IETF Logo Mail Archive

Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

John Scudder <jgs@juniper.net> Fri, 06 November 2015 00:33 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58E481A1B40 for <idr@ietfa.amsl.com>; Thu, 5 Nov 2015 16:33:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id diSJi1fD2o_y for <idr@ietfa.amsl.com>; Thu, 5 Nov 2015 16:33:22 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0121.outbound.protection.outlook.com [207.46.100.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA1BE1A1A6B for <idr@ietf.org>; Thu, 5 Nov 2015 16:33:22 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=jgs@juniper.net;
Received: from jfujimiya-sslvpn-nc.jnpr.net (122.216.203.186) by CO1PR05MB457.namprd05.prod.outlook.com (10.141.72.141) with Microsoft SMTP Server (TLS) id 15.1.312.18; Fri, 6 Nov 2015 00:33:10 +0000
Content-Type: multipart/alternative; boundary="Apple-Mail=_E8A4F1F5-EAD6-4DA3-A9C0-9CC7BC6AB0BA"
MIME-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: John Scudder <jgs@juniper.net>
In-Reply-To: <11159_1402415346_539728F2_11159_3728_16_53C29892C857584299CBF5D05346208A07161787@PEXCVZYM11.corporate.adroot.infra.ftgroup>
Date: Fri, 06 Nov 2015 09:29:59 +0900
Message-ID: <AB4DB40D-2362-4897-BAB4-2E94F58D8C6E@juniper.net>
References: <002a01cf84b8$b0f55230$12dff690$@ndzh.com> <11159_1402415346_539728F2_11159_3728_16_53C29892C857584299CBF5D05346208A07161787@PEXCVZYM11.corporate.adroot.infra.ftgroup>
To: bruno.decraene@orange.com
X-Mailer: Apple Mail (2.2104)
X-Originating-IP: [122.216.203.186]
X-ClientProxiedBy: SIXPR01CA0028.apcprd01.prod.exchangelabs.com (25.163.105.156) To CO1PR05MB457.namprd05.prod.outlook.com (10.141.72.141)
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB457; 2:rkHNvzf/j3Xcs7J1GzY4SYcz2+g75SMPZP8w+4bZVmwL8Y7CFQLScGs7CthWruTupcSA+ik3jobL4rAPFUUBC9cPqFZER67F1j2S+dt7T3IuNVrl3IT4YgxaYtbaOKfQvI5jw6K6y87Yy1ojESu8FwJg9wd4pjBs7QH1TY/4rHg=; 3:ENuoxtVrS9fUYzks4X4qPtJRoI7k0XlI6smtYLedX4aIrAIYzslKo5Wfz4Iglq1JzRLCVCQjLRUvn+/+RKtjWr6wmdre+FX/ihjN+IlpOy/7wvh9sruaTXr30t9DMAIgZRpbomX7sFMC3C0tUFcHJA==; 25:nP1YGxC4bvr/9dAtF7pWup1qMvM7Y88gP9G5RZuQc/ZHHbjekuWdkJTV6NOIAM4L1jcQERsj1CVQQ9lXyqsypuOZNvJiknT2Hn95WzmDv978w5Z3yQy63Ipz9m0HmFzrnH+rhQvdl+Z9W1iemEkog7zT6JbdwhPteJI5rpDJno9t9DUqy/g4rvmZCioad4j7rzUmzG+q8qjep4vKfAg8wRelUNv9L/7jk/jIDThwwznCBHBn8UJjfXw0YrUWLcP/ynJYSPWJvxX1hDf/2zIJ6w==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO1PR05MB457;
