IETF Logo Mail Archive

Re: [Idr] WG Adoption call draft-ymbk-idr-bgp-open-policy - (6/6 to 6/20/2016)

Alexander Azimov <aa@qrator.net> Thu, 09 June 2016 17:15 UTC

Return-Path: <aa@highloadlab.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0E0312D8BD for <idr@ietfa.amsl.com>; Thu, 9 Jun 2016 10:15:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=highloadlab-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iyO-ixshrBbS for <idr@ietfa.amsl.com>; Thu, 9 Jun 2016 10:15:44 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C69F512D8C1 for <idr@ietf.org>; Thu, 9 Jun 2016 10:15:44 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id z189so159990954itg.0 for <idr@ietf.org>; Thu, 09 Jun 2016 10:15:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=highloadlab-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=csS2w8dYbHzGPQj12h837Wja2e/82ZRaa74hJCaWyP4=; b=bPGkwFz3yuey2bG5Rl+43EVH2egKtGhx0pQQgDu61H+d/NFIpC0/PgYtwoXKnSeVoe zRHgrGk862OhgArNN31LYZz4nRln2pgIrupGQb/pGvxmYT1uSFO+U7BHWpAXL9qB6rv3 vMNwMMGNQDFJZs99fjScRVJUfZrDWEj+nfqVHA4uEsTTeu0hkRuK7eUWsatd1oeH8XAr +Zv70xe6J/Xxu3w9b/YL1sUCNDL1GtCDWeZ5BRd3nJR8ia+HpvX9cD3OBLWYCmry20BD fk/3O9tpsl+lRBIduVehS6CrWR+ge4qwiFixgVhwL9r5eJp2WYaRPXGUgarPRBzjdvyB 9gFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=csS2w8dYbHzGPQj12h837Wja2e/82ZRaa74hJCaWyP4=; b=b2KSnKC2LkkApxj3M8FQAAYxvMrjSAwQEo2Fg7TVoYIm9u4TjzMm9GHX4oYPf41BEb 3Y2wtfLDn3orN0ixIHcbqt5HrgA61PXStMgaIF5NoSenZc+l/HAYFK7s7YZicnm6+YOR ba3KG8Vk86TMckphEgNmnOrVQO+iEcsW/okN8qBrUiEma5HUCpj5AuDufrQT62ULjgOh e8QK6ck61021PNDlbGRtfXsF0czoqeCoqvrACMEpc9KUns/j7DMdT3Iu1Vdih9H/9MF/ FJlMyBxYiX7TEOTG/ShII7aVikrXekXWGGoFdqHy2m8mFS1Vk+vQEHRT23xjDvRUERlF b7HQ==
X-Gm-Message-State: ALyK8tKJSdXJXcAuF/Qh4VjBehMvkJfsiBT/CX9B1l0ToHSCtS4sQGbo28CtCsJpbtRDn6yCayJDGZm5u9FPQw==
X-Received: by 10.36.104.2 with SMTP id v2mr24743976itb.64.1465492543830; Thu, 09 Jun 2016 10:15:43 -0700 (PDT)
MIME-Version: 1.0
Sender: aa@highloadlab.com
Received: by 10.64.146.129 with HTTP; Thu, 9 Jun 2016 10:15:43 -0700 (PDT)
X-Originating-IP: [176.110.121.30]
In-Reply-To: <20160609163225.GC2524@Vurt.local>
References: <012e01d1c012$1d05f8d0$5711ea70$@ndzh.com> <20160609163225.GC2524@Vurt.local>
From: Alexander Azimov <aa@qrator.net>
Date: Thu, 09 Jun 2016 20:15:43 +0300
X-Google-Sender-Auth: 9oUp0-47Y-G4Fibd-ctA_wuE6dU
Message-ID: <CAHgCvCOMXZKH80YLm=PCv6_PPu3Gp8J6ZR+ed+P_eh953CMt3w@mail.gmail.com>
To: Job Snijders <job@instituut.net>
Content-Type: multipart/alternative; boundary="001a11449c067f22440534db9206"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ahIr7Nw0YVBU5tZLPtj9V_R5jZs>
Cc: idr@ietf.org, draft-ietf-idr-route-leak-detection-mitigation@ietf.org, "John G. Scudder" <jgs@bgp.nu>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] WG Adoption call draft-ymbk-idr-bgp-open-policy - (6/6 to 6/20/2016)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 17:15:48 -0000

Dear Job,

Thank you for joining discussion!

I can't imagine situation when there would be changes in roles between two
neighbors on regular basis. So, we should not suffer from lots of BGP flaps
caused by roles.

In second point you've highlighted most common concern about different
prefix-based route policies in same BGP session. There are at least two
workarounds:

   1. Add 'custom' role and give in such sessions access to manual OTC
   configuration (there would be new appropriate pair of roles custom-custom)
   2. Split such BGP sessions into two with different roles

For myself I do prefer second option - I would like to see route leak
mitigation as built in and fully automated mechanism, with no opportunity
for 'fat fingers' get inside. This could bring additional work for NOC
teams in short term, but in long term benefit from controlling neighbor
configuration (especially in case of new ISPs) will fully cover the spent
time. But what do you think according to your operational experience?


2016-06-09 19:32 GMT+03:00 Job Snijders <job@instituut.net>:

> Dear Authors, IDR group,
>
> I'd like to start by thanking you for putting thought and time into the
> route leak problem space. It is encouring to see fellow operators engage
> with the IETF community to address actual, day to day issues.
>
> On Mon, Jun 06, 2016 at 12:40:19PM -0400, Susan Hares wrote:
> > This begins a 2 week WG Adoption call for draft-ymbk-idr-bgp-open-policy.
> > You can find the draft at:
> >
> > https://datatracker.ietf.org/doc/draft-ymbk-idr-bgp-open-policy/.
> >
> > In your comments on adopting this draft, please indicate:
> >
> > 1)      "Support" or "no Support"
>
> No support.
>
> > 2)      Do you feel this is a way to prevent route leaks?
>
> It certainly is a way.
>
> > 3)      Are there any deployment issues that might prevent deployment
> > of this enhancement to BGP Open?
>
> I do not think that the OPEN moment in the lifecycle of a BGP session is
> the appropiate place for policy constructs like this. In practise it is
> probably not an issue when you have to flap a BGP session to change the
> relation between two ASNs, but it would be nice if this is not required
> (like today on most platforms).
>
> Secondly (and more importantly), the roles are not necessarily a BGP
> session-specific characteristic, but rather a prefix-specific property.
> The proposed OPEN method does not provide for this level granularity if
> I am reading it correctly. The method would affect all prefixes exchange
> over a BGP session, without exception.
>
> > 4) Does this interact with
> > draft-ietf-idr-route-leak-detection-mitigation?
>
> Yes, in terms of the problem being addressed.
>
> Kind regards,
>
> Job
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>



-- 
| Alexander Azimov  | HLL l QRATOR
| tel.: +7 499 241 81 92
| mob.: +7 915 360 08 86
| skype: mitradir
| mailto: aa@qrator.net
| visit: www.qrator.net

v2.23.0 | Report a Bug | By Email