[Idr] Re: Flowspec redirect-ip update
"Jakob Heitz (jheitz)" <jheitz@cisco.com> Mon, 14 October 2024 23:28 UTC
Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D853C169401 for <idr@ietfa.amsl.com>; Mon, 14 Oct 2024 16:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.744
X-Spam-Level:
X-Spam-Status: No, score=-9.744 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FSIu0NXbrCYo for <idr@ietfa.amsl.com>; Mon, 14 Oct 2024 16:28:19 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DD59C1519B8 for <idr@ietf.org>; Mon, 14 Oct 2024 16:28:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=20558; q=dns/txt; s=iport; t=1728948499; x=1730158099; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=Ayzg5Gn2+aYBN/aFgTYVu3aM1NhbDfQVnrrI194ftpE=; b=Es9pswPR21h0X2s2hS1lEXJw6gGyPKeakMVs1Q4QjNPerpAVKIDXChS6 ShLV/KyjH3w/nsFUr/DQQb99eyw6PocwdjiDZapzhvOcn6x5I2KeErbSM KO8AS1fwKvz8ktVD0R7KVTjV/ewML3EgRBEKydakgwyjjfaK4yIBNgPDb U=;
X-CSE-ConnectionGUID: EoMnA5uPTCaype3VffECqg==
X-CSE-MsgGUID: J+nEY2ODQ9GWghatkzZKZQ==
X-IPAS-Result: A0AIAACOqA1ngYsQJK1aGwEBAQEBAQEBBQEBARIBAQEDAwEBAWWBFgYBAQELAYFAMVJ7AoEcSIRVg0wDhE5fhlGCIgOBE5YshlcUgWoPAQEBDQI7CQQBAYUHAhaKCwImNAkOAQIEAQEBAQMCAwEBAQEBAQEBAQUBAQUBAQECAQcFFAEBPQUOO4V7DYZbAQEBAQMSESsgGwIBCA4DAwECKwICAi4BFAkIAgQBBwsIDAkEAYJgghxIAwEQBqF0AYFAAooqeoEygQGDWgIQQdtsBoFIAYhKASqBMgIOg3SDeIEIJxuBSUSBFUKCMDg+gmEBAQEBAReBEQESASMVCYM7OoIvBIFBIYIDAgMCBDUHfSGBIwISAQNlbkgCAUQgMA+BS4EJEoEJRYIUAmgPKjwDgSYLgQt+Vw8qLQEYOBwdWxoCDIMBfCVKWRCCQz2CTwICAgICAgICAgICAgICgQ8lboIDggNjAg0DgW9MIoFyh2JSdSIDJjMhAhEBVRMXCwkFiTUKgnYFIYFuJoEJFoJygTOBGQKCV4FnCSc6h2VggQyBPoFZAUaBF4FbSiSDK4FwBThJOYIWak46Ag0CN4IkJFyCUYRveBQdQAMLbT01Bg4bBQSBNQWqPQQ2AYFaAUaBVwolTDIMHQYDBDIGGQIUDg1MHS0VORkGCxQmkk8kg1+LO0ejHgqEGowWiFyNAxeEBY0BlXqCZ2WYdyKCNIsnmnkCBAIEBQIPAQEGgWc6a3BwFRohgmdSGQ+OMhGDWIUUwyt4AjkCBwEKAQEDCYwdLYFOAQE
IronPort-PHdr: A9a23:Mw2fcxdNGCXdeappSrkMx8gllGM/gIqcDmcuAtIPgrZKdOGk55v9e RCZ7vR2h1iPVoLeuLpIiOvT5rjpQndIoY2Av3YLbIFWWlcbhN8XkQ0tDI/NCUDyIPPwKS1vN M9DT1RiuXq8NCBo
IronPort-Data: A9a23:gCU6QaO0ioD0o23vrR3Pl8FynXyQoLVcMsEvi/4bfWQNrUp00WEEm jQeWmHVa//YNzbxeox2YInn/BgEucfTnIRqTHM5pCpnJ55oRWUpJjg4wmPYZX76whjrFRo/h ykmQoCdap1yFDmE/0fF3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZh6mJTqYb/WlrlV e/a+ZWFZAb9gmIsbwr41orawP9RlKWq0N8nlgRWicBj5Df2i3QTBZQDEqC9R1OQapVUBOOzW 9HYx7i/+G7Dlz91Yj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnBaPpIACRYpQRw/ZwNlMDxG4 I4lWZSYEW/FN0BX8QgXe0Ew/ypWZcWq9FJbSJSymZT78qHIT5fj69hpKUcfYJAgxs1+EHlDr sIWJh0mdx/W0opawJrjIgVtrs0nKM+uOMYUvWttiGmDS/0nWpvEBa7N4Le03h9p2ZsIRqiYP pRfMGE+BPjDS0Un1lM/CpIznfu6rnL+aDZf7lmSoMLb5kCIklQrgOCyYYS9ltqiZ4ZTs3fCg