IETF Logo Mail Archive

Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt

Ben Maddison <benm@workonline.africa> Wed, 07 October 2020 07:52 UTC

Return-Path: <benm@workonline.africa>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8D603A1694 for <idr@ietfa.amsl.com>; Wed, 7 Oct 2020 00:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgWqP8mgoCLe for <idr@ietfa.amsl.com>; Wed, 7 Oct 2020 00:51:59 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60048.outbound.protection.outlook.com [40.107.6.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C76E63A1252 for <idr@ietf.org>; Wed, 7 Oct 2020 00:51:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F93dwHr2ZluG1PzA6+jSH4vJRy44TXjlEui8LycSdKRCkvG5ApIB2D++Hg1XiRTsvnLYC6fM7GNO2kb/VmmxVAtJivwWqB/ZrNBO7mnzSiB4iZZ2o54PU57sENaA3aJAEP6eYoh3aFv4XhC04dNfu4J5i8wda0Z7afCFY7oxblZNn+vo/romu3EnY5cO5HfaBHwk6j29T/Vu4xr9ZauMFSYiLeAPlpnq6HgLBbCDdUIZycqiki9KmgLTA9grM+A+Kn7/EgfOErL2nODZyQvU+1su60IVYYXD8JsA9oCaFPf0dmqdMMlELdKiWc66TSS2BV6I/7VF2PitMitLNsv7KA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wnuQCdCKbJvahfMBe7zlMetztE1Sm9pEGMb+eBiXo1A=; b=FoSjQrq+naVai1z3JaWS/QeXpnOahR8XNTtxEPOtyrMOar5HVEbjg5whnSGtO13WbKS3r5dj6mvflOSFxQmXLR9lCt231H6S0beLv4F6YOsIK2CKVlMZjTjn7jRPiKT1hM54r2AgscCgcsEAWjtujUG3CKx+50pq9sIgjMOmNlejwSFQDhNzyJ7se+KaFLVAwLMlUDbqRl3QznSiSNARsP63IcNJgUZY3DCfrPg0Zm6mi7OB2fR/LDZSOLCeUUEDB3ZE87ab7qRH10YMsPCmvnsb62WnS4LiNYGNNV5T5IxskfPzGoHX0uo/VnYXak0CknbcpSpNiHs+Z2J65jW8Lw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wnuQCdCKbJvahfMBe7zlMetztE1Sm9pEGMb+eBiXo1A=; b=qT51aLjMJcEGvb04ldqih2jsfMcbBZQ8VsDH9tHeUBwIW1xo7HgLfXN8TAJTouNw4S7i/0N4LzLlzgcsOIzuduiQmEvwE+VWOcBVNoqwZf2GCYodXMxwXD9YtcIVJRgYUGcunGK0+S3HHamtHUv4ju837msyzGlPd/Y1+VAb3iY=
Authentication-Results: kumari.net; dkim=none (message not signed) header.d=none;kumari.net; dmarc=none action=none header.from=workonline.africa;
Received: from DB8P190MB0746.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:12a::24) by DBAP190MB0869.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:1b0::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21; Wed, 7 Oct 2020 07:51:54 +0000
Received: from DB8P190MB0746.EURP190.PROD.OUTLOOK.COM ([fe80::4d2c:b51:39b1:8fdd]) by DB8P190MB0746.EURP190.PROD.OUTLOOK.COM ([fe80::4d2c:b51:39b1:8fdd%5]) with mapi id 15.20.3433.045; Wed, 7 Oct 2020 07:51:54 +0000
Date: Wed, 07 Oct 2020 09:51:48 +0200
From: Ben Maddison <benm@workonline.africa>
To: Warren Kumari <warren@kumari.net>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, idr <idr@ietf.org>
Message-ID: <20201007075148.em5nenss2zm4pfyl@benm-laptop>
References: <160147241917.18722.10402627847451321205@ietfa.amsl.com> <CALxNLBj0Y6yLa963_6zGgiLJNyhGikRrDMB4ySSVUD3T-o6nog@mail.gmail.com> <CABNhwV2isC3o2h2nr45RTnMhRRrDe1nuyyrj9z611_rOYEL_Eg@mail.gmail.com> <CAHw9_iLRX9sYOw+Tyb9PO0_N6ZHqmW8B+SkOArXyY12qOEXqww@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="5bul2k5aiuzspeix"
Content-Disposition: inline
In-Reply-To: <CAHw9_iLRX9sYOw+Tyb9PO0_N6ZHqmW8B+SkOArXyY12qOEXqww@mail.gmail.com>
X-Originating-IP: [165.0.73.66]
X-ClientProxiedBy: CTXP275CA0024.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100::36) To DB8P190MB0746.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:12a::24)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (165.0.73.66) by CTXP275CA0024.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21 via Frontend Transport; Wed, 7 Oct 2020 07:51:53 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5a7f3894-8f96-4ab2-9837-08d86a95db8d
X-MS-TrafficTypeDiagnostic: DBAP190MB0869:
X-Microsoft-Antispam-PRVS: <DBAP190MB086959F816F75A8F6D025F7FC00A0@DBAP190MB0869.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:6108;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 8hFJUgaI/lwh/DDPDbHX0NgItnmUEZVrTP/T+cRn63g90oxWKQePrYZe6HXrQ2JtsI/Hn6RN/4Jy3oPv/6V/j9eD/vj5UCo2/NI+leX3S9ukj+66PVSEturRBGx7v6ftC70vTo73t+TJY+Ew5p8Rhd1E1/ELijDaGucWE6u34RXgP0loWsndmmI58ynTz2ot27VQ5p1smlVrcIrvX8CelTkXalvN97vi9Knvjk68LNLaG76ga42u7hBzBOguLDca2XkBEMRSFD9ZXRiNDCeuO36l5CR9jKR70BOSmmHnoS3fgx/9sKH+yAIDVUyDalzh2d7di/ZSnCW7YBMbCjc6SnJXzuY10NIsMkK9JD1PKfi/k+b2PhAVmTiVV/435VFd5wy/sW78cuPp7IwsH4GyTA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P190MB0746.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(7916004)(346002)(376002)(366004)(136003)(396003)(39830400003)(6486002)(26005)(21480400003)(186003)(44144004)(86362001)(8676002)(52116002)(4326008)(33716001)(9686003)(53546011)(66946007)(316002)(6496006)(83380400001)(54906003)(5660300002)(956004)(8936002)(66556008)(66476007)(1076003)(6666004)(478600001)(2906002)(16526019)(6916009)(46492008)(2700100001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: xrpx/MsVJX+W9Gecf0cnF4h5K34q6m0JyJvKl4qDC96M0QmMFWSU4Mu257dljDjXo+c27oHyjIpNsvGKve9VWR9LbHh6N0yHSuO0JjZrVlF4SZo1CfPvRMqBbbO4aQqSXc0N8IVXDuBsL5QFnwHzyk5fwviQ9AIJnd9zb+4TwxzqklBtioQ/Uz/LPTf++oXJO9ZfuZbsI/hmEe6LMAk5F6QHPP3FellE+FbJ56XG1HqW/CkNN4ThBebIGKjWQBzaxDqMjnEj8Dp0xb8Qib6Wmw5zsmDuAnegnugIMudNv585inCY4MgigIBWKJD38l3tI48PIwJdrvAZ54SwyUaV2hvf61FisXvV8pe06W6HbPJIuN9IoyXPSC7AjYwMkVDkFOO/qFy9+2/+KildxFg4Wym8iymAeJirc9dV+SS2/14sVVwBDoP7HyNkZJIf0x1lKjxfYIXMEhvWJMUtJFWi9V9F4ufO47XuBuucKZTGPd2ocMo6qqwj1xxzM4Ap+EBergYNp+qSbBb7cKMoVkbbfCGOEx8RXiZ/JRkJv/BJJhAE3LWU8sjIVYF/t1oC/gIoxaRZBznnRuaJJ5kfPfdY5J3W/mWRZ1otvRD+VF0wzJqtqyn3lVCKMqRK5Kq8NT8Qm5PVOPcF11fXG3IrLD6T+Q==
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a7f3894-8f96-4ab2-9837-08d86a95db8d
X-MS-Exchange-CrossTenant-AuthSource: DB8P190MB0746.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2020 07:51:54.3725 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: dsrDffWIdpO3ULP20GDieTpnpom+odup5XOYATh43l4xfMY5IMFKlWHBh4AuOEaSerURmkrmLaaoXOpTsuQSOw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAP190MB0869
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/hwXp6S6juJBiYT_ImDMk0txfjD4>
Subject: Re: [Idr] Fwd: I-D Action: draft-sas-idr-maxprefix-outbound-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 07:52:02 -0000

