Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
"Juan Alcaide (jalcaide)" <jalcaide@cisco.com> Fri, 30 April 2021 18:33 UTC
Return-Path: <jalcaide@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 074CD3A223E; Fri, 30 Apr 2021 11:33:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.918
X-Spam-Level:
X-Spam-Status: No, score=-11.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=kVF7Pyzx; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0XZA/e+y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QYYnYW01gbFQ; Fri, 30 Apr 2021 11:33:19 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 562723A2242; Fri, 30 Apr 2021 11:33:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15966; q=dns/txt; s=iport; t=1619807599; x=1621017199; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=alhHvw/6MJ/i2yUzK52x9r3qcHARYZzpPVJf4VR1mdk=; b=kVF7PyzxbBdBowbXBd+W5H79FSW+hFBGCvmTvCAbBPiKpSzWruNPEgK2 z6Pip46lwrShsU4ZYoGZF14aBsgR00ZjigqoR/KPKnOFoSsfPSroAQOjB W6a82qjQJRIpX/YX+Ycnv4mArDVIKTgOF5F7Q6RYZ4IL5xoEzNsmcqUvW s=;
X-IPAS-Result: A0ADAAD9TIxgmI0NJK1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIFDBQEBAQELAYFSIy5+WjYxC4Q5g0gDhFlgiG4DgQyJJ48agS6BJQNUCwEBAQ0BASgKAgQBAYRQAheBZAIlNAkOAgQBAQEDAgMBAQEBAQUBAQECAQYEFAEBAQEBAQEBaIVQDYZEAQEBAwEjBA0MAQE3AQQHBAIBBgIOAwQBAQMCJgICAh8RFQgIAgQOBQiCaQGCVQMOIQEDC4xOkG0Cih96fzOBAYIEAQEGBASBOAKDew0LghMDBoEQKgGCeIQNhlMnHIFJQoEVQ4IpNj6CHkIBAQOBRRqDFTaCK4FZEFsGPh0JBFECFEk7MhUFGAEGAQ4MDSKUB0KVA5BXOVsKgxCJdo1zgkODFBCDVKFKl0KJaIMcjiWBKQ6EZgICAgIEBQIOAQEGgVQ4gVtwFTuCaVAXAg6OHwwNCYNOhRSFSXM4AgYBCQEBAwl8iU8tgQcBgQ8BAQ
IronPort-PHdr: A9a23:1cQyShAHCD20jTej1xMUUyQVnBdPi93PFgcI9poqja5Pea2//pPke VbS/uhpkEShdYre4vNAzeHRtvOoVW8B5MOHt3YPONxJWgQegMob1wonHIaeCEL9IfKrCk5yH MlLWFJ/uX3uN09TFZXxYlTTpju56jtBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oa husqgCEvcgNiowkIaE0mXP0
IronPort-HdrOrdr: A9a23:nkGD2a//HY873dAX5A1uk+Gpcb1zdoIgy1knxilNYDRvWIixi9 2ukPMH1RX9lTYWXzUalcqdPbSbKEm8ybdc2qNUGbu5RgHptC+TLI9k5Zb/2DGIIUPD38Zn/+ Nbf6B6YeeeMXFTh8z3+RT9Nt4mzsWO/qzAv5ag815GZ2hRGsZdxi1+DRuWFVAzYQFAC4YwGp b03Ls4mxOLf3MLYsOnQkQfV+/YqNHR0L7gaxgKBxkogTP+zA+Awrj8DhSew1MiQypCqI1Sv1 Ttvi7YwuGYs/+9wgLBzGO71fRrsfbo19crPr32tuE7MTPp4zzYAbhJe7rHhzwtpfHq1VBCqq ixnz4FH+Ber0zcZXu0pxyF4Xih7B8L52X5wVGVxVvPyPaJPg4SMMZKiYJHfhax0SNJ17sQvN MprgCknqFaAh/akCP268KgbWAWqmOPvXEgneQP5kYvN7c2Vb5LoYQTuGNTHZsQdRiKkLwPLe h0AMnQoMtRaFORBkqpx1VH/drEZAVWIj62Bmw5/uCF2Tlfm350i2ECwtYEo3sG/JUhD7FZ+u XtKM1T5fJzZ/5TSZg4KPYKQMOxBGCIawnLKniuLVPuE7xCE27RqqTw/K4+6IiRCd415ap3vK 6EfEJTtGY0dU6rI9aJxod3/hfER3j4ejjx1MdE5dxctqfnTLTmdQ2PIWpe1veIkrE6OIn2Sv yzMJVZD7vINm31A7tE2AX4Rt1cMn8bXMoJussqWl6Hr87RQ7ea8dDzQbL2Hv7AADwkUmTwDj 8oRz7oPvhN6UitRzv5jXHqKjXQU3262ag1PLnR/uAVxoRIHJZLqBIphVOw4dzOLTVDt6cxbV ZvOb+PqNLjmUCGuULzq0l5MBtUCUhYpJ/6VWlRmAMMO0ToNbAZu9uefmhW1GCdJgB2St7XFA