Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-idr-extended-experimental-00.txt]

"John G. Scudder" <jgs@juniper.net> Tue, 08 November 2016 20:01 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54BF1129DEC for <idr@ietfa.amsl.com>; Tue, 8 Nov 2016 12:01:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dL5_46LhWSRW for <idr@ietfa.amsl.com>; Tue, 8 Nov 2016 12:01:53 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0105.outbound.protection.outlook.com [104.47.37.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CE17129DDF for <idr@ietf.org>; Tue, 8 Nov 2016 12:01:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YU65MFUxyalLANLHgLOB9bOWkK8GLNoWrkYpiYN4aKk=; b=gvy9UezmWicBxc2JNpnC06d6x0LjQ3ec9iCncKGcRT/jktikqfg45+mAsbEZi9PZ3P42vFQKXHEg48EEWf/R4C185sQwigzly38NSxwvhJ7jNAI6T4v7mm56VzccHCwQR678GlE7V32gD2nHmphNiy2nZ0GvW7Bdet/qBIMO3lw=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=jgs@juniper.net;
Received: from choy-sslvpn-nc.jnpr.net (66.129.241.13) by SN2PR05MB2509.namprd05.prod.outlook.com (10.166.213.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.679.5; Tue, 8 Nov 2016 20:01:40 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <6FE43655-81D0-45E9-9817-D5583213DE2D@juniper.net>
Date: Tue, 08 Nov 2016 15:01:35 -0500
Content-Transfer-Encoding: quoted-printable
Message-ID: <715BB278-8930-4E80-BF01-15F7BF597151@juniper.net>
References: <20161031205515.GA25507@pfrc.org> <5818E126.2090202@foobar.org> <20161101185759.GA23458@pfrc.org> <CAO367rUUHO5zDLMzeLYbka_04k7WyFrw6BM83tyJeM4rZ8RZKQ@mail.gmail.com> <20161107152616.GB25256@pfrc.org> <6FE43655-81D0-45E9-9817-D5583213DE2D@juniper.net>
To: Jeffrey Haas <jhaas@pfrc.org>
X-Mailer: Apple Mail (2.3124)
X-Originating-IP: [66.129.241.13]
X-ClientProxiedBy: DM5PR10CA0018.namprd10.prod.outlook.com (10.172.33.28) To SN2PR05MB2509.namprd05.prod.outlook.com (10.166.213.18)
X-MS-Office365-Filtering-Correlation-Id: eff4a3a3-ca2a-4530-44a4-08d408120e84
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2509; 2:fwVhqng3oOx0gMR0z1ZtWqthEviQIQEhKvSV8Z9IgO5bMHMoskgsj/NIQ4UvTk0IKPximSbLvFUm8y5X+mxSOJEgOJppkEQ0VgFYjH6S6X/FzyxN4VmnORwY2zHQgqx0IjBS/udxErzVG1tFX7OKnLVEeaBI4qY5IT6BHQNpySh+ChaBMTqJK4Aq5xAB80QG333MijoBjqhLdzKhFsXVmA==; 3:oxZJJpa7otPoPmI1+iJOSnNOhycGxKwgHqRK2pb+lAiKgxr07Zg8u3uayDPYrhKZnkJZIRm1ASL36zS5YQs4ASBpsA+FH6oRVPtsQkDNa2L5PLy3sYeCNms5wHLiW816Nj8BmaFr61YyTCgAkYGQbA==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN2PR05MB2509;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2509; 25:CGL9FlO/3MH6b/72kr1PCy0wtEwWYXCTLEDSplPtlw7FEBhpbSOPO9hzDiYbEsrE8IjEiqMCBq8a37CpVCIp9S+373/s978pvxAKV3iDyYXin4gTrRnIK/hulfnV/CZTxt2q8A/RwYFJY0i80figNjA+KvkwDT0vAH4gV++3e1GTBpaKxyuQCKJMDytRuS8MBwy2H1JrPWXxWJp12iWhubxIuInu33Aibs9kvvsNYiQ5jftVgvQgB5xS9o1QO2NBBgCumUp+vhesAmBIyWJrTvl5GTKtYybpzialIsTNZ71qseg6yy4ie9WJSqHS4DbyxD+zKoZXd1SijWQb5VgPJouIqpIzGcZ48xXj8ONJrWt9/kBxt16NQWaZ2WE2Wu8GiA7Ru9/ZpdGDKdwHNpIkh6sSks6RE4G4LOl/3ERNEcB1WrZeI6Pr14h2ld+bu+5O0ioiZyIVGF7++l2sHPpKlytb8vQV4QpG91nFsOgqoXpnILeJsrxlMqNbpaQ21BLQRfOpOiPnACPd1m+1fdRPv6ddUqKwPs/w+avzPOBPrHZUrIz3v1INe3icMxTZ7wZw/iEE1gGUYijhDSo4yVw8A1lEzfrzA11CmoKmYkTW9mo9DwFmSGVSGqnhZGbAhc4t7FbiM0ErFiGJnyQSdJSuyqsbiJMNaS8WoxI0duHz39PzA0AH4ZMhkmN2027UqO4YHXJFKZQwGECahRl3RjMStmRmIzlFWLOWkOJnQxy7qJebpYWu/4oxf1D1v10ApVdM
