Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?

Jeffrey Haas <jhaas@pfrc.org> Wed, 28 October 2020 20:43 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F9883A0980; Wed, 28 Oct 2020 13:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VR57FwYZAuHU; Wed, 28 Oct 2020 13:42:59 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id F2AAD3A0975; Wed, 28 Oct 2020 13:42:58 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id EE2661E351; Wed, 28 Oct 2020 16:58:09 -0400 (EDT)
Date: Wed, 28 Oct 2020 16:58:09 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>
Cc: John Scudder <jgs@juniper.net>, "idr@ietf.org" <idr@ietf.org>, Robert Raszuk <robert@raszuk.net>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>, Hares Susan <shares@ndzh.com>
Message-ID: <20201028205809.GE31925@pfrc.org>
References: <DEE76A95-339B-433C-BD46-AD0243F72FBE@juniper.net> <3366_1601300732_5F71E8FC_3366_6_3_53C29892C857584299CBF5D05346208A48F86028@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <21B4E52C-38F4-4C94-985C-8C1DF88F4A92@juniper.net> <CAMMESsxG+ASdax1USizop-1bzYELcSdvND-f3RNEJ78zDUPrng@mail.gmail.com> <A9128F3D-948E-4F22-B000-7B470AFAC219@tix.at> <CAOj+MMESP=1EtTcuptE9xdyb+g36kDiD4sH6wSLezeZX74v2vw@mail.gmail.com> <BYAPR11MB32079E5730B9B170C1ADF7E1C0350@BYAPR11MB3207.namprd11.prod.outlook.com> <CAOj+MMFrFhwF1D=j1KS5wJXzc-ULEA6Ne-n296LYvit5fKUB+w@mail.gmail.com> <57A5696C-4AD1-46E3-85C8-21867D821A3D@juniper.net> <CCB3EE16-0B8F-49FC-9EC8-4F6C70CFC8E5@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CCB3EE16-0B8F-49FC-9EC8-4F6C70CFC8E5@cisco.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ZoiXHfDuy5OlDqDZp5KrUmSBGF4>
Subject: Re: [Idr] [BULK] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2020 20:43:02 -0000

I have been unable to follow IETF properly in recent times, so forgive this
stale comment for the archive:

On Tue, Sep 29, 2020 at 03:31:33PM +0000, Jakob Heitz (jheitz) wrote:
> This may have had something to do with getting an interface specific flowspec. There was debate about putting the interface specification as part of the NLRI or part of the attributes. My memory is leaking.

When the authors of the interface-set draft were discussing encoding
considerations, we had two things that came out of that discussion relevant
to this thread:

1. We were aware that implementations that didn't understand a new component
type may have difficulties enforcing the intent of the interface-set
scoping.  Given this text from RFC 5575, that's potentially problematic:

:   If a given component type within a prefix in unknown, the prefix in
:   question cannot be used for traffic filtering purposes by the
:   receiver

At that time, the magnitude of the issues surrounding extending flowspec
weren't totally understood.

2. The inter-domain considerations for interface-set group ids was
problematic.  Such group ids were likely to be applicable to one domain and
may not be useful inter-domain; i.e. customer to ISP.  Since there was a
likelihood of needing to be able to change the mappings somewhat
dynamically, this was more applicable to a path attribute that could be
readily modified.  In this case we chose extended communities.

There is also the problem that if it were encoded in the NLRI, that would
mean that the NLRI itself would need a rewrite when crossing such
boundaries.  Our general experience with BGP over the years usually suggests
that this is a recipe for disaster.

-- Jeff