Re: [Idr] Review of draft-abraitis-bgp-version-capability-07
"RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org> Thu, 20 August 2020 13:28 UTC
Return-Path: <rfc-ise@rfc-editor.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4C4B3A0959 for <idr@ietfa.amsl.com>; Thu, 20 Aug 2020 06:28:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qEdm2Mffit-D for <idr@ietfa.amsl.com>; Thu, 20 Aug 2020 06:28:41 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 925D23A0922 for <idr@ietf.org>; Thu, 20 Aug 2020 06:28:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id 77F50F40785; Thu, 20 Aug 2020 06:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at rfc-editor.org
Received: from rfc-editor.org ([127.0.0.1]) by localhost (rfcpa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oovVBcanfqdL; Thu, 20 Aug 2020 06:28:18 -0700 (PDT)
Received: from www.rfc-editor.org (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id AAF4FF40784; Thu, 20 Aug 2020 06:28:17 -0700 (PDT)
Received: from 84.51.128.121 (SquirrelMail authenticated user rfcpise) by www.rfc-editor.org with HTTP; Thu, 20 Aug 2020 06:28:18 -0700
Message-ID: <37f90ca874e87bd4f8b4245518cd3a3b.squirrel@www.rfc-editor.org>
In-Reply-To: <CAMMESswJfjShCjr0ZOhshWD058eosBAStOcXVAr77rv6RvFMDg@mail.gmail.com>
References: <CAMMESswJfjShCjr0ZOhshWD058eosBAStOcXVAr77rv6RvFMDg@mail.gmail.com>
Date: Thu, 20 Aug 2020 06:28:18 -0700
From: "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: donatas.abraitis@hostinger.com, Adrian Farrel <rfc-ise@rfc-editor.org>, IDR List <idr@ietf.org>
Reply-To: rfc-ise@rfc-editor.org
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/pHoboOEUhEicK66C2D4FvRHGudE>
Subject: Re: [Idr] Review of draft-abraitis-bgp-version-capability-07
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 13:28:45 -0000
Alvaro, Very many thanks for this review. I won't get into the discussion of whether these are valid points for a conflict review, but will focus instead on the technical content which is valuable. [snip] > (1) You do a very good job to highlight potential threats in the > Security Considerations section. > But you also Normatively recommend (SHOULD) the use of encryption in > the BGP Session. > While sensible, there are no Standards Track documents that currently > do the same. > > This recommendation, even if the draft points out that it "is not an > IETF Standards Track document", can create confusion and potentially > disrupt other IETF work. At this point, I don't see that as a problem. This is a recommendation that *if* you use this extension you should also use encryption. The fact that no standards track documents recommend encryption means that if you don't use this extension you are not recommended to use encryption. Can you supply examples of the confusion or disruption? (It is certainly not our intention to confuse or disrupt!) > The threats that you identify are not exclusive to this extension, > so the solution/mitigation shouldn't be either. Not sure I follow that. The threat identified is incremental. That is, it applies to the use of this extension. If the threat also applies to other pieces of BGP we would hope that the IDR working group addresses them, but we would not expect this document to address them. If there are already solutions available that this document should use to mitigate the threat, then obviously we would want to use them. > This issue should be easy to -- I suggested alternative text below. So, response to that in line. > (2) As currently specified ("SHOULD be no greater than 64" and "it is > RECOMMENDED to exclude the Version Capability"), the Capabilities > Length Overflow (§3.1) handling represents a significant threat to a > BGP session. > The recommendations are not enough to prevent the potential > exclusion of other more critical Capabilities. > The use of draft-ietf-idr-ext-opt-param could reduce the risk, but may > result in the same problem. > > Because the current specification may significantly affect any BGP > session where one of the peers supports the Version Capability, I > believe that this document would require IETF review. > > This issue can be addressed by requiring the exclusion of the > Version Capability (using MUST), *and* talking about the risk in the > Security Considerations section. While we consulted about the length limit and the risk of impact on other Capabilities, and arrived at 64 bytes as a reasonable low to zero risk, being future-proof is hard. It is unclear, for example, how any new Standards Track Capabilities would avoid this issue. However, I would be comfortable with: - SHOULD be no greater than 64 bytes - MUST be left out if would constrain inclusion of any other Standards Track capabilities At that point, I don't believe it is a security threat. > See more comments about this in-line in §3.1. > > > Note that this message is not the IESG's Conflict Review, just my > review of the document. I have scheduled the balloting of the > Conflict Review for Sep/10, so we should have plenty of time to talk > about the two issues above. > > > Thanks! > > Alvaro. > > > [Line numbers from idnits.] > > ... > 10 Abstract > ... > 15 This BGP capability is an optional advertisement. Implementations > 16 are not required to advertise the version nor to process received > 17 advertisements. > > [nit] All BGP Capabilities are optional. No need to include this > paragraph. The same text is repeated in the Introduction...and > similar text elsewhere. You are right that all BGP Capabilities are optional. However, I would