Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to 3/23)

Brian Dickson <brian.peter.dickson@gmail.com> Tue, 16 March 2021 21:58 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99D9E3A10DC for <idr@ietfa.amsl.com>; Tue, 16 Mar 2021 14:58:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LjvHGqgQLu_E for <idr@ietfa.amsl.com>; Tue, 16 Mar 2021 14:58:47 -0700 (PDT)
Received: from mail-vs1-xe2e.google.com (mail-vs1-xe2e.google.com [IPv6:2607:f8b0:4864:20::e2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F348C3A10E0 for <idr@ietf.org>; Tue, 16 Mar 2021 14:58:46 -0700 (PDT)
Received: by mail-vs1-xe2e.google.com with SMTP id f1so8971041vsl.0 for <idr@ietf.org>; Tue, 16 Mar 2021 14:58:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aInKRJ0rIAtU//sKN87orT6bByXTx/sfXHBbW50oUuE=; b=FN2QA2Xzyalxy28Jtt4I8pgBGpfkvX7c3B5zDxWUEipRw2YohR6vgY3vxTUDp9j3qH hC5y8hbfNjy2B5FAcPMR40XQBrF9SATKXcPKL1YOtPHWsYQ/yvMgEpoNc0fUzbe6w4kq 7W+o8ZNsznO1ZSXNmaflHARrLz6dJzZSv2EcC+3j1jtrBjz3FcMBfzVp+ofGAcJ7FgyH isoT2DYda4p8TmIMRN5zXWi1BrpGwoVX5vRKqtBTkgVbG/gtImJgfmxCYQ6h8CRaO9nn zuk7we/fb7xu8l9Pk0q24MlZvQC3i3weYlPe3k7ZoZJLNjZFTsgInjuOMbzASrrSLM5l Xc1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aInKRJ0rIAtU//sKN87orT6bByXTx/sfXHBbW50oUuE=; b=CaZGb110C0ogmO3mSosvCStp9I5KIcE6aXKFgYPcutvl2rOPLkRTExRMlkNHiLxnqO SRIR4jkfl0H5Vh8DQjyRPJt5zLhqTOQ37L8utAjRVBhRP1wUOKhHbofHi0/NF3SoefuC hA015mY9SStnkBfh+wcZt5hHxTXaDsNdTNUlxGQhTDKjLNOthshUarTGMjvXQUCqaT9f 3cRVJOHiKll1xlTVir4CPWUEzb5i8QbuMj9X3hCfQ8Qm6WQDJZqBDNyuB91w56T2z8jv svzK5MUF1T8NW4Dd7ly7q1hoVs1i0YceaYI5MDdW0vfnzioqHw063Qqjdq7uoSMHOyEF LWlQ==
X-Gm-Message-State: AOAM530BZQl5vm7vU9dyZHGYULh1AToetXni4QiEcyEqmq1PqHwD8oGw CzDZzgxeQO+amufrK/bImuRRrYwKtxPF0lnrkw5M0ER5enA=
X-Google-Smtp-Source: ABdhPJwNT+rwUh3hxH6dInO6MfCTTFDeRGctSKeiZfrCQGh2XrxLpj2g/ZzFFP5BZf0fOQXiabjwp9eVk8Yck+v0EVc=
X-Received: by 2002:a67:df05:: with SMTP id s5mr1686580vsk.58.1615931925272; Tue, 16 Mar 2021 14:58:45 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR11MB3207CF86CF2FBD56CA3EAD66C0919@BYAPR11MB3207.namprd11.prod.outlook.com> <CBFDE565-E501-4344-BF6C-53A541D50391@tsinghua.org.cn> <012b01d7170f$7ec90310$7c5b0930$@tsinghua.org.cn> <BYAPR11MB3207D4E973EE9ED170687E1EC06F9@BYAPR11MB3207.namprd11.prod.outlook.com> <015601d7171a$036be470$0a43ad50$@tsinghua.org.cn> <CAH1iCiqy3uu0SF2i9TyTRwCdt2d2Ud9+nUCtRG+vc2E-gwfLPQ@mail.gmail.com> <000501d71940$e9b87420$bd295c60$@tsinghua.org.cn> <BYAPR11MB320799969ECFDA66B32F2BBBC06C9@BYAPR11MB3207.namprd11.prod.outlook.com> <002901d71971$ed947f90$c8bd7eb0$@tsinghua.org.cn> <BYAPR11MB320729520FD51C969744AC7BC06B9@BYAPR11MB3207.namprd11.prod.outlook.com> <CABNhwV01QCvUmTwTYnmcULtaYJDhuLFru_39mCUeK5rinadtUw@mail.gmail.com> <BYAPR11MB32077BD8D34B329F9664D560C06B9@BYAPR11MB3207.namprd11.prod.outlook.com> <CABNhwV197JUHraUKar8DK79yZdgEYiF402JuvaFkCYM=C5SL6w@mail.gmail.com> <CABNhwV2ptjWQvNfkpOg_EAwwEp-2rAL_omTxg_Rp-hPnMwx-Og@mail.gmail.com>
In-Reply-To: <CABNhwV2ptjWQvNfkpOg_EAwwEp-2rAL_omTxg_Rp-hPnMwx-Og@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Tue, 16 Mar 2021 14:58:19 -0700
Message-ID: <CAH1iCiqEdN4kEW1fOZi+i7bzi==o0R5P4odVVdQBatGS7TUFnA@mail.gmail.com>
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, IETF IDR <idr@ietf.org>, "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006319a005bdae78f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/fMOZSgbe8-ltnW4W1PU4Bi77tN4>
Subject: Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to 3/23)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2021 21:58:52 -0000