I3nSUyxYuHa7irgQwyAdOuNWyXy1EJomiRcpsakqqfodv+doggFZYgUqxpHQDNHxh48Dwa8F trWUshfAvyBznugaKqgNgoH+nZbcB7mxruC9VTs2jjuUKVotwPSnMXUyW1a9OehR8jSlNv9w ZM2p5apIDFuD60bUMjnewzMTR3GRWqKYMDKD7AWaJ5tfTAfhpqQWKDmDqA4itDClbCxgE1nW zuLSqdZPfRJEFS00ooiJrCwRdTaniXeV52ZzRct4BwfF625kpb4Kusere51XeXZx855twldB vBYTcUP2pVto2K/RaIhTePEmgnzJ0yPurbSK8uaa3Xx2nFEvz6qYgWW/BT55prL9bor6sCVv +eYRacKHfiB/ouwBH9nAdoBABk7H0lm+jvwhvr8Syx22M+G+PbJD1dNvsmCsDZ62jvXPCT1p plydozoOurK230LtqL07veYTIGKhTdpweNPqwVgIERuaI5r71oGZbHFTPOyXFcxR07aN7ui1 l2etUz3JnRfot0O8ACcSNQ+VQk0NyJMUswqwTzRuszZ0skgXPXN86AioC45oYHEwmEvk/9KF Of+ypS87PeUyyP2aUTBqgwLW5VAXJMo0hK7aeHbcndGQ+qf+ZM8B6mKXe7aqZaU7XAFrMKrB p2iuv46dO/Zm79wkTXsjR6KK4VrDriTsO2HQ6WGelHt9a9Ik+Bh6O24Mi1yDf7IAHLH3gwlM lAbwgXaM8GlzwpyIsw2SK2Qrbsok0kn0BFiAsX3mLFy8yj+iPDAUpCMQfFmZ1YUjlYL2iQga 3+gJ2l/WW45CIAxILKG0hRdMxfAtQcToD4KCF1NMgb1YTYiJYHk2BEexchD2k1lTD70adnxN 6CqYfvZ9E=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,263,1613433600"; d="scan'208";a="730160576"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Apr 2021 18:33:18 +0000
Received: from mail.cisco.com (xbe-aln-004.cisco.com [173.36.7.19]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 13UIXITv018064 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 30 Apr 2021 18:33:18 GMT
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xbe-aln-004.cisco.com (173.36.7.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 30 Apr 2021 13:33:17 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Fri, 30 Apr 2021 13:33:17 -0500
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 30 Apr 2021 14:33:16 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZV0ylWewu4P3PUCmcMN5Pb87+N6JtMeGgJPy6LMcw3Qr/vRCbofETGykQZ7uRgQjkk4SIsjAaqhit1QCbjA2iZf/IH3Jhp5FGdzBn0gObpnip3th2xeE72Ok1G+u/Zc3ud4O7Fw5rEqC3XVN2uWynEVLaYEpkzlNfWNu66BjpM+Abl7OgcPtxqh/DytkHgEONudJuBgfYA7e1AsGK/QotojsqWdZ/ytVc+Osu6updT9q+GuFoQnAu6vupDjm44GpnMeAwScpLCnPvhY6dpHXmHRlqsRMGlqNmc3zEGV39ZkZXXUfPIF/2xxpVJCrde4JaV+sh3ET4vOUyitHWFGZJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=alhHvw/6MJ/i2yUzK52x9r3qcHARYZzpPVJf4VR1mdk=; b=PnETHHEEd1nupt0xwFDgBnw80PgtyThdEmVuYIxfhD83ccK4S6AWdZlJKeDwLw6M40sguz2GlmByH/ONltGNsncuBr2d6boOzmi9m8cgCpz5I9Ebh+l25YWpbBN3NJy86nG3HPSCDPsv4j56h487wd0NR/4lhoTo6TEbe4TAT6++Tmm6oqqpRgHiRPWcbfE/Hmmb/y+LVy0EnBiZNo8WU5zwPZooZlbm+NiDtjbp+uIptbWKB6USHZCHwVsv9MMjtV67ML1C/ibcrpg6dWo8ZAzwsyMDMPNY6cgxpll9oTmrBAm8Sa761j6c6JwCCDt4mmJ1NbeSTQRZkE/zQrSOpw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=alhHvw/6MJ/i2yUzK52x9r3qcHARYZzpPVJf4VR1mdk=; b=0XZA/e+yBJpoM9lJZPMeGb5svCPWQkLZUG0+pUPrZ3ORhdFcSNr7OsQbnnIwXChNn6NUN7E+eFusq8wFc4BSwCPKsBWqet6GnWOlMIrNQmrvpYocJQNsB32icGiSgefl9frXXl53sPh8PG6Yzuo3fSPj6q/v6H2ZsH8XLTkv0Co=
