IETF Logo Mail Archive

Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Fri, 11 May 2018 05:39 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A821212D943; Thu, 10 May 2018 22:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RXQQiU53yGk; Thu, 10 May 2018 22:39:32 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 547E212D872; Thu, 10 May 2018 22:39:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17058; q=dns/txt; s=iport; t=1526017172; x=1527226772; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=LEXopWkYoIJR7pFvHFljlSrU5ww8BlRRdYb8ejV8juo=; b=dpVKddtVpJEihR/IJQVK/eorIl4+nAoDp/eN+7iJghFamDEY1pQ+ToX9 p1EnFhR/q9XHkkag+MNY7w8S6zPOkYz8Wi/G7kiDBxd6vmbrx394yiZ/g nHtcfJKr0qqL8TU3r7WWv1lRgsEFkbLjI9amLulMqVbh665Ge7WBTVbX2 A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BYAQBNLPVa/4QNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYJNSytheygKi2yMboF5gQ+OPIR4FIFkCyWEAUYCgwEhNBgBAgEBAQEBAQJsHAyFKAEBAQICHRBMEAIBCBEEAQEoBzIUCQgCBAENBQiDHYEbZA+uDYhJgkMFhxuBCoFUP4EPgwuDEQEBAQKBIWgKhR4Chx0kiUKHKwkChWWIYoE+g2GHUIIrhR2CCIZiAhETAYEkARw4gVJwFYJ+giAXegEIh1aFPm8BjHMrgQGBGAEB
X-IronPort-AV: E=Sophos;i="5.49,387,1520899200"; d="scan'208,217";a="112790006"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 May 2018 05:39:31 +0000
Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id w4B5dUSD004351 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 11 May 2018 05:39:31 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 11 May 2018 00:39:30 -0500
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Fri, 11 May 2018 00:39:30 -0500
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "Smith, Donald" <Donald.Smith@CenturyLink.com>, John Scudder <jgs@juniper.net>, "idr@ietf. org" <idr@ietf.org>
CC: "draft-ietf-idr-bgp-flowspec-oid@ietf.org" <draft-ietf-idr-bgp-flowspec-oid@ietf.org>
Thread-Topic: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
Thread-Index: AQHT3ZkE/arcG/QefEmi41lu0QPjP6QpsfcAgAAIMACAAFz7QA==
Date: Fri, 11 May 2018 05:39:30 +0000
Message-ID: <e0e1857b46104431be4f655fe8d1e0b1@XCH-ALN-014.cisco.com>
References: <DB4DB79D-22DD-45A7-980A-B33C5E58C1C7@juniper.net>, <2997BE5D-F4C6-4AC2-9B00-126436FC5141@juniper.net> <68EFACB32CF4464298EA2779B058889D53DB49B4@PDDCWMBXEX503.ctl.intranet>
In-Reply-To: <68EFACB32CF4464298EA2779B058889D53DB49B4@PDDCWMBXEX503.ctl.intranet>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.61.197]
Content-Type: multipart/alternative; boundary="_000_e0e1857b46104431be4f655fe8d1e0b1XCHALN014ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/kXUgiXQPQO-LzbDJ9wDXXWObf5c>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 05:39:35 -0000

I support the draft.

Donald, are you saying that AS1 should accept a flowspec rule from AS2 for traffic going to AS3?
If AS1 can trust the flowspec from AS2, then I don't see why not.
Maybe we can add text to the effect of:
The rules stated here are for default behavior.
Local policy may allow flow specifications from other EBGP neighbors to be accepted.

Thanks,
Jakob

From: Idr <idr-bounces@ietf.org> On Behalf Of Smith, Donald
Sent: Thursday, May 10, 2018 11:58 AM
To: John Scudder <jgs@juniper.net>; idr@ietf. org <idr@ietf.org>
Cc: draft-ietf-idr-bgp-flowspec-oid@ietf.org
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06


This supports some of the bi-lateral, ddos-peering work we want to do, so support.



https://pc.nanog.org/static/published/meetings/NANOG71/1447/20171003_Levy_Operationalizing_Isp_v2.pdf



That is almost always going to be between some set of systems not one hop away, not directly in the forwarding plane, probably not really IBGP peers.



" It thus becomes necessary to modify step (a) of the RFC 5575<https://tools.ietf.org/html/rfc5575>
   validation procedure such that an IBGP peer that is not within the
   data forwarding plane may originate flow specification NLRIs."



While you could have the IBGP peer directly in the forwarding plane, forward it like a route reflector, requiring it to seems counter intuitive as it is more likely to come from some BGP speaking tool in ISP requesting the filter.



Next lots of references to IBGP and a few to EBGP, when I think of IBGP, IBGP is internal to a single AS (yes I know there are exceptions) but that is kind of the meaning, while this is mostly between peers (whom could do IBGP between them but is that required? Can't we validate without IBGP direct connections?)




Metric System < +000 > -000
Extra People's Terribly Good Meals Kept mY uNCLE    Ned   Purring For     Ages
Exa   Peta        Tera     Giga   Mega  Kilo milli Micro(u) Nano Pico    Femto Atto
Donald.Smith@centurylink.com<mailto:Donald.Smith@centurylink.com>
________________________________
From: Idr [idr-bounces@ietf.org] on behalf of John Scudder [jgs@juniper.net]
Sent: Thursday, May 10, 2018 12:28 PM
To: idr@ietf. org
Cc: draft-ietf-idr-bgp-flowspec-oid@ietf.org<mailto:draft-ietf-idr-bgp-flowspec-oid@ietf.org>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
Hi All,

On Apr 26, 2018, at 3:58 PM, John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>> wrote:

The authors have requested a working group last call for draft-ietf-idr-bgp-flowspec-oid-06. Please respond with your comments before Friday, May 11.

A quick update on the status of this WGLC:

- All the authors have responded about IPR (thank you!).
- Three people who are not authors (Acee, Shyam, Keyur) have responded supporting publication.
- Nobody has responded with other comments or opposition.

Three respondents is not a very large number; it would be helpful if others would chime in.

The WGLC period is scheduled to end tomorrow.

Thanks,

--John
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.

v2.23.0 | Report a Bug | By Email