On Tue, Mar 16, 2021 at 12:22 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:

>
> Jacob
>
> In my last point I made regarding the 10 byte data fields as anyone can
> stuff anything into the data fields literally any value as has existed with
> all communities from standard to extended  types 0,1,2 fo now large
> communities I think it still makes sense to keep the structure of GA and LA
> nomenclature in the fields from a standards perspective. Also by not doing
> so I think even the other communities standards nomenclature may erode and
> start to not use the  GA==ASN LA== nomenclature in the data fields.
>


Hi, Gyan,

I respectfully disagree, very strongly.

Consider that the original BGP Communities (from RFC 1997) has the
following:

   The community attribute values ranging from 0x0000000 through
   0x0000FFFF and 0xFFFF0000 through 0xFFFFFFFF are hereby reserved.

   The rest of the community attribute values shall be encoded using an
   autonomous system number in the first two octets.


The proposal we are discussing, is EXACTLY the same. It is setting aside a
range for use in a way that is distinct from the main range which
correspond to ASNs.

The fact that 8092 DIDN'T include a reserved range, is the reason we need
this, and updating 8092 is the correct (IMNSHO) approach.

It means that, excluding the reserved range, the GA field refers to ASNs,
and for the reserved range, the "GA" is whatever the corresponding RFC(s)
say it is.

Brian

P.S. The need to use LCs as opposed to defining some other attribute, is
precisely because LCs are deployed by router vendors. The route-leaks issue
has been a problem since BGP version 4 was introduced. Waiting another
cycle or two of software deployments isn't really acceptable, given that
operators have already indicated that they WANT these LCs, and are WAITING
ANXIOUSLY for this so they can deploy it.


