IETF Logo Mail Archive

Re: [Idr] New draft submitted: draft-loibl-bacher-idr-flowspec-clarification

"UTTARO, JAMES" <ju1738@att.com> Tue, 23 August 2016 14:18 UTC

Return-Path: <ju1738@att.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA66D12DA32 for <idr@ietfa.amsl.com>; Tue, 23 Aug 2016 07:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nw4Zf811Xj1l for <idr@ietfa.amsl.com>; Tue, 23 Aug 2016 07:18:12 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5437112D9A4 for <idr@ietf.org>; Tue, 23 Aug 2016 07:13:48 -0700 (PDT)
Received: from pps.filterd (m0049463.ppops.net [127.0.0.1]) by m0049463.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id u7NEA6dJ001521; Tue, 23 Aug 2016 10:13:47 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049463.ppops.net-00191d01. with ESMTP id 250nhyspjw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Aug 2016 10:13:46 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id u7NEDjUC017849; Tue, 23 Aug 2016 10:13:46 -0400
Received: from mlpi408.sfdc.sbc.com (mlpi408.sfdc.sbc.com [130.9.128.240]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id u7NEDdx1017787 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 23 Aug 2016 10:13:42 -0400
Received: from MISOUT7MSGHUBAF.ITServices.sbc.com (MISOUT7MSGHUBAF.itservices.sbc.com [130.9.129.150]) by mlpi408.sfdc.sbc.com (RSA Interceptor); Tue, 23 Aug 2016 14:13:28 GMT
Received: from MISOUT7MSGUSRCD.ITServices.sbc.com ([169.254.4.23]) by MISOUT7MSGHUBAF.ITServices.sbc.com ([130.9.129.150]) with mapi id 14.03.0301.000; Tue, 23 Aug 2016 10:13:28 -0400
From: "UTTARO, JAMES" <ju1738@att.com>
To: Christoph Loibl <c@tix.at>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] New draft submitted: draft-loibl-bacher-idr-flowspec-clarification
Thread-Index: AQHR/TcvLjIyYQIeSECCnbqT6u78PqBWk4Og
Date: Tue, 23 Aug 2016 14:13:27 +0000
Message-ID: <B17A6910EEDD1F45980687268941550F1FF1FD73@MISOUT7MSGUSRCD.ITServices.sbc.com>
References: <65345B6C-D24F-4F32-BF3C-E9343A7C61E1@tix.at>
In-Reply-To: <65345B6C-D24F-4F32-BF3C-E9343A7C61E1@tix.at>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.91.76.251]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-23_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 impostorscore=0 lowpriorityscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608230142
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/_e8PD7gM6DgRexjgb4DLsCsUgrM>
Subject: Re: [Idr] New draft submitted: draft-loibl-bacher-idr-flowspec-clarification
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2016 14:18:17 -0000

Christoph,

	One could also us flow-spec as a mechanism to disseminate flow-spec "filters" via an SDN controller. I am my co-authors specified changes to the validation procedure such that the unicast route is not required for a router to accept and program the slow-spec path/filter.  When reading through the draft it seems to assume that flow-spec is only used as originally intended this is not the case. IMO this is a good piece of work and it should broaden the scope to include how flow-spec can be used from an SDN Controller.. There are other challenges with the draft as originally written

- Order of Traffic Filtering Rules
- More specific unicast routes
- AS value position in the AS-Path

Here is the draft..

https://tools.ietf.org/html/draft-ietf-idr-bgp-flowspec-oid-03 

Jim Uttaro

-----Original Message-----
From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Christoph Loibl
Sent: Tuesday, August 23, 2016 8:09 AM
To: idr@ietf.org
Subject: [Idr] New draft submitted: draft-loibl-bacher-idr-flowspec-clarification

Hi,

We submitted a new draft and are happy to receive feedback:

Since interoperability is key to an flowspec Internet deployment we tried to clarify the ambiguous parts of the flowspec RFC 5575 in order to allow a consistent implementation by equipment vendors.

Title: draft-loibl-bacher-idr-flowspec-clarification

https://datatracker.ietf.org/doc/draft-loibl-bacher-idr-flowspec-clarification/

The reason for this draft submission is, that we recently performed a rather large flowspec interop test (the main goal was to evaluate possible inter-AS flowspec scenarios in a multi vendor environment) and discovered many bugs and vendor interop problems that we want to solve.

Unfortunately we currently cannot share all our findings in a test report, because we hit some serious bugs that have (under circumstances) potential to remotely melt down entire networks and are working with the vendors to get bugs fixed.

Christoph

--
Christoph Loibl
c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at

v2.23.0 | Report a Bug | By Email