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB457; 20:tYPfQQdG8emcRf0fE/qvD+NdiZjwI4ZpcCGh4HcEUROD6+fc1vtDsyX9hk0FeW0KG169eCI0Se64Xwqx9ATPw2T+gopwKVolRvrGT1pXeTUVHqBr8idLcIDltga6SlwJSVH0TWP0L4tl9lCgwwNr+WfHrm30e6cYbysSas1H4IHQWCaEg/BrqVCAFT67P5HWkXQYjc2zj9Q6nBG/1cJFzvuZdaGka4GmfzGlOEPcaiedbuwhy/pJ4ZyIczKRDbXKEBAJkG1NOKlgKkq91ibifRN7iTC9+2d+j6yqf5OVD/DyRXwimtNZSTFdO11Jdz/RZqPMT23jBgpYl42w1xJfugwZ/OKpM0nZX3pmW8RkwEfqgP7OB6LIHOiLDiReES2fOQFUkBIq+JnX8SX0C3izQDqobTUqhHAEiDO316QNZxhznL2Y4SIp6ktfLzpIr8Q2WumeDU06X4ZdL2g/DvWa7bm6rVnkIcAkbQ09O9Igy2rie72EgG+pWElyZysRCmzv; 4:/HBsbWR2a7c4SJCKIHexJflZxhuv590ianpuQV4nV/0EA4KIZMVYXykY0TWgWOdVGfPwSvtS1httPnRRQ5BcYPmsoQ2brFZpUDuIh/xyPgbwUyanxtF0AqCZ6cnUaHY21WortNcVviVBb5QhP07HzMx2inmnQ8bAwoouR18WW0mRPRQhgskcDTPvW/UCrw+7sfpGiUHbUHtCJqlEI1naGzfjkR3EpPUdYx/u3C7w+sownWPBNOYdxOGe5pGYSyqUeOfLC77abISrwuQGxHao+MKLxrYDMVlyH5pVlvKnk55h6XuS/v07e/WTCbtFfNKkKt9AluDzM2+0OaGJTPRZeIkXElJMzVTPkpV1EtS6lsKUss75VidWYkScEAKzeiEy
X-Microsoft-Antispam-PRVS: <CO1PR05MB457B0DC68333ADA0DBBCE21AA280@CO1PR05MB457.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(18271650672692);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046); SRVR:CO1PR05MB457; BCL:0; PCL:0; RULEID:; SRVR:CO1PR05MB457;
X-Forefront-PRVS: 07521929C1
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(51914003)(189002)(199003)(377454003)(24454002)(164054003)(77096005)(512874002)(69596002)(87976001)(19580405001)(53416004)(76176999)(5890100001)(5004730100002)(2950100001)(42186005)(50226001)(19617315012)(19580395003)(69556001)(101416001)(83716003)(230783001)(19625215002)(122386002)(5008740100001)(2351001)(5007970100001)(86362001)(40100003)(66066001)(33656002)(92566002)(84326002)(16297215004)(82746002)(81156007)(36756003)(15975445007)(50986999)(189998001)(15187005004)(57306001)(1720100001)(110136002)(5001960100002)(105586002)(97736004)(106356001)(104396002)(42262002)(19607625011); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR05MB457; H:jfujimiya-sslvpn-nc.jnpr.net; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB457; 