Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12

"Juan Alcaide (jalcaide)" <jalcaide@cisco.com> Fri, 30 April 2021 18:33 UTC

Return-Path: <jalcaide@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 074CD3A223E; Fri, 30 Apr 2021 11:33:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.918
X-Spam-Level:
X-Spam-Status: No, score=-11.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=kVF7Pyzx; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0XZA/e+y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QYYnYW01gbFQ; Fri, 30 Apr 2021 11:33:19 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 562723A2242; Fri, 30 Apr 2021 11:33:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15966; q=dns/txt; s=iport; t=1619807599; x=1621017199; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=alhHvw/6MJ/i2yUzK52x9r3qcHARYZzpPVJf4VR1mdk=; b=kVF7PyzxbBdBowbXBd+W5H79FSW+hFBGCvmTvCAbBPiKpSzWruNPEgK2 z6Pip46lwrShsU4ZYoGZF14aBsgR00ZjigqoR/KPKnOFoSsfPSroAQOjB W6a82qjQJRIpX/YX+Ycnv4mArDVIKTgOF5F7Q6RYZ4IL5xoEzNsmcqUvW s=;
X-IPAS-Result: =?us-ascii?q?A0ADAAD9TIxgmI0NJK1aGgEBAQEBAQEBAQEDAQEBARIBA?= =?us-ascii?q?QEBAgIBAQEBQIFDBQEBAQELAYFSIy5+WjYxC4Q5g0gDhFlgiG4DgQyJJ48ag?= =?us-ascii?q?S6BJQNUCwEBAQ0BASgKAgQBAYRQAheBZAIlNAkOAgQBAQEDAgMBAQEBAQUBA?= =?us-ascii?q?QECAQYEFAEBAQEBAQEBaIVQDYZEAQEBAwEjBA0MAQE3AQQHBAIBBgIOAwQBA?= =?us-ascii?q?QMCJgICAh8RFQgIAgQOBQiCaQGCVQMOIQEDC4xOkG0Cih96fzOBAYIEAQEGB?= =?us-ascii?q?ASBOAKDew0LghMDBoEQKgGCeIQNhlMnHIFJQoEVQ4IpNj6CHkIBAQOBRRqDF?= =?us-ascii?q?TaCK4FZEFsGPh0JBFECFEk7MhUFGAEGAQ4MDSKUB0KVA5BXOVsKgxCJdo1zg?= =?us-ascii?q?kODFBCDVKFKl0KJaIMcjiWBKQ6EZgICAgIEBQIOAQEGgVQ4gVtwFTuCaVAXA?= =?us-ascii?q?g6OHwwNCYNOhRSFSXM4AgYBCQEBAwl8iU8tgQcBgQ8BAQ?=
IronPort-PHdr: A9a23:1cQyShAHCD20jTej1xMUUyQVnBdPi93PFgcI9poqja5Pea2//pPke VbS/uhpkEShdYre4vNAzeHRtvOoVW8B5MOHt3YPONxJWgQegMob1wonHIaeCEL9IfKrCk5yH MlLWFJ/uX3uN09TFZXxYlTTpju56jtBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oa husqgCEvcgNiowkIaE0mXP0
IronPort-HdrOrdr: A9a23:nkGD2a//HY873dAX5A1uk+Gpcb1zdoIgy1knxilNYDRvWIixi9 2ukPMH1RX9lTYWXzUalcqdPbSbKEm8ybdc2qNUGbu5RgHptC+TLI9k5Zb/2DGIIUPD38Zn/+ Nbf6B6YeeeMXFTh8z3+RT9Nt4mzsWO/qzAv5ag815GZ2hRGsZdxi1+DRuWFVAzYQFAC4YwGp b03Ls4mxOLf3MLYsOnQkQfV+/YqNHR0L7gaxgKBxkogTP+zA+Awrj8DhSew1MiQypCqI1Sv1 Ttvi7YwuGYs/+9wgLBzGO71fRrsfbo19crPr32tuE7MTPp4zzYAbhJe7rHhzwtpfHq1VBCqq ixnz4FH+Ber0zcZXu0pxyF4Xih7B8L52X5wVGVxVvPyPaJPg4SMMZKiYJHfhax0SNJ17sQvN