IETF Logo Mail Archive

Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)

Jeffrey Haas <jhaas@pfrc.org> Tue, 28 November 2017 19:37 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 757D2128D16; Tue, 28 Nov 2017 11:37:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMHSKSCOU9oo; Tue, 28 Nov 2017 11:37:19 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4DC126CBF; Tue, 28 Nov 2017 11:37:19 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 120F71E344; Tue, 28 Nov 2017 14:40:49 -0500 (EST)
Date: Tue, 28 Nov 2017 14:40:48 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: Robert Raszuk <robert@raszuk.net>
Cc: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, idr wg <idr@ietf.org>, "idr-ads@ietf.org" <idr-ads@ietf.org>
Message-ID: <20171128194048.GV16871@pfrc.org>
References: <88d5df779a344b588745108c771d3145@XCH-ALN-014.cisco.com> <deae6e85c3ff47a6bbcac176eb91bd3e@XCH-ALN-014.cisco.com> <F0EAF2D4-656D-48BD-830B-DC2E8B862813@nist.gov> <A0106E1A-272D-4E1D-A0F3-E3531D583AA3@cisco.com> <1D2FD437-0EEF-4FF6-9853-C09E7EEA2A15@nist.gov> <2B92A151-5A78-46EE-8A46-C09603A37219@cisco.com> <20171128183312.GT16871@pfrc.org> <CA+b+ER=mECP4XkYB1txcyWgOcEfcY3-y8BsAPPy0skPp6TO0Sw@mail.gmail.com> <20171128191457.GU16871@pfrc.org> <CA+b+ERmwWiSy4=jGqKR2Dk_2aNcAAxN=cu8dcTG6BcJfuY5JyA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA+b+ERmwWiSy4=jGqKR2Dk_2aNcAAxN=cu8dcTG6BcJfuY5JyA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/ms1tQ65whGJGLi-MTz49oBJI03c>
Subject: Re: [Idr] WG Last Call foir draft-ietf-idr-bgp-extended-messages (11/12 to 11/26)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 19:37:20 -0000

Robert,

On Tue, Nov 28, 2017 at 08:25:35PM +0100, Robert Raszuk wrote:
> > The original scenario for bgpsec is one where we had significant concerns
> > about too-small UPDATE messages causing issues.  We had to address the
> > issues there.  And we already know that as a feature it has incremental
> > deployment challenges.
> 
> Well if this is still for BGPSEC I think your suggestion to
> treat-as-withdraw is not
> that good. I do prefer to get unsecured reachability then no reachability
> at all.

If a bgpsec speaker chooses to "downgrade" its reachability, that's its
choice.  In such a case, it would no longer be trying to overflow the 4k
PDU.

Similarly, routers that limit AS_PATH length choosing to not propagate (and
treat as withdraw) an AS_PATH that exceeds its local limit is a local
choice.

> And if you make it treat-as-withdraw as MUST even if BGSEC itself says to
> drop
> crypto when it does not fit it is quite unlikely that anyone will even try
> to secure
> BGP UPDATES any time soon.

bgpsec implementations are likely to deploy extended messages in tandem.  I
don't find the argument you seem to be making compelling.

-- Jeff

v2.23.0 | Report a Bug | By Email