>
> So I don’t think we want to set a negative precedence by not keeping the
> nomenclature in place in the RFC 8092 update.  I don’t see any harm in
> keeping it in place.
>
> Gyan
>
> On Tue, Mar 16, 2021 at 2:43 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:
>
>> Thanks Jacob for the history and agree  that attribute leaking especially
>> communities leaking and careful filtering at all exit points  is very
>> important to operators.
>>
>> Kind Regards
>>
>> Gyan
>>
>> On Tue, Mar 16, 2021 at 1:57 AM Jakob Heitz (jheitz) <jheitz@cisco.com>
>> wrote:
>>
>>> A story if I may.
>>>
>>> When I started at Cisco, I wrote the code for Graceful Shutdown.
>>>
>>> This was strongly impressed upon me: Operators do not like junk
>>> attributes leaking
>>>
>>> from far corners of the internet. Make sure you add plenty of safety to
>>> prevent
>>>
>>> the Graceful Shutdown community from leaking out beyond its intended
>>> scope.
>>>
>>> This sentiment was built from having to create the "send-community-ebgp"
>>> command
>>>
>>> that you reference below. Still, when an operator uses that command,
>>> they have
>>>
>>> to be careful what they send. Every new community used must be carefully
>>>
>>> filtered at all inter-AS points.
>>>
>>>
>>>
>>> Another example: the DMZ link-bandwidth extended community is
>>> non-transitive.
>>>
>>> However, the place it is most useful is across AS boundaries. But only
>>> the first boundary.
>>>
>>> So, we had to write code to specially send this extcomm across the AS
>>> boundary
>>>
>>> where the extcomm is originated.
>>>
>>>
>>>
>>> It is this experience with inadequate community transitivity that led me
>>> to
>>>
>>> devise the extra transitivities.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Jakob.
>>>
>>>
>>>
>>> *From:* Idr <idr-bounces@ietf.org> *On Behalf Of * Gyan Mishra
>>> *Sent:* Monday, March 15, 2021 10:10 PM
>>> *To:* Jakob Heitz (jheitz) <jheitz=40cisco.com@dmarc.ietf.org>
>>> *Cc:* IETF IDR <idr@ietf.org>
>>> *Subject:* Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> Hi Jacob
>>>
>>>
>>>
>>> Comments in-line
>>>
>>>
>>>
>>> On Mon, Mar 15, 2021 at 8:03 PM Jakob Heitz (jheitz) <jheitz=
>>> 40cisco.com@dmarc.ietf.org> wrote:
>>>
>>> Basically, we want to make a better extended community.
>>>
>>>
>>>
>>>     Gyan> Understood.  Note that RFC 1977 Standard BGP communities are
>>> widely deployed within enterprises and across the internet by service
>>> providers wherever Global table routing is utilized.  Standard communities
>>> have work very well over the last 20+ years and are still fairly
>>> ubiquitously deployed.
>>>
>>>
>>>
>>> Extended communities are only used and deployed for VPN overlay RT
>>> import for private MPLS and Public MPLS where operators carry the internet
>>> table in a VPN overlay any-any routing which is common with Tier-1, Tier-2
>>> and Tier-3 providers.
>>>
>>>
>>>
>>> Extended communities have done well over the years until 4 byte ASN came
>>> along and thus support for 4 byte extended community data field in the 8
>>> byte extended community with 6 bytes available yielded 4 octet GA and 2
>>> octet LA.
>>>
>>>
>>>
>>> Thus the need came for a larger data field for extended community which
>>> then came RFC 8092 with 12 octets and 3 4 byte data fields
>>>
>>> The extended community was fine when it was invented.
>>>
>>>
>>>
>>> It allowed a BGP speaker to be uniquely identified and 2 more octets of
>>> data.
>>>
>>> Since RFC 6286, 8 octets are required to identify a BGP speaker: ASN +
>>> BGP identifier.
>>>
>>>
>>>
>>> Another problem with communities in general is containing them within
>>>
>>> a small set of ASes where they are intended to be used.
>>>
>>> Communities often leak to the wider internet, where they are not wanted
>>> and just
>>>
>>>
>>>
>>>     Gyan> Not true as BGP community propagation always required a manual
>>> CLI for send-community for the communities to be advertised.  So explicit
>>> controls were built in.  As well as the ability to send no-export additive
>>> community  to block advertisement to external peers as well as no-advertise
>>> community to block community advertisement to any peers eBGP or iBGP.  Also
