Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
"Juan Alcaide (jalcaide)" <jalcaide@cisco.com> Fri, 11 May 2018 18:57 UTC
Return-Path: <jalcaide@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B802F12EB19; Fri, 11 May 2018 11:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6VmmUMtMsTY; Fri, 11 May 2018 11:57:55 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1F5812EA62; Fri, 11 May 2018 11:57:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27522; q=dns/txt; s=iport; t=1526065073; x=1527274673; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=ezjsc8gmMzXbc+Y1zt/BMyIhyWwBbH/ar6sGFzJEjrM=; b=AswEUiT51I0a3zUikJUABjO6yJVgHFys6lNPKxtS2Y90lFk6eGcUPeGe ds46OfoUAuGTszfRcw6nckjnjGll6w2bd6AU5+oDai56mkGUULwi1n4My pukOiyHc6UBmz3JvXg1BjG8JWLWq0wS5+Puj2W75ceJDIQbN1Ukz9xS+S k=;
X-IronPort-AV: E=Sophos;i="5.49,389,1520899200"; d="scan'208,217";a="113178656"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 May 2018 18:57:52 +0000
Received: from [10.82.208.50] (rtp-vpn4-50.cisco.com [10.82.208.50]) (authenticated bits=0) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id w4BIvmde021965 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 11 May 2018 18:57:50 GMT
To: "Smith, Donald" <Donald.Smith@CenturyLink.com>, "Jakob Heitz (jheitz)" <jheitz@cisco.com>, John Scudder <jgs@juniper.net>, "idr@ietf. org" <idr@ietf.org>
Cc: "nl7942@att.com" <nl7942@att.com>, "Schiel, John" <John.Schiel@centurylink.com>, "draft-ietf-idr-bgp-flowspec-oid@ietf.org" <draft-ietf-idr-bgp-flowspec-oid@ietf.org>
References: <DB4DB79D-22DD-45A7-980A-B33C5E58C1C7@juniper.net> <2997BE5D-F4C6-4AC2-9B00-126436FC5141@juniper.net> <68EFACB32CF4464298EA2779B058889D53DB49B4@PDDCWMBXEX503.ctl.intranet> <e0e1857b46104431be4f655fe8d1e0b1@XCH-ALN-014.cisco.com> <68EFACB32CF4464298EA2779B058889D53DB4D80@PDDCWMBXEX503.ctl.intranet>
From: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
Message-ID: <7cc92070-d480-cd91-e572-36dc36836732@cisco.com>
Date: Fri, 11 May 2018 20:57:48 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <68EFACB32CF4464298EA2779B058889D53DB4D80@PDDCWMBXEX503.ctl.intranet>
Content-Type: multipart/alternative; boundary="------------C41C95C11CDF013C8C1D8B7A"
Content-Language: en-US
X-Authenticated-User: jalcaide
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/cWrEZmXzduAKn0llKb8xQjLeM0k>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 18:58:03 -0000
Don, (just to be clear, this has nothing to directly with the redirect extended-community draft) We already thought about it and added a 'clause' in the last revision. "Optionally, an implementation could be configured to allow only flow specification NLRIs containing only a subset of ASes. This could be useful, for example, with networks that consist of multiple ASes that operate under the same administrative domain." This is not what you want? -J On 5/11/2018 4:50 PM, Smith, Donald wrote: > > That would work of course MAY would be caps :) But that should cover > the case I was describing. > > All the other BGP security issues would still apply. > > Cc'ing the two architects that have been working on this concept with > me, in case they have anything to add. > > Metric System < +000 > -000 > Extra People's Terribly Good Meals Kept mY uNCLE Ned Purring > For Ages > Exa Peta Tera Giga Mega Kilo milli Micro(u) Nano > Pico Femto Atto > Donald.Smith@centurylink.com <mailto:Donald.Smith@centurylink.com> > ------------------------------------------------------------------------ > *From:* Jakob Heitz (jheitz) [jheitz@cisco.com] > *Sent:* Thursday, May 10, 2018 11:39 PM > *To:* Smith, Donald; John Scudder; idr@ietf. org > *Cc:* draft-ietf-idr-bgp-flowspec-oid@ietf.org > *Subject:* RE: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06 > > I support the draft. > > Donald, are you saying that AS1 should accept a flowspec rule from AS2 > for traffic going to AS3? > > If AS1 can trust the flowspec from AS2, then I don't see why not. > > Maybe we can add text to the effect of: > > The rules stated here are for default behavior. > > Local policy may allow flow specifications from other EBGP neighbors > to be accepted. > > Thanks, > > Jakob > > *From:*Idr <idr-bounces@ietf.org> *On Behalf Of *Smith, Donald > *Sent:* Thursday, May 10, 2018 11:58 AM > *To:* John Scudder <jgs@juniper.net>; idr@ietf. org <idr@ietf..org> > *Cc:* draft-ietf-idr-bgp-flowspec-oid@ietf.org > *Subject:* Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06 > > This supports some of the bi-lateral, ddos-peering work we want to do, > so support. > > https://pc.nanog.org/static/published/meetings/NANOG71/1447/20171003_Levy_Operationalizing_Isp_v2.pdf > > That is almost always going to be between some set of systems