Hi all,

On 10/06, Warren Kumari wrote:
> <no hats>
> On Wed, Sep 30, 2020 at 10:53 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:
> >
> > Hi Authors
> >
> >
> > Would it be possible to modify the action so that we have the option to not disconnect the peer and allow the peer to remain UP state but clip the routes above the upper limit and provide this option for both inbound and outbound directions.
> 
> Errrr... how sure are you that this is the behavior that you *want*?
> If you have tripped the max-prefixes limit it's almost always:
> 1: things have been slowly growing over time, you've tripped your
> warning limit. The right thing to do here is carefully look at the
> prefixes, make sure they are what you expect, and bump it up by a bit.
> 2: you've just borked your filters and are now trying to leak full
> tables to your peers. The right thing to do here is tear the session
> down and go do penance...
> 
> I strongly suggest taking this question to GROW / NOGs before adding a
> "send as many as you can and then start filtering" option; tripping
> the hard limit should be the same as a circuit breaker, not a
> resistor.

I'm with Warren on this.
If the log that the warning level generates goes unnoticed, then it's highly
likely that whatever byzantine forwarding issue the "clipping" creates
will do so too, and possibly persist for a long time.

I wouldn't want to be the on-call engineer in the middle of the night
that has to make the logical leap from a ticket that says "we're seeing
a weird-looking traceroute ..." to "we have half-tripped someone else's
max-prefix limit".

Additionally there is also no guarantee that in the event of a leak the
"leaked" prefixes are the ones that are "clipped". It's just as likely
that you end up with the worst case scenario of causing an outage for
the legit prefixes *and* allowing the leak to persist!

Cheers,

Ben

v2.23.0 | Report a Bug | By Email