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2509; 31:QPNGZy5+c6B4p0hFos0KMJvFwljoi01FEzNWA3eNjM70dRBFytvv0yow9TL9Ll0xKlDh3ygugIqg8OvsiqkBUBhOtBnZm7AgUIthRdukqM7wVMhbA1AJTCWU22CI2wduMBpW0pjEwfq1WOPQRF+etf8TrzjxfYA3T9ZjC8oZFpyql0ptQsjcOHMB4tvv5IIbOOm0OJyPB6xBRI/JC0LgxVviMky8/7i60+e3cfjVLp58jvEIAH/yHVIRexHxbM9Qlj+MutojzOoR68rum5Xb+AEFjhJollh11/8ffVg+rO8=; 20:+FrbMfJQk4+xEoCJ3/rQg1gYEJZEJJIs7RdXJN3JnNZP5nIVgeqMHMSypjIwE5PjTBXSVGYMTk4qOIdwo8AWv524jqtJldUMy7yG0eP7WqCxIQI+sM2lTFPEoGu7Mh6iFeuyz+E+x0ZWSu63f24YKFtrTfpslAZfkzL/s1F+IwbGlVabCIi2XGs4ekDDVoJuR8SLY9IWnghsxKk1Nt69mAhLppuFUV78CbvEX6WS9S6uyZrd1QSTU36YPPSDnAb+fWkTqjG1V8mdxx28jH1P/GB/0Hqtg8AIEaXSLmFXgbNlpU55Ebfho/Y1y8FMlNEDSZkGuIoGwKBY2CNAJbOeDquQwzcuT/j0LvD2zLFu/v6SKLh6UDdYwnIqIBfgJuzoWj5Oek8Oz5kvuzCcIE64vD1uTniwwmBiW6H0CHwaOUY5GYz1dkMtTaeETCaTd5C+/zW/wdAa7Y4Doj8RHxdY1ac0iSpXS2j4tyUEZjiI07vrHptPUbSFz2ZWcdeDjeXGF4lJXpwYcj8gfHKYbgxL+8Vu9k2V/Y9KdB5GOyyFVf+x+bxddg+X7Thz5FbUyM4d5nvYvafe+24bwCVyLmQrI8vDLSlNOtdsXfM+yyvbESE=
X-Microsoft-Antispam-PRVS: <SN2PR05MB25096CF52579E7843CF9AFE4AAA60@SN2PR05MB2509.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(190756311086443)(138986009662008);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:SN2PR05MB2509; BCL:0; PCL:0; RULEID:; SRVR:SN2PR05MB2509;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2509; 4:7BFrUnOht5LG7nU8EM+79p6GqCUr3nyINb/ydEaIJDJ9v3t2eDje05OYrBi0CqTFLCl5o9RLhDBucKrj/Sb0vFQIJKhX5D2Vq3qLGx2J3x21Tkn2nXWxD7XqoH5ZH7qCrFkxhEIrdoqRejJ3URdQIACEHNEl/YbNLfhffoGy8bwyHtCPvvbmUpYJZlW4AFvE2/RRjdhdWLNyzK8I3l6c6/E//LYDbM9NvwmqrApm5INvnFA73na5mSF75GeChRFHmbXFkOT+h/Ef/Tzrt9uvpgPc3WotXtkQ03dHMq7x9pQ0PMgQtjqxKeLohAfMR/wHqLucGSXN0O6ZdtCRKLLvKsQb7ofH4o+swB/JirKlY7kYkX3rbhQHTUK2RQrfzeV+t3bCo2YiGzZZA7n0JAzFyKsBQBTOI8NOvdZgwGIobq633WUkOMyEZKc4gEWHV9Xao4QmRUxn5cfFswhiI003M7ZXdtZjV9rCcFmML4tPtVL1irn+iXoTSs5DlnMymEBZ
X-Forefront-PRVS: 01208B1E18
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(189002)(199003)(377454003)(24454002)(92566002)(33656002)(77096005)(189998001)(6666003)(47776003)(82746002)(101416001)(66066001)(586003)(36756003)(57306001)(83716003)(5890100001)(50226002)(8746002)(86362001)(50466002)(5660300001)(7736002)(42186005)(230783001)(105586002)(97736004)(4326007)(7846002)(97756001)(46406003)(2906002)(106356001)(6916009)(81156014)(93886004)(561944003)(110136003)(50986999)(3846002)(2950100002)(23726003)(305945005)(68736007)(81166006)(6116002)(53416004)(69596002)(76176999)(8676002)(104396002)(42262002)(222073002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN2PR05MB2509; H:choy-sslvpn-nc.jnpr.net; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2509; 