IETF Logo Mail Archive

Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)

Robert Raszuk <robert@raszuk.net> Mon, 29 August 2022 09:23 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F249C152582 for <idr@ietfa.amsl.com>; Mon, 29 Aug 2022 02:23:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lgN6YWjoxtDc for <idr@ietfa.amsl.com>; Mon, 29 Aug 2022 02:22:56 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EA32C152581 for <idr@ietf.org>; Mon, 29 Aug 2022 02:22:55 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id y3so14477430ejc.1 for <idr@ietf.org>; Mon, 29 Aug 2022 02:22:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=aHmSlCiyKOICxO7ACz6adLGqYTcwUIxvYQdvC7rhe+I=; b=CjGxBWfiLSDb0GBBO4d6QUX/V9oScHu/mNSRH1mqZPbeOlOQcK4lYqBIi1CjiqGBB+ MdwYl45grkZJ23Lsnunq6CeyP3yVtaCZ4TWaY2OrwUNv8XLPVpIP574MR7tf/095uM9G w2W9iOmX1NB2LjRhox2PpAEsIq3qrke26ivs/qdvgET2Vp5CALPPnrtvwApRI3cvnP+7 h9yVKwJHGx2t4sRltS1f1ywKSa78krZuXr6XmeqIZQSKCGFVb1NFoVBqc6At5AoKoT+h /SkzM5/DXqh3CZ5B1Ji2z9MuizOL9p/uyiXkIyISISWznfakp7XvtCLnCQsqIsnePHu0 H4rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=aHmSlCiyKOICxO7ACz6adLGqYTcwUIxvYQdvC7rhe+I=; b=4VYna0ljegmHR6OL41EXraM1aqKakqm5YqWp2kxvq39ko0ONV8H5iD/knh2lOA9MO8 OuJUG5IjQDmeGUEtiHz3UAKGbo2/mV5nnd4ldMIzddK57Z9A5nQiVTkUzVPrdVGXuXrm ywj/7HKnZemZhh7oCjFcac1i92NdOxuUS51/2Svhi+dLWLnBcMxNxkXIcPxV+HkmUQgZ CQWuiw754exbFXsqUvy0lVxpF7C5/GV9b1SnPSPNT+XWKmOGWYyoSLqr9AqvUh0Pp55L CAVmHsCjHcaPAzsulHxP25EwkNNv0Y10rdT3xzeWKlkF7ihgroACa8ElxlH0v3K/ltdP uhyA==
X-Gm-Message-State: ACgBeo0ZozQn2jvwAvH63G2czeJp+ux+wIned4wL1EqsW6azbCYJjd3C pX9cVTwcdKrOC5yJQQHh/nTQolfMWtuV24ERxlDDzg==
X-Google-Smtp-Source: AA6agR6ii49js0KpZvcXdiexQkSltzm68a5N61S7ff9GDg5CqwMt8kzWJ96BpUrKgTweIRl6Cy60A0VHk4vTHxnY5Ew=
X-Received: by 2002:a17:906:fe0b:b0:730:3646:d177 with SMTP id wy11-20020a170906fe0b00b007303646d177mr12444334ejb.688.1661764974198; Mon, 29 Aug 2022 02:22:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAOj+MMELVifgg4Yj38kyncDGYzS5fJG-43_kRc7YLwJiTPANUA@mail.gmail.com> <23D1B383-F794-402E-AB1B-D966F8F3375B@tsinghua.org.cn> <CAOj+MMGs9gU=xC0UG4Xaiv5feo2U6VFXkdAxmk6arN_bxe_mSg@mail.gmail.com> <BYAPR08MB4872E197715724FC1E853725B3769@BYAPR08MB4872.namprd08.prod.outlook.com>
In-Reply-To: <BYAPR08MB4872E197715724FC1E853725B3769@BYAPR08MB4872.namprd08.prod.outlook.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 29 Aug 2022 11:22:43 +0200
Message-ID: <CAOj+MMEY=0iQ=vBGYJ=M=Pd=3gvjZVwWCZC_XPXzXDsD-7_a6A@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>
Cc: Aijun Wang <wangaijun@tsinghua.org.cn>, "Acee Lindem (acee)" <acee@cisco.com>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fce14805e75dce3a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/YIlh99_HQ78wa7LctHrfRNW7P1M>
Subject: Re: [Idr] Adoption and IPR call for draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2022 09:23:00 -0000

Sue,

> You might consider that Aijun and others do not have the ability to
quickly take the rogue PE out of the network.

No one is suggesting that.

The current methods to mitigate the issue are as stated number of times:

* local drop of overflowing routes at the weak PE  (no new spec needed)

* protection at the PE-CE boundary at the src PE (no new spec needed)

* protection at the VRF level at the src PE (no new spec needed)

Then claim is now stated that operator can not control src PE. That's an
interesting claim. We in many routing protocols assume that there is
control within domain. For Interdomain again we should apply prefix limit
on a per RD basis. (if they would provide a draft suggesting this I would
highly support it).

Then last the issue can be clearly mitigated by network management layer.

Just pushing ORF to adjacent RR and not mitigating the issue is not a
proper action.

Thx,
R.













On Mon, Aug 29, 2022 at 10:29 AM Susan Hares <shares@ndzh.com> wrote:

> Robert:
>
>
>
> You might consider that Aijun and others do not have the ability to
> quickly take the rogue PE out of the network.
>
>
>
> Asking Aijun why they do not take the Rogue PE out of the network – may be
> useful.
>
>
>
> Sue
>
>
>
> *From:* Robert Raszuk <robert@raszuk.net>
> *Sent:* Friday, August 26, 2022 6:48 PM
> *To:* Aijun Wang <wangaijun@tsinghua.org.cn>
> *Cc:* Acee Lindem (acee) <acee@cisco.com>; idr@ietf. org <idr@ietf.org>;
> Susan Hares <shares@ndzh.com>
> *Subject:* Re: [Idr] Adoption and IPR call for
> draft-wang-idr-vpn-prefix-orf-03.txt (8/16 to 8/30)
>
>
>
>
>
>
>
> I admit there will be no single solution for one problem.
>
>
>
> The role of IETF is to standardize a single solution to real problems. At
> least we should aim for that.
>
>
>
> Your problem description is this:  *"rogue PE"*
>
>
>
> Well to me this is not sufficiently precise to convince anyone that there
> is a problem to start with. At least I am happy to see that you are no
> longer stating that the problem you are trying to protect from is "rogue
> CE" (as clearly PE-CE prefix limit will effectively mitigate it
> at its source).
>
>
>
> Bottom line is this - if we assume that any PE can arbitrarily misbehave
> and inject bogus stuff in the routing control plane then we have a much
> larger problem. And IMO the right solution to such a problem would be to
> take such "rogue PE" out of the network ASAP. Not to cherry pick who's VPN
> to cut first, second, third on RRs in the path.
>
>
>
> Rgs,
>
> R.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

v2.23.0 | Report a Bug | By Email