MprgCknqFaAh/akCP268KgbWAWqmOPvXEgneQP5kYvN7c2Vb5LoYQTuGNTHZsQdRiKkLwPLe h0AMnQoMtRaFORBkqpx1VH/drEZAVWIj62Bmw5/uCF2Tlfm350i2ECwtYEo3sG/JUhD7FZ+u XtKM1T5fJzZ/5TSZg4KPYKQMOxBGCIawnLKniuLVPuE7xCE27RqqTw/K4+6IiRCd415ap3vK 6EfEJTtGY0dU6rI9aJxod3/hfER3j4ejjx1MdE5dxctqfnTLTmdQ2PIWpe1veIkrE6OIn2Sv yzMJVZD7vINm31A7tE2AX4Rt1cMn8bXMoJussqWl6Hr87RQ7ea8dDzQbL2Hv7AADwkUmTwDj 8oRz7oPvhN6UitRzv5jXHqKjXQU3262ag1PLnR/uAVxoRIHJZLqBIphVOw4dzOLTVDt6cxbV ZvOb+PqNLjmUCGuULzq0l5MBtUCUhYpJ/6VWlRmAMMO0ToNbAZu9uefmhW1GCdJgB2St7XFA I3nSUyxYuHa7irgQwyAdOuNWyXy1EJomiRcpsakqqfodv+doggFZYgUqxpHQDNHxh48Dwa8F trWUshfAvyBznugaKqgNgoH+nZbcB7mxruC9VTs2jjuUKVotwPSnMXUyW1a9OehR8jSlNv9w ZM2p5apIDFuD60bUMjnewzMTR3GRWqKYMDKD7AWaJ5tfTAfhpqQWKDmDqA4itDClbCxgE1nW zuLSqdZPfRJEFS00ooiJrCwRdTaniXeV52ZzRct4BwfF625kpb4Kusere51XeXZx855twldB vBYTcUP2pVto2K/RaIhTePEmgnzJ0yPurbSK8uaa3Xx2nFEvz6qYgWW/BT55prL9bor6sCVv +eYRacKHfiB/ouwBH9nAdoBABk7H0lm+jvwhvr8Syx22M+G+PbJD1dNvsmCsDZ62jvXPCT1p plydozoOurK230LtqL07veYTIGKhTdpweNPqwVgIERuaI5r71oGZbHFTPOyXFcxR07aN7ui1 l2etUz3JnRfot0O8ACcSNQ+VQk0NyJMUswqwTzRuszZ0skgXPXN86AioC45oYHEwmEvk/9KF Of+ypS87PeUyyP2aUTBqgwLW5VAXJMo0hK7aeHbcndGQ+qf+ZM8B6mKXe7aqZaU7XAFrMKrB p2iuv46dO/Zm79wkTXsjR6KK4VrDriTsO2HQ6WGelHt9a9Ik+Bh6O24Mi1yDf7IAHLH3gwlM lAbwgXaM8GlzwpyIsw2SK2Qrbsok0kn0BFiAsX3mLFy8yj+iPDAUpCMQfFmZ1YUjlYL2iQga 3+gJ2l/WW45CIAxILKG0hRdMxfAtQcToD4KCF1NMgb1YTYiJYHk2BEexchD2k1lTD70adnxN 6CqYfvZ9E=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,263,1613433600"; d="scan'208";a="730160576"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Apr 2021 18:33:18 +0000
Received: from mail.cisco.com (xbe-aln-004.cisco.com [173.36.7.19]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 13UIXITv018064 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 30 Apr 2021 18:33:18 GMT
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xbe-aln-004.cisco.com (173.36.7.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 30 Apr 2021 13:33:17 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Fri, 30 Apr 2021 13:33:17 -0500
