlook.com (10.141.72.146)
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB459; 2:tCi0sSnIWwb4KuF1151F1f7v4AL96PKRRDtrmnp7ZNdZLbBGMg8OsZIfPytnvPOjXy+1XqWGItGr8jnozp0dGLpp6U5NiduLG7BLpUt5Zrle3zWEAEEiO8po9zCq0p/K47eZORTa9H2aSpEoezI8CLZSsBPAqHLHhQE+93I9sR8=; 3:XL1bnzLSnCsoUgYjfMmqJS5ZmZxpv177iFgJ4bDF1p+glvDmkZNMj002fMXaX4m5bKU9W/cFNBSHwjLs5xx3Oq1//NCiQu5/aa9tjv8ghCsKObytTniFeTdvKXET3uc8bn5X7CnV5JdvKp9QX1GQyA==; 25:ebLaN0+clUiP5mGWr7bxj8MlcjY/0tOWTYYtbiumXPNAAkxZg+/p3ty9MBMUH8cZXBGTvLpo//1NmOyoCZczzuf0P6lp57Q1XgIATlxwubSlyNBiaBAVkXaHIvgaYDS42uYWXMX4+/N8WDmb+UqMpLRYtt/DhN2HU3fyr5/0pYypwa15UztvWOpZ7PDTYe+xJpdQAhWN7MU5YnO0tKtJUe/CYTqFYpGz7kb6lYV/rHz8bdgV7eObIw/vlAA1uvV7fmyLqmQlq5BApSvrs7N4GA==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO1PR05MB459;
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB459; 20:miBZCdTzbpUiaVgHLw7j/CUjS0FHIbBrhQhZm1gBIz+kLeaM0w/GbWOQawlHGehm0zlcPMaeORMe5TJFOrwBeJOI5nBI4BjJM7NoFq+wwMNHEVYofLxOBe9eNrUhgPRLVhgNTwUSirUvMBw3IA5K/fP5fnQozHa+YxtQ0sC6+g5bcwjGuuNp7xB+X1tMEHcxRwoXmMrCToXSMy4mPFAvG96ECWdcjRANR9MEiJR/RCCUQdzkgTATjEqCbxEKL5qWVvnjdsmiBUdo2jy6RyYDH1eo2t3fjZNU+pvCrLEPJE9Z88YfpRdA1zXcgn7VZq6UWcxuKoGqRK0gAb27iuXtVZWhcAPSuzjdMsQhtKof3GRrk1YAqjciKVzHyzSPHyWwN/2vGArTg7ZZh3TQ2GrYkuWTXBA/A/+tJoAsOD5QCU2+mpC6vuZmK5T+Z3sVcNghii7meOX4YbN0Z7ec33qEsFbqblK4aCxkOl/05YY6fY0x3675HZY77Z50N3eBlNU+; 4:bkeeSroYVt4YzEwem5eH420zBJfslByGUgaXkxqaDDCY0cfZpMx30R0ZM9eKPNFv8J0NZsalnNBzvKoi+6ixSzWMuAAfU7dN5NLlrXb35uUSvFlBxQpOnxRFN4Xl8IwtNEoqp4n01rLDv3LX2XmbTYMk5HvePbxrUYTkWedJ2q10xzssEzhx0Viv86ToqPu5KXXthzDyh/hpiA/bUkbe6xWoTJa96EILwXsG8MDbbWiNLoO4EhgC3BLdWl5YeTjrT0iAfkklMz3SA37Yi6tp4CXIzWitJMVRnLmRlvc/EAVP8J516P7zmh+52YzCvnoDfGhZ9FGoobkZkhUke1+uMzz6N+TREizfCDhVqW7CnGmh+hmWQnHvfC+H/PHI7XSY
X-Microsoft-Antispam-PRVS: <CO1PR05MB45945971A8667DBF72E05B4AA280@CO1PR05MB459.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(18271650672692);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(10201501046)(3002001); SRVR:CO1PR05MB459; BCL:0; PCL:0; RULEID:; SRVR:CO1PR05MB459;
X-Forefront-PRVS: 07521929C1
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(377454003)(24454002)(164054003)(189002)(19580405001)(81156007)(36756003)(110136002)(57306001)(106356001)(77096005)(46406003)(87976001)(50466002)(5004730100002)(33656002)(189998001)(83716003)(230783001)(42186005)(53416004)(93886004)(5007970100001)(82746002)(69596002)(50986999)(19580395003)(101416001)(5890100001)(97736004)(1720100001)(5001920100001)(76176999)(50226001)(66066001)(40100003)(86362001)(5008740100001)(105586002)(92566002)(5001960100002)(122386002)(23726002)(15975445007)(47776003)(97756001)(2950100001)(42262002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR05MB459; H:jfujimiya-sslvpn-nc.jnpr.net; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB459; 