Received: from DM6PR11MB3194.namprd11.prod.outlook.com (2603:10b6:5:5c::25) by DM5PR11MB1691.namprd11.prod.outlook.com (2603:10b6:3:b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.26; Fri, 30 Apr 2021 18:33:15 +0000
Received: from DM6PR11MB3194.namprd11.prod.outlook.com ([fe80::e4e0:cf18:7be1:8019]) by DM6PR11MB3194.namprd11.prod.outlook.com ([fe80::e4e0:cf18:7be1:8019%7]) with mapi id 15.20.4065.026; Fri, 30 Apr 2021 18:33:15 +0000
From: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
CC: "David Smith (djsmith)" <djsmith@cisco.com>, Susan Hares <shares@ndzh.com>, James Uttaro <ju1738@att.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, IDR List <idr@ietf.org>
Thread-Topic: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
Thread-Index: AQHW9QDI2xQHpdk2Z0uhqDf2mVgKOao9DtUAgAurHfCAELXogIAN/PdwgAAuCICAFAtZgIAAcYEAgCyKm/CAAOBHAIAIe2uQgAxLrACAD6nPQA==
Date: Fri, 30 Apr 2021 18:33:14 +0000
Message-ID: <DM6PR11MB319466B7490F9E5BBFF7C0AECD5E9@DM6PR11MB3194.namprd11.prod.outlook.com>
References: <CAMMESsxqRWK2vDPyj-0_ruYoW7pkautFc09MoFBUTKxG23=tyA@mail.gmail.com> <000701d6f57c$6c20ff60$4462fe20$@ndzh.com> <DM6PR11MB319495819681585AA858E54BCDB29@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESswvncvo68dYp95P+9gkgKgPpmgY3Yr-xC3=hdt-1YigYQ@mail.gmail.com> <SN6PR11MB320012D1B66CF35D18DCB212CD9F9@SN6PR11MB3200.namprd11.prod.outlook.com> <CAMMESszDCb70G6YbdpiAnv0mYEC52=abh89QW7cXaEdfgVzOxw@mail.gmail.com> <EBC0EE4B-063B-44A4-A74B-FCAE6EDBA511@cisco.com> <00f001d71500$db52a9d0$91f7fd70$@ndzh.com> <DM6PR11MB3194DEF968FD730D08FFFFBACD759@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESsxjUetknSv=Q+PHxzQfx8VqgtGitr3jW84bJuZD41puOQ@mail.gmail.com> <DM6PR11MB3194CAFF7F6373A8B193D1A2CD709@DM6PR11MB3194.namprd11.prod.outlook.com> <CAMMESsxhx87=zz6jTni52814wnEnhaH6VapeRG9Z7Km66jnC=A@mail.gmail.com>
In-Reply-To: <CAMMESsxhx87=zz6jTni52814wnEnhaH6VapeRG9Z7Km66jnC=A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [83.38.90.229]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ff782f53-27d1-458a-dcf8-08d90c066acf
x-ms-traffictypediagnostic: DM5PR11MB1691:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR11MB16910B0E3C1C1BBA126EAD73CD5E9@DM5PR11MB1691.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3NblLzysjBgFmDOf1FHUnqv1tvMeTBrtrLgRBPsiFDW9LarT3njnr7eYAXEEXaAey7esfik+/jhsczHz39wiloBagM7OaWt5VkGOe5VLpXOM6mFqlfSjshZRzPsuCK1tgFHRytjCh7uRdP+r3hchSQpmuF5GsGg2nAw25Zg2CzH2TbQ3M5xSCc4eEewLb3wwD/CJXldsqP8wqY7ddC3jDSDisWySs+a5JFFraMdTwVXIqQGhJD119idI+GHDOwLZmXT6vh6XEzG+OmZ2YcMwWvl6LMiIbrsVkEISmF6eAmC3rrTfyJkMs2W8VzNanv/zcndm+HQ/xYpsN8mvXbjJ1wh0jqYxQz96wKAF0Fvbt1PxDUGRfkewReNG1ur91UhCTqA+zVvu1ExKMVoJaAsIQquegXiFOX6UWreirqmkZzqvipDVM7lMuakIEZ4kstGRQ6dM17y4eguXetGFZUQcKrhHHAYLuZh4dFKNEenxtbwAZpK3kZtMgST3k8N5Bie5TAStk2Gz0hZGZ06lHBYZ55+HVzzW736ywzU0PCrMglwoSfzz7WOaU5NAVvZIkRbXIpCVs7H2QF05mgIhKX/rwGk7mO9mw5Nas+Qtbh0OEKW215e0C3SWDKsrXRkN4FgWGWtwIZZIlSWOr5dv9mrlDR5Oj1pKfXZkHJOOUPrYQjU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB3194.