>>> all operators both  service providers and enterprises and the concept of
>>> Trust boundary as far as communities as you don’t trust communities coming
>>> from your customers unless a specific rule exists for special multi homing
>>> scenarios and with that the best practice no-trust rule by operators was to
>>> reset the community tag inbound to easily block any communities sent by
>>> customers.  In cases where their is a trust relationship the set  is done
>>> but with additive option so the customer tag can be forwarded to the
>>> internet if desired per provisioning agreement.
>>>
>>> use up resources.
>>>
>>> Thus many ISPs just filter all communities except the few they are
>>> contracted to accept.
>>>
>>>      Gyan> Agreer
>>>
>>> So, we invented transitive/non-transitive extended communities.
>>>
>>>     Gyan> BGP communities are optional transitive
>>>
>>> non-transitive is fine, because many are used just within a single AS.
>>>
>>>
>>>
>>>      Gyan> BGP communities are natively optional transitive but you can
>>> block the community or choose not to advertise outside the AS by not doing
>>> a BGP send-community.
>>>
>>> Then for several reasons, many organizations end up with multiple ASes.
>>>
>>> These organizations can't use non-transitive communities within their
>>> set of ASes.
>>>
>>>     Gyan> As I stated BGP communities are optional transitive attributes
>>>
>>> Transitive communities still go too far, so need to be carefully
>>> controlled.
>>>
>>>  Gyan> As stated they can be easily controlled by not using CLI
>>> send-community to propagate the communities
>>>
>>> Basically, Community transitivity is an operational burden.
>>>
>>> Gyan> As I stated not at all a burden as you have plenty of controls
>>> built into use of communities to propagate or not propagate to the internet.
>>>
>>> We want to ease that burden by adding 2 more transitivities:
>>>
>>> . One-time transitivity
>>>
>>> . Administration transitivity
>>>
>>>  Gyan>  I am not understanding the problem.  Can you please restate the
>>> problem you are trying to solve based on my feedback given that we have
>>> plenty of built in controls with communities.
>>>
>>> This draft is a proposal to use large communities to make a better
>>> extended community.
>>>
>>>
>>>
>>>     Gyan> BGP communities both standard and extended 2 byte AS
>>> communities work fine and have been fine for decades.  The gap being solved
>>> with RFC 8092 large communities is with 4 byte AS and the need for a larger
>>> data field.
>>>
>>> The number of data bytes (10) versus discriminator bits (6) is a
>>> tradeoff that I
>>>
>>> think is reasonable.
>>>
>>>  Gyan>  Let’s continue the discussion to understand the problem
>>> statement fully as to what is broken and what we are trying to fix.
>>>
>>> Regards,
>>>
>>> Jakob.
>>>
>>>
>>>
>>> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
>>> *Sent:* Monday, March 15, 2021 1:05 AM
>>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; 'Brian Dickson' <
>>> brian.peter.dickson@gmail.com>
>>> *Cc:* 'IETF IDR' <idr@ietf.org>
>>> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> Hi, Jakob:
>>>
>>>
>>>
>>> I think your purpose is to define 256 WKLC, each can has its own
>>> Data1/Data2/Data3 definition to carry some additional information for the
>>> specified WKLC.
>>>
>>> To accomplish this, you should reserve  4093640704 (0xF4000000) to
>>> 4160749567 (0xF7FFFFFF) 4-bytes AS number, which can’t be allocated for
>>> the legitimate usage by operators.
>>>
>>>
>>>
>>> The reason to get such results is that you want to define the additional
>>> “Data 1” field from the  “Global Administrator”, but there is no
>>> description to explain the necessary.  Brian gave some potential examples
>>> in this thread and I think expanding them more clearly in your draft maybe
>>> more convincible.
>>>
>>>
>>>
>>> Best Regards
>>>
>>>
>>>
>>> Aijun Wang
>>>
>>> China Telecom
>>>
>>>
>>>
>>> *From:* Jakob Heitz (jheitz) <jheitz@cisco.com>
>>> *Sent:* Monday, March 15, 2021 1:29 PM
>>> *To:* Aijun Wang <wangaijun@tsinghua.org.cn>cn>; 'Brian Dickson' <
>>> brian.peter.dickson@gmail.com>
>>> *Cc:* 'IETF IDR' <idr@ietf.org>
