Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
<bruno.decraene@orange.com> Fri, 13 November 2015 07:44 UTC
Return-Path: <bruno.decraene@orange.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AC5E1B41BB for <idr@ietfa.amsl.com>; Thu, 12 Nov 2015 23:44:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nS-fkr-J5yWw for <idr@ietfa.amsl.com>; Thu, 12 Nov 2015 23:44:21 -0800 (PST)
Received: from relais-inet.orange.com (relais-nor36.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 183DF1B41B8 for <idr@ietf.org>; Thu, 12 Nov 2015 23:44:20 -0800 (PST)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr20.francetelecom.fr (ESMTP service) with ESMTP id 4FDDA405BE; Fri, 13 Nov 2015 08:44:18 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.18]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id ED6F51A0061; Fri, 13 Nov 2015 08:44:17 +0100 (CET)
Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM34.corporate.adroot.infra.ftgroup ([fe80::cba:56d0:a732:ef5a%19]) with mapi id 14.03.0248.002; Fri, 13 Nov 2015 08:44:17 +0100
From: bruno.decraene@orange.com
To: "Keyur Patel (keyupate)" <keyupate@cisco.com>
Thread-Topic: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
Thread-Index: AQHRHX8H0LcxO4TcLUanEBBj3HdQVJ6ZkvTg
Date: Fri, 13 Nov 2015 07:44:17 +0000
Message-ID: <26002_1447400658_564594D2_26002_11997_1_53C29892C857584299CBF5D05346208A0F6B8115@OPEXCLILM21.corporate.adroot.infra.ftgroup>
References: <002a01cf84b8$b0f55230$12dff690$@ndzh.com> <29140_1402414807_539726D7_29140_10276_1_53C29892C857584299CBF5D05346208A0716175D@PEXCVZYM11.corporate.adroot.infra.ftgroup> <0CE20ABC-B920-48B5-AB75-4E41AC1D6067@bgp.nu> <644_1447337897_56449FA9_644_166_1_53C29892C857584299CBF5D05346208A0F6B6DD1@OPEXCLILM21.corporate.adroot.infra.ftgroup> <86E65C6B-3B9E-4D02-91A6-B086C8D5C1AE@juniper.net> <26952_1447343317_5644B4D5_26952_6301_1_53C29892C857584299CBF5D05346208A0F6B7101@OPEXCLILM21.corporate.adroot.infra.ftgroup> <D26A2582.2ECD7%keyupate@cisco.com>
In-Reply-To: <D26A2582.2ECD7%keyupate@cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A0F6B8115OPEXCLILM21corp_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/jpwUWtDxh5esrbYSWjHchCj1Aqs>
Cc: idr wg <idr@ietf.org>, "Murphy, Sandra" <Sandra.Murphy@parsons.com>, Susan Hares <shares@ndzh.com>
Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2015 07:44:29 -0000
Hi Keyur, Thanks. All good. Best regards, -- Bruno From: Keyur Patel (keyupate) [mailto:keyupate@cisco.com] Sent: Thursday, November 12, 2015 8:19 PM To: DECRAENE Bruno IMT/OLN; John G. Scudder Cc: idr wg; Susan Hares; Murphy, Sandra Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes Hi Bruno, Posted -07 version that addresses all your recent comments. https://www.ietf.org/internet-drafts/draft-ietf-sidr-origin-validation-signaling-07.txt Best Regards, Keyur From: "bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>" <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>> Date: Thursday, November 12, 2015 at 7:48 AM To: "John G. Scudder" <jgs@juniper.net<mailto:jgs@juniper.net>> Cc: idr wg <idr@ietf.org<mailto:idr@ietf.org>>, Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>, "Murphy, Sandra" <Sandra.Murphy@parsons.com<mailto:Sandra.Murphy@parsons.com>> Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes Hi John, Thanks, looks good to me. More inline. [Bruno] From: John G. Scudder [mailto:jgs@juniper.net] Sent: Thursday, November 12, 2015 4:17 PM To: DECRAENE Bruno IMT/OLN Cc: idr wg; Murphy, Sandra; Susan Hares Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes Hi Bruno, Thanks for your additional comments. My responses in-line below. On Nov 12, 2015, at 9:18 AM, bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> wrote: Hi John, Thanks for taking the time to take my comments into accounts. -06 address all my comments. Following the changes, I have some further comments. Please feel free to silently discard/update as you wish. *) §2 :s/TBD/0x00 Thanks, will do. *) Following the removal of the change to the BGP Decision Process, the 2 first sentences of the abstract & Introduction could probably be removed or rewritten. (Currently is "As part of the origination AS validation process, it can be desirable to automatically consider the validation state of routes in the BGP decision process. The purpose of this document is to provide a specification for doing so. » Good point. I suggest simply removing the text you've quoted, and slightly rewriting of the remaining, something like: "This document defines a new BGP opaque extended community to carry the origination AS validation state inside an autonomous system. IBGP speakers that receive this validation state can configure local policies allowing it to influence theirdecision process." [Bruno] looks good to me. *) §2 "An implementation SHOULD NOT send more than one instance of the origin validation state extended community. However, if more than one instance is received, an implementation MUST disregard all instances other than the one with the numerically-greatest value." Sorry for nit picking, but since this may impact interoperability, I would prefer if you could explicitly specify what "numerically-greatest value" refers to. IMHO "validationstate" but some people could understand "extended community" If we assume (or specify) that the reserved field must be zero, then it's equivalent whether you compare only the lowest two bits or the entire eight bytes, because the top 62 bits are completely determined by the specification. That said, I think you are right, since in the future some use might be made of the reserved field. [Bruno] You are reading my mind. Seems like we can just add more description to "value", as in "... MUST disregard all instances other than the one with the numerically-greatest validation state value". [Bruno] Looks good to me. Thanks. *) §2 