IETF Logo Mail Archive

Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-flowspec-capability-bits-02.txt]

"Dongjie (Jimmy)" <jie.dong@huawei.com> Mon, 12 April 2021 17:04 UTC

Return-Path: <jie.dong@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C3AA3A0BBA for <idr@ietfa.amsl.com>; Mon, 12 Apr 2021 10:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJdlkot9wrLn for <idr@ietfa.amsl.com>; Mon, 12 Apr 2021 10:04:39 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19E623A0BB3 for <idr@ietf.org>; Mon, 12 Apr 2021 10:04:39 -0700 (PDT)
Received: from fraeml710-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4FJvwm2prFz67pRT for <idr@ietf.org>; Tue, 13 Apr 2021 00:54:48 +0800 (CST)
Received: from dggeme752-chm.china.huawei.com (10.3.19.98) by fraeml710-chm.china.huawei.com (10.206.15.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2106.2; Mon, 12 Apr 2021 19:04:34 +0200
Received: from dggeme754-chm.china.huawei.com (10.3.19.100) by dggeme752-chm.china.huawei.com (10.3.19.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2106.2; Tue, 13 Apr 2021 01:04:32 +0800
Received: from dggeme754-chm.china.huawei.com ([10.6.80.77]) by dggeme754-chm.china.huawei.com ([10.6.80.77]) with mapi id 15.01.2106.013; Tue, 13 Apr 2021 01:04:32 +0800
From: "Dongjie (Jimmy)" <jie.dong@huawei.com>
To: Jeffrey Haas <jhaas@pfrc.org>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-flowspec-capability-bits-02.txt]
Thread-Index: AQHXLXlmAc8Q1Y7BnUGpbs2hLpyRdqqxHmrg
Date: Mon, 12 Apr 2021 17:04:32 +0000
Message-ID: <4d862ff450b349e6bcdaf96bd4d09b99@huawei.com>
References: <20210409201047.GA13742@pfrc.org>
In-Reply-To: <20210409201047.GA13742@pfrc.org>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.160.244]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/i5ispzX2iqpSmyk0STnsmk0xyXE>
Subject: Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-flowspec-capability-bits-02.txt]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2021 17:04:43 -0000

Hi Jeff, all, 

I've read the recent discussion and the updated version of this draft, here are some thoughts and comments: 

I fully agree that incremental deployment of new flowspec components is important, and it does not need to wait for Flowspec 2.0.

Regarding a BGP flowspec component, there could be three different capabilities: 

1.	The capability of parsing and implementing the component as a filter

2.	The capability of parsing and propagating the component, but not for local use

3.	The capability of propagating the component further even it is not parsed

The first two capabilities are discussed in this thread and the updated draft, and to me it makes sense to distinguish these two capabilities. 

As sometimes a flowspec rule only needs to be installed on a subset of nodes, a node which is not required to install it or even support it may be on the propagation path of the flowspec rule. If there is some mechanism to limit the propagation scope or indicate the target nodes of the flowspec, the third capability may further help the incremental deployment of new flowspec components.

Then back to the encoding of the flowspec capability bits, if we want to consider the case that a node can propagate unknown flowspec components, one reserved bit in the bit-string may be used to indicate such capability, other mechanism is also possible. 

Thoughts?

Best regards,
Jie

> -----Original Message-----
> From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Jeffrey Haas
> Sent: Saturday, April 10, 2021 4:11 AM
> To: idr@ietf.org
> Subject: [Idr] [internet-drafts@ietf.org: I-D Action:
> draft-haas-flowspec-capability-bits-02.txt]
> 
> This version attempts to address the review comments received to date.
> 
> -- Jeff
> 
> ----- Forwarded message from internet-drafts@ietf.org -----
> 
> Date: Fri, 09 Apr 2021 12:45:48 -0700
> From: internet-drafts@ietf.org
> To: i-d-announce@ietf.org
> Subject: I-D Action: draft-haas-flowspec-capability-bits-02.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 
>         Title           : BGP Flowspec Capability Bits
>         Author          : Jeffrey Haas
> 	Filename        : draft-haas-flowspec-capability-bits-02.txt
> 	Pages           : 8
> 	Date            : 2021-04-09
> 
> Abstract:
>    BGP Flowspec (RFC 8955) provides the ability to filter traffic using
>    various matching components.  The NLRI format currently defined does
>    not permit incremental deployment of new BGP Flowspec components.
>    This draft defines a new BGP Capability to permit incremental
>    deployment of such new Flowspec component types.
> 
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-haas-flowspec-capability-bits/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-haas-flowspec-capability-bits-02
> https://datatracker.ietf.org/doc/html/draft-haas-flowspec-capability-bits-02
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-haas-flowspec-capability-bits-02
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html or
> ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> ----- End forwarded message -----
> 
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email