>>> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> *[WAJ] Yes, there are abundant range for the 32 bit ASN space, but my main point is that your draft doesn’t state the reason to reserve 1/64 32-bit ASN space(*4093640704 (0xF4000000) to 4160749567 (0xF7FFFFFF)*).  *
>>>
>>>
>>>
>>> [JH] Aijun. I'm glad you agree that there is still abundant space to
>>> allocate ASNs.
>>>
>>> The reason to reserve space is explained in the introduction.
>>>
>>> It is to prevent WKLCs from having the same Global Administrator field
>>> as a legitimate AS trying to distribute its LC.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Jakob.
>>>
>>>
>>>
>>> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
>>> *Sent:* Sunday, March 14, 2021 7:14 PM
>>> *To:* 'Brian Dickson' <brian.peter.dickson@gmail.com>
>>> *Cc:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; 'IETF IDR' <idr@ietf.org>
>>> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> Hi, Brian:
>>>
>>>
>>>
>>> Based on your intention, I think you should consider to redefine the
>>> encoding of LC, not only well-known LC.
>>>
>>> Even for the redefinition of LC encoding, you should also state clearly
>>> the potential advantages.
>>>
>>>
>>>
>>> More detail replies are inline below.
>>>
>>>
>>>
>>> Best Regards
>>>
>>>
>>>
>>> Aijun Wang
>>>
>>> China Telecom
>>>
>>>
>>>
>>> *From:* Brian Dickson <brian.peter.dickson@gmail.com>
>>> *Sent:* Saturday, March 13, 2021 2:14 AM
>>> *To:* Aijun Wang <wangaijun@tsinghua.org.cn>
>>> *Cc:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; IETF IDR <idr@ietf.org>
>>> *Subject:* Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Mar 12, 2021 at 12:31 AM Aijun Wang <wangaijun@tsinghua.org.cn>
>>> wrote:
>>>
>>> Hi, Jakob:
>>>
>>>
>>>
>>> *From:* Jakob Heitz (jheitz) <jheitz@cisco.com>
>>> *Sent:* Friday, March 12, 2021 3:45 PM
>>> *To:* Aijun Wang <wangaijun@tsinghua.org.cn>
>>> *Cc:* idr@ietf.org
>>> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> 1.      It is small, not huge as explained in the draft.
>>>
>>> *[WAJ] When compared to the 22 well-known community, “67,108,864 AS
>>> numbers” is too large.  I am worrying the unnecessary reservation may
>>> prevent the allocation of the unallocated AS-number for other purposes.*
>>>
>>>
>>>
>>> The range of reserved ASNs occupies two bits of the upper 8 bits, plus
>>> the entirety of the the next 24 bits in its range.
>>>
>>> This represents a single value from the 6-bit portion of the ASN space,
>>> or exactly 1/64 of the 32-bit ASN space.
>>>
>>> Given that the current usage for ASNs is 2^16 for the 16-bit ASNs, plus
>>> less than 7 bits out of the upper 16 bit range, that is roughly 64/65536 or
>>> about 1/1000.
>>>
>>> This still leaves well over 31/32 of the potential ASN space, so I
>>> believe your worry is unjustified.
>>>
>>> *[WAJ] Yes, there are abundant range for the 32 bit ASN space, but my main point is that your draft doesn’t state the reason to reserve 1/64 32-bit ASN space(*4093640704 (0xF4000000) to 4160749567 (0xF7FFFFFF)*).  *
>>>
>>>
>>>
>>> 2. It got updated and I missed it when I updated my draft. Thanks for
>>> catching it.
>>>
>>> 3. I don't understand your question. Can you expand?
>>>
>>> *[WAJ] why not take the approach directly as that descried in  *
>>> https://tools.ietf.org/html/draft-ietf-grow-route-leak-detection-mitigation-04.
>>> ?
>>>
>>> *That is to say, for each potential well-known large community, reserve
>>> one value for the “Global Administrator” part of the large community, and
>>> defined the associated data for the other two local parts. Transitive or
>>> non-transitive can be defined accordingly. *
>>>
>>> *Currently, you define “WKLC ID” as the large community type. From the
>>> definition of large community(RFC8092), the “Global Administrator” part
>>> will be divided into 256 groups, each group will have 2^16 number, that is
>>> 2^16 well-known large communities? *
>>>
>>> *I know you want to leave some field to the data part, but this arises
>>> some confusion when your proposed encoding is different from the original
>>> definition of RFC8092.*
>>>
>>>
>>>
>>> The logic for this is as follows:
>>>
