Re: [Idr] Joel Jaeggli's No Objection on draft-ietf-idr-ix-bgp-route-server-11: (with COMMENT)

Nick Hilliard <nick@foobar.org> Tue, 14 June 2016 16:09 UTC

Return-Path: <nick@foobar.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9657512D7D3; Tue, 14 Jun 2016 09:09:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UA5jnwhwikXC; Tue, 14 Jun 2016 09:09:19 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F98612B013; Tue, 14 Jun 2016 09:09:19 -0700 (PDT)
X-Envelope-To: draft-ietf-idr-ix-bgp-route-server@ietf.org
Received: from crumpet.local (089-101-195156.ntlworld.ie [89.101.195.156] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id u5EG9CNb006286 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Jun 2016 17:09:13 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-195156.ntlworld.ie [89.101.195.156] (may be forged) claimed to be crumpet.local
Message-ID: <57602C27.10803@foobar.org>
Date: Tue, 14 Jun 2016 17:09:11 +0100
From: Nick Hilliard <nick@foobar.org>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: Joel Jaeggli <joelja@bogus.com>
References: <20160614153754.19291.870.idtracker@ietfa.amsl.com>
In-Reply-To: <20160614153754.19291.870.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Y-nUwFPnKjsD1gjbbe3-2_RN-io>
Cc: idr@ietf.org, draft-ietf-idr-ix-bgp-route-server@ietf.org, The IESG <iesg@ietf.org>, shares@ndzh.com, idr-chairs@ietf.org
Subject: Re: [Idr] Joel Jaeggli's No Objection on draft-ietf-idr-ix-bgp-route-server-11: (with COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2016 16:09:22 -0000

Joel Jaeggli wrote:
> I'm at a bit of a loss to understand why path hiding would be a
> considered an undesirable property of an MLPE routeserver.

Because in certain circumstances, if you have two paths A and B to a
leaf node L, and path A decides to block access to L via the IXP, A's
policy action acting on the RS will also block path B.  There are no
circumstances that I can imagine where this would be a desirable outcome.

> IMHO as an
> operator that peers on MLPE exchanges as well as bilaterally on exchange
> fabrics and via PNIs. blinding a client of the MLPE which I  may have a
> session already with at the exchange or via PNI is basically mandatory.

We're talking about different things here.  Blinding a path by offering
a better alternative is fine - which is, I think, what you are talking
about.  Blinding a path by denying third parties a failover path is not ok.

> Likewise without per-asn export policy at exchanges my ability to
> advertise anycast prefixes via the MLPE is basically noexistant
> 
>    If an IXP operator deploys a route server without
>    implementing a per-client routing policy control system, then path
>    hiding does not occur as all paths are considered equally valid from
>    the point of view of the route server.
> 
> Does not seem like a particularly desirable outcome.
> 
> While I'm fine with 2.3 not being normative, it does seem desirable that
> an MLPE service offer the client control, it greatly increases the sorts
> of clients that can safely use the service.

Yep, agreed.  This was an issue that Geoff Huston brought up during the
rtgdir review.  His point was that a standards track document cannot
recommend a course of action which is not formally defined anywhere.  At
the moment, neither add-path nor the multiple rib options have been
defined formally within standards track documents.  So as authors we had
an option of either delaying publication of this draft for an
indeterminate number of years while the multi-rib and add-path drafts
were standardized, or else mark these as non-normative for the time
being and standardise the rest of the requirements.

Given that ietf-idr-add-paths has been in the ietf process since 2002
and it's now 2016, we figured it was probably a more practical solution
to move ahead with this draft as-is, and if someone wants to document
multiple ribs in future, this draft can be updated.

Nick