Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12

Alvaro Retana <aretana.ietf@gmail.com> Mon, 15 February 2021 15:12 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52CE93A0C99; Mon, 15 Feb 2021 07:12:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTit9SaMRv7m; Mon, 15 Feb 2021 07:12:13 -0800 (PST)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 479363A0C6F; Mon, 15 Feb 2021 07:12:12 -0800 (PST)
Received: by mail-ej1-x62e.google.com with SMTP id hs11so11726096ejc.1; Mon, 15 Feb 2021 07:12:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc:content-transfer-encoding; bh=u4wklFDB1nhTCquRDuvJOJVK3bTLlYg/H9ad3ZycBKE=; b=RdfJclnSlfdSDsEBXjsGROsq7XRjeyhU7iq4g+I2EuFvMmYb/LPPqaeMHpNfnvmxus mho/3us6MqOEihy82JEvUNEcce6ywlEjtrymARRiMNnU+uUcK74Ax5hR6nMpEQxaTCZc b1POS/bxahe0nIvyPRGWxkNRYVz32w4Q+XrkIKMONAuGpOfy2vCWwr4Q3QBdv1QVbOPk EhuTQTt0kqKJ5jV13XK57ujdShcn7BTS/F+1cwx8deU0KR0uzuL2mvxV4sQuI255P3hM MRwErIJKqqR0qtoVIyZb13OEIL1yYNoVvNYej1rLS8bBnvGB+ntEdNLmwK/6t92XcxMG Gg6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc:content-transfer-encoding; bh=u4wklFDB1nhTCquRDuvJOJVK3bTLlYg/H9ad3ZycBKE=; b=IB6evu6+0z+c3t0mCinUC/cQ7rMjzCM3wkSPqyG+tCH8mheRW6KF1U7UZkxL7IcJD/ E/rtFG0BzDlqsoHRkU71kEzTtWC7HhQkDifUnbcgCvE4Lz6KwhMIL3KPuvw4Jz1NYuzh 4G2xSRxQewDBE9DqoIT33KpCVFLT/FyzJxyU2uGYCqjz+F3CFkKVT+W5jmzGKUIRhKn5 F9pEzLN8rH0+SfHmXIG8v1DmbzQ/H3jFWkuoQZRJwGIYZZgIVuFDJ2zPoVm1s9QqbO21 7O0FiLA0uf27bZz980A3+ohoo8WKwuSqQs0C0b7ZONrKdIUk86X9pUfD6ARA0uZZUsH+ nb9w==
X-Gm-Message-State: AOAM533CEwGlbZqa0GiWnMcZ4kEyyMyW+ZnMmVTFthFw/NOmGRsYgbry 6ZzP8GZM7w0W40rx48KDM03xCFb5c95GWw6JwsmFiJArByI=
X-Google-Smtp-Source: ABdhPJxuAuCjeYPBR66E90p8U2sVCTKQWYUmAaeuVlRTPRKzjZVcX31rFfshGIT6e05ykDMWS/9QadEqT1CANeGF/oo=
X-Received: by 2002:a17:906:2c1b:: with SMTP id e27mr16711368ejh.235.1613401930854; Mon, 15 Feb 2021 07:12:10 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Mon, 15 Feb 2021 07:12:09 -0800
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <DM6PR11MB319495819681585AA858E54BCDB29@DM6PR11MB3194.namprd11.prod.outlook.com>
References: <CAMMESsxqRWK2vDPyj-0_ruYoW7pkautFc09MoFBUTKxG23=tyA@mail.gmail.com> <000701d6f57c$6c20ff60$4462fe20$@ndzh.com> <DM6PR11MB319495819681585AA858E54BCDB29@DM6PR11MB3194.namprd11.prod.outlook.com>
MIME-Version: 1.0
Date: Mon, 15 Feb 2021 07:12:09 -0800
Message-ID: <CAMMESswvncvo68dYp95P+9gkgKgPpmgY3Yr-xC3=hdt-1YigYQ@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>, "draft-ietf-idr-bgp-flowspec-oid@ietf.org" <draft-ietf-idr-bgp-flowspec-oid@ietf.org>, "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
Cc: "idr-chairs@ietf.org" <idr-chairs@ietf.org>, IDR List <idr@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/nDAVJLBqTRlVueea4Q4W8YiEGh0>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 15:12:20 -0000

On February 4, 2021 at 7:18:51 PM, Juan Alcaide wrote:


Juan:

Hi!

> I'm not sure if I understand 100% your comments about the abstract. The
> point is for R1 to validate the flowspec route when the ucast best-match
> route is advertised by ASBR2
>
> The solution or hack suggested in the abstract is for ASB1 to advertise the
> flowspec route. So the originator R1 sees is ASBR1 (both for the ucast
> best-match and the flowspec route). We don't have to do any validation for
> an ebgp received route.
>
> IT's assumed that the same AS where the validation rule it's taking place
> is where the flowspec rule is originated. Perhaps that's the confusion.
>
> R1 -ibgp-- ASBR1--ebgp-ASBR2

That is not what I took away from the current abstract. :-(


> We could expand the abstract to make it more clear. Something like the below

Yeah...that explains it better.

I think the Abstract tries to cram too much in.  Maybe put the
explanation (and a little picture) in the Intriduction instead, and
focus on a simple explanation of what the draft does (not details of
the type of problemts).

Thanks!

Alvaro.



> This document describes a modification to the validation procedure defined
> for the dissemination of BGP Flow Specifications. The dissemination of BGP
> Flow Specifications requires that the originator of the Flow Specification
> matches the originator of the best-match unicast route for the destination
> prefix embedded in the Flow Specification. This allows only BGP speakers
> within the data forwarding path (such as autonomous system border routers)
> to originate BGP Flow Specifications. This creates an operational problem
> when the BGP Flow Specifications is originated within the same AS than the
> speakers performing the validation rules. It could be possible to
> disseminate each Flow Specification directly from border routers within the
> AS (i.e. each Flow Specification could be advertised from the same border
> from where the best-match unicast route is received). But this approach
> would be operationally cumbersome in an autonomous system with a large
> number of border routers having complex BGP policies. The modification
> proposed herein enables Flow Specifications to be originated from a
> centralized BGP route controller, that can be positioned any place within
> the AS.