>>> The initial use case is to establish a structured value of TBD1:TBD2:ASN
>>> for the route-leak-detection-mitigation (as that draft explains).
>>>
>>> The TBD2 is a single value out of a 32-bit range which will be in its
>>> own (new) registry. Having a registry allows for future uses in the context
>>> of TBD1, allowing new kinds of LC's in this bigger registered range.
>>>
>>> *[WAJ] You should state also the reason that such sub-registry under one
>>> well-known LC.  Describe some examples may be helpful.  DO community is one
>>> example, but there still also no more explanation.*
>>>
>>>
>>>
>>> However, the router implementations, for the most part, permit filtering
>>> of LCs on the basis of 3 32-bit values, where either literal values or
>>> wildcards can be used.
>>>
>>> Having the elements be aligned on the 32-bit boundary, and having TBD1
>>> and TBD2 be fixed values, permits LC matching using a patterns of either
>>> TBD1:TBD2:* (wild-card), or TBD1:TBD2:ASN (explicit ASN match).
>>>
>>> In other words, this structure choice is forced by router
>>> implementations, and really not appropriate to second-guess. It isn't up
>>> for negotiation, as this is a necessary requirement for the first use case.
>>>
>>>
>>>
>>> BTW: Both of these patterns (fixed single value and wild-card of lower
>>> 32-bit value) are required to implement the GROW draft you referenced.
>>>
>>>
>>>
>>> Having said that, this is the first out of up to 255 WKLCs, and the
>>> maximum benefit to other potential uses for WKLC is achieved by making the
>>> maximum (reasonable) number of octets available for those other WKLCs,
>>> specifically 10 octets of undefined structure.
>>>
>>>
>>>
>>> In particular, it is possible that other WKLCs require two ASN data
>>> values in their encoding (such as a source ASN and a destination ASN), and
>>> additional values (single bits or ranges of values) beyond that. Limiting
>>> the WKLC to having only single Global Administrator values and 8 octets of
>>> data, would be insufficient in that case.
>>>
>>>
>>>
>>> This would require re-design of WKLCs at a later date, and it may not be
>>> possible due to existing usage or reservations of WKLCs.
>>>
>>>
>>>
>>> By providing more octets to EACH WKLC, this problem is prevented. Making
>>> data allocations on power-of-two boundaries at the highest order is
>>> necessary up front. Attempting to expand ranges after allocations is
>>> possible, but may not be compatible with the power-of-two alignment
>>> required by future use cases of WKLC.
>>>
>>>
>>>
>>> You cannot aggregate that which was not initially allocated in a fashion
>>> suitable for aggregation. This was one major outcome of the IP allocation
>>> strategies prior to CIDR addressing for IPv4 address space. We would do
>>> well to learn from the mistakes of others, particularly when those mistakes
>>> were effectively repeated in the ASN space already (16 bits to 32 bits,
>>> because the initial assumption was 16 bits would be sufficient).
>>>
>>> *[WAJ] If you want to accomplish this, I think you should propose to
>>> change the encoding of LC, not only the well-known LC.   And, the community
>>> is not used to packet forwarding, what’s the necessary to aggregate?*
>>>
>>>
>>>
>>> So, in summary, the reservation of the range of ASNs is specifically to
>>> permit applying structure to the LC values within that range.
>>>
>>> The original LC definition is only applicable to "actual" ASNs as Global
>>> Administrator. RFC8092 says only "intended", and that the value "SHOULD" be
>>> an ASN.
>>>
>>> This is a new use case, and is the reason RFCs use "SHOULD" instead of
>>> "MUST".
>>>
>>> (What RFC8092 really says is, LCs where the Global Administrator value
>>> corresponds to an actual assigned ASN, are reserved exclusively for the
>>> operator of that ASN.)
>>>
>>> Since this proposal sets aside a range of ASNs as a group, the structure
>>> of LCs covering that range can be redefined accordingly, as long as that
>>> redefinition is scoped to that range of ASNs.
>>>
>>> *[WAJ] This is different from the structure of LC defined in RFC8092, in
>>> which only the Local part 1/local part 2 of one Global Administrator is
