IETF Logo Mail Archive

Re: [Idr] WG Adoption call draft-ymbk-idr-bgp-open-policy - (6/6 to 6/20/2016)

"Keyur Patel (keyupate)" <keyupate@cisco.com> Thu, 09 June 2016 19:47 UTC

Return-Path: <keyupate@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DE4B12D990; Thu, 9 Jun 2016 12:47:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Level:
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KIAMe9b4lTeF; Thu, 9 Jun 2016 12:47:08 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 682BE12D98D; Thu, 9 Jun 2016 12:47:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2507; q=dns/txt; s=iport; t=1465501628; x=1466711228; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=CdxKWVCspy0NTuPAUD+daHibMrXTIrNa1l05PfQ0MRk=; b=IUcsGYBFBOXd02VfpGn/1KFN0lwleqOk53tsymm2xmCZCUkb0ahyWsCU 9fpK4/6JLhAgKiIue034vEe+u1pCU39Zk/nHOZbqlW9hVijNU7ZZVUi3m LZ1hnPhp7EYiknAymnPoW4jehNNHwel150SFrcSn8/YhqTcNjKAWiyjw0 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D4AQDUxllX/5ldJa1egz5WfQa7FIF6IoVxAoE7OBQBAQEBAQEBZSeERQEBAQMBHVUHBQsCAQgYLjIlAgQBDQUUB4gMCA6+TgEBAQEBAQEBAQEBAQEBAQEBAQEBARcFhieETYoaBY4iijMBhgKIJIFphFKIZY9kAR42g25uiQl/AQEB
X-IronPort-AV: E=Sophos;i="5.26,446,1459814400"; d="scan'208";a="111650148"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Jun 2016 19:47:07 +0000
Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u59Jl7dS013751 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 9 Jun 2016 19:47:07 GMT
Received: from xch-rtp-017.cisco.com (64.101.220.157) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 9 Jun 2016 15:47:06 -0400
Received: from xch-rtp-017.cisco.com ([64.101.220.157]) by XCH-RTP-017.cisco.com ([64.101.220.157]) with mapi id 15.00.1104.009; Thu, 9 Jun 2016 15:47:06 -0400
From: "Keyur Patel (keyupate)" <keyupate@cisco.com>
To: Job Snijders <job@instituut.net>, Susan Hares <shares@ndzh.com>
Thread-Topic: [Idr] WG Adoption call draft-ymbk-idr-bgp-open-policy - (6/6 to 6/20/2016)
Thread-Index: AQHRwoe0lG6JtkCcFUCp0q4CdI2NOg==
Date: Thu, 09 Jun 2016 19:47:06 +0000
Message-ID: <D37F07FD.43D8F%keyupate@cisco.com>
References: <012e01d1c012$1d05f8d0$5711ea70$@ndzh.com> <20160609163225.GC2524@Vurt.local>
In-Reply-To: <20160609163225.GC2524@Vurt.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.154.161.235]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <F33350C194D3C24CA382A6A6ADC25E23@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/m4Y9ayBdcexlEi1ftYPddj7U5LM>
Cc: "idr@ietf.org" <idr@ietf.org>, "draft-ietf-idr-route-leak-detection-mitigation@ietf.org" <draft-ietf-idr-route-leak-detection-mitigation@ietf.org>, "'John G. Scudder'" <jgs@bgp.nu>
Subject: Re: [Idr] WG Adoption call draft-ymbk-idr-bgp-open-policy - (6/6 to 6/20/2016)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 19:47:10 -0000

Hi Folks,

Comments inlined #Keyur

On 6/9/16, 9:32 AM, "Job Snijders" <job@instituut.net> wrote:

>Dear Authors, IDR group,
>
>I'd like to start by thanking you for putting thought and time into the
>route leak problem space. It is encouring to see fellow operators engage
>with the IETF community to address actual, day to day issues.
>
>On Mon, Jun 06, 2016 at 12:40:19PM -0400, Susan Hares wrote:
>> This begins a 2 week WG Adoption call for
>>draft-ymbk-idr-bgp-open-policy.
>> You can find the draft at:
>> 
>> https://datatracker.ietf.org/doc/draft-ymbk-idr-bgp-open-policy/.
>> 
>> In your comments on adopting this draft, please indicate:
>> 
>> 1)      "Support" or "no Support"
>
>No support.
>
>> 2)      Do you feel this is a way to prevent route leaks?
>
>It certainly is a way.

#Keyur: I am not sure if the solution attempts to cover all cases: Open
policy assumes certain peering relationship can be established between BGP
speakers and based on the relationship, the OTC handling is done. This
information is restricted and doesn¹t flow along the path the route is
announced. You do want to carry this information so any AS down the path
can make an independent decision?

>
>> 3)      Are there any deployment issues that might prevent deployment
>> of this enhancement to BGP Open?
>
>I do not think that the OPEN moment in the lifecycle of a BGP session is
>the appropiate place for policy constructs like this.


#Keyur: +1. I completely agree. Furthermore, the draft isn¹t clear about
changing of session level roles (either using dynamic capabilities or upon
a session restart) and its impact on depref/dropped routes and existing
functionality like GR (route based).

> In practise it is
>probably not an issue when you have to flap a BGP session to change the
>relation between two ASNs, but it would be nice if this is not required
>(like today on most platforms).
>
>Secondly (and more importantly), the roles are not necessarily a BGP
>session-specific characteristic, but rather a prefix-specific property.
>The proposed OPEN method does not provide for this level granularity if
>I am reading it correctly. The method would affect all prefixes exchange
>over a BGP session, without exception.

#Keyur: Ack and agree.


Regards,
Keyur

>
>> 4) Does this interact with
>> draft-ietf-idr-route-leak-detection-mitigation?
>
>Yes, in terms of the problem being addressed.
>
>Kind regards,
>
>Job

v2.23.0 | Report a Bug | By Email