U7/rkvGDRETKN+N+xm3yyf57gPItXimAN1JTuLQGuRRqFyf3EQSBQEYE1yhrpGEZlWWUtZbL QkQvyEpt6V3rBbtRdjmVBr+q3mB1vIBZzZOO8A9zQekl7fs3y2QF3AJFQBPZvENrcBjEFTGy WS1t9/uADVutpicRnSc6qqYoFuO1c49czZqicgsE1dt3jXznLzfmC4jWTqKLUJUsjEXMW2rq 9xphHFi71n2sSLt//7ilbwgq2jyzqUltiZvum3qspuNt2uVnrKNaY2y8kT85v1dNoufRVTpl CFbwZjOsLxVV8DSyHXlrAAx8FeBuq3t3Nr03A8HInXd3270k5JeVdkKuWgldR0B3jgsJmezO xG7VfxtCG97ZybyMvQtPOpd+uwhzLPrEpz+R+vIY99VKpl3f0nvwc2dTRD44owZq2B1yftXE c7CKa6EVC9GYZmLORLsFo/xJ5dxl3hmnQs+hPnTk3ya7FZpTCXPF+pcbgvUMr5RAWHtiFy9z uuz/vCikn13eOb/eSLQt4UUKDg3wbITXPgad+Q/mja/Hzdb
IronPort-HdrOrdr: A9a23:G8KA4K8zZgG5A528T25uk+GKdr1zdoMgy1knxilNoENuA6+lfp GV/MjziyWUtN9IYgBepTnhAsW9qADnhOBICOgqTPqftWbdyRCVxe1ZnO/fKnjbalHDH41mpO tdmspFeafN5DFB5K6QjnjbYrMdKZu8gd2VbIzlvhFQpHRRGtldBnBCe3+m+yNNNW57LKt8Pq CxouBAoD2tc2kWaMOUOlkpNtKom/T70LjdTVojHRAI1Cmi5AnE1Ff9KXel9yZbdwkK7aYp8G DDnQC8zL6kqeuHxhjV0HKWx4hKmfP6o+EzSvCku4wwEHHBmwyobINuV/mppzYuutyi714sjZ 3lvwogBcJu8HncF1vF4CcFmjOQkArG2UWSi2NwskGT5PARgwhKT/apsLgpMScxLXBQ++2Unp g7mV5x/KAnfC8o1B6Nl+QgESsa2XZdZREZ4LYuZ7s1a/pGVJZB6YMY509bC5EGAWbz750mCv BnCIXG6O9Rak7yVQGQgoBD+q3bYp0IJGbOfmES/siOlzRGlnFwyEUVgMQZg3cb7Zo4D51J/f 7NPKhknKxHCpZ+V9M2OM4RBc+sTmDdSxPFN2yfZVzhCaEcInrI75r6+q886u2mcIEBiJEyhJ PCWlVFsnNaQTOkNeSemJlQthzdSmS0WjrgjslY+phio7X5AKHmNCWSIWpe5PdIY89vdvEzd8 zDTa6+WcWTXlcGMbw5rTHDZw==
X-Talos-CUID: 9a23:5d8mGmtSOqXPYDR4T4aaZBSH6IsIdVjb5SrNG3OTAHdxRearR1G907prxp8=
X-Talos-MUID: 9a23:xRG8PQy+9cnfJPd+ZiuDtCwwWJOaqIbtDm08y7IqgpirCiNwMiuengaUcLZyfw==
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-l-core-02.cisco.com ([173.36.16.139]) by alln-iport-4.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 14 Oct 2024 23:28:18 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by alln-l-core-02.cisco.com (Postfix) with ESMTPS id 165AD18000190 for <idr@ietf.org>; Mon, 14 Oct 2024 23:28:18 +0000 (GMT)
X-CSE-ConnectionGUID: dh+10PlrSl+QNkvuzAPSsA==
X-CSE-MsgGUID: KwpX4aK/SVacN6ySfOUffA==
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.11,203,1725321600"; d="scan'208,217";a="39236466"
Received: from mail-dm6nam10lp2046.outbound.protection.outlook.com (HELO NAM10-DM6-obe.outbound.protection.outlook.com) ([104.47.58.46]) by alln-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Oct 2024 23:28:17 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JjdvNaxNx0rIym3lzPcUOvp7naJG8iBSCEgKimTZMtcRbglSDADrstCcvAwksLMIJgJHQ+OwSkqEm2NXZxRiFKU2kDs/hwkyeCW+2kCK2k5QEpRqXF5h/4ZPEooLT51iBd4eavhl/d2Np0fmg7dYaL82QbyVEHP0YVR3P1b1QlsPtuzTp5nu/fNHY6feAa1ULazorpYtOlU1rV4eFiICRRLHFFO0UhJWGGo3CNoHCzz0bXLLJpTyHV8xwqVy5pLyjasU1fdG868Hu08f7RAaAj7DGeLjZVR8ZC8Vq2+Ecb3odIygbWGFVJyiUoFwy/y1HUjgmwyAaqbSMXmqAcFKOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