>>> operator-defined.*
>>>
>>>
>>>
>>> This is EXACTLY what this WKLC proposal is doing, and nothing more.
>>>
>>> The other draft is for the use of the first assigned WKLC values (single
>>> ID plus the Transitive Bit values).
>>>
>>>
>>>
>>> Hope this clarifies the usage and compatibility with other RFCs.
>>>
>>>
>>>
>>> Brian
>>>
>>>
>>>
>>>
>>>
>>> Regards,
>>>
>>> Jakob.
>>>
>>>
>>>
>>> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
>>> *Sent:* Thursday, March 11, 2021 11:16 PM
>>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>
>>> *Cc:* idr@ietf.org
>>> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> Hi, Jakob:
>>>
>>>
>>>
>>> More questions for your draft:
>>>
>>> 1.     Do we need to reserve such huge range(4093640704 (0xF4000000) to 4160749567 (0xF7FFFFFF) as you described in https://datatracker.ietf.org/doc/html/draft-heitz-idr-wklc-02#section-6 for the countable well-known large communities?
>>>
>>> 2.     There is some inaccurate description for the current reserved AS number space in https://datatracker.ietf.org/doc/html/draft-heitz-idr-wklc-02#section-4.  You can check it at https://www.iana.org/assignments/as-numbers/as-numbers.xhtml. The unallocated AS range is 401309-4199999999, not at described in your draft “The range of AS numbers currently unallocated by IANA is 399,261 to 4,199,999,999.”
>>>
>>> 3.     What’s the necessary to group such WKLC via the WKLC ID?
>>>
>>>
>>>
>>> Best Regards
>>>
>>>
>>>
>>> Aijun Wang
>>>
>>> China Telecom
>>>
>>>
>>>
>>> *From:* idr-bounces@ietf.org <idr-bounces@ietf.org> *On Behalf Of *Aijun
>>> Wang
>>> *Sent:* Wednesday, March 10, 2021 9:38 PM
>>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>
>>> *Cc:* idr@ietf.org
>>> *Subject:* Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> Yes, if we reserve some 4-bytes AS range, then your concerns will not
>>> happen.
>>>
>>> The well-known large community need just be allocated from this reserved
>>> range. That’s all.
>>>
>>> Do we need other definitions in your draft then?
>>>
>>> Aijun Wang
>>>
>>> China Telecom
>>>
>>>
>>>
>>> On Mar 10, 2021, at 21:18, Jakob Heitz (jheitz) <jheitz@cisco.com>
>>> wrote:
>>>
>>> 
>>>
>>> Consider if there is a real AS that uses 4,093,640,704 as its ASN.
>>>
>>> And if this AS were to send a large community of its own.
>>>
>>> It would put its ASN into the Global Administrator field of the LC.
>>>
>>> This ASN is 11110100000000000000000000000000 in binary.
>>>
>>> Then another AS sends a WKLC with WKLC ID 0, Transitivity 0 and Data 1 =
>>> 0.
>>>
>>> This has the same bit pattern.
>>>
>>> To avoid the clash, we need to reserve the ASNs that would clash.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Jakob.
>>>
>>>
>>>
>>> *From:* Aijun Wang <wangaijun@tsinghua.org.cn>
>>> *Sent:* Wednesday, March 10, 2021 12:11 AM
>>> *To:* Jakob Heitz (jheitz) <jheitz@cisco.com>om>; 'Susan Hares' <
>>> shares@ndzh.com>gt;; idr@ietf.org
>>> *Subject:* RE: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to
>>> 3/23)
>>>
>>>
>>>
>>> And, what the reason to assign the “111101”value in the first 6bit your
>>> encoding? It is not conformed to general definition of large community, in
>>> which the first 4-bytes is to identify the Global Administrator.
>>>
>>>
>>>
>>> _______________________________________________
>>> Idr mailing list
>>> Idr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/idr
>>>
>>> _______________________________________________
>>> Idr mailing list
>>> Idr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/idr
>>>
>>> --
>>>
>>> <http://www.verizon.com/>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions Architect *
>>>
>>>
>>>
>>> *M 301 502-1347 13101 Columbia Pike
>>> <https://www.google.com/maps/search/13101+Columbia+Pike?entry=gmail&source=g>
>>> *Silver Spring, MD
>>>
>>>
>>>
>> --
>>
>> <http://www.verizon.com/>
>>
>> *Gyan Mishra*
>>
>> *Network Solutions A**rchitect *
>>
>>
>>
>> *M 301 502-134713101 Columbia Pike *Silver Spring, MD
>>
>> --
>
> <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions A**rchitect *
>
>
>
> *M 301 502-134713101 Columbia Pike *Silver Spring, MD
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>