IETF Logo Mail Archive

Re: [Idr] [GROW] draft-mauch-bgp-reject

Jared Mauch <jared@puck.nether.net> Thu, 05 November 2015 05:49 UTC

Return-Path: <jared@puck.nether.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AD4B1B3A0E; Wed, 4 Nov 2015 21:49:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ulE6WxEBiLm7; Wed, 4 Nov 2015 21:49:06 -0800 (PST)
Received: from puck.nether.net (puck.nether.net [IPv6:2001:418:3f4::5]) by ietfa.amsl.com (Postfix) with ESMTP id 2315D1B3A11; Wed, 4 Nov 2015 21:49:06 -0800 (PST)
Received: from [172.20.10.3] (unknown [172.56.6.78]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by puck.nether.net (Postfix) with ESMTPSA id A11E0540D81; Thu, 5 Nov 2015 00:48:58 -0500 (EST)
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
Content-Type: text/plain; charset="utf-8"
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <20151102093733.GF70452@Space.Net>
Date: Thu, 05 Nov 2015 00:48:51 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1CF5B9F-7827-4A2D-9DAD-0D5C50C5F393@puck.nether.net>
References: <E1A51A62-A164-4F9C-AE67-CC8F3C3AB85D@puck.nether.net> <20151102093733.GF70452@Space.Net>
To: Gert Doering <gert@space.net>
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/Z9TmDHpSHBQglmQj09APzGb5yrI>
Cc: idr wg list <idr@ietf.org>, GROW@ietf.org
Subject: Re: [Idr] [GROW] draft-mauch-bgp-reject
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2015 05:49:07 -0000

> On Nov 2, 2015, at 4:37 AM, Gert Doering <gert@space.net> wrote:
> On Sun, Nov 01, 2015 at 11:18:55PM -0500, Jared Mauch wrote:
>> I plan on covering this briefly in the GROW meeting today and uploaded the revised text that has been sitting in my output queue since August.
>> 
>> This is basically codifying the fact that you MUST NOT default to "bgp unsafe-ebgp-policy??? for any BGP speaking device.
> 
> There is one item I don't understand here:
> 
>   o  Software MUST provide protection from internal failures preventing
>      the advertisement and acceptance of routes
> 
> what does that mean (in other words "more verbose explanation, please")?

Vendor software will actually fail-open and not honor the configured
policy.  I’d like to try and capture this case as implementation guidance
to prevent damage to the global internet.

- Jared

v2.23.0 | Report a Bug | By Email