23:9kIIcFjV6isvBa2jL9bjuB20PAjIWUzaSsBAljTAetVspefOcLz9fai1ByiZCwEZOK2TpEw1H2hXebcYEuDOpDsniuNZ3Q2EcSZQsfVAeGRZydwiEmDs3YLy6kzyigYTSdm0lXcB8p1ZpI6RUIPGugX7vR7bo0/T90tXwscJdEb8+g/Y07eLHO222jjBqqsD3N24fvA18uoZy08OEyZiLPZuoQQu6OLFM6hTTt1utCUVSEoxnxR8njpW3QI915NJHpb6gT6KEE04Z5kInq+JYRBWwMZHTaztC//hFkDHZmFLRf6MOdsVAD3yhj5bYOpTrn0CEy+3uDw2ZucGW4xbXIFZUhDat5lCIJSqMkUQvUZBjgTL6A2x2YaIuIlgbzgPxgAAnbPNw4C9rKRfD5VUnPeToZEGBiJb+UHPQJYoohGz+ranZ4LDo1ZvOxYSG4H8hwoUyzmO+sLG42z5+7uM1/IN+rVWEDjV21HoL50bPumsTcTYF84o2/hHaOxpfmKmHnGxnokZIahNTPzyjJahY/g6B9j3P9Y8ZYiG5oTbK5AdevDkKp/bQJXvX1mapceqPRjMBxqDk51YcRYxFbdTcZKHt+nprvWMW1c2+YiwsM57OA9AvDoZNYzgJYSZ1n5GYZn/lZy2sRcY8W5P6LFqv/h3dJODK0nSDRQ9UpAtF7z4aLRygopI6b6lqT+ps8xKgU0GxFslrcnLMevQyCadnnEHgyEgELEVHMZ6z3Rgm5Vgli+FEDWDOqDXay5nR63vcIuxZK1LYe7ACZ7IUyW47Fr8/fQDTJlDYBDSueENj39iebLMumFQhbh9kHUx1JPTFScIKoO6tcIc9cRNOXBpWVy6Dg7Lp/7JtKbAUzM7YcVhAMPMtm3eo/Ze3ihDSFtqjHytxD7glJZJ2bjQpNtVIRaEhg4677his+AA7zH4xK9s//yRBMvAXfC7y8orHlANKn53nOrkYDbq0BmC6Vm7qtHoEmlyOUUGQC+e9KTPZdVKI/4+DxL6Lv/6gn3p3BPQYJGP2hS7pxi2dARm3RwH8EuLr9iauX7/+gEGrW7kIDm0KHR6ryQ55Zn2ajwh3IRKYEY24EtlxS06vCWsMLBw9F461lskGID3mNqbul2SPiY1Bxu17GECZYOvvc5nCT6Kl9w+PgbaMsV7eywWcJa+s6nEqum/3kWmzkysYclxRWHkvIngU/qB4GrvOmH9Df67AgYMFQrltccRsZkozp+yYPcE0AeOBUkCbIYO3wOiVigI1tzvJKswCsfP3+I670wqp+stBJhBrO57KX1ETGYDIdifVWYyrgf4VElOT4WczquqfrYXQGt+kw5aJrSMWhEl
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2509; 6:zTr6ry5BXro1izlySG38NtbzX9u+MSjwvO1Y80BJZ5XkpB7IV7S8wRwLGkgxOMaQvweeci/3W9SqXAzjU+n5gFhfhhSjcUpZ1XMds9noKivOdSIPdM8rRhMTNhwvtHTFeO/d8MDGQruAK++/UfWtXmkwRFAU3WkM/CYPFyOCacSXNx04NjIaH9MEXCEnpbO2Gaj5bUbZxMfzvvdXfYg8V/ao62YleCMcnWy7AYx15vazUeQ5H9HQvJOvn0hin/CieyE/5hzeGqhNTcIWQpT0nA9NUL4FHsSSVdI6BXJzEH4QtMT/z4PztOYLklEZW9KX6XRLc4suIhrz1wKzeE+0NaXD63on8z6/xg1CoSZh44o=; 5:KXMmjwY9LlLrP40i5QsQ+rVeYaA20iVsvt0pc68DSqJNnM3BE+bpU4Bz9xRZJA8VrNfVbjZHIrs6YQ9ZzqzmmFY4dI2yTFa9Vim+p2isc7fU1cY1TmEh83Og0Ege0mIYgkriibmL9WJ6dyzGV3HKQnpJHT0KBDM1Oj94EF06Ld8=; 24:93yfV9uydN2zIjWySt5vJncMACVNNpBCXpan7uYSweDQpg4d7+IS3QKqKMtH9mVAQ1JyBaqVWnqE421uaG7V07K+0pIyvq/fqBc61dNDGbI=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2509; 7:ryAtJCe1An0WDWhfFmw2P+O/bDRhIOw0w3eATnQCcJLyujNIMWS+3auFpHIJ3jcSVs6duz41OoDZ2RLR5sIdby7gOSGxzO08/4T7cBDdDloYr+JSC3x7vmz6imp6y3xl8mj7jp4eca0hTyLCNiMGEUK84BYmYfwzVtrceTdpyINTNiXfIawyqm+hJpzLPEIW/fyz31T0kl6+PHl1bPATkQ8rt9/awcSTXufAXdf9R35TqqMzUAvKJ0np65h1sMRDkxptVUTNwnBvdX5dXCMZPI5GLpy/BRI6GN+GoRn+alVi44/9FXEpFo6FrNp2CWKrct2gDbQRjnkEB4FB/IbaDXViffHvn5ZeU68kHmYJMd4=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Nov 2016 20:01:40.3758 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR05MB2509
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/njXguV3Yvd0pFdfIgkEZc6ngK3I>
Cc: idr@ietf.org
Subject: Re: [Idr] [internet-drafts@ietf.org: I-D Action: draft-haas-idr-extended-experimental-00.txt]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2016 20:01:55 -0000

