[Idr] Choice of Large vs. Extended Community for Route Leaks Solution

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 31 March 2021 14:57 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB1F3A2B27; Wed, 31 Mar 2021 07:57:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wckAkyeX04o0; Wed, 31 Mar 2021 07:57:02 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2117.outbound.protection.outlook.com [40.107.91.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC8A43A2B25; Wed, 31 Mar 2021 07:57:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Duq3/3oo/aDD6lGVCrkiOVmf5w0E6OEuajrqdWQV96U2zlFJwgO86sfuK2tgTHzirAEveMcKyRXK9INpjvtMRP4sjz+sE+xREj7l5pZbubYKDrQjHsRtabTYIgrhQRgUXT9oFJ3VjC1bm9qD0fAo6oj0GWWTseoxO9gMTPTSuTmCBQH1nIZpB1UOh129N0wD+gRPtprWCjw6xu5ICYcIoGN0P1kFNrLxAISFNCSsrMuMIwXwhFQuhmWPzXnCpj4BB6g/zxoh+q7RM6ggiFlVP0Ry3uWjo/y0bogYLUhP7PwBwZZ0O5fo4ivj/pht7hNpme9xd1D8/JR1Txc9yyAaAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JYVYo7UMbLLqEXhRpkrci5b6PIWnVUHIqqyaZPJDAY0=; b=Ao8XPn8pYAh4jAwlS4B8kBU9Gpd8Z7x+X4+gBJeThQuPVLCboKrMTnpbN/1KWyjbNz+YE/2xRztmb/ikxlCpDAyfLdb0eZZ1Tx4xxAltNM4+fbGQ+LsuVuVEdgC54TUdDjl+wR3d2vRu+zVrusXoNxh9anqLLlsia8Qrq58ClEDgNft1Vu/3iEKEYs5CMfmswGNrKJChuSZjQ+XufsDaLgudqS/XVsitAZXMe+8M/+TTP+ln9rtsFGi45XJeILprqjpRlpJ04VErOGoRm6Hy9AVnXO794AaZozsHzK29aHB51zfsxjienTUjXXKkr0oTfKcrOgOxmv2jOpMvM7tIFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JYVYo7UMbLLqEXhRpkrci5b6PIWnVUHIqqyaZPJDAY0=; b=QvHna1BWEHzOWTcGNoiSgzPLamTjAI1GOtQK9KELhh4hTstOMl4vKo/O5Z13PaQj/KjkVpE5HaHTARilvW2ecLxBXU4EJ7S09R8l0+4bXMyMPrs+Ope03xnna/+2XRZhZjeJhEZXgaS+oH9aNOG2SVqgdo7W4029ZpJMN7Hcmbk=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA0PR09MB6538.namprd09.prod.outlook.com (2603:10b6:806:78::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.27; Wed, 31 Mar 2021 14:56:58 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::54a1:82da:6cd9:a9b3]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::54a1:82da:6cd9:a9b3%7]) with mapi id 15.20.3977.033; Wed, 31 Mar 2021 14:56:58 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Susan Hares <shares@ndzh.com>
CC: "idr@ietf.org" <idr@ietf.org>, "draft-heitz-idr-wklc@ietf.org" <draft-heitz-idr-wklc@ietf.org>, "grow@ietf.org" <grow@ietf.org>, "a.e.azimov@gmail.com" <a.e.azimov@gmail.com>
Thread-Topic: Choice of Large vs. Extended Community for Route Leaks Solution
Thread-Index: AQHXJjlK5mSz8dfqZEmidVsO6NqPaA==
Date: Wed, 31 Mar 2021 14:56:58 +0000
Message-ID: <SA1PR09MB814269138AEE1567CEED703B847C9@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ndzh.com; dkim=none (message not signed) header.d=none;ndzh.com; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.223.204]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d47093fb-e400-4222-5635-08d8f4553bc3
x-ms-traffictypediagnostic: SA0PR09MB6538:
