IETF Logo Mail Archive

Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06

"Juan Alcaide (jalcaide)" <jalcaide@cisco.com> Fri, 11 May 2018 18:57 UTC

Return-Path: <jalcaide@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B802F12EB19; Fri, 11 May 2018 11:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6VmmUMtMsTY; Fri, 11 May 2018 11:57:55 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1F5812EA62; Fri, 11 May 2018 11:57:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27522; q=dns/txt; s=iport; t=1526065073; x=1527274673; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=ezjsc8gmMzXbc+Y1zt/BMyIhyWwBbH/ar6sGFzJEjrM=; b=AswEUiT51I0a3zUikJUABjO6yJVgHFys6lNPKxtS2Y90lFk6eGcUPeGe ds46OfoUAuGTszfRcw6nckjnjGll6w2bd6AU5+oDai56mkGUULwi1n4My pukOiyHc6UBmz3JvXg1BjG8JWLWq0wS5+Puj2W75ceJDIQbN1Ukz9xS+S k=;
X-IronPort-AV: E=Sophos;i="5.49,389,1520899200"; d="scan'208,217";a="113178656"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 May 2018 18:57:52 +0000
Received: from [10.82.208.50] (rtp-vpn4-50.cisco.com [10.82.208.50]) (authenticated bits=0) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id w4BIvmde021965 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 11 May 2018 18:57:50 GMT
To: "Smith, Donald" <Donald.Smith@CenturyLink.com>, "Jakob Heitz (jheitz)" <jheitz@cisco.com>, John Scudder <jgs@juniper.net>, "idr@ietf. org" <idr@ietf.org>
Cc: "nl7942@att.com" <nl7942@att.com>, "Schiel, John" <John.Schiel@centurylink.com>, "draft-ietf-idr-bgp-flowspec-oid@ietf.org" <draft-ietf-idr-bgp-flowspec-oid@ietf.org>
References: <DB4DB79D-22DD-45A7-980A-B33C5E58C1C7@juniper.net> <2997BE5D-F4C6-4AC2-9B00-126436FC5141@juniper.net> <68EFACB32CF4464298EA2779B058889D53DB49B4@PDDCWMBXEX503.ctl.intranet> <e0e1857b46104431be4f655fe8d1e0b1@XCH-ALN-014.cisco.com> <68EFACB32CF4464298EA2779B058889D53DB4D80@PDDCWMBXEX503.ctl.intranet>
From: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
Message-ID: <7cc92070-d480-cd91-e572-36dc36836732@cisco.com>
Date: Fri, 11 May 2018 20:57:48 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <68EFACB32CF4464298EA2779B058889D53DB4D80@PDDCWMBXEX503.ctl.intranet>
Content-Type: multipart/alternative; boundary="------------C41C95C11CDF013C8C1D8B7A"
Content-Language: en-US
X-Authenticated-User: jalcaide
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/cWrEZmXzduAKn0llKb8xQjLeM0k>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 18:58:03 -0000

Don,

(just to be clear, this has nothing to directly with the redirect 
extended-community draft)

We already thought about it and added a 'clause' in the last revision.

"Optionally, an implementation
    could be configured to allow only flow specification NLRIs containing
    only a subset of ASes.  This could be useful, for example, with
    networks that consist of multiple ASes that operate under the same
    administrative domain."

This is not what you want?

