IETF Logo Mail Archive

Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

"Keyur Patel (keyupate)" <keyupate@cisco.com> Thu, 12 June 2014 16:52 UTC

Return-Path: <keyupate@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FC791A01BF for <idr@ietfa.amsl.com>; Thu, 12 Jun 2014 09:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.151
X-Spam-Level:
X-Spam-Status: No, score=-15.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qmFUegP44dFg for <idr@ietfa.amsl.com>; Thu, 12 Jun 2014 09:52:05 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 798A21A01AA for <idr@ietf.org>; Thu, 12 Jun 2014 09:52:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25482; q=dns/txt; s=iport; t=1402591926; x=1403801526; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=CBkquTKI8hLo+i5iqKpXXNMiL8fPEPDWcOJHKzRn1xw=; b=ZHiEjbp+0hA6xTtJaZMt/B5J5H/oYYTIf4Y2IysctO8eAbJVMKlyeoJ/ 8ChOJAjSEw/SfPrpZ9gWhu04v0gs8muEMinFTsU0XxcK2lqZlSBQqCE+A SYuSuIPH1QME9XhvqgyU4kt4OD08M6h57OWYLaIpVJrX7eVpJP4luZcoe k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgkGAEnamVOtJA2I/2dsb2JhbABagkZHUlmpTgEBAQEBB5AQgVIBhzsBgQoWdYQDAQEBBAEBARoQQQsSAQgRAwEBASEHLgsUCQgCBAENBRSILg3SKxeFXIVhgjwRASUHEwwBBAYBAgSEOwSaMoFDkg+BfIFAgW8HFwYc
X-IronPort-AV: E=Sophos; i="5.01,466,1400025600"; d="scan'208,217"; a="52571282"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-7.cisco.com with ESMTP; 12 Jun 2014 16:52:04 +0000
Received: from xhc-rcd-x08.cisco.com (xhc-rcd-x08.cisco.com [173.37.183.82]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s5CGq4Se002127 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 12 Jun 2014 16:52:04 GMT
Received: from xmb-aln-x09.cisco.com ([169.254.4.72]) by xhc-rcd-x08.cisco.com ([173.37.183.82]) with mapi id 14.03.0123.003; Thu, 12 Jun 2014 11:52:03 -0500
From: "Keyur Patel (keyupate)" <keyupate@cisco.com>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>, Susan Hares <shares@ndzh.com>, idr wg <idr@ietf.org>
Thread-Topic: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
Thread-Index: AQHPhl6ioQM6V/KMVE6ciYitCsRUAA==
Date: Thu, 12 Jun 2014 16:52:03 +0000
Message-ID: <CFBF2956.76128%keyupate@cisco.com>
In-Reply-To: <29140_1402414807_539726D7_29140_10276_1_53C29892C857584299CBF5D05346208A0716175D@PEXCVZYM11.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
x-originating-ip: [10.21.81.86]
Content-Type: multipart/alternative; boundary="_000_CFBF295676128keyupateciscocom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/idr/j4yMDNmsE3GbgE9eeKXUsyHd-LY
Cc: "'John G. Scudder'" <jgs@bgp.nu>
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jun 2014 16:52:08 -0000

Hi Bruno,

Thanks for the draft review. Comments inlined #Keyur

From: <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>>
Date: Tue, 10 Jun 2014 15:40:05 +0000
To: Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>, idr wg <idr@ietf.org<mailto:idr@ietf.org>>
Cc: "'John G. Scudder'" <jgs@bgp.nu<mailto:jgs@bgp.nu>>, "Murphy, Sandra" <Sandra.Murphy@parsons.com<mailto:Sandra.Murphy@parsons.com>>
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

Hi,

Thanks for the cross WG review. Please find below some proposed comments.


1)      For people not following SIDR, could you please elaborate on why http://tools.ietf.org/html/draft-ietf-idr-custom-decision-04 has not been used? (via the registration of a new Point of Insertion specific to origin validation) (as I though draft-ietf-idr-custom-decision was intended to be the last time BGP decision process would be modified)

#Keyur: The draft don't suggest modifications to the BGP best path algorithm. Infact the next rev of the draft should fix and remove section 3 as well.  The extended community used in draft is use to signal BGP best path validation state within an IBGP network.


2)      Could the document specify the action to be taken when multiple “Origin validation state extended” community are present with different validation state? And how are handled validation state value > 2. (from current text, it would not be considered an error, just lower priority. But I would prefer an explicit statement to avoid surprising error handling behavior)

#Keyur: There SHOULD not be multiple such extended communities for a given BGP path. We can add the necessary text.



3)      Rfc 6811 is referenced twice in important sections. What about moving it to “normative reference”?



#Keyur: Sure.


4)      Following discussion triggered by http://tools.ietf.org/html/draft-decraene-idr-rfc4360-clarification-00 I understood that the IDR conclusion was that a non-transitive community may be attached on the outbound policy of an eBGP session; hence may received over an eBGP session. Given this, IMO the security consideration needs more text. (assuming that the ability for a neighboring AS to influence/force the origin validation state is considered acceptable, which would probably need to be discussed in SIDR)

#Keyur:  Ideally, the usage of this community should NOT be encouraged across inter-as boundaries.  We can add necessary text to reflect that part.



Regards,
Keyur

Thanks,
Regards,
Bruno


From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Susan Hares
Sent: Tuesday, June 10, 2014 4:32 PM
To: idr wg
Cc: Murphy, Sandra; 'John G. Scudder'
Subject: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes

IDR:

The SIDR WG has asked for cross review of the draft-ietf-sidr-origin-validation-signaling-04.  This draft changes the RFC 4271 decision process in the following manner:




If a BGP router supports prefix origin validation and is configured for the extensions defined in this document, the validation step SHOULD be performed prior to any of the steps defined in the decision process of [RFC4271<http://tools.ietf.org/html/rfc4271>]  The validation step is stated as follows:



      When comparing a pair of routes for a BGP destination, the route

      with the lowest "validation state" value is preferred.



In all other respects, the decision process remains unchanged.

The draft is at:

http://tools.ietf.org/html/draft-ietf-sidr-origin-validation-signaling-04

John and I would like to hear your comments regarding the RFC 4271 revision.  Please send comments that include “support”  or “no support”.

Sue and John

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.


_______________________________________________ Idr mailing list Idr@ietf.org<mailto:Idr@ietf.org> https://www.ietf.org/mailman/listinfo/idr

v2.40.4 | Report a Bug | By Email | System Status