IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt

"i3D.net - Martijn Schmidt" <martijnschmidt@i3d.net> Sat, 08 October 2016 17:38 UTC

Return-Path: <martijnschmidt@i3d.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 415B4129466 for <idr@ietfa.amsl.com>; Sat, 8 Oct 2016 10:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2ZyC9-oxPH4 for <idr@ietfa.amsl.com>; Sat, 8 Oct 2016 10:38:19 -0700 (PDT)
Received: from mail.i3d.net (mail.i3d.nl [213.163.77.240]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83DF61295EB for <idr@ietf.org>; Sat, 8 Oct 2016 10:38:17 -0700 (PDT)
X-Footer: aTNkLm5s
Received: from localhost ([127.0.0.1]) by mail.i3d.net with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)) for idr@ietf.org; Sat, 8 Oct 2016 19:38:11 +0200
To: idr@ietf.org
References: <147531113077.4216.12599976309263776317.idtracker@ietfa.amsl.com> <20161001085434.GW20697@Vurt.local> <005b01d21d58$aaf869e0$4001a8c0@gateway.2wire.net> <20161003095936.GC20697@Vurt.local> <04cf01d21d68$52c656a0$4001a8c0@gateway.2wire.net> <20161003115723.GD20697@Vurt.local> <57F27D3F.7090404@foobar.org> <00da01d22085$4f0f2ee0$4001a8c0@gateway.2wire.net> <57F78B7D.609@foobar.org> <333030E6-0422-4A34-B07B-90D5F8E9F116@gmail.com> <57F92043.20301@foobar.org>
From: "i3D.net - Martijn Schmidt" <martijnschmidt@i3d.net>
X-Enigmail-Draft-Status: N1110
Message-ID: <57F92EF4.1000308@i3d.net>
Date: Sat, 08 Oct 2016 19:37:56 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0
MIME-Version: 1.0
In-Reply-To: <57F92043.20301@foobar.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/lXbMCWpEpsgvFZ3oPEPk-y9TCuI>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Oct 2016 17:38:22 -0000

Let's say I am AS49544 and I need to transmit a prepend instruction to
AS2914, I would add 2914:3320:2 or 2914:2:3320 or similar on my prefix.
Why is it important to allow me to specify any value in the Global
Administrator field? Well,

1) If we did REQUIRE people to use their own ASN when adding a new
community on a prefix, we'd essentially be back to the same amount of
opaque space as in RFC1997 (e.g. two fields, not three). This also
brings back the collision problem which we were trying to tackle, both
AS2914 and AS3356 might decide to act on a community tag like 49544:2:3320.

2) The actor ASN already knows who could have set the community tag
thanks to the AS_PATH, using a field in the large community tag to make
it aware of that might be considered as redundant information.

3) Using the first field to specify the ASN which needs to take the
action makes it quite easy for an operator to ignore any large community
tags which are intended to signal something to a 3rd party. This allows
for transitive instructions in cases where one doesn't have a direct
adjacency with the target ASN; quite useful for downstream customers of
a tier-2 network which are trying to trigger an action in that network's
upstream provider.

Informational communities are another matter - that's where an operator
SHOULD use their own ASN in the Global Administrator field. However
there is no (technical) difference between an informational and an
action community - just semantics - so we can't really specify such
restrictions in the draft.

Best regards,
Martijn

On 10/08/2016 06:35 PM, Nick Hilliard wrote:
> Brian Dickson wrote:
>> Is there anything you envision in use of large communities that
>> cannot be supported by use of ASNs and private ASNs? I can't see
>> anything that would not fit into those two use cases.
> There are plenty of situations where the semantics of what you're
> suggesting would be troublesome to define, for example, confederations,
> asn translation or asn migration, leading to cases where there would be
> multiple asns being legitimate on a single router.
>
> And even if these cases could be cleared up easily, what happens when
> someone injects a prefix tagged with a community which isn't the same as
> their ASN?  You're then stuck with the situation where you're defining
> one thing as a MUST in the semantic specification section of the rfc,
> while down in the Security Considerations section, it's going to need to
> be admitted that there's no guarantee whatsoever that the global
> administrator field in the large community was actually set by the ASN
> which announced the prefix.  Worse still, once it's been changed, there
> is no practical way for a neighbor to detect this change, as s-bgp isn't
> a thing.
>
> Realistically, vendors are going to implement ways of modifying the
> field in exactly the same way as rfc1997 communities can be set to
> anything at all at any policy specification point in a bgp-enabled network.
>
> Nick
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email