IETF Logo Mail Archive

Re: [Idr] WG Adoption call draft-ymbk-idr-bgp-open-policy - (6/6 to 6/20/2016)

Alexander Azimov <aa@qrator.net> Thu, 09 June 2016 13:55 UTC

Return-Path: <aa@highloadlab.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2DA812D63A for <idr@ietfa.amsl.com>; Thu, 9 Jun 2016 06:55:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=highloadlab-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SsH2CqCoSQsG for <idr@ietfa.amsl.com>; Thu, 9 Jun 2016 06:55:30 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4114812D18C for <idr@ietf.org>; Thu, 9 Jun 2016 06:55:30 -0700 (PDT)
Received: by mail-io0-x229.google.com with SMTP id m62so38470941iof.0 for <idr@ietf.org>; Thu, 09 Jun 2016 06:55:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=highloadlab-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=om/g/IkG4+18CHWdrJeQ/ES7hyQmJ6w5mGzHwKFCHgo=; b=Saff2xZvGjQw6EwL51M6dPMKLvZS9P+Kke6VR/ofE7ELs6BtGDE3q9WDTaJVxgoOeW mMVO9HwIsL8b+XSSdJD2tHIKPdo4274db1xKTo2p80ob1/lIDv/MDc3ca7II0Wo30ZiU r5o3/+4y/W97N9ya9X5Bw51B+G/8breCd+6tdeD5Y3lMQq1DCu2iwTeZn0xemy3ge47/ eADXtqbqErOQ61lINQCQ2bJxE5uzsVcB9HZ32+xYobnzgoYIQkN4rwRqNVsKAqsdoYsC dRwWbsK60W2hG6Qau/bJsM+MbCU/42GkbD0obr+XfpE5k19suYBNESaU1H0N6uUZGFhc mv2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=om/g/IkG4+18CHWdrJeQ/ES7hyQmJ6w5mGzHwKFCHgo=; b=mqwvFrBYrIWOL6cSa+cSI3nez221FTIrk/8ipUnnuUu598mlNogH3+EGBPUXtffG0s XcudSYmvexvYb6iq/YdwMskFDMzUhGVBsY8rYitf91PqyyNGB3f+vnMy/h6RBi7LlKeL 9hZECfYqP/kFaG9NxTSFpKj7oTxCMHcHibFXdb2FcE14XGfKnPEeJ+C98J9hDWDCEr30 6QHoMUzppGprHPQM+M8lWZKmbJsVCG6RQQY5P6Lg+rXNFIlz6uu9qey9nH/ILWbnd13t s7d2GAi+jyNwqg9Tv5gqNzvlJ4EwbESoxrmbljhWCqvjLbl7ZyBPItL7TdjZjCotCAf3 NhfA==
X-Gm-Message-State: ALyK8tLVaCyM8t5WiZpBQZV7o+TBybJc76QGdVPJuyBf+x0ShpJEjm8EP8avBK6Uax4rxCLq2AnmTPH8w7Gy6g==
X-Received: by 10.107.9.144 with SMTP id 16mr17122830ioj.196.1465480529409; Thu, 09 Jun 2016 06:55:29 -0700 (PDT)
MIME-Version: 1.0
Sender: aa@highloadlab.com
Received: by 10.64.146.129 with HTTP; Thu, 9 Jun 2016 06:55:28 -0700 (PDT)
X-Originating-IP: [176.110.121.30]
In-Reply-To: <CAHgCvCMF_MO3zQEYhQiZTr5BdJ2ixLAuCfPakho77TCRD5zcRA@mail.gmail.com>
References: <012e01d1c012$1d05f8d0$5711ea70$@ndzh.com> <BL2PR09MB11233AF9434057E641967E9E845D0@BL2PR09MB1123.namprd09.prod.outlook.com> <CAHgCvCMF_MO3zQEYhQiZTr5BdJ2ixLAuCfPakho77TCRD5zcRA@mail.gmail.com>
From: Alexander Azimov <aa@qrator.net>
Date: Thu, 09 Jun 2016 16:55:28 +0300
X-Google-Sender-Auth: ux7dSTS2lFxudLvtfBFSuWmq1nY
Message-ID: <CAHgCvCNzn9YGpR7sqnCoeHS2U1UEx8WBg99kwc2=B_WXGWuaHA@mail.gmail.com>
To: "idr@ietf.org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="001a113f95f26196180534d8c679"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/YG_R-FdFy2JA9MSFu9Pg0j0nW28>
Subject: Re: [Idr] WG Adoption call draft-ymbk-idr-bgp-open-policy - (6/6 to 6/20/2016)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 13:55:33 -0000

Copy of my yesterday's email, just in case, if it was not delivered:


Dear Sriram,

Thank you for your input, but I think most of your concerns come out of
confusion. Let me clarify them one by one. My comments are included in text
below

2016-06-08 1:08 GMT+03:00 Sriram, Kotikalapudi (Fed) <
kotikalapudi.sriram@nist.gov>:
 The above mentioned second part seems to be a compromised subset of

> the proposal in the existing WG draft
> [ietf-idr-route-leak-detection-mitigation].
>
> The bgp-open-policy draft proposes a single OTC flag per update
>
> (as opposed to one flag per AS-hop).
>
> This lacks efficacy as explained with examples in Section 5.5 of
>
> [ietf-idr-route-leak-detection-mitigation] and also in ref [1] noted below.
>
> In contrast, [ietf-idr-route-leak-detection-mitigation] proposes
>
> an RLP flag per AS-hop, which is shown to work well
>
> (i.e. more robust in the presence of errors and partial deployment)
>
> for route leak detection (see Section 5.5 for details).
>
RLP, as its proposed could not be used on “per update basis”. But OTC, with
use of proposed roles, does not share these limitations. This is an excerpt
from [ietf-idr-route-leak-detection-mitigation] draft section 5.5:

        +-----+         +-----+  peer to peer (p2p) relation +-----+
     p--| AS1 |-------->| AS2 |----------------------------->| AS3 |
        +-----+         +-----+            Update -->        +-----+

                                Method B: {p [AS2 AS1] RLP=1}

In our proposal, AS2 would set OTC flag only if AS3 is not supporting
roles, and this can easily be retrieved from OPEN message. So the problem
is not with per-update basis approach, but with RLP attribute itself. I'd
like to mention, that well designed per-update attribute has one more
obvious advantage: fixed size.

> Also, the bgp-open-policy draft mixes up detection and mitigation
>
> into one combined algorithm.
>
> (Mitigation belongs largely in the operator policy space.)
>
> In contrast, [ietf-idr-route-leak-detection-mitigation] describes
>
> the RLP encoding and detection separately.
>
> It leaves the mitigation method entirely to the operator,
>
> while providing only an example of a mitigation policy.
>
> The operator uses the detection algorithm as a tool to
>
> inform their own policy when it comes to mitigation.
>
When dealing with route leaks it’s important to solve the problem. Not just
detect it. What do you think is easier - to prevent leaking or to track
down route leak and stop it propagation? I think there is no real choice -
create or not to create route leak, likewise it is now with community
usage. That is why our draft, with help of roles, proposes full automation
for both leak prevention inside AS and leak detection for leaks that are
made by third parties. I believe it could provide complex approach to solve
the problem.

v2.23.0 | Report a Bug | By Email