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 30 Apr 2021 14:33:16 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZV0ylWewu4P3PUCmcMN5Pb87+N6JtMeGgJPy6LMcw3Qr/vRCbofETGykQZ7uRgQjkk4SIsjAaqhit1QCbjA2iZf/IH3Jhp5FGdzBn0gObpnip3th2xeE72Ok1G+u/Zc3ud4O7Fw5rEqC3XVN2uWynEVLaYEpkzlNfWNu66BjpM+Abl7OgcPtxqh/DytkHgEONudJuBgfYA7e1AsGK/QotojsqWdZ/ytVc+Osu6updT9q+GuFoQnAu6vupDjm44GpnMeAwScpLCnPvhY6dpHXmHRlqsRMGlqNmc3zEGV39ZkZXXUfPIF/2xxpVJCrde4JaV+sh3ET4vOUyitHWFGZJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=alhHvw/6MJ/i2yUzK52x9r3qcHARYZzpPVJf4VR1mdk=; b=PnETHHEEd1nupt0xwFDgBnw80PgtyThdEmVuYIxfhD83ccK4S6AWdZlJKeDwLw6M40sguz2GlmByH/ONltGNsncuBr2d6boOzmi9m8cgCpz5I9Ebh+l25YWpbBN3NJy86nG3HPSCDPsv4j56h487wd0NR/4lhoTo6TEbe4TAT6++Tmm6oqqpRgHiRPWcbfE/Hmmb/y+LVy0EnBiZNo8WU5zwPZooZlbm+NiDtjbp+uIptbWKB6USHZCHwVsv9MMjtV67ML1C/ibcrpg6dWo8ZAzwsyMDMPNY6cgxpll9oTmrBAm8Sa761j6c6JwCCDt4mmJ1NbeSTQRZkE/zQrSOpw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=alhHvw/6MJ/i2yUzK52x9r3qcHARYZzpPVJf4VR1mdk=; b=0XZA/e+yBJpoM9lJZPMeGb5svCPWQkLZUG0+pUPrZ3ORhdFcSNr7OsQbnnIwXChNn6NUN7E+eFusq8wFc4BSwCPKsBWqet6GnWOlMIrNQmrvpYocJQNsB32icGiSgefl9frXXl53sPh8PG6Yzuo3fSPj6q/v6H2ZsH8XLTkv0Co=
Received: from DM6PR11MB3194.namprd11.prod.outlook.com (2603:10b6:5:5c::25) by DM5PR11MB1691.namprd11.prod.outlook.com (2603:10b6:3:b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.26; Fri, 30 Apr 2021 18:33:15 +0000
Received: from DM6PR11MB3194.namprd11.prod.outlook.com ([fe80::e4e0:cf18:7be1:8019]) by DM6PR11MB3194.namprd11.prod.outlook.com ([fe80::e4e0:cf18:7be1:8019%7]) with mapi id 15.20.4065.026; Fri, 30 Apr 2021 18:33:15 +0000
From: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
CC: "David Smith (djsmith)" <djsmith@cisco.com>, Susan Hares <shares@ndzh.com>, James Uttaro <ju1738@att.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, IDR List <idr@ietf.org>
Thread-Topic: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
Thread-Index: AQHW9QDI2xQHpdk2Z0uhqDf2mVgKOao9DtUAgAurHfCAELXogIAN/PdwgAAuCICAFAtZgIAAcYEAgCyKm/CAAOBHAIAIe2uQgAxLrACAD6nPQA==
Date: Fri, 30 Apr 2021 18:33:14 +0000
Message-ID: <DM6PR11MB319466B7490F9E5BBFF7C0AECD5E9@DM6PR11MB3194.namprd11.prod.outlook.com>
References: <CAMMESsxqRWK2vDPyj-0_ruYoW7pkautFc09MoFBUTKxG23=tyA@mail.gmail.com> <000701d6f57c$6c20ff60$4462fe20$@ndzh.com> <DM6PR11MB319495819681585AA858E54BCDB29@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESswvncvo68dYp95P+9gkgKgPpmgY3Yr-xC3=hdt-1YigYQ@mail.gmail.com> <SN6PR11MB320012D1B66CF35D18DCB212CD9F9@SN6PR11MB3200.namprd11.prod.outlook.com> <CAMMESszDCb70G6YbdpiAnv0mYEC52=abh89QW7cXaEdfgVzOxw@mail.gmail.com> <EBC0EE4B-063B-44A4-A74B-FCAE6EDBA511@cisco.com> <00f001d71500$db52a9d0$91f7fd70$@ndzh.com> <DM6PR11MB3194DEF968FD730D08FFFFBACD759@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESsxjUetknSv=Q+PHxzQfx8VqgtGitr3jW84bJuZD41puOQ@mail.gmail.com> <DM6PR11MB3194CAFF7F6373A8B193D1A2CD709@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESsxhx87=zz6jTni52814wnEnhaH6VapeRG9Z7Km66jnC=A@mail.gmail.com>