like this text to remain to further emphasize that this Independent Stream work is not something that implementations are required to consider including. > 79 Information about the version of the routing daemon could also be > 80 exchanged in protocols such as LLDP and CDP. However, in > 81 containerized environments, it is very hard and not recommended to > 82 exchange this information between background processes. Therefore, > 83 and to help minimize operational costs, it is helpful to exchange > the > 84 routing daemon information between BGP peers directly. > > [nit] For completeness, it would be nice to have a reference to LLDP/CDP. Easily done > 96 Although this document is not an IETF Standards Track document, it > 97 makes use of the terminology from BCP 14 in order to clearly state > 98 the implementation behaviors. > > 100 Capabilities advertisements with BGP are defined in [RFC5492]. > They > 101 utilize the BGP Capabilities Optional Parameter that contains one > or > 102 more triples <Capability Code, Capability Length, Capability > Value>. > 103 This document defines a new BGP capability, the Version > Capability, > 104 with Capability Code TBD and Capability Length and Capability > Value > 105 as described below. > > 107 The inclusion of the Version Capability is OPTIONAL. If an > 108 implementation supports the inclusion of the capability, the > 109 implementation MUST include a configuration switch to enable or > 110 disable its use, and that switch MUST be off by default. > > 112 The Version Capability is intended principally more to > non-production > 113 environments where more visibility is needed for troubleshooting > 114 purposes. It is NOT RECOMMENDED for use outside single > Autonomous > 115 System domain or Autonomous System Confederations, except you > have a > 116 topology with a number of routers each with a separate Autonomous > 117 Number. > > [nit] s/except you have/except if you have ack > [minor] A collection of several autonomous systems is often > characterized as being "under a common administration". That > description covers not only "routers each with a separate Autonomous > Number", but also other combinations where multiple ASNs may be > present and where exchanging this information might be useful. > > Suggestion> > The Version Capability is intended for environments where more > visibility is needed for troubleshooting purposes. It is NOT > RECOMMENDED for use outside a single Autonomous System, or a set of > Autonomous Systems under a common administration. If you think that is clearer, then it is OK for me. I believe it covers confederations and also DCs where each router has a different ASN, so it would be OK. > 119 An implementation that does not recognize or support the Version > 120 Capability but which receives one MUST respond as described in > 121 [RFC5492] by ignoring the option. An implementation that wishes > to > 122 complain that its neighbor does not support the Version > Capability > 123 MAY use the 'Unsupported Capability' Error Subcode of a > Notification > 124 message as described in [RFC5492]. > > [major] The Normative behavior is already specified in rfc5492, please > don't re-specify the behavior here. Yes. This document is allowed to describe the behavior documented in 5492 without using normative language. But it is better to simply say: An implementation that does not recognize or support the Version Capability but which receives one will handle it as described in [RFC5492]. ...which is slightly different from your [snip] > Suggestion> > An implementation that does not recognize or support the Version > Capability but receives one must ignore it, as described in > [RFC5492]. ...because "will" (rather than "must") indicates that the behavior is pre-ordained. > 132 Capability Length > > [minor] For completeness, please add the following from rfc5492: Well, for consistency with the previous point, let's not redefine anything here. So, yours... > Capability Length is a one-octet unsigned binary integer that > contains the length of the Capability Value field in octets. ...mine As defined in [RFC5492], the Capability Length is a one-octet unsigned binary integer that contains the length of the Capability Value field in octets. > 134 The Capability Length for the Version Capability MUST be greater > 135 than zero. A value of zero SHALL be treated as an encoding error > 136 and the entire triple MUST be ignored. > > [major] s/the entire triple MUST be ignored/the Capability MUST be ignored I'm not sure this is right, except that maybe you are defining "the Capability" to be the triple {type, length, value}. Perhaps the answer is to be even more specific and say... The Capability Length for the Version Capability MUST be greater than zero. A Capability Length value of zero SHALL be treated as an encoding error and the entire Capability (triple of code, length and value) MUST be ignored. > 138 The Capability Length SHOULD be no greater than 64. This is the > 139 limit to allow other capabilities as much space as they require. > > [minor] Please add a forward reference to §3.1. See more comments > there. Easily done > 141 Capability Value > 142 The Capability Value field is encoded in UTF-8 [RFC3629]. It is > 143 unstructured data and can be formatted in any way that the > 144 implementor decides. > > 146 +--------------------------------+ > 147 | Version Length (1 octet) | > 148 +--------------------------------+ > 149 | Version (variable) | > 150 +--------------------------------+ > > [minor] Just to make