x-microsoft-antispam-prvs: <SA0PR09MB6538D2235E43A728F1E0FBCF847C9@SA0PR09MB6538.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: D9d3Hs5LUoqXkJu+JCDrW2yqoxK8vcAhH/NIOrfWYPOmd22UWE84ooSyDBFqNZPY8RWmyIIvUIc50F960fZqQ/zLBpH/2dDholEvO2e6fJnDH62ZFZU+loaxivVhT8X6WDwowV/TNyQrDsnbbtBGg4Ju9yFMR9nmmT05PWhTNThEOPoThRAHsHRPyZA8FfO24WF5MOJQjy0UlLaaQ4Pnpgwvc1yl7DFBl3UnsEB9VI0lDpKl329K85MjcKe/iylqk6/b8M/2b1YH70OP9PN3FccbRLAyLzYid7SA0Ek0DBIYJgk7qJBHvg/VN+SfSJdEA/YdvwiqwjsqaHBKUYELJNk2kZPlmtDIIAUVebf9BuABUQ4l21YEHNjZvvJ7kwpV1CJyhdnEYVuLDx9CM57rYoGVIdyRcLKh2tdIEM2E7yvH7nbYXBwjLFeczhgbPtY427bKU8DMxjzgVfIURBxu9+gA4MZLyR0U9nb2yQcQnrE0kg3nHwkk8jTseFy+B4ctSWPfG4SuPVRETg0J07vcWEygN8y5VCLYzcKQ2rXN5hhyv44JXQRKBspl19BYkci62inXmlDTDraSx/OilmMYOgZBXYBjvFfEkLgCXPt0kM9e9ExjeoEVjCtkr8O6boynneK4ogawbNH/oZwn/ztuz3WCY+YmBd7m9vaj6lNQH6dQBF1pRdAH8Pv+HxR/hrRubS0BqTd9JnZnPHWpumaacDQPmwRVzscwgV9x+0B/Vzo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(76116006)(86362001)(91956017)(38100700001)(64756008)(66476007)(66446008)(9686003)(66946007)(66556008)(186003)(54906003)(33656002)(55016002)(71200400001)(8936002)(6916009)(8676002)(6506007)(966005)(5660300002)(498600001)(52536014)(4326008)(7696005)(83380400001)(26005)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?Windows-1252?Q?at+jaNlFRSe9tmYZyGhbXqjUrV0cGFttsLe0fTGkFvt3/52DlA34DYWY?= =?Windows-1252?Q?4oyJUK2g100wQZnAqMfoSvrldXwvLIpmeIMVB3vrKPC4zInvfPjIOZVf?= =?Windows-1252?Q?IeiS3k6C9XCdEhP+xwrFgxvuNA30ml2jAPROYAlHptc2mT9ikEqZAvHc?= =?Windows-1252?Q?engCNY/kPOcZ1dfJpdfHB2xv/j4aeGspFhypowz+xhQFCsCo9gD+NF6z?= =?Windows-1252?Q?srNeMA9DrmkWyulmU3wrfX1UhkrkJrULeBfzcWMZ+rR9iUCDrQa5fCK4?= =?Windows-1252?Q?x2hhGuh9vlN4S9HusyADSs3bzhk/zy/+ZFEmurtQPO8uiyg+khiM0JMv?= =?Windows-1252?Q?ubB3PffD9d0zL0mcZgepTBfMNwj04czmUkh7lBcjwI8oEZnijM7bSlcj?= =?Windows-1252?Q?zKwEO/XgTWeOJXPezCFxNzT2t/6xi6c/817T3kqWvC/HZAJAbZ4fyP+v?= =?Windows-1252?Q?4P9xBlEYKk0dLrEjKjEFmPzxX2b8YhMbhd7VuC4aDE0jWqdtFEEHOBHD?= =?Windows-1252?Q?pMkLB6x61d65f1zxD9pFUDOEYlRKgqIDIpy6q9saTce9Eic6P4JYdUYN?= =?Windows-1252?Q?s2NxC+lcV7zstJ7Cfsuf+vumpujFpO86NUMDcvIQC9hKcwERwdrTlf/i?= =?Windows-1252?Q?WffLNLGam6nYl93M4Y5EooBTZuywjocuccZiS+fOH/paajs3PQ/ai3sQ?= =?Windows-1252?Q?O9RiDAEir50N9MxU/GLB/phX6LiYuxadV/gnaggbD+IEorujhOUCMdMm?= =?Windows-1252?Q?oaDPf9AO4jZS7Cg03hfXf6EwFszspmuvCIdp7CDOmepQR+9bgcVNACVt?= =?Windows-1252?Q?ua26XnJ5DDdwxiQIFO10yJc9HQ5uV6o5I7pPDpN3Fzv9mOOoGuAhc4bc?= =?Windows-1252?Q?qI9EgUdk4z39xbCvDiMplMYM+a6gBXXktK7otXOd26bjG8VwVsJXnx4x?= =?Windows-1252?Q?aQEyFpjjojfV3KbYQ7l+Qyx105CC2O1EwUBM1pqv92uIzrVDXTj+DisD?= =?Windows-1252?Q?Ak5UA6FZ4vtXtSPzEc9UrV8SeY61gzVG0pSYnlPszUeCkPlLJQDIfec7?= =?Windows-1252?Q?ndj8J6bKGcBFb5cs0LoZqSsNir4olqLHkVD2+oxtWn7i+Esd5aaQiw+/?= =?Windows-1252?Q?zPS+YGPfxUE8nq1vLJV6vfrxp+JuiT0gbAcrDG14wkglD0rzFhoi5izp?= =?Windows-1252?Q?25n+5JRbTzoCL9ci3uFCprXUlWjnFLJDjQ1FI/Yn4vs3kP4NUlcCaDaD?= =?Windows-1252?Q?nH9vFfycrg85ZZrNHj1NqERXz6lRHiXUBexCmTQjRKhKR4RTx3PQT8MR?= =?Windows-1252?Q?K5ivFAjRe0AySfnS84naAR6AZyFb4C0EiwcuPMtQBWVgVPVj6eulVf+k?= =?Windows-1252?Q?FBJtlG+LJA3WX1C1VNM+893DStYDQV9I+lc=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d47093fb-e400-4222-5635-08d8f4553bc3
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Mar 2021 14:56:58.3317 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR09MB6538
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ggpLVfdNmKFiyj2rUw6Rghd5w7U>
Subject: [Idr] Choice of Large vs. Extended Community for Route Leaks Solution
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 14:57:07 -0000

Hi Sue,

Thanks for the detailed thoughts you have shared on the IDR list about the WKLC draft and route leaks solution draft (while also responding to Brian’s post).

