IETF Logo Mail Archive

Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

"Keyur Patel (keyupate)" <keyupate@cisco.com> Thu, 12 November 2015 19:19 UTC

Return-Path: <keyupate@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE2F71B3201 for <idr@ietfa.amsl.com>; Thu, 12 Nov 2015 11:19:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VhuneTgT0u3S for <idr@ietfa.amsl.com>; Thu, 12 Nov 2015 11:19:22 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 016CE1B31FD for <idr@ietf.org>; Thu, 12 Nov 2015 11:19:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=84974; q=dns/txt; s=iport; t=1447355961; x=1448565561; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=nI7cmtoOgPuQAee/WqRNzQxxiFYL/MBkSPFsgK5Ab1I=; b=AWtAma4r7qlUxZq8QbxAKUwFvhMv99fw9Dn0UTMbcFI+swmLzE8wCyJg W3GwUiEuIXv9FdUKyZuzr0YZFLE+msaeD5HrygZQWVWlO67nrObrzNngB yG3RffmWEC8iC62hT/4QmE2HV0Xom6NSKmynCZ97qC+EL0qtqpW4kpu6b I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D3AQAP5URW/5BdJa1egm5NU28GvjkBDYFiAxcBC4VtAoE+OBQBAQEBAQEBgQqENAEBAQQBAQEXAxBBCxACAQgRAwEBASEBBgcmAQsUCQgCBAENBAEUiBoNxCABAQEBAQEBAQEBAQEBAQEBAQEBAQEYhlSEfoFAgmoRASUHEw0JAoQmBZJng2EBhRyICoFbSYN3jVaEYoNxAREOAQFCgg4DDRAWgUByAYN0BxcHHIEHAQEB
X-IronPort-AV: E=Sophos; i="5.20,283,1444694400"; d="scan'208,217"; a="46321699"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-6.cisco.com with ESMTP; 12 Nov 2015 19:19:20 +0000
Received: from XCH-RTP-020.cisco.com (xch-rtp-020.cisco.com [64.101.220.160]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id tACJJJU6027025 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 12 Nov 2015 19:19:20 GMT
Received: from xch-rtp-017.cisco.com (64.101.220.157) by XCH-RTP-020.cisco.com (64.101.220.160) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 12 Nov 2015 14:19:19 -0500
Received: from xch-rtp-017.cisco.com ([64.101.220.157]) by XCH-RTP-017.cisco.com ([64.101.220.157]) with mapi id 15.00.1104.000; Thu, 12 Nov 2015 14:19:19 -0500
From: "Keyur Patel (keyupate)" <keyupate@cisco.com>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "John G. Scudder" <jgs@juniper.net>
Thread-Topic: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
Thread-Index: AQHRHX8HC059TdInvEOogInxWYU6Hw==
Date: Thu, 12 Nov 2015 19:19:19 +0000
Message-ID: <D26A2582.2ECD7%keyupate@cisco.com>
References: <002a01cf84b8$b0f55230$12dff690$@ndzh.com> <29140_1402414807_539726D7_29140_10276_1_53C29892C857584299CBF5D05346208A0716175D@PEXCVZYM11.corporate.adroot.infra.ftgroup> <0CE20ABC-B920-48B5-AB75-4E41AC1D6067@bgp.nu> <644_1447337897_56449FA9_644_166_1_53C29892C857584299CBF5D05346208A0F6B6DD1@OPEXCLILM21.corporate.adroot.infra.ftgroup> <86E65C6B-3B9E-4D02-91A6-B086C8D5C1AE@juniper.net> <26952_1447343317_5644B4D5_26952_6301_1_53C29892C857584299CBF5D05346208A0F6B7101@OPEXCLILM21.corporate.adroot.infra.ftgroup>
In-Reply-To: <26952_1447343317_5644B4D5_26952_6301_1_53C29892C857584299CBF5D05346208A0F6B7101@OPEXCLILM21.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.32.172.93]
Content-Type: multipart/alternative; boundary="_000_D26A25822ECD7keyupateciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/aVl9YQIGQT9fs5pSX165QJv_kfw>
Cc: idr wg <idr@ietf.org>, "Murphy, Sandra" <Sandra.Murphy@parsons.com>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 19:19:26 -0000

Hi Bruno,

Posted -07 version that addresses all your recent comments.

https://www.ietf.org/internet-drafts/draft-ietf-sidr-origin-validation-signaling-07.txt

Best Regards,
Keyur

From: "bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>" <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>>
Date: Thursday, November 12, 2015 at 7:48 AM
To: "John G. Scudder" <jgs@juniper.net<mailto:jgs@juniper.net>>
Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>, Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>, "Murphy, Sandra" <Sandra.Murphy@parsons.com<mailto:Sandra.Murphy@parsons.com>>
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

Hi John,

Thanks, looks good to me.
More inline. [Bruno]


From: John G. Scudder [mailto:jgs@juniper.net]
Sent: Thursday, November 12, 2015 4:17 PM
To: DECRAENE Bruno IMT/OLN
Cc: idr wg; Murphy, Sandra; Susan Hares
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

Hi Bruno,

Thanks for your additional comments. My responses in-line below.

