Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
"Wanghaibo (Rainsword)" <rainsword.wang@huawei.com> Thu, 17 March 2022 11:53 UTC
Return-Path: <rainsword.wang@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45FA93A109F for <idr@ietfa.amsl.com>; Thu, 17 Mar 2022 04:53:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Er6tqKyCGpid for <idr@ietfa.amsl.com>; Thu, 17 Mar 2022 04:53:07 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BE103A10C0 for <idr@ietf.org>; Thu, 17 Mar 2022 04:53:07 -0700 (PDT)
Received: from fraeml737-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4KK59B0fJHz67vDG for <idr@ietf.org>; Thu, 17 Mar 2022 19:52:14 +0800 (CST)
Received: from kwepeml100006.china.huawei.com (7.221.188.192) by fraeml737-chm.china.huawei.com (10.206.15.218) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 17 Mar 2022 12:53:03 +0100
Received: from kwepeml500001.china.huawei.com (7.221.188.162) by kwepeml100006.china.huawei.com (7.221.188.192) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Thu, 17 Mar 2022 19:53:01 +0800
Received: from kwepeml500001.china.huawei.com ([7.221.188.162]) by kwepeml500001.china.huawei.com ([7.221.188.162]) with mapi id 15.01.2308.021; Thu, 17 Mar 2022 19:53:01 +0800
From: "Wanghaibo (Rainsword)" <rainsword.wang@huawei.com>
To: Robert Raszuk <robert@raszuk.net>, Jeffrey Haas <jhaas@pfrc.org>
CC: "idr@ietf. org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>
Thread-Topic: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
Thread-Index: Adg0iU/LdOzWENOQQCinCgHK9waz6gAp9x8AAATCd4ABK/7cEA==
Date: Thu, 17 Mar 2022 11:53:01 +0000
Message-ID: <4831712448ae4fcf9101f3d6b7e05a7e@huawei.com>
References: <00ca01d8348c$8b05d270$a1117750$@ndzh.com> <20220311181711.GA29551@pfrc.org> <CAOj+MMGYnkN8Yx7riO-nd+Th3abXOW7+r9CZ4AXFDsYmXdMySQ@mail.gmail.com>
In-Reply-To: <CAOj+MMGYnkN8Yx7riO-nd+Th3abXOW7+r9CZ4AXFDsYmXdMySQ@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.153.118]
Content-Type: multipart/alternative; boundary="_000_4831712448ae4fcf9101f3d6b7e05a7ehuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/aDw8HcZDk59f8gHx_4sK14FgTAw>
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 11:53:12 -0000
Hi Robert, [Bottom line - not everything that can be fitted into a BGP attribute should be carried by BGP protocol.] I agree with this point. But I still think the iFit extension here is appropriate. The Pub-sub model is a centralized service model, it’s complexable for dynamic changed service. The iFit extension here is a distributed service driven model. Service routes advertised with iFit capability will bring simplifying deployment. Regards, Haibo From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Robert Raszuk Sent: Saturday, March 12, 2022 4:33 AM To: Jeffrey Haas <jhaas@pfrc.org> Cc: idr@ietf. org <idr@ietf.org>; Susan Hares <shares@ndzh.com> Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24) Hello Jeff & WG, I am a big supporter of In-Situ Telemetry. Well modulo the fact - and in fact show stopper - that to make it really useful very precise nano seconds clock synchronization is required and that by itself is not an easy task to accomplish in WAN or MAN networks. The only tools I see to help here are PTP or gPTP but PTP mostly is deployable in DCs not in WANs. As far as BGP is concerned I must ask why do we really need p2mp signalling to spray such information to all BGP speakers ? In Situ telemetry can be deployed end to end beyond BGP speaking network elements so it will not help. Moreover we are really stepping again on using BGP protocol as a network management carrier. Such distribution would be much better served by the pub-sub model. Such model can be realized by any message bus or by leveraging a recent proposal from Tony - https://datatracker.ietf.org/doc/draft-li-lsr-liveness/ Yes this currently was done to address IGP node liveness propagation, but nothing stands against reusing such idea for pub-sub distribution of other node capabilities like ifit. Bottom line - not everything that can be fitted into a BGP attribute should be carried by BGP protocol. Kind regards, R. On Fri, Mar 11, 2022 at 7:17 PM Jeffrey Haas <jhaas@pfrc.org<mailto:jhaas@pfrc.org>> wrote: Sue and Working Group, I'm generally supportive of IFIT for BGP. For this particular document, I think it'd be helpful if the authors provided some more detail on the scoping of the BGP Extended Community attributes and their security considerations. In particular: On Thu, Mar 10, 2022 at 09:38:43AM -0500, Susan Hares wrote: > This begins a 2 week WG Adoption call (3/10/2022 to 3/24/2022) > > for draft-wang-idr-bgp-ifit-capabilities-04 > > https://datatracker.ietf.org/doc/draft-wang-idr-bgp-ifit-capabilities/ > > In your comments please consider if: > > 1) Do the additions to BGP (2 Communities and > TLV for next-hop-capability attribute) > help the distribute information regarding the IFIT options > from tail (egress) nodes to head nodes (ingress)? > > Are there any cases where these BGP > Communities should be removed or ignored? >From the Security Considerations for draft-ietf-idr-sr-policy-ifit-03: : IFIT data MUST be propagated in a limited domain in order to avoid : malicious attacks and solutions to ensure this requirement are : respectively discussed in [I-D.ietf-ippm-ioam-data] and : [I-D.ietf-6man-ipv6-alt-mark]. The NextHop Capability leveraged in this draft as part of prior learnings has specified itself as an Optional, Non-Transitive Path Attribute. This means that behaviors can be enforced on a hop-by-hop basis. BGP Extended Communities are only scoped for as-transitive or not. It'd be useful for the authors to comment on what the expected behaviors for BGP speakers downstream of not the IFIT egress. Also, potentially outside of the IFIT domain. What are the Security Considerations for such additional propagation of these Extended Communities? I'm unclear whether the intent of the Extended Communities is whether they should ONLY be propagated with the NextHop Capability or not. Please note that forms of this question were raised both on the mailing list in prior threads and also during IDR IETF sessions. -- Jeff _______________________________________________ Idr mailing list Idr@ietf.org<mailto:Idr@ietf.org> https://www.ietf.org/mailman/listinfo/idr
- [Idr] Adoption call for draft-wang-idr-bgp-ifit-c… Susan Hares
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Haoyu Song
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Jeffrey Haas
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Robert Raszuk
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Giuseppe Fioccola
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Zhuangshunwan
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Wanghaibo (Rainsword)
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Robert Raszuk
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Zhuangshunwan
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… duzongpeng@foxmail.com
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Wanghaibo (Rainsword)
- [Idr] 回复: RE: Adoption call for draft-wang-idr-bg… zhuyq8@chinatelecom.cn
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Gyan Mishra
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Gert Doering
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Robert Raszuk
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Zhuangshunwan
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Aijun Wang
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Lizhenbin
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Tianran Zhou
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Yangfan(Fan,IP Standards)
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… 庞冉(联通集团中国联通研究院-本 部)
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Ketan Talaulikar
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Ketan Talaulikar
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Tianran Zhou
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Ketan Talaulikar
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Zhuangshunwan
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Ketan Talaulikar
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Zhuangshunwan
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Robert Raszuk
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Wanghaibo (Rainsword)
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Zhuangshunwan
- Re: [Idr] Adoption call for draft-wang-idr-bgp-if… Susan Hares