At one point in the past, the route leaks solution needed 8 bytes of user data space to accommodate two ASNs but then there was a design change (more than a year ago) and the current draft [1] requires only 4 bytes of user data space (one ASN). So, it seems possible to use a Transitive Extended Community instead of WKLC.

We (authors of the WKLC draft) can continue working on creating an IANA WKLC registry for the future but I think the route leaks solution draft can switch to using Transitive Extended Community. Especially, if that could help expedite the route leaks draft and its deployment? I would like to seek advice regarding that (I'm cc'ing GROW also here). 

One question is… even after IANA allocation of a Transitive Extended Community for route leaks, there may still be additional effort needed to get the operators to truly treat the EC as *transitive* so that it propagates at least a few hops. How do we accomplish that? Write a BCP in GROW strongly recommending operators to implement default policy to ensure transitivity? We would like to hear people's thoughts about that? 

Thank you.

Sriram            

[1] Route leaks solution draft (in GROW): https://datatracker.ietf.org/doc/html/draft-ietf-grow-route-leak-detection-mitigation-04 

---------------------------------------------------------------------------------------

Susan Hares <shares@ndzh.com> Fri, 26 March 2021 21:28 UTCShow header
Re: [Idr] Adoption call for draft-heitz-idr-wklc-02 (3/9 to 3/23) - no consensus for adoption

Brian and co-authors: 

As I typed my response to Brian’s questions, I found it was turning into a copy of my chair’s response to the WG adoption call.   Therefore, I have just included my review as the shepherd to Brian’s request. 

Cheers, Sue 

<WG chair hat on> 

Summary: 

There is no consensus on adoption this draft in its current form.   The IDR co-chairs remain committed to the route-leak mitigation work and large communities. 

<WG chair hat on> 

Would 255 ASNs instead of  original request:

Even requesting 255 ASNs needs substantial justification.  For the route leaks, we  anticipated 2-8 would be sufficient.  As you recall when we started this approach,  I talked with Alvaro (our AD) and IANA to determine if IDR could request these special ASNs. 

However, asking for 255 ASNs you would need: 

a) a draft indicating the request for the ASNs, 

b) support of the draft from grow (WG adoption, WG LC) 

c) support of the draft from IDR (WG adoption, WG LC) 

255 ASNs should be vetted IDR, grow, and operator community.  If you go this way, I would suggest the Grow chairs also ask the *NOGs (NANOG, RIPE, JANOG..) if allocating 255 ASNs is ok. 

Route leaks: 

As you indicated, the route-leaks needs a small amount of ASNs.  As you recall from our discussion the IDR chairs at the time (John Scudder and myself) felt would could use the drafts in IDR and Grow to push for 2-4 special purpose ASNs.   My current co-chairs agree to support this initial allocation. 

Large community changes: 

I quietly listened to the WG adoption call on this draft because it mattered what the ISPs and implementers said.  The Large communities (RFC8092) had overwhelming support from the operation community for 12 octet value with simple encoding.  

The RFC8092 encoding does not have support for transitive nature because the operator community wished to have a simple encoding.  After placing the WG LC during IETF and immediately after I did not hear an outcry from the operations community to change the simple nature of Large communities.  

Well know community registry: 

The original large community (RFC8092) creation did not take the time to create a “well-known community” registry.  My reading of the community effort that time was a “well-known community” registry was acceptable to the community, but not at the cost of slowing down deployment of large communities.  The hard work of getting consensus on the size and range for large communities needs to happen prior to asking IANA to create the registry. 

Possible next steps: 

1. Break the -4 ASNs away from the draft and append the request to existing grow drafts.   Section 6 of (draft-grow-route-leak-detection-mitigation-04.txt) could request specific ASNs.  

2.  Working with IDR/Grow to create a well-known Large Community registry discussing whether well-known community are just values registered or a range.   

3.  Work to get 255 ASNs approved through IDR/GROW

4.  Use a BGP attribute to solve the transitivity. 

The authors can contact the idr co-chairs as a group or grab one of the IDR co-chairs for a chat.   The IDR co-chairs meet weekly.   Let us know what we can do to help you. 

 <WG co-chair hat off> 

<WG participant hat on> 

In my personal opinion, GROW is a good place to discuss the large community registry as operations people know the requirements for the size of registry.   

Cheers, Sue