23:1Vb3lv7/sWPi1vkMlcWEQpkSQ5jDQ0fWOGZq55iKgDe3///S8jsSkT+ZMuhg8d2PFZCFkIAXAnUX6Iz+Ft87E7w2uhdrLJaGxZuqAVTnZO8JLSARtJeZPf5sYkLFv/BG14Yj+IYNktSTxfShTy/g13TXDJDqSiggN69+DyJEkzeCsyesiPY1k8wiv8/px9Z4RkpHjVIVycl/8vfndQUr41sVXzikkcRQGNl0NTTO8obpSGDwJqIK+vNRnGvcQBKT4WkOyFFIPueaOwgl/OipYg2X3DVy10j2apoVSTkldijIQxycWNloR10azcOjbkLN8FNfugL8mKnNm3Qdf8y+Sq+xZB0jZw2/3QZvwcs/jnKfIaMuF+tGydv83fOT7fLMGset+JyTubB+sNBikULPPem7h+I4W36gjKChnPWn5v/xezS+ug4ZinxKTrz6Mp668I0oqh5lWWyqZxwpoaDsN44LD5JTcKqzsPxVIDeQDvrnfDbA+oVIy2rtZLj5bEYVng/f8eRTaj3H3ZmLkEBls67WKfJvehgULP3KzA+tdXZdiFU/ssvsEmXuHVZ0PBFJk84a1Jf8wOSehMkFXSIpiM/eZj++1jHqMMzzl9BeaVtfPv+wLQj9+B/jeuKq89oemL2xNsv5uoQJefiacZBg5Hk1B9M1QbVnbWG3eUcZKeovP525dizmWUvXTLiQK0+Pr0lqpiorKOai620pMS5Ik0tgI+2ZX+MACVmpia7+NcOMA3j0xyedp902NWl3b4j2qB19ym5S0PgGpsiKGZVM9Wc0RD/yXtObfy740oJt9lvpmFcs8FQ82bHOQIkfpf0RvIYqnvjacgGW509id/m+dNBRt097uoU1WJYiY8e/deNJlCXJqosMoU/P2IJrEako8ij1VRvtJSZNfwsKWh2JKCggzaJkQv9BEY05Cu5HJimLz/yYheSSzQtSsVQa739mQnpftoK4oHwGp5dCY7yzhLqB42iOW7LgssLrTB8BCGZBOcdRQqu7Cu6czlh5UmjPw+zD8zibc5EqetL8Ef51dJAhMdBMG+S7N/ETnY2b7TLZrwzbKmOoSUzhzlX9TA0I9uHIkfHFZiOjwuulpciGInaCsBgIOiTTaum/28+H0MN1WRZwrAAUAbNrEufL6z2ZmjfY8sGnC5TUtP0DzlRPlInqZEZOvBHMNRvRmVfRcxqZ+4zj1mfdHrmn6bNZOZ0uRnU+cg0tM+4X2fTBMeYHDPyXltczNYL/es8B4CseIQqaPUYTzM+neEFIyK28+vXU4upXEK1ZQQ1su3xdOjZ69fneqxZQqMa/+08mWdcHnOMv8GIpnWM1Bi44GaF90BSDVbipZ9BVMr2nDSWAx7NHjsVTM/+W2KDNmh8mcUb6pg0zu0sN+znR460O2x3GJgBM
X-Microsoft-Exchange-Diagnostics: 1; CO1PR05MB457; 5:4ykFGYWv5+i/OR5dti4SWtwymdlQGBGIbZ44nLGDNGzp0vsjy3FI1gVQejvMQArFlX0DPdWRi8jDtF65+6e6fMtBzH2OyDDFhgp6dU4Db7foyZe91SpFOC/VrhDbzthBP6P8vPCRfydKeQN9IWBz0g==; 24:Cf9WSXqEBaInX7dCxNULvxtZi4uKXukWPtnoI6Wye0U2/skYMEbNy7OeUNJE5nS68FdQyCvUNx1aVAVfHuTJgwPswt68NT6+oAQjzrh5kDw=; 20:GJpLDO8zCA/DaGUtbJQBhHpzzNm2SE9EzLGvMAtxX8zOxeA3atQ2BZOn123NzNRkeOHIL574E+tnl+CIz0gZDA==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2015 00:33:10.2266 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB457
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/bSUz1PdUvgALViBZ9zHo5bx8Q8o>
Cc: idr wg <idr@ietf.org>, "Murphy, Sandra" <Sandra.Murphy@parsons.com>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 00:33:26 -0000