ayzg5Gn2+aYBN/aFgTYVu3aM1NhbDfQVnrrI194ftpE=; b=uZz3AVhbBrp78q05POzVLNS1D5D13KyLTcNHPq1bR79YHDusCzo62068wYsSZzCkpuW3hx6ttIWs6CZ0/5d8cEp9/kCca/1PySOf8VVaLnB2UB2BHQYcY6DGokVzNzRbTOS2qUsPCb+S/EiHIZiukfSZ9aJxbl7jt7lw46cMYZgxGNme9qB6bWZkJtjCAfiP/gGfxhcL1VegASzv5Sto6KK3sta5GybtqMdla62GZQ8ATdwoQhBXc/j6jYhUsqpEa2gIrI5q5dsvSFYP8Q3FpB+gVO049pra+ruMtZ2azViOc/Gxn8BokjykgFxuX3ZPOwwatk6lLXqW0AmwQkY2nQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from CY8PR11MB7778.namprd11.prod.outlook.com (2603:10b6:930:76::9) by SA1PR11MB8795.namprd11.prod.outlook.com (2603:10b6:806:468::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8048.26; Mon, 14 Oct 2024 23:28:16 +0000
Received: from CY8PR11MB7778.namprd11.prod.outlook.com ([fe80::7866:bd33:aeb9:31c8]) by CY8PR11MB7778.namprd11.prod.outlook.com ([fe80::7866:bd33:aeb9:31c8%7]) with mapi id 15.20.8048.020; Mon, 14 Oct 2024 23:28:15 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: [Idr] Flowspec redirect-ip update
Thread-Index: AQHbAdiM8ujvw2umYUSDVPnwP8FnkrKHGJdI
Date: Mon, 14 Oct 2024 23:28:15 +0000
Message-ID: <CY8PR11MB7778BA4E6459DCAB77FDD400C0442@CY8PR11MB7778.namprd11.prod.outlook.com>
References: <20240908101826.GA6410@pfrc.org>
In-Reply-To: <20240908101826.GA6410@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CY8PR11MB7778:EE_|SA1PR11MB8795:EE_
x-ms-office365-filtering-correlation-id: 0bd28301-4816-4ec5-4075-08dceca7e088
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|376014|1800799024|366016|10070799003|38070700018;
x-microsoft-antispam-message-info: 9Uc1TExeKYmAqXoXkDehzk7nP9cYEt7oDg8ryM4GjfnzpsG3fXMwlMCvGCcSj6y3DAmvCYUGqylcZE7WwIBWezgZ7bZytiG8ShMXRBiFif9xv/omfPA+RKLymT56eOsdvswhqCMv5tk2M3SbGSOo8m4khyIpVhkUHNHIFlto2yCYvwiyw0Oo3I1aiLgZuRXG90Br/gnDOsa6ExsO4kvFILCsg0saRAOYMifaf5UmR5VWGjX/1YDf718pqf+KEnbJljZ5hCA5E2V339uSbH//Gprpysk2skWHQdjsOHG4g/57GwDxjDVB9UYv/+CpznVpgIdsmCXSFSzD8M+l89b7aYaOVTgyC+DaquzfCuieZxWRTfnNAFDGjIIcPvXdujDsqfh8tEd+ahKrhlIoIP6qo4NX2Wvl7vRx4+2s6NcKE/4bl9SskVJNGKi5flwZuS9MWUFvTifU9QRlujmDd3jRLYg8eiiG+UsulLliqyxvD3VmxSj/v3MvYHTcgVkI2P9QbDKZ6E6t/bqqdd/o+RwbXD3ByY5uZg8+DvfwtjYgXggdRCr8xsML0Wzx+gaVU+mUXtg5kIgLMphHsMqHo+ZBfLSOEkv/0B0uM542QmBCXMHln7u393NXV5GLnUTnuyEKQHMxlzL5TgFaCxtvqpBjzFkXALf1WaVNeoZVM33RKy3jDwzBwgwK4a9vr3WOWfemX1WO4598gjUvwrUBZ4LJDGZbWaxE6S3oaI5yd417DG7hIwTcEppRFc54h3dgpCIPl3WJ2hAWy+r8Nphq2GxGCeDZFYnyuJzJhZ9N2XwYdzxoiVss9gDEa8D0Al7hlHMuNgF71daueZesjC6fU2/3PfUkZiJfV8V3NmDnq6+pIBuQYMFvHWk8M4eYI+vfHr59pteV4VUJSiDXNZdxY6J8dMrSijDoEyRNzKpRVEbd0/BWHqv+dsWJKEKZpIc/J0E5ktEYhOEpDY4jvak1HK1ZYh8oX8sTpTK6V+CQluRb6CpHvwvvPEKvK5189awxWY0lTLjTKkAtzeCSeGk3NCpmAVfGO6AtgDGsaiVhdRrN2oyfI8ZAAIC/KRB4qGpzpbdLY5v/atkBEgUicms3/gv955iQjrOUrBaBFCzwH5GAWY0krWtjrm0e7MfhT5ISS3SudZNJtvk9zf+TMYk/X7C0R/iFT81b+GA+ZY980FLZUxOM1W0nYYP0q23CyRM8n/nxJQxzxXjGwfoT81J8gKryJaZ1/+444lsOD8JCw88042wDw/0DYadpQ34ru4KCmlcPm25kl3kxyAc+6Jc45tUTKed+7GomcsIaKXqfWqMFMvmDfpVNoeqTADRXckbdbDij/ZImVn/FjWq+Vhlgf/u406Gl4+7ioVryG9NcdOes+kU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY8PR11MB7778.