In-Reply-To: <CAMMESsxhx87=zz6jTni52814wnEnhaH6VapeRG9Z7Km66jnC=A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [83.38.90.229]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ff782f53-27d1-458a-dcf8-08d90c066acf
x-ms-traffictypediagnostic: DM5PR11MB1691:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR11MB16910B0E3C1C1BBA126EAD73CD5E9@DM5PR11MB1691.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3NblLzysjBgFmDOf1FHUnqv1tvMeTBrtrLgRBPsiFDW9LarT3njnr7eYAXEEXaAey7esfik+/jhsczHz39wiloBagM7OaWt5VkGOe5VLpXOM6mFqlfSjshZRzPsuCK1tgFHRytjCh7uRdP+r3hchSQpmuF5GsGg2nAw25Zg2CzH2TbQ3M5xSCc4eEewLb3wwD/CJXldsqP8wqY7ddC3jDSDisWySs+a5JFFraMdTwVXIqQGhJD119idI+GHDOwLZmXT6vh6XEzG+OmZ2YcMwWvl6LMiIbrsVkEISmF6eAmC3rrTfyJkMs2W8VzNanv/zcndm+HQ/xYpsN8mvXbjJ1wh0jqYxQz96wKAF0Fvbt1PxDUGRfkewReNG1ur91UhCTqA+zVvu1ExKMVoJaAsIQquegXiFOX6UWreirqmkZzqvipDVM7lMuakIEZ4kstGRQ6dM17y4eguXetGFZUQcKrhHHAYLuZh4dFKNEenxtbwAZpK3kZtMgST3k8N5Bie5TAStk2Gz0hZGZ06lHBYZ55+HVzzW736ywzU0PCrMglwoSfzz7WOaU5NAVvZIkRbXIpCVs7H2QF05mgIhKX/rwGk7mO9mw5Nas+Qtbh0OEKW215e0C3SWDKsrXRkN4FgWGWtwIZZIlSWOr5dv9mrlDR5Oj1pKfXZkHJOOUPrYQjU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB3194.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(396003)(346002)(39860400002)(136003)(376002)(8676002)(186003)(52536014)(86362001)(26005)(5660300002)(66556008)(966005)(38100700002)(478600001)(66946007)(30864003)(55016002)(9686003)(4326008)(76116006)(6506007)(122000001)(8936002)(83380400001)(316002)(54906003)(53546011)(71200400001)(6916009)(66574015)(64756008)(66476007)(7696005)(2906002)(33656002)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?K09uUzNZaENTWXgwcWxJU1ZXMFUxSW04V2FjbUtINDN6WHl4ZHNMNzdZczE2?= =?utf-8?B?NUxKdnhrb0RmUm9Fd2h6STFNUkFkRFh0SEFZaDRNc3VLM0pKZjZYN1pONFFt?= =?utf-8?B?aEkxY0p1cjI3K0UzTU5rejhRckRQTTY1akh2K3JXK1hwQWdUSUF1V3oxVHU2?= =?utf-8?B?VmVQVlc3aU91ZlhacVZUbnc5NkgxSzB0WDBRd2hwYjBkdDhPeXRHUmhlS2k4?= =?utf-8?B?Z05DYytRUk9aOUNyTUZSNUJZRUNVTlEvWnhFQWRSMmVSUkhRMWYyZW9NNDM2?= =?utf-8?B?dVF2aHZldHY3cjZTWVBlZ0RzcFhLL0hIZ1V5b0todld1aCtZUTlYU2xlcGxr?