On Nov 7, 2016, at 1:15 PM, John G. Scudder <jgs@juniper.net> wrote:
> 
>> On Nov 7, 2016, at 10:26 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>> 
>> Marco,
>> 
>> On Sun, Nov 06, 2016 at 08:23:36PM +0100, Marco Marzetti wrote:
>>> On Tue, Nov 1, 2016 at 7:58 PM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>>> 
>>>> 
>>>> A feature such as this one, perhaps extended with a per-attribute form of
>>>> draft-ietf-idr-bgp-attribute-announcement along with enough information to
>>>> figure out when filtering wasn't done could provide some safety.
>>>> 
>>>> The related changes to this proposal would be to simply add the 4-octets of
>>>> the attribute announcement scoping and potentially the attaching AS.
>>>> However, given even such vendor features are likely to need to work in an
>>>> inter-as fashion, generating scopes of containment become tricky.
>>>> 
>>>> 
>>> I have always wondered if we should add and N bit to
>>> draft-ietf-idr-bgp-attribute-announcement to limit the advertisements to
>>> neighbor ASes only.
>> 
>> Such a thing was discussed among the authors of the attribute-announcement
>> draft.  What this would mean is such a bit would need to be set and then
>> automatically reset into the M-bits (C+A) at the next boundary.
> 
> I'll also observe that we already have the NO_EXPORT community which has virtually the same semantics if you apply it as you're sending the route to your peer. And then there was AS_PATHLIMIT, which never achieved escape velocity. Regarding NO_EXPORT, you might remark that you have to apply it at your border router instead of at the origin, and that's true, but I'm not sure if it's a big deal. You might also remark that NO_EXPORT doesn't survive if your neighbor strips inbound communities (or explicitly blows away NO_EXPORT), and that's true too -- but if operators are deliberately dishonoring NO_EXPORT, is there any reason to think they wouldn't insist implementations have a way to dishonor the mooted N bit?

Marco pointed out privately that NO_EXPORT applies to the entire route whereas the suggested flag would apply to the attribute, so not the same thing. That's right of course, sorry for my confusion. It's not the first time I've made that mistake, but I'll try to let it be the last.

I think the question about whether there will be demand for policy to dishonor the N bit is still worth thinking about though. For some protocol constructs, we seem to have resisted the urge to make them configurable, e.g. AS_PATH loop detection (OK it's a little bit configurable). For others, we seem to consider them little more than decorations to be respected or rejected at the pleasure of the network operator, e.g. NO_EXPORT. I bet it will be important to figure out which category attribute-announcement falls in.

Regards,

--John