IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-next-hop-capability-03.txt

"UTTARO, JAMES" <ju1738@att.com> Thu, 28 June 2018 11:02 UTC

Return-Path: <ju1738@att.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD17B130FA6 for <idr@ietfa.amsl.com>; Thu, 28 Jun 2018 04:02:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPx2uqg6vStk for <idr@ietfa.amsl.com>; Thu, 28 Jun 2018 04:02:27 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E73C130F35 for <idr@ietf.org>; Thu, 28 Jun 2018 04:02:27 -0700 (PDT)
Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id w5SAt9ZU002926; Thu, 28 Jun 2018 07:02:24 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049459.ppops.net-00191d01. with ESMTP id 2jvwr88vc2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 28 Jun 2018 07:02:23 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w5SB2NE0018885; Thu, 28 Jun 2018 07:02:23 -0400
Received: from zlp27130.vci.att.com (zlp27130.vci.att.com [135.66.87.38]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w5SB2GUP018799; Thu, 28 Jun 2018 07:02:16 -0400
Received: from zlp27130.vci.att.com (zlp27130.vci.att.com [127.0.0.1]) by zlp27130.vci.att.com (Service) with ESMTP id 78527400054A; Thu, 28 Jun 2018 11:02:16 +0000 (GMT)
Received: from MISOUT7MSGHUBAG.ITServices.sbc.com (unknown [130.9.129.151]) by zlp27130.vci.att.com (Service) with ESMTPS id 6128140006BF; Thu, 28 Jun 2018 11:02:16 +0000 (GMT)
Received: from MISOUT7MSGUSRCD.ITServices.sbc.com ([169.254.4.177]) by MISOUT7MSGHUBAG.ITServices.sbc.com ([130.9.129.151]) with mapi id 14.03.0399.000; Thu, 28 Jun 2018 07:02:16 -0400
From: "UTTARO, JAMES" <ju1738@att.com>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>, Randy Bush <randy@psg.com>
CC: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] I-D Action: draft-ietf-idr-next-hop-capability-03.txt
Thread-Index: AQHUDe4o0h2on3gzMEOdPuBqoWykuqR1KwgAgABrtID//+o0kA==
Date: Thu, 28 Jun 2018 11:02:15 +0000
Message-ID: <B17A6910EEDD1F45980687268941550F367674F0@MISOUT7MSGUSRCD.ITServices.sbc.com>
References: <153008684965.15406.536825824891886594@ietfa.amsl.com> <m2o9fvptr9.wl-randy@psg.com> <19553_1530173556_5B349874_19553_6_1_53C29892C857584299CBF5D05346208A47AB766D@OPEXCLILM21.corporate.adroot.infra.ftgroup>
In-Reply-To: <19553_1530173556_5B349874_19553_6_1_53C29892C857584299CBF5D05346208A47AB766D@OPEXCLILM21.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.228.88]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-28_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1806280126
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/bRDfPZZSutktS961Yspn92UWkb0>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-next-hop-capability-03.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2018 11:02:30 -0000

The notion of a group of AS domains that "trust" each other has been a discussion we have had over the last number of years.. For a hypothetical world-wide network which uses different AS numbers based on geography it is desirable to craft a trusted set, as a given tunneled service i.e 2547, EVPN, Kompella etc.. is deployed across all of these AS domains. One could imagine a migration to a single AS but this is not realistic..

Thanks,
	Jim Uttaro

-----Original Message-----
From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of bruno.decraene@orange.com
Sent: Thursday, June 28, 2018 4:13 AM
To: Randy Bush <randy@psg.com>
Cc: idr@ietf.org
Subject: Re: [Idr] I-D Action: draft-ietf-idr-next-hop-capability-03.txt

Hi Randy,

[Trimming the list to IDR]

 > -----Original Message-----
 > From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Randy Bush
 > Sent: Thursday, June 28, 2018 3:47 AM
 > To: internet-drafts@ietf.org
 > Cc: idr@ietf.org; i-d-announce@ietf.org
 > Subject: Re: [Idr] I-D Action: draft-ietf-idr-next-hop-capability-03.txt
 > 
 > from the sec cons
 > 
 >     an operator who is relying on the information carried in BGP must have a
 >     transitive trust relationship back to the source of the information.
 >     Specifying the mechanism(s) to provide such a relationship is beyond the
 >     scope of this document.
 > 
 > call the security police!
 
This is intended to be just stating a fact.
Would you mind elaborating on your comment?

Coming back to this document, the attribute is related to node indicated in the BGP NEXT_HOP which is usually not far away from you, including from a trust perspective. Also this attribute is explicitly removed when the NEXT_HOP is changed, and the attribute is non-transitive.
Finally, the first application is for labelled (MPLS) routes which typically imply a trust boundary.

Thanks,
Regards,
--Bruno
 
 > randy
 > 
 > _______________________________________________
 > Idr mailing list
 > Idr@ietf.org
 > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=_yVHR5jfVKriNt5TSyrS0fbO7NCbb_HNLvFDgBQmZOM&s=K4MrEL731u51vk6hDqYAC8trBc8vHYmM1TOcqnatGWc&e=

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

_______________________________________________
Idr mailing list
Idr@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=_yVHR5jfVKriNt5TSyrS0fbO7NCbb_HNLvFDgBQmZOM&s=K4MrEL731u51vk6hDqYAC8trBc8vHYmM1TOcqnatGWc&e=

v2.23.0 | Report a Bug | By Email