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(396003)(346002)(39860400002)(136003)(376002)(8676002)(186003)(52536014)(86362001)(26005)(5660300002)(66556008)(966005)(38100700002)(478600001)(66946007)(30864003)(55016002)(9686003)(4326008)(76116006)(6506007)(122000001)(8936002)(83380400001)(316002)(54906003)(53546011)(71200400001)(6916009)(66574015)(64756008)(66476007)(7696005)(2906002)(33656002)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: +OnS3YhCSYx0qlISVW0U1Im8WacmKH43zXyxdsL77Ys165LJvxkoDfRoEwhzI1MRAdDXtHAYh4MsuK3JJf6X7ZN4QmhI1cJur27+E3MNkz8QrDPM65jHv+rW+XpAgTIAuWz1Tu6VePVW7iOufXZqVTnw96H1K0tX0Qwhpb0dt8OytGRheKi8gNCc+QROZ9CrMFR5BYECUNQ/ZxEAdR2eRRHQ1f2eoM436uQvhvetv7r6SYPegDspXK/HHgUyoKhvWuh+YQ9XSleplk872EHgaOEukV1QWHsj1IokFqhS2SlbiJeymdYLuwRk9h+jRXmclEAG5IgQ4VOqiY8lD1iSJbJgA1SHN3AlEN9QAzapTKHqmf2MO61WRHWRkrUPT/1TqxTKpq2PEU5XaQvd+WXpjgZbuUb8QcDdAPEeRkGsWFFUFCHoUP6ChGo0XhlIQX9MADz9DXXzn5+XkKiDLLbKNTuMm5oqmHqc+EkES+o83+DZY8MGgnQruAbk+lmFVkva3cTrfim3nL4q3AqcPLe52zYdGb9mon2qrJVZAzBea8a1saMcnVubJ2+XDJzKY5jHAWo8WjI2ur9SLqhQ4QqSwA+mqHHJTUKXIduOHSueOB5PKCyn81HKLVFiQYF2bIMff6lVTHzF2j3yYd9JzGZsMfKe9HdG6TKag1ieT/AG/y3l4zLH0+jvrSxQeU2/lzCTbnE84JSlTlfmMzCl2PlfmshAGo2RagWmJlRBWni+c+Q7Y/YEnsqs150fYltNiuM0zHmZZRO8A0WNqPT5AC4mcTMl63hnaMQyFAN0U9rtkvn3BoIs2ra/cNJE4nwZWEqhYp5w7JLDSLStYv0vE2OnarP3Qp0ABYDM408/oespen17H/pCTzy4qu2W/wuoVo09S8ng+S51d5xf5ct2c9iIF4Osrwo//PV1C7XLiDKfQy0/yeJ16jmVO+PvAIYGyzLaV5Y4nT0+pIk8IqIBtE3SKJowvPci+5xM8SD5+APpXiRdgoby3/nBGkFu8qC88hfMCt6iHDKmk7MJGNASUPiqpq5a9AVyEWDM9YdnbvSXsKpRluLqhY/HIa2fXmHgcJAY1y7ef76dFZ2WvEvCZaHnqVA8iV5Z7tokhnqzA5xuwnROVPqdZpHpxcyAPa1o1fV4ZYM9tLbRZhYyLmn/dgyQB/FB49d3LbGcIytKwfloAjp4EcTrOWQp4MBJ8Te5ram/DzuQDb9zotAZTHC/u8r+ob/yyGKf/T9bg4c7o6BNoCgnT8MBt2BTa7C6bgo/6I16o+DBhqzsqEVxQuoTwdN4t5LGM2nK7R12WkXyavyn8ng=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB3194.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ff782f53-27d1-458a-dcf8-08d90c066acf
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2021 18:33:14.9840 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 47pbDPZAneOcj7IOucT00P454VbsSIuLf8e1e+D1FmDL70ZgghWNNmNULQfL1kGrz+erkn89XAkOgEE48QDkkQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1691
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.19, xbe-aln-004.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/scVl0ZGhJtAx6cYH8pF6Nn0mnlc>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2021 18:33:24 -0000
Thanks for your comments Alvaro. I'll add them and also a few more nits/clarifications inspirited by them.
