Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12

Alvaro Retana <> Mon, 15 February 2021 15:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 52CE93A0C99; Mon, 15 Feb 2021 07:12:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dTit9SaMRv7m; Mon, 15 Feb 2021 07:12:13 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 479363A0C6F; Mon, 15 Feb 2021 07:12:12 -0800 (PST)
Received: by with SMTP id hs11so11726096ejc.1; Mon, 15 Feb 2021 07:12:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc:content-transfer-encoding; bh=u4wklFDB1nhTCquRDuvJOJVK3bTLlYg/H9ad3ZycBKE=; b=RdfJclnSlfdSDsEBXjsGROsq7XRjeyhU7iq4g+I2EuFvMmYb/LPPqaeMHpNfnvmxus mho/3us6MqOEihy82JEvUNEcce6ywlEjtrymARRiMNnU+uUcK74Ax5hR6nMpEQxaTCZc b1POS/bxahe0nIvyPRGWxkNRYVz32w4Q+XrkIKMONAuGpOfy2vCWwr4Q3QBdv1QVbOPk EhuTQTt0kqKJ5jV13XK57ujdShcn7BTS/F+1cwx8deU0KR0uzuL2mvxV4sQuI255P3hM MRwErIJKqqR0qtoVIyZb13OEIL1yYNoVvNYej1rLS8bBnvGB+ntEdNLmwK/6t92XcxMG Gg6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc:content-transfer-encoding; bh=u4wklFDB1nhTCquRDuvJOJVK3bTLlYg/H9ad3ZycBKE=; b=IB6evu6+0z+c3t0mCinUC/cQ7rMjzCM3wkSPqyG+tCH8mheRW6KF1U7UZkxL7IcJD/ E/rtFG0BzDlqsoHRkU71kEzTtWC7HhQkDifUnbcgCvE4Lz6KwhMIL3KPuvw4Jz1NYuzh 4G2xSRxQewDBE9DqoIT33KpCVFLT/FyzJxyU2uGYCqjz+F3CFkKVT+W5jmzGKUIRhKn5 F9pEzLN8rH0+SfHmXIG8v1DmbzQ/H3jFWkuoQZRJwGIYZZgIVuFDJ2zPoVm1s9QqbO21 7O0FiLA0uf27bZz980A3+ohoo8WKwuSqQs0C0b7ZONrKdIUk86X9pUfD6ARA0uZZUsH+ nb9w==
X-Gm-Message-State: AOAM533CEwGlbZqa0GiWnMcZ4kEyyMyW+ZnMmVTFthFw/NOmGRsYgbry 6ZzP8GZM7w0W40rx48KDM03xCFb5c95GWw6JwsmFiJArByI=
X-Google-Smtp-Source: ABdhPJxuAuCjeYPBR66E90p8U2sVCTKQWYUmAaeuVlRTPRKzjZVcX31rFfshGIT6e05ykDMWS/9QadEqT1CANeGF/oo=
X-Received: by 2002:a17:906:2c1b:: with SMTP id e27mr16711368ejh.235.1613401930854; Mon, 15 Feb 2021 07:12:10 -0800 (PST)
Received: from 1058052472880 named unknown by with HTTPREST; Mon, 15 Feb 2021 07:12:09 -0800
From: Alvaro Retana <>
In-Reply-To: <>
References: <> <000701d6f57c$6c20ff60$4462fe20$> <>
MIME-Version: 1.0
Date: Mon, 15 Feb 2021 07:12:09 -0800
Message-ID: <>
To: Susan Hares <>, "" <>, "Juan Alcaide (jalcaide)" <>
Cc: "" <>, IDR List <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Feb 2021 15:12:20 -0000

On February 4, 2021 at 7:18:51 PM, Juan Alcaide wrote:



> I'm not sure if I understand 100% your comments about the abstract. The
> point is for R1 to validate the flowspec route when the ucast best-match
> route is advertised by ASBR2
> The solution or hack suggested in the abstract is for ASB1 to advertise the
> flowspec route. So the originator R1 sees is ASBR1 (both for the ucast
> best-match and the flowspec route). We don't have to do any validation for
> an ebgp received route.
> IT's assumed that the same AS where the validation rule it's taking place
> is where the flowspec rule is originated. Perhaps that's the confusion.
> R1 -ibgp-- ASBR1--ebgp-ASBR2

That is not what I took away from the current abstract. :-(

> We could expand the abstract to make it more clear. Something like the below

Yeah...that explains it better.

I think the Abstract tries to cram too much in.  Maybe put the
explanation (and a little picture) in the Intriduction instead, and
focus on a simple explanation of what the draft does (not details of
the type of problemts).



> This document describes a modification to the validation procedure defined
> for the dissemination of BGP Flow Specifications. The dissemination of BGP
> Flow Specifications requires that the originator of the Flow Specification
> matches the originator of the best-match unicast route for the destination
> prefix embedded in the Flow Specification. This allows only BGP speakers
> within the data forwarding path (such as autonomous system border routers)
> to originate BGP Flow Specifications. This creates an operational problem
> when the BGP Flow Specifications is originated within the same AS than the
> speakers performing the validation rules. It could be possible to
> disseminate each Flow Specification directly from border routers within the
> AS (i.e. each Flow Specification could be advertised from the same border
> from where the best-match unicast route is received). But this approach
> would be operationally cumbersome in an autonomous system with a large
> number of border routers having complex BGP policies. The modification
> proposed herein enables Flow Specifications to be originated from a
> centralized BGP route controller, that can be positioned any place within
> the AS.