23:KoFeSHzAahNGuVPgyeYR5Ugo3O52jpsT2CAegKFm0dHesiRT8xcD9eiltdZHA8O4bL2LfYL1GvVrKtTgd50p+YOMcFW4esCUpK+PxaJHOGdI71Vovrqun77a6RM3j3ShKOzozfDkt8xlA4brIB6TmhQx3ajhsaA01Bu7DL8q/9yBaUr1nBpeVpX9CdwAp6Xqedg7oQFI/EdBwS8TSXbwShKdBk8GzGftC556Z7T65tRnCvhcdWmXggOkLOfy1xScDSi8UxT4OB5suuSr9pOdp/jnNJVwauqnAd/oJVf52nYd3lbBwn9QU8sh9Si0Gkqfp/4SekDCt/86wS/SZpxnUZrIFjyCRKvgCG3SDGQbOZITrKn9SAffCHG5AZKv5DpJ3X8j5qgT/HR20yJKDW82VtbJ7nX8jb/WQmhiqTiCYWjJt6JAvJ28iCd8h0gaJ6Ds6cTfNB3qeO17qD2+eHByy6Bo26t+bdTW1jP+7ZzC+ivRJ1s96hRZPHTUGJZsJ4xdBh7mPqkWDWkbIHin+BOs8HzJkHoNcVGvEah5Tg6qmriMiTVHyK9GsFp8S9lBNOCLNVLp7dWaJahwC9hgUnIw9XFOPjaKO5AWLinrNvcmV9rvJxLozpOM9P8CwhUXR4seWwALes19pmmvfDOr8wtlPGy8caPTmiLNQZ6lZ4nfV8xI+t7AmODivfr9G+WMUQSxha395B+xcox/tSIIQ3MHnm8mslH1O811W+cDxktk20B8ChqkkveOmDCWIspFCDoH+jQfCqGO96pHoVckpo7hiZyiU3B9bZl9huqB4rHo4A76xEmRxmCYAyDh8Gpxl+ym5dsMvr3Wty7nuZ/Kw9GPi7WuKMBFwTCQY2vGexx+NfvU6w/d1tP0TlGt+1El/YuMMxa/Y0gGx3/nGYiBgFON30m3ycgDG1w7/u9BRPfz8dQPzw1D6cRUmDzsFckkZi8B9IDNCltDBeXAnKPcQgvCu3bMpYJoWim3ZZ7b8rcPpNNYM5pzCx+N7sR400IABsil1abm4BJIV8zbLEVNoJ76+5ahXMyiB+aDMx6ODXJEiGDoKMKNyzRQnHuiA2/ABlMJ+FA4s8xh+wnIJwSFi8m0CwkQbeCYEUOy4p0h4iEBbcRxAdH7Aj1Ph7g4jYB/hd5BtC4yN5UQ4d7sx+UxINCDc/K57G9qS69L7x7PrGz1gI4REF0Ym3hTpo6ibN4msOHWQl68eKZdOHjEMhnZfMSb63Z92qBzgTzAhfNTC93U1lSmg449tdcutBXohRUiOX/4Tx9hwGZFpk7nKdexU+DJn36P8xJflAHDcwaRlGof0aucsdnwvpdtXvWFUorYH5xr
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB459; 5:WRBNDqUoxzVHRt/D8JhArA0Fhu7hGiAxkNmtXV61RC+vY14sdCjj6KgxOskQ9OzjZYe78jKqkDzi1h6UhDG5uLsD1npnmQ2GWpC2eim6y2T9ctyb3Ewx9nwi6qikJ5ZptA2NZrqSa2E7zFR1WPasnQ==; 24:6iDn7ZuLNJo2jJlwyHPD7LHnFFfgKkF4SukcCsZSD1ifPx5QVVchXhJyknO0eK8JHryZ8WeO2X7JeQvyJ2L8WwDnFuOmYIfIg5rbhfpTxoI=; 20:cI7VgwH2VHRCC09u4e+8/xtUgbHD8L7u3Kds/2TN//L+glMxjl0QQTafsCggOWszrz7unKPSvQ/aSiMMup6rIQ==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2015 00:38:43.3384 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB459
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/U_r7nzHcer5H5kD0qkpcrHrCMQA>
Cc: Bruno Decraene <bruno.decraene@orange.com>, "sidr@ietf.org list" <sidr@ietf.org>, Sandra Murphy <sandra.murphy@parsons.com>, idr wg <idr@ietf.org>
Subject: Re: [Idr] [sidr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 00:38:52 -0000