Bruno,

> On Jun 11, 2014, at 12:49 AM, bruno.decraene@orange.com <mailto:bruno.decraene@orange.com> wrote:
> 
> 5) The text in « deployment consideration » seems a bit weak.
> I would say that: “In deployment scenarios where not all the speakers in an autonomous
>    system are upgraded to support the extensions defined in this  document, in order to avoid routing loops, it is REQUIRED to define policies” …

New text still says "necessary" instead of "REQUIRED". I think this is OK, personally -- in fact the issues are somewhat involved (though neither more nor less than for other routing policy) so the SHOUTING TEXT is maybe a little bit overkill.
 
> 6) For the same purpose, IMO:
> OLD: The default SHOULD be for the validation step to be disabled.
> NEW: The default MUST be for the validation step to be disabled.

Since the decision process change was backed out, I think this is OK now.

--John

>  
> Thanks,
> Regards,
> Bruno
>  
>  
> From: DECRAENE Bruno IMT/OLN 
> Sent: Tuesday, June 10, 2014 5:40 PM
> To: 'Susan Hares'; idr wg
> Cc: Murphy, Sandra; 'John G. Scudder'
> Subject: RE: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
>  
> Hi,
>  
> Thanks for the cross WG review. Please find below some proposed comments.
>  
> 1)      For people not following SIDR, could you please elaborate on why http://tools.ietf.org/html/draft-ietf-idr-custom-decision-04 <http://tools.ietf.org/html/draft-ietf-idr-custom-decision-04> has not been used? (via the registration of a new Point of Insertion specific to origin validation) (as I though draft-ietf-idr-custom-decision was intended to be the last time BGP decision process would be modified)
>  
> 2)      Could the document specify the action to be taken when multiple “Origin validation state extended” community are present with different validation state? And how are handled validation state value > 2. (from current text, it would not be considered an error, just lower priority. But I would prefer an explicit statement to avoid surprising error handling behavior)
>  
> 3)      Rfc 6811 is referenced twice in important sections. What about moving it to “normative reference”?
>  
> 4)      Following discussion triggered by http://tools.ietf.org/html/draft-decraene-idr-rfc4360-clarification-00 <http://tools.ietf.org/html/draft-decraene-idr-rfc4360-clarification-00> I understood that the IDR conclusion was that a non-transitive community may be attached on the outbound policy of an eBGP session; hence may received over an eBGP session. Given this, IMO the security consideration needs more text. (assuming that the ability for a neighboring AS to influence/force the origin validation state is considered acceptable, which would probably need to be discussed in SIDR)
>  
> Thanks,
> Regards,
> Bruno
>  
>  
> From: Idr [mailto:idr-bounces@ietf.org <mailto:idr-bounces@ietf.org>] On Behalf Of Susan Hares
> Sent: Tuesday, June 10, 2014 4:32 PM
> To: idr wg
> Cc: Murphy, Sandra; 'John G. Scudder'
> Subject: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
>  
> IDR:
>  
> The SIDR WG has asked for cross review of the draft-ietf-sidr-origin-validation-signaling-04.  This draft changes the RFC 4271 decision process in the following manner:
>  
>  
> If a BGP router supports prefix origin validation and is configured for the extensions defined in this document, the validation step SHOULD be performed prior to any of the steps defined in the decision process of [RFC4271 <http://tools.ietf.org/html/rfc4271>].  The validation step is stated as follows:
>  
>       When comparing a pair of routes for a BGP destination, the route
>       with the lowest "validation state" value is preferred.
>  
> In all other respects, the decision process remains unchanged.
>  
> The draft is at:
>  
> http://tools.ietf.org/html/draft-ietf-sidr-origin-validation-signaling-04 <http://tools.ietf.org/html/draft-ietf-sidr-origin-validation-signaling-04>
>  
> John and I would like to hear your comments regarding the RFC 4271 revision.  Please send comments that include “support”  or “no support”.
>  
> Sue and John
> _________________________________________________________________________________________________________________________
> 
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> 
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
> _______________________________________________
> Idr mailing list
> Idr@ietf.org <mailto:Idr@ietf.org>
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email