Re: [Idr] New BGP capability to advertise running daemon version

ERCIN TORUN <ercin.torun@turkcell.com.tr> Fri, 02 August 2019 07:26 UTC

Return-Path: <ercin.torun@turkcell.com.tr>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA069120137 for <idr@ietfa.amsl.com>; Fri, 2 Aug 2019 00:26:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NO_DNS_FOR_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vh0JbWbslgZb for <idr@ietfa.amsl.com>; Fri, 2 Aug 2019 00:25:37 -0700 (PDT)
Received: from smtp1.turkcell.com.tr (smtp1.turkcell.com.tr [212.252.168.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43CA71200B5 for <idr@ietf.org>; Fri, 2 Aug 2019 00:25:17 -0700 (PDT)
Received: from smtp1.turkcell.com.tr (unknown [10.218.130.44]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by Forcepoint Email with ESMTPS id EDCF8E9E32091121FE5D; Fri, 2 Aug 2019 10:25:03 +0300 (+03)
Received: from GXMB15.turkcell.entp.tgc (10.218.130.55) by GXED1.turkcell.com.tr (10.218.130.44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1713.5; Fri, 2 Aug 2019 10:26:28 +0300
Received: from GXEV1.turkcell.entp.tgc (10.218.130.48) by GXMB15.turkcell.entp.tgc (10.218.130.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1713.5; Fri, 2 Aug 2019 10:25:03 +0300
Received: from GXEV1.turkcell.entp.tgc ([fe80::7876:b4a4:f727:8a43]) by GXEV1.turkcell.entp.tgc ([fe80::7876:b4a4:f727:8a43%29]) with mapi id 15.01.1713.004; Fri, 2 Aug 2019 10:25:03 +0300
From: ERCIN TORUN <ercin.torun@turkcell.com.tr>
To: Donatas Abraitis <donatas.abraitis@gmail.com>
CC: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] New BGP capability to advertise running daemon version
Thread-Index: AQHVSPjxZ/A7/H7yQkaRZeYDyEbO9KbnYhJA///YegCAADbVcA==
Date: Fri, 2 Aug 2019 07:25:03 +0000
Message-ID: <543a6216785b4049883cc7cae7adde79@turkcell.com.tr>
References: <CAPF+HwV3EEUza3FyiXsd_oSkj80OwY-tE2DgFWnynq1FL2tLHg@mail.gmail.com> <015d56c13d01436890da2b8a7179fac9@turkcell.com.tr> <CAPF+HwV2Df6qcRD+GrE_JFv8W5Yh3OACKZrdv1Bw4PXQbjtDyQ@mail.gmail.com>
In-Reply-To: <CAPF+HwV2Df6qcRD+GrE_JFv8W5Yh3OACKZrdv1Bw4PXQbjtDyQ@mail.gmail.com>
Accept-Language: tr-TR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.218.130.4]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/aRvCgl6aB1qjY6qEjkOV80jHPpg>
Subject: Re: [Idr] New BGP capability to advertise running daemon version
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 07:26:06 -0000

Hello Donatas, 

In FRR, profiles are a way of toggling mechanism but not all vendors implementations works the same way (e.g. toggling capability or its negotiation specifically). Anyway it is just a suggestion, not a crucial point. 

Regards 





-----Original Message-----
From: Donatas Abraitis <donatas.abraitis@gmail.com> 
Sent: Friday, August 2, 2019 9:56 AM
To: ERCIN TORUN <ercin.torun@turkcell.com.tr>
Cc: idr@ietf.org
Subject: Re: [Idr] New BGP capability to advertise running daemon version

Hello,

yes, it's risky and shouldn't be toggled by default, but in data center environments where you have full control, it's very handy. For instance in FRR has a few modes to operate like traditional and datacenter. By having datacenter profile enabled, it's safe enough to have this capability, IMO. Or as you suggested, just an additional knob for configuring this is considered as well.

On Fri, Aug 2, 2019 at 9:39 AM ERCIN TORUN <ercin.torun@turkcell.com.tr> wrote:
>
> Hello Donatas,
>
> I do think that your suggestion is handy, but from security perspective it is risky if you are enabling such a feature in a non-trust environment. An implementation warning should be added for vendors/code developers not to enable this capability by default. Enabling such a functionality by default might result in your neighbors knowing your BGP implementation & its version, which might contain security risks.
>
> In security section you refer to RFC3552. In section 6.1.1.4 (https://tools.ietf.org/html/rfc3552#section-6.1.1) of mentioned RFC same suggestion exists but only for SMTP.
>
> Regards
> Erçin TORUN
>
> -----Original Message-----
> From: Idr <idr-bounces@ietf.org> On Behalf Of Donatas Abraitis
> Sent: Friday, August 2, 2019 9:08 AM
> To: idr@ietf.org
> Subject: [Idr] New BGP capability to advertise running daemon version
>
> Hi there!
>
> I would like to propose a new idea of how to simplify the debugging process when dealing with lots of different BGP speakers and even more with different versions.
>
> Basically, the implementation is very trivial, but it would be handy in cases when you should debug why some functionality does not work between two or more BGP speakers. Having this in place would speedup troubleshooting time. Even better if that comes to automation to gather information around all infrastructure you have.
>
> The implementation and details are posted in this draft:
> https://www.ietf.org/id/draft-abraitis-bgp-version-capability-00.txt
>
> Waiting for comments.
>
> Thank you!
>
> --
> Donatas
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>
> [http://www.turkcell.com.tr/downloads/bireysel/img/Tcelldis.gif] 
> <https://ddei3-0-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=htt
> p%3a%2f%2fturkcell.li%2fiyaani&umid=4041BB64-8F1C-DC05-87C2-15D2846F2A
> 9C&auth=54639621fcdd7e0f42d2a208112da27408386c06-c873efbf57aaf2ae8cad8
> dceac16346b12df973d>
>
> Bu elektronik posta ve onunla iletilen butun dosyalar sadece gondericisi tarafindan almasi amaclanan yetkili gercek ya da tuzel kisinin kullanimi icindir. Eger soz konusu yetkili alici degilseniz bu elektronik postanin icerigini aciklamaniz, kopyalamaniz, yonlendirmeniz ve kullanmaniz kesinlikle yasaktir ve bu elektronik postayi derhal silmeniz gerekmektedir.
>
> TURKCELL bu mesajin icerdigi bilgilerin doğruluğu veya eksiksiz oldugu 
> konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin 
> ne sekilde olursa olsun iceriginden, iletilmesinden, alinmasindan ve 
> saklanmasindan sorumlu degildir. Bu mesajdaki gorusler yalnizca 
> gonderen kisiye aittir ve TURKCELLin goruslerini yansitmayabilir
>
> Bu e-posta bilinen butun bilgisayar viruslerine karsi taranmistir.
>
> ________________________________
>
> This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted.
>
> TURKCELL makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TURKCELL.
>
> This e-mail has been scanned for all known computer viruses.



--
Donatas