sure, this Figure represents the contents of the > Capability Value, right? If so, it seems to me that the Version > Length is not needed because the Capability Length already > exists...and it takes up 1 octet from the Version. Yes. Good point. Either include the Capability Code (which looks like needless repetition of the definition of a Capability triple), or exclude the Capability Length (which makes the figure a bit pointless). > 154 Version Length: > > 156 The number of characters in the Version > > [minor] If I remember correctly, UTF-8 uses variable-length character > encoding. Is the variable-length part of the encoding? A reference > to rfc3639 would be useful here. Agree that a reference to what UTF-8 is would be wise. > [?] BTW, is there an advantage to signal the number of characters, vs > simply the number of octets? Author's choice on this one. If you wanted 'number of characters' you would need a second length field, and that adds structure to the Capability Value. > 158 Version: > > 160 The Version encoded via UTF-8 > > UTF-8 requires some extra considerations...borrowing from rfc8203: > > Suggestion> > The Version field MUST be encoded using UTF-8. A receiving BGP > speaker MUST NOT interpret invalid UTF-8 sequences. This field is not > NUL terminated. This looks sensible to me. > 164 As defined in [RFC5492] the total length of capabilities that can > be > 165 carried by the BGP Capabilities Optional Parameter is 255 bytes. > If > 166 an implementation is constructing a BGP Capabilities Optional > 167 Parameter and its length exceeds 255 bytes, it is RECOMMENDED to > 168 exclude the Version Capability. An implementation may optimally > 169 achieve this by making the Version Capability the last capability > 170 triple to add to the Parameter, and only adding it if there is > 171 sufficient space to do so. > > [?] Was the use of draft-ietf-idr-ext-opt-param considered? Author to respond, but I believe that while this is available, it is seen as "unlikely to become an RFC any time soon". That would mean that either the author had to fold it in to this document (which I would think makes it absolutely IDR work) or sit with a normative reference for ever. > [major] Some of the other Capabilities are far more critical to the > operation of a BGP session than this one: multiprotocol extensions, > extended messages, add-path...to mention a few. As specified ("SHOULD > be no greater than 64" and "it is RECOMMENDED to exclude the Version > Capability"), the result could easily be the inability of the session > to properly function if other Capabilities are not included. > > Why is the behavior recommended and not required? I can imagine how a > Version may need a long string...but excluding the Version Capability > should be REQUIRED. I think the authors decided on RECOMMENDED because an implementation should be free to decide which capabilities are more or less important. However, as indicated in my response to the comment at the top of this email, I would be comfortable with: - SHOULD be no greater than 64 bytes - MUST be left out if would constrain inclusion of any other Standards Track capabilities > As mentioned at the top, text in the Security Considerations section > should also highlight this risk. > > Suggestion (for the Security Considerations)> > A rogue node can prevent the proper operation of a BGP session, or > the advertisement of other Capabilities, by not excluding the Version > Capability as required in Section 3.1. This risk is equivalent to a > rogue node simply not advertising a specific Capability and is not > new to BGP. Sorry, but by your own text, this is at best unhelpful. A rogue node can do anything! A rogue node can decide to omit or lie about capabilities; it can add new and unknown capabilities that fill up the the attribute; it can violate any MUST from a protocol spec; it can generate random streams of bytes. Adding your text would, I think, not be very harmful, but it gives the appearance that this protocol extension introduces a new threat. It does not. So if you wanted something added it would need to say "BGP includes no protection against rogue or subverted implementations. This specification does not introduce any security measures to address that problem." Personally, I don't think that this is the place for a commentary on the general deficiencies of BGP. > [major] The length to be considered is not 255 octets of Capabilities, > but of Optional Parameters -- take a look at rfc4271/§4.2. Oh, this is a splendid point! And here we have the issue that even modest constraint on the length of the Capabilities may cause us to run out of space for other Optional Parameters. IANA helpfully shows us that there are not many optional parameters defined (https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml#bgp-parameters-11) so this problem is not rampant, but it raises two questions for the authors: 1. Why a capability code and not an optional parameter? (I suspect the registry assignment rules may have a lot to do with this!) 2. How do you stop the version capability crowding out other optional parameters? > 186 Enabling (i.e., turning on) this capability requires bouncing all > 187 existing BGP sessions and the feature MUST be explicitly > configured > 188 before an implementation advertizes the Version Capability. > > [minor] There is already a specification in §3 about explicit > configuration -- no need to specify the behavior twice. > > Suggestion> > Enabling (i.e., turning on) this capability may require a