= =?utf-8?B?ODcyRUhnYU9FdWtWMVFXSHNqMUlva0ZxaFMyU2xiaUpleW1kWUx1d1JrOWgr?= =?utf-8?B?alJYbWNsRUFHNUlnUTRWT3FpWThsRDFpU0piSmdBMVNITjNBbEVOOVFBemFw?= =?utf-8?B?VEtIcW1mMk1PNjFXUkhXUmtyVVBULzFUcXhUS3BxMlBFVTVYYVF2ZCtXWHBq?= =?utf-8?B?Z1pidVViOFFjRGRBUEVlUmtHc1dGRlVGQ0hvVVA2Q2hHbzBYaGxJUVg5TUFE?= =?utf-8?B?ejlEWFh6bjUrWGtLaURMTGJLTlR1TW01b3FtSHFjK0VrRVMrbzgzK0RaWThN?= =?utf-8?B?R2duUXJ1QWJrK2xtRlZrdmEzY1RyZmltM25MNHEzQXFjUExlNTJ6WWRHYjlt?= =?utf-8?B?b24ycXJKVlpBekJlYThhMXNhTWNuVnViSjIrWERKektZNWpIQVdvOFdqSTJ1?= =?utf-8?B?cjlTTHFoUTRRcVN3QSttcUhISlRVS1hJZHVPSFN1ZU9CNVBLQ3luODFIS0xW?= =?utf-8?B?RmlRWUYyYklNZmY2bFZUSHpGMmozeVlkOUp6R1pzTWZLZTlIZEc2VEthZzFp?= =?utf-8?B?ZVQvQUcveTNsNHpMSDAranZyU3hRZVUyL2x6Q1RibkU4NEpTbFRsZm1NekNs?= =?utf-8?B?MlBsZm1zaEFHbzJSYWdXbUpsUkJXbmkrYytRN1kvWUVuc3FzMTUwZllsdE5p?= =?utf-8?B?dU0wekhtWlpSTzhBMFdOcVBUNUFDNG1jVE1sNjNobmFNUXlGQU4wVTlydGt2?= =?utf-8?B?bjNCb0lzMnJhL2NOSkU0bndaV0VxaFlwNXc3SkxEU0xTdFl2MHZFMk9uYXJQ?= =?utf-8?B?M1FwMEFCWURNNDA4L29lc3BlbjE3SC9wQ1R6eTRxdTJXL3d1b1ZvMDlTOG5n?= =?utf-8?B?K1M1MWQ1eGY1Y3QyYzlpSUY0T3Nyd28vL1BWMUM3WExpREtmUXkwL3llSjE2?= =?utf-8?B?am1WTytQdkFJWUd5ekxhVjVZNG5UMCtwSWs4SXFJQnRFM1NLSm93dlBjaSs1?= =?utf-8?B?eE04U0Q1K0FQcFhpUmRnb2J5My9uQkdrRnU4cUM4OGhmTUN0NmlIREttazdN?= =?utf-8?B?SkdOQVNVUGlxcHE1YTlBVnlFV0RNOVlkbmJ2U1hzS3BSbHVMcWhZL0hJYTJm?= =?utf-8?B?WG1IZ2NKQVkxeTdlZjc2ZEZaMld2RXZDWmFIbnFWQThpVjVaN3Rva2hucXpB?= =?utf-8?B?NXh1d25ST1ZQcWRacEhweGN5QVBhMW8xZlY0WllNOXRMYlJaaFl5TG1uL2Rn?= =?utf-8?B?eVFCL0ZCNDlkM0xiR2NJeXRLd2Zsb0FqcDRFY1RyT1dRcDRNQko4VGU1cmFt?= =?utf-8?B?L0R6dVFEYjl6b3RBWlRIQy91OHIrb2IveXlHS2YvVDliZzRjN282Qk5vQ2du?= =?utf-8?B?VDhNQnQyQlRhN0M2YmdvLzZJMTZvK0RCaHF6c3FFVnhRdW9Ud2RONHQ1TEdN?= =?utf-8?Q?2nK7R12WkXyavyn8ng=3D?=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB3194.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ff782f53-27d1-458a-dcf8-08d90c066acf
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2021 18:33:14.9840 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 47pbDPZAneOcj7IOucT00P454VbsSIuLf8e1e+D1FmDL70ZgghWNNmNULQfL1kGrz+erkn89XAkOgEE48QDkkQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1691
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.19, xbe-aln-004.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/scVl0ZGhJtAx6cYH8pF6Nn0mnlc>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2021 18:33:24 -0000