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(376014)(1800799024)(366016)(10070799003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: U94w9pKASm1qSSlqH+k5C/JKsWxNGMbjW1JAUIpKJcauHFA7RR5NiJQ8DtYVPnjzZ8K0+izpMwdkbco3wKOtm9ylUqmxca51LIRjamDdDFzLoXrAx+FOqVXQrcmzonAuADbjxY7MJuvGO/H/5WQ5UiAskey1hX+fN1YxgDO5KXlAjtgkErgx72yaPzNFkVNTxgwg837PwLcQvHFgw4Bzy7NskrEXfq7Wx0t2pFIrU1Zx27YiNq/xdaJZbAEKysgVmE3vgxzJogursQI90EZXOElSRMgcLhuxgMGwOq+esR0AB3n2JWy9hoW7cFKdODrihsxxRBR4qFLFIJJ+Ox8Lx27uKUyPV/ETcJo/apcEekObNj7FPCIPg6D/FT4jkqE3mXm57cumXDXhPjghP1foWqh6a51I6LQF8OunFxXuVfmiPvb/lwQv/MT1cpbn/7Z9sipjdVEN68KM0Bd9vLwfhbCx6RACmQo/nzsI5FPtWCqneDoRJPgsiitlzjSWahXpEDBy3s6L+nsqNfqX4MtuEHrPI32HPpHjs5GbOG58u1zBOh+0cyMr7GE9krqijLg3CcRSBM0XakHsPTWu7oAUHGgj/iyDGQs9oIunWc81Lo9S6J3TKOsu7OKpBxvxjQVmCURDTyt9ui4Bti5oIIG5EVQEKps2fSwb6W4ynI+YTMlz562s4ruQfvgwnQnYI8OqieCyG7qXIHzU0C0uizjE3fYsY95463yKO9SFOz3ZxEC/yL/7AgomBtnagoQbJx0HR9iomfw32RHpE6yd3kCc6qqTilnx/WdMZjOWDJ/fg7SJ4vQeTPK7PbdNulMZUAQXD23lJS6oB3e3pm9ZiWg30s317JAEbRsj4BXF276nkzaJnd4GLdnMzLxIh6dOIrRjeugffoOxLc6SSdWTPwCts/B8ngMkN7f2jqBj31JteQxQtPNP4DH0i4J2bc4HHUUrkEfWhx7J4S1Zu2snwZ9vHJftGCE8g60Ze1ni5201U6tEhi3VKvm0nhqxOI6haLMXEd3TXzjJB9e57Hw9ISHMF9s37e/UhxF4qtOI0mdJWrRatjnm4EovImYXiEnBKOMWaVxtMOjqVTAEOjVTzk04M8n+0uQ95Q30TrMJ1ZzqSMmY1rtjTwLps73nJd9TEIZW/pUWO/Kjxaca9DJ6NXObAui9i+z9tpDYC9ggO1sGS3cmUemY+55GL3ZATECf3p7C6NLxeFxngb8o11IQgbfT2NXwSQYWPidVAiVjWh1XbwYePCUevFNytlHwD4jDauG0atlDUz5SZmft9i2RlJmUGZ65zEkA3GAKSCEM+OOGECyzhywG+1uxnopUcAvzpYak7SIsJVY95uBv4GnuZ+yHUWgqfIS372QtM/I/xxcxiA2qlvNIocuUlhaw/AGXPymxvEGiIF1gs+cLUttJMJ8sFzJhSPEUZpg4CA4oX1/oaBaxwldAMgVYGKSSzVP9etToI5iZUy5HoUcBQ/InOd52eVqrNxXQ+anGdPDpNaaNRrcIc/n5xJzXq63D2V0ciVNKi0G2coGsZ423d/JVoywkA2jHMjvp33DaIRTFXwi+Rdn1KmBWVgD9Fm/MHQUAhI/6TMoEBZIKP0MZkXbkVBl3OJhz+l1cLtly1GH0gCJdd8zOBLThr/KRiaQCzW6hJ6rS
Content-Type: multipart/alternative; boundary="_000_CY8PR11MB7778BA4E6459DCAB77FDD400C0442CY8PR11MB7778namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY8PR11MB7778.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0bd28301-4816-4ec5-4075-08dceca7e088
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2024 23:28:15.0084 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: W//P4NNRMa5pBzijNn8G341mT5mA32pte81WDSK28+RplUvm2Ho5STwtCiLMFUwrUxFzYUuH/Wl4N0OtmgXHXg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB8795
