Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
"i3D.net - Martijn Schmidt" <martijnschmidt@i3d.net> Sat, 08 October 2016 17:38 UTC
Return-Path: <martijnschmidt@i3d.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 415B4129466 for <idr@ietfa.amsl.com>; Sat, 8 Oct 2016 10:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2ZyC9-oxPH4 for <idr@ietfa.amsl.com>; Sat, 8 Oct 2016 10:38:19 -0700 (PDT)
Received: from mail.i3d.net (mail.i3d.nl [213.163.77.240]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83DF61295EB for <idr@ietf.org>; Sat, 8 Oct 2016 10:38:17 -0700 (PDT)
X-Footer: aTNkLm5s
Received: from localhost ([127.0.0.1]) by mail.i3d.net with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)) for idr@ietf.org; Sat, 8 Oct 2016 19:38:11 +0200
To: idr@ietf.org
References: <147531113077.4216.12599976309263776317.idtracker@ietfa.amsl.com> <20161001085434.GW20697@Vurt.local> <005b01d21d58$aaf869e0$4001a8c0@gateway.2wire.net> <20161003095936.GC20697@Vurt.local> <04cf01d21d68$52c656a0$4001a8c0@gateway.2wire.net> <20161003115723.GD20697@Vurt.local> <57F27D3F.7090404@foobar.org> <00da01d22085$4f0f2ee0$4001a8c0@gateway.2wire.net> <57F78B7D.609@foobar.org> <333030E6-0422-4A34-B07B-90D5F8E9F116@gmail.com> <57F92043.20301@foobar.org>
From: "i3D.net - Martijn Schmidt" <martijnschmidt@i3d.net>
X-Enigmail-Draft-Status: N1110
Message-ID: <57F92EF4.1000308@i3d.net>
Date: Sat, 08 Oct 2016 19:37:56 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0
MIME-Version: 1.0
In-Reply-To: <57F92043.20301@foobar.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/lXbMCWpEpsgvFZ3oPEPk-y9TCuI>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Oct 2016 17:38:22 -0000
Let's say I am AS49544 and I need to transmit a prepend instruction to AS2914, I would add 2914:3320:2 or 2914:2:3320 or similar on my prefix. Why is it important to allow me to specify any value in the Global Administrator field? Well, 1) If we did REQUIRE people to use their own ASN when adding a new community on a prefix, we'd essentially be back to the same amount of opaque space as in RFC1997 (e.g. two fields, not three). This also brings back the collision problem which we were trying to tackle, both AS2914 and AS3356 might decide to act on a community tag like 49544:2:3320. 2) The actor ASN already knows who could have set the community tag thanks to the AS_PATH, using a field in the large community tag to make it aware of that might be considered as redundant information. 3) Using the first field to specify the ASN which needs to take the action makes it quite easy for an operator to ignore any large community tags which are intended to signal something to a 3rd party. This allows for transitive instructions in cases where one doesn't have a direct adjacency with the target ASN; quite useful for downstream customers of a tier-2 network which are trying to trigger an action in that network's upstream provider. Informational communities are another matter - that's where an operator SHOULD use their own ASN in the Global Administrator field. However there is no (technical) difference between an informational and an action community - just semantics - so we can't really specify such restrictions in the draft. Best regards, Martijn On 10/08/2016 06:35 PM, Nick Hilliard wrote: > Brian Dickson wrote: >> Is there anything you envision in use of large communities that >> cannot be supported by use of ASNs and private ASNs? I can't see >> anything that would not fit into those two use cases. > There are plenty of situations where the semantics of what you're > suggesting would be troublesome to define, for example, confederations, > asn translation or asn migration, leading to cases where there would be > multiple asns being legitimate on a single router. > > And even if these cases could be cleared up easily, what happens when > someone injects a prefix tagged with a community which isn't the same as > their ASN? You're then stuck with the situation where you're defining > one thing as a MUST in the semantic specification section of the rfc, > while down in the Security Considerations section, it's going to need to > be admitted that there's no guarantee whatsoever that the global > administrator field in the large community was actually set by the ASN > which announced the prefix. Worse still, once it's been changed, there > is no practical way for a neighbor to detect this change, as s-bgp isn't > a thing. > > Realistically, vendors are going to implement ways of modifying the > field in exactly the same way as rfc1997 communities can be set to > anything at all at any policy specification point in a bgp-enabled network. > > Nick > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr
- [Idr] I-D Action: draft-ietf-idr-large-community-… internet-drafts
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jared Mauch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… i3D.net - Martijn Schmidt
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Gert Doering
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Robert Raszuk
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Gert Doering
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Peter Hessler
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Ben Maddison
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Gert Doering
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Robert Raszuk
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jay Borkenhagen
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Robert Raszuk
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… heasley
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Christopher Morrow
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Julian Seifert
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Jakob Heitz (jheitz)
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… t.petch
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Job Snijders
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Brian Dickson
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Nick Hilliard
- Re: [Idr] I-D Action: draft-ietf-idr-large-commun… Sander Steffann