Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

Robert Raszuk <> Thu, 27 April 2017 19:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 81DD31294D2 for <>; Thu, 27 Apr 2017 12:56:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AWpJgICaftl9 for <>; Thu, 27 Apr 2017 12:56:44 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 76E3E129B72 for <>; Thu, 27 Apr 2017 12:53:21 -0700 (PDT)
Received: by with SMTP id 70so22259296ita.0 for <>; Thu, 27 Apr 2017 12:53:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=EuRWmvkBo3J0E2a5ABFqHh17Y1iiWeUt2Fr4OgXdyN4=; b=Gfuy1O+fb852DjwmOvpOmWi+Vp6Awnr7mrN/xzrytZ1mupcXa9zNAK8iVpJU1YKvZU d5qH40KqV0wsAoZWG03moGDAoi5e1j0943dc00PeBqWRA08cnOD85kIGAESTkDzknoSp O7zoZ00FZvZxLgelzfPor4TDN6sSuGkiDz3DEpdHsTIezfuNyZhluH0uXkYHNV++agwj as5nGnwZ0mNi5jf2Hmmqa9x+AAQlgmgAkv8tk9dAfcFOMnFft9bPpvI3bFow3K20kNwX x10uzOL8v967kjcC3pB77CRzzoPrcPfQa/7O5I16gDufVCySCHzFDpLqPpci3SsAx6bX ekiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=EuRWmvkBo3J0E2a5ABFqHh17Y1iiWeUt2Fr4OgXdyN4=; b=KO60l965MKsSXOPB7h0fD7KsH5seoxhIIuhsxOilIGzmLDyOANOqwcbbFZNJ2DwGTo s4BLnBAfsMwpm0ZU+iI78INkGkA9A1sUS9tSu6s41XX0jwYmsOyajOaRRARctdgB6CrY dhpzizV+ntCftIkzKq7lImLa+JNKA7gxxuDL17V09PcdBKR6HT3gNhCB+tdLELz0QnQp tJq0TNP+RlLmt9DlKG180bR/tejZ9rZg8QbPia8Clsy5ZgsHfhG407WNjE89642zHIXs w9nyx3d5KkXSYy0TeLp5X0jBiQ+DO5VdXsPsX5x/hd3b+muSD2ydmgkxzt+cJuLGQeCr tUmw==
X-Gm-Message-State: AN3rC/7673YUACVY0DF5b/B2Xh64JLPo2DlOyOTkkgtc7jsD1kJOT7Qq XebOfTiWV0WaayjcO2vN8k7UjdmZYQ==
X-Received: by with SMTP id i66mr5139500ita.59.1493322800349; Thu, 27 Apr 2017 12:53:20 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 27 Apr 2017 12:53:19 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <023e01d2be72$031ac180$> <20170426095547.GP25069@Space.Net> <> <> <> <20170426125417.GU25069@Space.Net> <> <> <> <> <>
From: Robert Raszuk <>
Date: Thu, 27 Apr 2017 15:53:19 -0400
X-Google-Sender-Auth: XHinTeqQ2gI5JRQq6HBuVaBzDXs
Message-ID: <>
To: Warren Kumari <>
Cc: Alexander Azimov <>, Christopher Morrow <>, idr wg <>
Content-Type: multipart/alternative; boundary="001a114ab26c0cebc3054e2b4f38"
Archived-At: <>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Apr 2017 19:56:45 -0000

> Empty policy is fine -- I have a number of sessions where I
> intentionally have no policy. What I don't want to have happen is
> *accidental* sessions without policy

​BGP peers are usually configured using peer groups or peer templates.
Policy (especially empty one) would be part of such template anyway. So
changing the default ​would not help to prevent anything once the template
is applied. And session without template being applied would in vast
majority of cases not come up anyway.

Only in stub multi-homed small networks which someone configures peers by
hand the new default maybe will help.

As mentioned before for those cases much better would be to have BGP build
in protection.

*Example for new BGP rule: *

*IPv4 and IPv6 eBGP received routes to an AS (routes where AS_PATH contains
other then local ASN) may be advertised over eBGP session to other ASes
only when explicitly allowed by policy. *

Such change in default is actually much more practical to really help in a
lot of cases while not breaking anything to those which have little stub AS
and advertise their PI space of 4 routes. Such change also address cases
where someone just adds once "send all" to template.