IETF Logo Mail Archive

[Idr] Validation for BGP Flow-Spec Redirect to IP Action

PVLR Pavana Murthy <pvlrpm@gmail.com> Fri, 13 April 2018 05:51 UTC

Return-Path: <pvlrpm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45CF01270B4 for <idr@ietfa.amsl.com>; Thu, 12 Apr 2018 22:51:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jRm-tohUbhP8 for <idr@ietfa.amsl.com>; Thu, 12 Apr 2018 22:51:30 -0700 (PDT)
Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5405126D45 for <idr@ietf.org>; Thu, 12 Apr 2018 22:51:30 -0700 (PDT)
Received: by mail-oi0-x244.google.com with SMTP id j143-v6so7370805oih.11 for <idr@ietf.org>; Thu, 12 Apr 2018 22:51:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=UEOY99Lp2UaGiJUmVIl8f9az7xIZYpJhLmRBsCWooBU=; b=Y4qs7hpdlBjFBuBIczKteZ2nT3ze4Di8+zwzqrm+GDpc3fEa6ppHYWrZOh0HICLp6i D6M2hMCMrBrFO6ND+/6buN4L4kKz1A9FvNA5vyI6fezFif1sBLfBFCccF6eVYuxMjo9W wJ4saisOy3pePuQtjSyr7iL4IuZsRZ8xdrWZ/YOBMA1G2hJZfeipEeuMc6p9kQ1U3+eG mbZ3jxMGjeus7nXS0YpwO/2TLnylKc8L6emqFQ7zoMNl39POnmWaDJNUCpTLXPelN3bT 6PSAEI107fHF/7ZdVjuqrCl+DTbomTTJpE2kKxkbwwBn1GLf1/xlI4Pl2gLS+w7XOp1f X/RQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=UEOY99Lp2UaGiJUmVIl8f9az7xIZYpJhLmRBsCWooBU=; b=O35py4uTrVqSJX7oHdEK8i3Nq1IdUnNswEAqEjzf66Dv2elvf6udk6Su06puOABfZO ehYwKrDKiNZCXfVKQWHsQvnVowSY5rGhnSaFLxJHi0H2sB1r+x7QwWgnqoyZOmB5j+cv gUlRsk4YNnaawUDzPl1q/bLH7GAj8ABNhG0j4mJP42+4VWCiJaA7YbwdFHdDOMvmMm5Y Gi/3c/KuyxDUIEApl8xfbC0QTQ4ESXIHh4/b39C6b8OsawwQ7CydGFw6qdKUUp0Afhjt /SJ043+j6eGyc5p1B+gSjyaL7oX9WxHfVE3ebRp0xSUOClNpOROjpuCRMbRYm2z0p629 3KDA==
X-Gm-Message-State: ALQs6tAYgiPiRL3cSoAAsFrnHv/6BSKJMy0wAX6/toaW5+pzM5aLAQSF pgz1lsEftwC8p1NMK/j7ZZx0EmN5PTTNdfT7D4PgOQ==
X-Google-Smtp-Source: AIpwx48l89tIx2J/8R/VEUVExJcEyYHiFekoWToUfF718h1AxpRTRX4A3KcJCV94gUZlgW/mEmz35V/iyk6a/NtmBzE=
X-Received: by 2002:aca:600a:: with SMTP id u10-v6mr7139309oib.96.1523598689741; Thu, 12 Apr 2018 22:51:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.92.68 with HTTP; Thu, 12 Apr 2018 22:51:29 -0700 (PDT)
From: PVLR Pavana Murthy <pvlrpm@gmail.com>
Date: Fri, 13 Apr 2018 11:21:29 +0530
Message-ID: <CAN-MQG6bDyzcyuVs1vmka-JZFrD9Ya1uOuU_AFxfu0GnYgdmbA@mail.gmail.com>
To: idr wg <idr@ietf.org>, pmohapat@cumulusnetworks.com, djsmith@cisco.com
Content-Type: multipart/alternative; boundary="000000000000aeb1db0569b476a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/nIHQRpLF5cbqu5EWMkZlvgO7kks>
Subject: [Idr] Validation for BGP Flow-Spec Redirect to IP Action
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2018 05:51:32 -0000

Hello,
  In the draft  draft-ietf-idr-flowspec-redirect-ip-02.txt, the following
procedure is mentioned to validate the extended community of 'Flowspec
redirect to IP'.

   BGP speakers that support the extended communities defined in this
   draft MUST also, by default, enforce the following check when
   receiving a flow-spec route from an EBGP peer: if the received flow-

   spec route has a 'redirect to IP' extended community with a 'target
   address' X (in the global administrator field) and the best matching
   route to X is not a BGP route with *origin AS* matching the peer AS
   then the extended community should be discarded and not propagated
   along with the flow-spec route to other peers.


*I have 2 doubts related to this statement.*


*What is 'origin AS' here? Is it the AS no. that is first added to the
AS_PATH? *
*In the previous version of the draft its mentioned as the last AS in
the AS_PATH.*
*Is it the last AS no. that has been added to the AS_PATH or the last
AS no. from left in AS_PATH? *


*What if the redirect target X is directly connected or reachable by a
static route and its not advertised by EBGP?*

*Do we need to consider that action invalid in that case?*



Thanks,

Pavana.

v2.23.0 | Report a Bug | By Email