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: alln-l-core-02.cisco.com
Message-ID-Hash: 3DN3D52NUQHU6UIWQZ44MBRD3YBDUAGD
X-Message-ID-Hash: 3DN3D52NUQHU6UIWQZ44MBRD3YBDUAGD
X-MailFrom: jheitz@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-idr.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Idr] Re: Flowspec redirect-ip update
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/l2gtcQBZu-AHWpbbO98MwDekLkI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>
Cisco IOS-XR has had an implementation without support of the copy bit since 2014. It encodes the redirect IP address in the nexthop rather than in the extended community. It conforms to Adam’s original draft using the Extended community with type value 0x0800. We have no intention to change this. I favor reverting the encoding back to Adam’s original, but to include the security additions. https://datatracker.ietf.org/doc/html/draft-simpson-idr-flowspec-redirect-01 Kind Regards, Jakob From: Jeffrey Haas <jhaas@pfrc.org> Date: Sunday, September 8, 2024 at 3:19 AM To: idr@ietf.org <idr@ietf.org> Subject: [Idr] Flowspec redirect-ip update In support of closing out lingering work, plus addressing a dependent document MISSREF, here's an update to the flowspec redirect-to-ip work. Known lingering issues are covered in my github where this work was originally being tracked: https://github.com/jhaas-pfrc/draft-ietf-idr-flowspec-redirect-ip/issues Redirect-to-ip for flowspec is supported in various forms across multiple vendors at this point. The remaining work is addressing what the current inconsistencies and lingering operational security considerations will mean for the final form of this document. Summary of known issues: - The "C" bit for copy behavior is not believed to be implemented by anyone at this time. However, since most of the supporting implementations are with vendors that do support some form of traffic cloning, we perhaps have a desire to leave this bit defined in order to future-proof the protocol extension. - Since this feature has dire consequences for traffic interception if the redirection address is not strongly controlled, there is new text addressing validating the redirection address vs. the destination address in a fashion similar to existing inter-AS/eBGP flowspec. And very similar to that mechanism in the flowspec RFCs, it may be disabled by configuratino. - Compound actions in flowspec are known to be challenging, and already a discussion point for enhancement in flowspec v2. In this draft, the compound action of redirect-to-vrf present in the base flowspec RFCs may be