restart of > any existing BGP sessions and its explicit configuration (Section 3). Fair enough. > [] Note that some vendors support the ability to change the software > version without restarting the BGP sessions...which means that the > Capability may have stale information. Yeah, I have some memory of that being discussed, but can't put my finger on it. It would be useful to have some text on this case. > 192 Below is an example of implementation in [FRRouting] how it looks > 193 like with version advertised by a BGP sender: > > [] Suggestion> > Below is an example from the [FRRouting] implementation showing both > the received and advertised Version Capability: Sounds reasonable. > 195 :~# vtysh -c 'show ip bgp summary failed' [snip] > [] I'm not sure what this figure is showing. Authors should add an explanation or pointer as appropriate > 216 IANA maintains the "Border Gateway Protocol (BGP) Parameters" > 217 registry with a subregistry called "Capabilities Codes". > > [major] The Capability Codes registry is a standalone registry. Well, perhaps not major? If you go to https://www.iana.org/protocols and search for "Border Gateway Protocol (BGP) Parameters" you easily enough find a list of registries of which one is clearly called "Capabilities Codes". We can debate (endlessly?) whether the first is a registry and second a subregistry. I am almost certain that not too many people will worry about the result of our debate. > 229 6. Security Considerations > > 231 The Version Capability should be treated as sensitive information: > it > 232 could be easier for an attacker to exploit the system if they know > 233 the specific version of a BGP speaker. This information could be > 234 gathered by inspecting BGP OPEN messages that carry the Version > 235 Capability defined in this document. Using encryption to protect > the > 236 information exchanged in BGP sessions SHOULD, therefore, be > carefully > 237 considered when this feature is enabled. Suitable encryption can > be > 238 achieved by protecting the BGP session using TLS [RFC5246]. > > [major] There is no Standards Track document that talks about > encrypting a BGP session, much less recommending it (SHOULD). This is > not an IETF consensus document, so providing this type of guidance is > out of place, and may cause unnecessary confusion that could disrupt > other work. As discussed at the top of this email, I don't see how recommending the use of encryption when this feature is in use impacts other implementations or deployments of BGP. In no way does this document provide guidance for regular BGP deployments. I suspect that TLS might be an available mechanism for protecting BGP sessions. I have heard people talk about IPsec as an appropriate approach. Some have claimed MACsec also works (although it seems there are limitations). It seems to me that pointing out the threat and recommending a mitigation is exactly what this document should do. > 240 Furthermore, knowledge of which versions of code is running on a > 241 given router and from which vendor it comes may facilitate a > number > 242 of social-engineering attacks. This further adds to the desire to > 243 protect this information through encryption. > > 245 Modifying the information advertised by a router might lead to > 246 attacks including bogus software upgrades and also might mask the > 247 causes of faults in the network.  This can be mitigated by > protecting > 248 the BGP session using TLS. > > [major] Confidentiality and integrity are issues that apply to BGP in > general, and are not exclusive to this extension. Agreed. And why is it wrong for this document to observe that the extension in this document is vulnerable? It is the job of the security considerations section to consider the extension and the information it carries, and to set out any additional threats and vulnerabilities that its use create. Where possible the section should also describe mitigation. > Suggestion (to replace the first 3 paragraphs -- borrowing heavily > from rfc8203)> > > The Version Capability should be treated as sensitive information: it > could be easier for an attacker to exploit the system if they know the > specific software version and manufacturer of a BGP speaker. This > information could be gathered by inspecting BGP OPEN messages that > carry the Version Capability defined in this document. Furthermore, > this knowledge may facilitate a number of social-engineering attacks. > > Modifying the information advertised by a router might lead to attacks > including bogus software upgrades and also might mask the causes of > faults in the network. > > Users of this mechanism should be aware that unless a transport that > provides integrity is used for the BGP session in question, the > Version Capability can be forged. Unless a transport that provides > confidentiality is used, the Version Capability could be snooped by > an attacker. These issues are common to any BGP message but may be of > greater interest in the context of this extension as explained above. > Refer to the related considerations in [RFC4271] and [RFC4272]. > > Users of this mechanism should consider applying data minimization > practices as outlined in Section 6.1 of [RFC6973], as appropriate > within the deployment context. I don't have any objection to this new text. > 250 Many BGP implementations leave TCP port 179 open in order to be > able > 251 to establish sessions with new neighbors. This could lead to an > 252 attack where a rogue BGP implementation attempts to open a > session > 253 and learns the version information from the responding peer. > > [] This is a general vulnerability. See related comments after the > last paragraph in this section. Again, while agreeing that this is a general BGP threat, the information gathered is specific to this document. > 255 The Version Capability MUST be configurable with a vendor- > specific > 256 knob to be able to enable or disable the capability. The vendor > 257 might implement to disable this capability per neighbor. > > [minor] The configuration specification is already detailed in §3 -- > no need to describe more here. The only extra functionality (not in > §3) is the ability to disable the capability per-neighbor -- include > it in §3. I agree to including the per-neighbor configuration in section 3. I disagree to removing this material from this section as it applies to the security of the implementation. Adding a back pointer to section 3 and reducing this text would be fine. Thus... The Version Capability MUST be configurable within an implementation as described in Section 3. > 259 It would be safe to enable this for iBGP or inside the same tenant > 260 where you have full control and the BGP speaker is behind the exit > 261 points. > > [minor] This paragraph sounds very tentative ("would be safe") and not > explicit about the meaning of "full control" or being "behind the exit > points". In general I understand what you mean, but it many be too > vague for an RFC. Take a look at RFC8799, which talks about > "controlled environments" (aka limited domains) -- that might be a > good reference for what you mean above. It's the subjunctive. It can be rewritten as "It is safe..." Agree that clarifying "full control" would be valuable. > [minor] This topic is related to the text already in §3 about > deploying outside a single AS (see my comments there too). > Suggestion: keep these operational considerations in one place. > Perhaps §3 is not ideal -- consider §4 instead. The authors may consider an Operational Considerations section, however, I think it critical to the security of an implementation that this material is at least referenced from the security considerations section. > 263  This capability is NOT RECOMMENDED for eBGP use. > > [minor] As mentioned above, put all operational/deployment > considerations in one place. As above. > BTW, this is the only place where eBGP > is used...perhaps the AS-related terminology is better. Good point to consider. > 265 Sensitive information leaks can be minimized by using the > [RFC5082] > 266 mechanism or firewalls to filter out TCP 179 port from untrusted > 267 networks. This capability can be disabled per neighbor, thus the > 268 sensitive information can't be disclosed to untrusted neighbors. > > [minor] General vulnerabilities. These two techniques (and other > general suggestions) are covered in rfc7454 (BGP Operations and > Security). A reference to that document instead of mentioning > specifics that are not exclusive to this extension may be better. A reference *as*well*as* the current text would be good. > [major] One more thing -- borrowing also from rfc8203 -- add the > following: > > This document uses UTF-8 encoding. There are a number of security > issues with Unicode. Implementers and operators are advised to review > Unicode Technical Report #36 [UTR36] to learn about these issues. > UTF-8 "Shortest Form" encoding is REQUIRED to guard against the > technical issues outlined in [UTR36]. > > Here's the reference: > > [UTR36] Davis, M., Ed. and M. Suignard, Ed., "Unicode Security > Considerations", Unicode Technical Report #36, August > 2010, <http://unicode.org/reports/tr36/>. That's good text, thanks (and highlights the point that the security considerations section *should* include descriptions of generic security concerns (in this case a UTF-8 issue) that are described elsewhere. Best, Adrian -- Adrian Farrel (ISE), rfc-ise@rfc-editor.org
- [Idr] Review of draft-abraitis-bgp-version-capabi… Alvaro Retana
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… RFC ISE (Adrian Farrel)
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Alvaro Retana
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… RFC ISE (Adrian Farrel)
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Donatas Abraitis
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Alvaro Retana
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Robert Raszuk
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… RFC ISE (Adrian Farrel)
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… RFC ISE (Adrian Farrel)
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Donatas Abraitis
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Robert Raszuk
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Alvaro Retana
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… RFC ISE (Adrian Farrel)
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Robert Raszuk
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Alvaro Retana
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Robert Raszuk
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Donatas Abraitis
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… John Scudder
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… John Scudder
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Donatas Abraitis
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… John Scudder
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… Donatas Abraitis
- Re: [Idr] Review of draft-abraitis-bgp-version-ca… John Scudder