IETF Logo Mail Archive

Re: [Idr] WG LC for draft-ietf-idr-bgp-open-policy-10.txt (6/4 to 6/18)(.

Pavel Lunin <plunin@plunin.net> Thu, 11 June 2020 01:02 UTC

Return-Path: <plunin@plunin.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1074D3A15F5 for <idr@ietfa.amsl.com>; Wed, 10 Jun 2020 18:02:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=plunin.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_IvqvFxLDE4 for <idr@ietfa.amsl.com>; Wed, 10 Jun 2020 18:02:18 -0700 (PDT)
Received: from mail2.protonmail.ch (mail2.protonmail.ch [185.70.40.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECD5F3A15F0 for <idr@ietf.org>; Wed, 10 Jun 2020 18:02:17 -0700 (PDT)
Date: Thu, 11 Jun 2020 01:02:07 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=plunin.net; s=protonmail; t=1591837335; bh=nXtmQYUET5GZXR/fPsm+kZD5z3EY5ZENstzWBt4iY8s=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=pgqy8sJfKA73SnOQz3hnWi3akuxrklibhvkNFWvHSGVSkMAIMm4wc/wtl0expjdDx dbpUn4jDB5PiDsqImgrRjofMSYSUETFxdrv3M0CsvRhxISsiQu1Qa4siVRRFY4/PjS 4rMVsrynsuBKYmhRsDtdRVkWD1mc5HXNN96pBUik=
To: Susan Hares <shares@ndzh.com>
From: Pavel Lunin <plunin@plunin.net>
Cc: "'idr@ietf. org'" <idr@ietf.org>
Reply-To: Pavel Lunin <plunin@plunin.net>
Message-ID: <xYEQPENpYuG2jhRQLLPPFqEtAVXGmqrvBx5utttybbIYY3uFj0sqcaD8344GaN2eb98bz9hfpd9nPHh9qTb4WP9EcYnZdmg4itWE2EZ6X4M=@plunin.net>
In-Reply-To: <005901d63ab5$d6003e00$8200ba00$@ndzh.com>
References: <005901d63ab5$d6003e00$8200ba00$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_4C2sDom6SGyD0rgJXDyeY9FFtyXn7NDbcAKlsi3PmE"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/r3UYbfnJ9vWVRvGGR8xXJOl68vQ>
Subject: Re: [Idr] WG LC for draft-ietf-idr-bgp-open-policy-10.txt (6/4 to 6/18)(.
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 01:02:20 -0000

Hi Susan,

1) I support the advancement of this draft to publication.

A little comment though. The so called "Gao-Rexford model" and more generally role-based relationships logic is mostly applicable to eBGP sessions. iBGP sessions are usually 'complex' in terms used in this document, so assigning roles to iBGP speakers seems practically unnecessary. From the implementation point of view it doesn't change a lot: ability to assign roles to iBGP speakers doesn't seem to make any harm, and having the option of not assigning the roles lets the network operators make the decision whether they want to change the today's behavior of iBGP default policies.

However from the operational point of view it's somewhat unclear if authors propose to configure roles on iBGP sessions. The general term "BGP" is used everywhere throughout the document (with an exception of only one occurrence), so it might seem that the document recommends to set the roles on all iBGP sessions as well as eBGP. Here it might look evident that the general context is inter-domain routing, so the document covers eBGP. However the potential audience of this document is very broad, including people not very experienced in BGP operational practices (this is were route leaks often come from) so I would suggest to make this point more explicit. Probably some occurrences of the word 'BGP' should be replaced by 'eBGP' or just a little sentence/paragraph is needed to make this point clearer.

> By default, strict mode SHOULD be set to false for backward compatibility with BGP speakers that do not yet support this mechanism.
Same here. "Backward compatibility" suggests that in future all or almost all BGP sessions should be configured with roles while it's not totally correct: iBGP speakers won't probably ever need roles and role-based policies.

This being said, this nuance only affects operational practice recommendations. Protocol behavior specification, as defined by the document, looks good: both eBGP and iBGP can be configured with roles if needed.

2) Deployments of this extension will be valuable for almost all use cases where eBGP is used to exchange public Internet routes.

Kind regards,
Pavel

> Please comment on the following questions:
>
> 1) Is this specification ready for publication?
>
> 2) Are there deployments where this BGP protocol extension is valuable?
>
> 3) Do you believe the error code handling is ready for publication?
>
> The shepherd for this draft is Susan Hares.
>
> During the WG LC, the shepherd’s report will be sent.
>
> Cheers,

v2.23.0 | Report a Bug | By Email