For the same reason, explicitly specifying what to do with the Reserved field would ease my mind. (I assume Reserved: MUST be set to 0, and SHOULD be ignored upon receipt) I agree, although I think it MUST be ignored upon receipt - after all, a future specification that assigns semantics to the reserved field can and will also revise the instruction to ignore it. So, I propose we add the paragraph "the Reserved field MUST be sent as zero and MUST be ignored upon receipt" as the final paragraph of section 2. [Bruno] I agree with you. For my defense, I quoted RFC 4760 (my first google hit). Thanks Regards, --Bruno Regards, --John Thanks, Bruno From: John G. Scudder [mailto:jgs@bgp.nu] Sent: Friday, November 06, 2015 1:22 AM To: DECRAENE Bruno IMT/OLN Cc: Susan Hares; idr wg; Murphy, Sandra Subject: Re: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes Hi Bruno, We believe -05 has addressed these issues, see below. On Jun 11, 2014, at 12:40 AM, bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> wrote: Hi, Thanks for the cross WG review. Please find below some proposed comments. 1) For people not following SIDR, could you please elaborate on why http://tools.ietf.org/html/draft-ietf-idr-custom-decision-04 has not been used? (via the registration of a new Point of Insertion specific to origin validation) (as I though draft-ietf-idr-custom-decision was intended to be the last time BGP decision process would be modified) We didn't register a new POI, but did remove the decision process change. It would be possible to register a new POI as part of follow-up work if demand for that exists, but we didn't think it necessary to move forward. 2) Could the document specify the action to be taken when multiple "Origin validation state extended" community are present with different validation state? And how are handled validation state value > 2. (from current text, it would not be considered an error, just lower priority. But I would prefer an explicit statement to avoid surprising error handling behavior) Done. (Drop the community.) 3) Rfc 6811 is referenced twice in important sections. What about moving it to "normative reference"? Done. 4) Following discussion triggered by http://tools.ietf.org/html/draft-decraene-idr-rfc4360-clarification-00 I understood that the IDR conclusion was that a non-transitive community may be attached on the outbound policy of an eBGP session; hence may received over an eBGP session. Given this, IMO the security consideration needs more text. (assuming that the ability for a neighboring AS to influence/force the origin validation state is considered acceptable, which would probably need to be discussed in SIDR) Leaking the community across EBGP is now specified as off by default. Thanks, --John Thanks, Regards, Bruno From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Susan Hares Sent: Tuesday, June 10, 2014 4:32 PM To: idr wg Cc: Murphy, Sandra; 'John G. Scudder' Subject: [Idr] 1 WG call for Review draft-ietf-sidr-origin-validation-signaling-04 - RFC4271 changes IDR: The SIDR WG has asked for cross review of the draft-ietf-sidr-origin-validation-signaling-04. This draft changes the RFC 4271 decision process in the following manner: If a BGP router supports prefix origin validation and is configured for the extensions defined in this document, the validation step SHOULD be performed prior to any of the steps defined in the decision process of [RFC4271<http://tools.ietf.org/html/rfc4271>]. The validation step is stated as follows: When comparing a pair of routes for a BGP destination, the route with the lowest "validation state" value is preferred. In all other respects, the decision process remains unchanged. The draft is at: http://tools.ietf.org/html/draft-ietf-sidr-origin-validation-signaling-04 John and I would like to hear your comments regarding the RFC 4271 revision. Please send comments that include "support" or "no support". Sue and John _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ Idr mailing list Idr@ietf.org<mailto:Idr@ietf.org> https://www.ietf.org/mailman/listinfo/idr _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ Idr mailing list Idr@ietf.org<mailto:Idr@ietf.org> https://www.ietf.org/mailman/listinfo/idr _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorization. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorization. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified. Thank you.
- [Idr] 1 WG call for Review draft-ietf-sidr-origin… Susan Hares
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Sandra Murphy
- Re: [Idr] [sidr] 1 WG call for Review draft-ietf-… Robert Raszuk
- Re: [Idr] [sidr] 1 WG call for Review draft-ietf-… bruno.decraene
- Re: [Idr] [sidr] 1 WG call for Review draft-ietf-… Robert Raszuk
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Keyur Patel (keyupate)
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Sandra Murphy
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Randy Bush
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Robert Raszuk
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] [sidr] 1 WG call for Review draft-ietf-… George, Wes
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Keyur Patel (keyupate)
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Keyur Patel (keyupate)
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… John Scudder
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… John Scudder
- Re: [Idr] [sidr] 1 WG call for Review draft-ietf-… John G. Scudder
- Re: [Idr] [sidr] 1 WG call for Review draft-ietf-… John G. Scudder
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… John G. Scudder
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Keyur Patel (keyupate)
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… bruno.decraene
- Re: [Idr] 1 WG call for Review draft-ietf-sidr-or… Jeffrey Haas