Thanks for your comments Alvaro. I'll add them and also a few more nits/clarifications inspirited by them.


In particular the following. Let me know if you agree or you have other suggestions




--> Match conditional statement with condition in past tense

<snip>
A possible case would be if AS_PATH contained
       only ASNs that *were* known to belong to a common administrative domain.
</snip>



-->  The text between ** is also added, so we are removing it from RFC8955 (our new rule is no a rule of the BGP specification)
<snip>
   [RFC8955] states:

      BGP implementations MUST also enforce that the AS_PATH attribute
      of a route received via the External Border Gateway Protocol
      (eBGP) contains the neighboring AS in the left-most position of
      the AS_PATH attribute.  **While this rule is optional in the BGP
      specification, it becomes necessary to enforce it here for
      security reasons.**
</snip>



-->  4.1: Remove use cases when redefining rules b.2.2 and b.2.3. Everything is moved to the explanation section (since there was some duplication).

--> Redefinition of the rule removes the word NLRI (between **), so it's consistent with the naming of the rest of the document.

<snip>
      BGP Flow Specification implementations MUST enforce that the AS in
      the left-most position of the AS_PATH attribute of a Flow
      Specification route received via the External Border Gateway
      Protocol (eBGP) matches the AS in the left-most position of the
      AS_PATH attribute of the best-match unicast route for the
      destination prefix embedded in the Flow Specification** NLRI**.
</snip>



--> I originally added AS_CONFED_SET because the   [I-D.ietf-idr-deprecate-as-set-confed-set] is not an RFC yet. But I'll gladly remove AS_CONFED_SET reference for clarity if that's ok. 
And just add a note in case it's not deprecated yet. Only concern is that it was (could have been) mentioned in both sections 4.1 and 5. So I thought perhaps the best place to add the note would
be at the end of the introduction. My proposal:

<snip>
   Throughout this document, some references are made to
   AS_CONFED_SEQUENCE AS_PATH segments.  If AS_CONFED_SET ASPATH
   segments are supported, same considerations MUST apply to them.
   Note, however, that AS_CONFED_SET segments are expected to be
   deprecated per [I-D.ietf-idr-deprecate-as-set-confed-set], and thus
   support for them will soon not be required.
</snip>


-J


-----Original Message-----
From: Alvaro Retana <aretana.ietf@gmail.com> 
Sent: Tuesday, April 20, 2021 9:18 PM
To: Juan Alcaide (jalcaide) <jalcaide@cisco.com>
Cc: David Smith (djsmith) <djsmith@cisco.com>om>; Susan Hares <shares@ndzh.com>om>; James Uttaro <ju1738@att.com>om>; idr-chairs@ietf.org; IDR List <idr@ietf.org>
Subject: RE: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12

On April 12, 2021 at 7:32:04 PM, Juan Alcaide wrote:

[+ WG + Chairs]


Juan:

Hi!