On Nov 12, 2015, at 9:18 AM, bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> wrote:

Hi John,

Thanks for taking the time to take my comments into accounts.
-06 address all my comments.


Following the changes, I have some further comments. Please feel free to silently discard/update as you wish.
*) §2  :s/TBD/0x00

Thanks, will do.



*) Following the removal of the change to the BGP Decision Process, the 2 first sentences of the abstract & Introduction could probably be removed or rewritten. (Currently is “As part of the origination AS validation process, it can be desirable
   to automatically consider the validation state of routes in the BGP
   decision process.  The purpose of this document is to provide a
   specification for doing so. »

Good point. I suggest simply removing the text you've quoted, and slightly rewriting of the remaining, something like:

"This document defines a new BGP opaque extended community to carry the origination AS validation state inside an autonomous system. IBGP speakers that receive this validation state can configure local policies allowing it to influence theirdecision process."
[Bruno] looks good to me.

*) §2 “An implementation SHOULD NOT send more than one instance of the
   origin validation state extended community.  However, if more than
   one instance is received, an implementation MUST disregard all
   instances other than the one with the numerically-greatest value.”

Sorry for nit picking, but since this may impact interoperability, I would prefer if you could explicitly specify what “numerically-greatest value” refers to. IMHO “validationstate” but some people could understand “extended community”

If we assume (or specify) that the reserved field must be zero, then it's equivalent whether you compare only the lowest two bits or the entire eight bytes, because the top 62 bits are completely determined by the specification. That said, I think you are right, since in the future some use might be made of the reserved field.
[Bruno] You are reading my mind.
Seems like we can just add more description to "value", as in "… MUST disregard all instances other than the one with the numerically-greatest validation state value".
 [Bruno] Looks good to me. Thanks.

*) §2 For the same reason, explicitly specifying what to do with the Reserved field would ease my mind. (I assume Reserved: MUST be set to 0, and SHOULD be ignored upon receipt)

I agree, although I think it MUST be ignored upon receipt – after all, a future specification that assigns semantics to the reserved field can and will also revise the instruction to ignore it. So, I propose we add the paragraph "the Reserved field MUST be sent as zero and MUST be ignored upon receipt" as the final paragraph of section 2.
 [Bruno] I agree with you. For my defense, I quoted RFC 4760 (my first google hit).

Thanks
Regards,
--Bruno

Regards,

--John



Thanks,
Bruno

From: John G. Scudder [mailto:jgs@bgp.nu]
Sent: Friday, November 06, 2015 1:22 AM
To: DECRAENE Bruno IMT/OLN
Cc: Susan Hares; idr wg; Murphy, Sandra
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

Hi Bruno,

We believe -05 has addressed these issues, see below.

On Jun 11, 2014, at 12:40 AM, bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> wrote:

Hi,

Thanks for the cross WG review. Please find below some proposed comments.

1)      For people not following SIDR, could you please elaborate on why http://tools.ietf.org/html/draft-ietf-idr-custom-decision-04 has not been used? (via the registration of a new Point of Insertion specific to origin validation) (as I though draft-ietf-idr-custom-decision was intended to be the last time BGP decision process would be modified)

We didn't register a new POI, but did remove the decision process change. It would be possible to register a new POI as part of follow-up work if demand for that exists, but we didn't think it necessary to move forward.



2)      Could the document specify the action to be taken when multiple “Origin validation state extended” community are present with different validation state? And how are handled validation state value > 2. (from current text, it would not be considered an error, just lower priority. But I would prefer an explicit statement to avoid surprising error handling behavior)

Done. (Drop the community.)



3)      Rfc 6811 is referenced twice in important sections. What about moving it to “normative reference”?

Done.



4)      Following discussion triggered by http://tools.ietf.org/html/draft-decraene-idr-rfc4360-clarification-00 I understood that the IDR conclusion was that a non-transitive community may be attached on the outbound policy of an eBGP session; hence may received over an eBGP session. Given this, IMO the security consideration needs more text. (assuming that the ability for a neighboring AS to influence/force the origin validation state is considered acceptable, which would probably need to be discussed in SIDR)

Leaking the community across EBGP is now specified as off by default.

Thanks,

--John


Thanks,
Regards,
Bruno


From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Susan Hares
Sent: Tuesday, June 10, 2014 4:32 PM
To: idr wg
Cc: Murphy, Sandra; 'John G. Scudder'
Subject: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

IDR:

The SIDR WG has asked for cross review of the draft-ietf-sidr-origin-validation-signaling-04.  This draft changes the RFC 4271 decision process in the following manner:




If a BGP router supports prefix origin validation and is configured for the extensions defined in this document, the validation step SHOULD be performed prior to any of the steps defined in the decision process of [RFC4271<http://tools.ietf.org/html/rfc4271>].  The validation step is stated as follows:



      When comparing a pair of routes for a BGP destination, the route

      with the lowest "validation state" value is preferred.



In all other respects, the decision process remains unchanged.

The draft is at:

http://tools.ietf.org/html/draft-ietf-sidr-origin-validation-signaling-04

John and I would like to hear your comments regarding the RFC 4271 revision.  Please send comments that include “support”  or “no support”.

Sue and John

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorization.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email