-J

On 5/11/2018 4:50 PM, Smith, Donald wrote:
>
> That would work of course MAY would be caps :) But that should cover 
> the case I was describing.
>
> All the other BGP security issues would still apply.
>
> Cc'ing the two architects that have been working on this concept with 
> me, in case they have anything to add.
>
> Metric System < +000 > -000
> Extra People's Terribly Good Meals Kept mY uNCLE    Ned   Purring 
> For     Ages
> Exa   Peta        Tera     Giga   Mega  Kilo milli Micro(u) Nano 
> Pico    Femto Atto
> Donald.Smith@centurylink.com <mailto:Donald.Smith@centurylink.com>
> ------------------------------------------------------------------------
> *From:* Jakob Heitz (jheitz) [jheitz@cisco.com]
> *Sent:* Thursday, May 10, 2018 11:39 PM
> *To:* Smith, Donald; John Scudder; idr@ietf. org
> *Cc:* draft-ietf-idr-bgp-flowspec-oid@ietf.org
> *Subject:* RE: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
>
> I support the draft.
>
> Donald, are you saying that AS1 should accept a flowspec rule from AS2 
> for traffic going to AS3?
>
> If AS1 can trust the flowspec from AS2, then I don't see why not.
>
> Maybe we can add text to the effect of:
>
> The rules stated here are for default behavior.
>
> Local policy may allow flow specifications from other EBGP neighbors 
> to be accepted.
>
> Thanks,
>
> Jakob
>
> *From:*Idr <idr-bounces@ietf.org> *On Behalf Of *Smith, Donald
> *Sent:* Thursday, May 10, 2018 11:58 AM
> *To:* John Scudder <jgs@juniper.net>; idr@ietf. org <idr@ietf..org>
> *Cc:* draft-ietf-idr-bgp-flowspec-oid@ietf.org
> *Subject:* Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
>
> This supports some of the bi-lateral, ddos-peering work we want to do, 
> so support.
>
> https://pc.nanog.org/static/published/meetings/NANOG71/1447/20171003_Levy_Operationalizing_Isp_v2.pdf
>
> That is almost always going to be between some set of systems not one 
> hop away, not directly in the forwarding plane, probably not really 
> IBGP peers.
>
> " It thus becomes necessary to modify step (a) of the RFC 5575 
> <https://tools.ietf.org/html/rfc5575>
>    validation procedure such that an IBGP peer that is not within the
>    data forwarding plane may originate flow specification NLRIs."
>
> While you could have the IBGP peer directly in the forwarding plane, 
> forward it like a route reflector, requiring it to seems counter 
> intuitive as it is more likely to come from some BGP speaking tool in 
> ISP requesting the filter.
>
> Next lots of references to IBGP and a few to EBGP, when I think of 
> IBGP, IBGP is internal to a single AS (yes I know there are 
> exceptions) but that is kind of the meaning, while this is mostly 
> between peers (whom could do IBGP between them but is that required? 
> Can't we validate without IBGP direct connections?)
>
> Metric System < +000 > -000
>
> Extra People's Terribly Good Meals Kept mY uNCLE    Ned   Purring 
> For     Ages
>
> Exa   Peta Tera     Giga   Mega  Kilo milli Micro(u) Nano Pico    
> Femto Atto
>
> Donald.Smith@centurylink.com <mailto:Donald.Smith@centurylink.com>
>
> ------------------------------------------------------------------------
>
> *From:*Idr [idr-bounces@ietf.org] on behalf of John Scudder 
> [jgs@juniper.net]
> *Sent:* Thursday, May 10, 2018 12:28 PM
> *To:* idr@ietf. org
> *Cc:* draft-ietf-idr-bgp-flowspec-oid@ietf.org 
> <mailto:draft-ietf-idr-bgp-flowspec-oid@ietf.org>
> *Subject:* Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
>
> Hi All,
>
>     On Apr 26, 2018, at 3:58 PM, John Scudder <jgs@juniper.net
>     <mailto:jgs@juniper.net>> wrote:
>
>     The authors have requested a working group last call for
>     draft-ietf-idr-bgp-flowspec-oid-06. Please respond with your
>     comments before Friday, May 11.
>
> A quick update on the status of this WGLC:
>
> - All the authors have responded about IPR (thank you!).
>
> - Three people who are not authors (Acee, Shyam, Keyur) have responded 
> supporting publication.
>
> - Nobody has responded with other comments or opposition.
>
> Three respondents is not a very large number; it would be helpful if 
> others would chime in.
>
> The WGLC period is scheduled to end tomorrow.
>
> Thanks,
>
> --John
>
> This communication is the property of CenturyLink and may contain 
> confidential or privileged information. Unauthorized use of this 
> communication is strictly prohibited and may be unlawful. If you have 
> received this communication in error, please immediately notify the 
> sender by reply e-mail and destroy all copies of the communication and 
> any attachments.
>
> This communication is the property of CenturyLink and may contain 
> confidential or privileged information. Unauthorized use of this 
> communication is strictly prohibited and may be unlawful. If you have 
> received this communication in error, please immediately notify the 
> sender by reply e-mail and destroy all copies of the communication and 
> any attachments.
>
>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email