> Here it goes: 
> https://tools.ietf.org/html/draft-ietf-idr-bgp-flowspec-oid-13

I looked at the update and have some remaining comments -- mostly minor and nits.  I am starting the IETF Last Call -- you can address my comments as part of other potential LC comments.

Thanks!

Alvaro.


[Line numbers from idnits for -13.]

  == Unused Reference: 'RFC6793' is defined on line 487, but no explicit
     reference was found in the text


...
15	Abstract

17	   This document describes a modification to the validation procedure
18	   defined for the dissemination of BGP Flow Specifications.  The
19	   dissemination of BGP Flow Specifications requires that the originator
20	   of the Flow Specification matches the originator of the best-match
21	   unicast route for the destination prefix embedded in the Flow
22	   Specification.  For an iBGP received route, the originator is
23	   typically a border router within the same autonomous system.  The
24	   objective is to allow only BGP speakers within the data forwarding
25	   path to originate BGP Flow Specifications.  Sometimes it is desirable
26	   to originate the BGP Flow Specification any place within the
27	   autonomous system itself, for example, from a centralized BGP route
28	   controller.  However, the validation procedure will fail in this
29	   scenario.  The modification proposed herein relaxes the validation
30	   rule to enable Flow Specifications to be originated within the same
31	   autonomous system as the BGP speaker performing the validation.
32	   Additionally, this document revises AS_PATH validation rules so Flow
33	   Specifications received from an eBGP peer can be validated when such
34	   peer is a BGP route server.

[nit] s/Specification any place/Specification from any place

[nit] s/revises AS_PATH/revises the AS_PATH


...
93	2.  Introduction
...
127	   Figure 1 illustrates this principle.  R1 (the upstream router) and RR
128	   need to validate the Flow Specification whose embedded destination
129	   prefix has a best-match unicast route (dest-route) originated by
130	   ASBR2.  ASBR2 could originate the Flow Specification, and it would be
131	   validated when received by RR and R1.  Sometimes the Flow
132	   Specification needs to be originated on AS1.  ASBR1 could originate
133	   it, and Flow Specification would still be validated.  In both cases,
134	   the Flow Specification is originated by a router in the same
135	   forwarding path as the dest-route.  For the case where AS1 has
136	   thousands of ASBRs, it becomes impractical to originate different
137	   rules on each ASBR in AS1 based on which ASBR each dest- route is
138	   learned from.  The objective is to advertise all the Flow
139	   Specifications from the same route-controller.

[nit] s/originated on AS1/originated inside AS1

[minor] s/different rules/different Flow Specification rules

[nit] s/dest- route/dest-route


...
159	3.  Motivation
...
234	   In addition, an operator MAY extend the requirements above for a
235	   group of ASes via policy.  This is described in section (b.2.3) of
236	   the validation procedure.

[minor] Let's keep the Normative actions to the mechanism: s/MAY/may


...
251	4.1.  Revision of Route Feasibility
...
264	      2.  The AS_PATH attribute of the Flow Specification is empty or
265	          contains only AS_CONFED_SEQUENCE and/or AS_CONFED_SET segments
266	          [RFC5065].

[] I had suggested only AS_CONFED_SEQUENCE because of the recommendations in rfc6472 and draft-ietf-idr-deprecate-as-set-confed-set.  I'm ok if you want to leave the current text -- an alternative would be to mention (in the "Explanation" below) that only AS_CONFED_SEQUENCE should be present and to add an Informative reference to draft-ietf-idr-deprecate-as-set-confed-set.