not one > hop away, not directly in the forwarding plane, probably not really > IBGP peers. > > " It thus becomes necessary to modify step (a) of the RFC 5575 > <https://tools.ietf.org/html/rfc5575> > validation procedure such that an IBGP peer that is not within the > data forwarding plane may originate flow specification NLRIs." > > While you could have the IBGP peer directly in the forwarding plane, > forward it like a route reflector, requiring it to seems counter > intuitive as it is more likely to come from some BGP speaking tool in > ISP requesting the filter. > > Next lots of references to IBGP and a few to EBGP, when I think of > IBGP, IBGP is internal to a single AS (yes I know there are > exceptions) but that is kind of the meaning, while this is mostly > between peers (whom could do IBGP between them but is that required? > Can't we validate without IBGP direct connections?) > > Metric System < +000 > -000 > > Extra People's Terribly Good Meals Kept mY uNCLE Ned Purring > For Ages > > Exa Peta Tera Giga Mega Kilo milli Micro(u) Nano Pico > Femto Atto > > Donald.Smith@centurylink.com <mailto:Donald.Smith@centurylink.com> > > ------------------------------------------------------------------------ > > *From:*Idr [idr-bounces@ietf.org] on behalf of John Scudder > [jgs@juniper.net] > *Sent:* Thursday, May 10, 2018 12:28 PM > *To:* idr@ietf. org > *Cc:* draft-ietf-idr-bgp-flowspec-oid@ietf.org > <mailto:draft-ietf-idr-bgp-flowspec-oid@ietf.org> > *Subject:* Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06 > > Hi All, > > On Apr 26, 2018, at 3:58 PM, John Scudder <jgs@juniper.net > <mailto:jgs@juniper.net>> wrote: > > The authors have requested a working group last call for > draft-ietf-idr-bgp-flowspec-oid-06. Please respond with your > comments before Friday, May 11. > > A quick update on the status of this WGLC: > > - All the authors have responded about IPR (thank you!). > > - Three people who are not authors (Acee, Shyam, Keyur) have responded > supporting publication. > > - Nobody has responded with other comments or opposition. > > Three respondents is not a very large number; it would be helpful if > others would chime in. > > The WGLC period is scheduled to end tomorrow. > > Thanks, > > --John > > This communication is the property of CenturyLink and may contain > confidential or privileged information. Unauthorized use of this > communication is strictly prohibited and may be unlawful. If you have > received this communication in error, please immediately notify the > sender by reply e-mail and destroy all copies of the communication and > any attachments. > > This communication is the property of CenturyLink and may contain > confidential or privileged information. Unauthorized use of this > communication is strictly prohibited and may be unlawful. If you have > received this communication in error, please immediately notify the > sender by reply e-mail and destroy all copies of the communication and > any attachments. > > > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr
- [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06 John Scudder
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Acee Lindem (acee)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… David Smith (djsmith)
- Re: [Idr] FW: WGLC for draft-ietf-idr-bgp-flowspe… Clarence Filsfils (cfilsfil)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… UTTARO, JAMES
- Re: [Idr] FW: WGLC for draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Shyam Sethuram
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Keyur Patel
- Re: [Idr] FW: WGLC for draft-ietf-idr-bgp-flowspe… Pradosh Mohapatra
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… John Scudder
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Smith, Donald
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Jakob Heitz (jheitz)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Kasavchenko, Kirill
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Smith, Donald
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Juan Alcaide (jalcaide)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Smith, Donald
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Jakob Heitz (jheitz)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Juan Alcaide (jalcaide)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Smith, Donald
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Jakob Heitz (jheitz)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… John Schiel
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… Juan Alcaide (jalcaide)
- Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oi… LINGALA, AVINASH
- [Idr] FW: FW: WGLC for draft-ietf-idr-bgp-flowspe… Susan Hares