augmented with a redirect-to-ip. At this time, this compound behavior is not believed to be implemented. However, the authors had been contacted about preserving this encoding to support future use cases. - ECMP traffic distribution is inconsistently implemented. It's not believed that this is a problem but is worth flagging to the working group. Please review the update to the draft and provide feedback, especially if you have an implementation of this feature. -- Jeff (for the authors) ----- Forwarded message from internet-drafts@ietf.org ----- Date: Sun, 08 Sep 2024 02:58:28 -0700 From: internet-drafts@ietf.org To: i-d-announce@ietf.org CC: idr@ietf.org Subject: [Idr] I-D Action: draft-ietf-idr-flowspec-redirect-ip-03.txt Internet-Draft draft-ietf-idr-flowspec-redirect-ip-03.txt is now available. It is a work item of the Inter-Domain Routing (IDR) WG of the IETF. Title: BGP Flow-Spec Redirect-to-IP Action Authors: James Uttaro Jeffrey Haas Andy Karch Saikat Ray Pradosh Mohapatra Wim Henderickx Adam Simpson Matthieu Texier Name: draft-ietf-idr-flowspec-redirect-ip-03.txt Pages: 9 Dates: 2024-09-08 Abstract: Flow-spec is an extension to BGP that allows for the dissemination of traffic flow specification rules. This has many possible applications, but the primary one for many network operators is the distribution of traffic filtering actions for distributed denial of service (DDoS) mitigation. The flow-spec standard [RFC5575] defines a redirect-to-VRF action for policy-based forwarding. This mechanism can be difficult to use, particularly in networks without L3 VPN infrastructure. This draft defines a new redirect-to-IP flow-spec action that provides a simpler method of policy-based forwarding. The details of the action, including the IPv4 or IPv6 target address, are encoded in newly defined BGP extended communities. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-idr-flowspec-redirect-ip/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-idr-flowspec-redirect-ip-03.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-idr-flowspec-redirect-ip-03 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ Idr mailing list -- idr@ietf.org To unsubscribe send an email to idr-leave@ietf.org ----- End forwarded message ----- _______________________________________________ Idr mailing list -- idr@ietf.org To unsubscribe send an email to idr-leave@ietf.org
- [Idr] Flowspec redirect-ip update Jeffrey Haas
- [Idr] Re: Flowspec redirect-ip update Robert Raszuk
- [Idr] Re: Flowspec redirect-ip update Jakob Heitz (jheitz)
- [Idr] Re: Flowspec redirect-ip update Jeffrey Haas
- [Idr] Re: Flowspec redirect-ip update Nat Kao