268	          1.  This condition SHOULD be enabled by default (it may be
269	              disabled by explicit configuration as described on the
270	              next list item (b.2.1))..  an empty AS_PATH.

[] The update left some orphaned text.  Also, the new text above (b.2) now mentions the empty AS_PATH so there's no need for this bullet.
And it refers to itself (b.2.1).


272	          2.  This condition MAY be disabled by explicit configuration
273	              on a BGP speaker.  A possible case would be if we know for
274	              a fact that only the right egress border routers (i.e.
275	              those that are also egress border routers for the best
276	              routes) are originating a Flow Specification NLRI.

[nit] Who are "we"?   s/if we know for a fact /if it is known


278	          3.  As an extension to this rule, a given non-empty AS_PATHs
279	              (or AS_PATHS containing only AS_CONFED_SEQUENCE and/or
280	              AS_CONFED_SET segments), MAY be validated by policy.  A
281	              possible case would be if the AS_SEQUENCE and AS_SET
282	              contained only ASes that are known to belong to our own
283	              administrative domain.

[minor] The new text is confusing mentioning first AS_CONFED_* and then AS_*.

Suggestion>

   3.  As an extension to this rule, a given non-empty AS_PATH MAY be
       validated by policy.  A possible case would be if AS_PATH contained
       only ASNs that are known to belong to a common administrative domain.


...
306	4.2.  Revision of AS_PATH Validation

308	   [RFC8955] states:

310	   BGP implementations MUST also enforce that the AS_PATH attribute of a
311	   route received via the External Border Gateway Protocol (eBGP)
312	   contains the neighboring AS in the left-most position of the AS_PATH
313	   attribute.

[minor] Indent this paragraph to show that it is a quote from rfc8955.

315	   This rule prevents the exchange of BGP Flow Specification NLRIs at
316	   Internet exchanges with BGP route servers [RFC7947].  Therefore, this
317	   document also redefines the [RFC8955] AS_PATH validation procedure
318	   referenced above as follows:

320	   BGP Flow Specification implementations MUST enforce that the AS in
321	   the left-most position of the AS_PATH attribute of a Flow
322	   Specification route received via the External Border Gateway Protocol
323	   (eBGP) matches the AS in the left-most position of the AS_PATH
324	   attribute of the best-match unicast route for the destination prefix
325	   embedded in the Flow Specification NLRI.

[minor] Indent this paragraph to show that it is the updated text.


...
370	5.  Topology Considerations

372	   [RFC8955] indicates that the originator may refer to the originator
373	   path attribute (ORIGINATOR_ID) or (if the attribute is not present)
374	   the transport address of the peer from which the BGP speaker received
375	   the update.  If the latter applies, a network should be designed so
376	   it has a congruent topology amongst ipv4 unicast routes and Flow
377	   Specification routes.  By congruent topology, it is understood that
378	   for the two equivalent routes (i.e. the Flow Specification route and
379	   its best-match unicast route) are learned from the same peer accross
380	   the AS.  That would likely not be true, for instance, if some peers
381	   only negotiated one type of address-family or if each address-family
382	   had a different set of policies.

[minor] the generic text should apply to any AF.  s/ipv4 unicast routes/unicast routes


...
389	   Explanation:

391	      Consider the validation procedure preceding this document.  The
392	      second condition (b.2) does not exist.  The two following
393	      scenarios have a non-congruent topology:

[] The original text made sense.  Suggestion>

   Consider the following scenarios of a non-congruent topology without the
   second condition (b.2) being added to the validation procedure:


...
430	7.  Security Considerations

432	   This document updates the route feasibility validation procedures for
433	   Flow Specifications learned from iBGP peers and through route
434	   servers.  This change is in line with the procedures in [rfc8955] and
435	   thus maintain security characteristics equivalent to the existing
436	   security properties of BGP unicast routing.

[nit] s/rfc8955/RFC8955

[End -13.]