Hi Robert,

I didn't see any specific change requests in your followups to this thread and indeed the changes in -05 are (I believe) consistent with the positions you took, but in any case you might like to take a look at the update.

Thanks,

--John

> On Jun 12, 2014, at 5:06 PM, Robert Raszuk <robert@raszuk.net> wrote:
> 
> Hi Bruno,
> 
> Glad we are in sync ;-)
> 
>> It's a priori not possible to define whether origin-validation shoud have
>> a low or high value compared to another possible existing usage.
> 
> Well I do not think it can be left as such.
> 
> The entire point of adding the new extended community for propagation
> of origin validation result (valid, nf, invalid) is to accomplish
> consistency in IBGP.
> 
> If you leave it open (ie not specified a priori) there is risk of
> different selections of best path in your domain for a given net
> (possibly with different exit points) .
> 
> Frankly since this ext community is non transitive one could also
> depref the routes via local pref .. yes yes I can hear already voices
> .. don't touch it - my local pref is for customers ! Except what this
> draft defines will easily ignore all those customer local preferences
> anyway ... IMO it is all about wisely choosing local pref values.
> 
> Cheers,
> R.
> 
> 
>> On Thu, Jun 12, 2014 at 9:45 AM,  <bruno.decraene@orange.com> wrote:
>> 
>> Hi Robert, all
>> 
>>> From: rraszuk@gmail.com [mailto:rraszuk@gmail.com] On Behalf Of Robert  Raszuk > Sent: Wednesday, June 11, 2014 10:26 PM
>>> 
>>> Hi Bruno & all,
>>> 
>>> Just focusing on Q1:
>>> 
>>>> 1)  For people not following SIDR, could you please elaborate on why
>>>> http://tools.ietf.org/html/draft-ietf-idr-custom-decision-04
>>>> has not been used? (via the registration of a new Point of Insertion
>>>> specific to origin validation) (as I though draft-ietf-idr-
>>>> custom-decision was intended to be the last time BGP decision process
>>>> would be modified)
>>> 
>>> Few observations:
>>> 
>>> A. draft-ietf-sidr-origin-validation-signaling does not really modify a BGP best
>>> path selection .. it adds a check before BGP best path selection algorithm
>>> kicks in.
>> 
>> 
>> "3. Changes to the BGP Decision Process"
>> [...]
>> "When comparing a pair of routes for a BGP destination, the route with the lowest "validation state" value is preferred."
>> 
>> My reading is that it does change the BGP decision process and the relative priority of the routes.
>> 
>>> B. Adding new POI is not needed as we already have a POI = 128 which is to
>>> be executed before any step in BGP best path selection hence at exactly the
>>> same point as this draft recommends.
>> 
>> Using POI=128 is indeed an option. However in theory there could already be existing usage of POI=128, hence possible conflict. In such case, the sub-field "Community-ID" define the priority. It's a priori not possible to define whether origin-validation shoud have a low or high value compared to another possible existing usage.
>> 
>> 
>>> therefor one obvious question comes in:
>>> 
>>> C. Based on A & B there is clear conflict not addresses in the draft.
>>> Assume both custom decision with POI = 128 "ABSOLUTE_VALUE" as well as
>>> origin validation are enabled. Moreover assume they result in opposite
>>> decisions. So the question of the day is: "Which of those two is the one to
>>> win the pre best path check ?" Effectively - which of those two is more
>>> important ?
>> 
>> You are reading my mind :-).
>> I assumed that the first document becoming RFC freely define its behavior and then the second will need to adapt (i.e. position itself with regard to the first one). However, given that both documents are worked in different WG, there is a risk that this is missed.
>> 
>>> The answer to this question should be included in the draft. And I do suspect
>>> authors of both drafts will answer: mine !
>> 
>> :-)
>> Indeed it's up to the authors/WG, but to me "Absolute" seems above any other criteria.
>> 
>> Thanks,
>> Bruno
>> 
>>> Thx,
>>> R.
>> 
>> _________________________________________________________________________________________________________________________
>> 
>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>> 
>> This message and its attachments may contain confidential or privileged information that may be protected by law;
>> they should not be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>> Thank you.
>> 
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email