In particular the following. Let me know if you agree or you have other suggestions
--> Match conditional statement with condition in past tense
<snip>
A possible case would be if AS_PATH contained
only ASNs that *were* known to belong to a common administrative domain.
</snip>
--> The text between ** is also added, so we are removing it from RFC8955 (our new rule is no a rule of the BGP specification)
<snip>
[RFC8955] states:
BGP implementations MUST also enforce that the AS_PATH attribute
of a route received via the External Border Gateway Protocol
(eBGP) contains the neighboring AS in the left-most position of
the AS_PATH attribute. **While this rule is optional in the BGP
specification, it becomes necessary to enforce it here for
security reasons.**
</snip>
--> 4.1: Remove use cases when redefining rules b.2.2 and b.2.3. Everything is moved to the explanation section (since there was some duplication).
--> Redefinition of the rule removes the word NLRI (between **), so it's consistent with the naming of the rest of the document.
<snip>
BGP Flow Specification implementations MUST enforce that the AS in
the left-most position of the AS_PATH attribute of a Flow
Specification route received via the External Border Gateway
Protocol (eBGP) matches the AS in the left-most position of the
AS_PATH attribute of the best-match unicast route for the
destination prefix embedded in the Flow Specification** NLRI**.
</snip>
--> I originally added AS_CONFED_SET because the [I-D.ietf-idr-deprecate-as-set-confed-set] is not an RFC yet. But I'll gladly remove AS_CONFED_SET reference for clarity if that's ok.
And just add a note in case it's not deprecated yet. Only concern is that it was (could have been) mentioned in both sections 4.1 and 5. So I thought perhaps the best place to add the note would
be at the end of the introduction. My proposal:
<snip>
Throughout this document, some references are made to
AS_CONFED_SEQUENCE AS_PATH segments. If AS_CONFED_SET ASPATH
segments are supported, same considerations MUST apply to them.
Note, however, that AS_CONFED_SET segments are expected to be
deprecated per [I-D.ietf-idr-deprecate-as-set-confed-set], and thus
support for them will soon not be required.
</snip>
-J
-----Original Message-----
From: Alvaro Retana <aretana.ietf@gmail.com>
Sent: Tuesday, April 20, 2021 9:18 PM
To: Juan Alcaide (jalcaide) <jalcaide@cisco.com>
Cc: David Smith (djsmith) <djsmith@cisco.com>; Susan Hares <shares@ndzh.com>; James Uttaro <ju1738@att.com>; idr-chairs@ietf.org; IDR List <idr@ietf.org>
Subject: RE: [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oid-12
On April 12, 2021 at 7:32:04 PM, Juan Alcaide wrote:
[+ WG + Chairs]
Juan:
Hi!
> Here it goes:
> https://tools.ietf.org/html/draft-ietf-idr-bgp-flowspec-oid-13
I looked at the update and have some remaining comments -- mostly minor and nits. I am starting the IETF Last Call -- you can address my comments as part of other potential LC comments.
Thanks!
Alvaro.
[Line numbers from idnits for -13.]
== Unused Reference: 'RFC6793' is defined on line 487, but no explicit
reference was found in the text
...
15 Abstract
17 This document describes a modification to the validation procedure
18 defined for the dissemination of BGP Flow Specifications. The
19 dissemination of BGP Flow Specifications requires that the originator
20 of the Flow Specification matches the originator of the best-match
21 unicast route for the destination prefix embedded in the Flow
22 Specification. For an iBGP received route, the originator is
23 typically a border router within the same autonomous system. The
24 objective is to allow only BGP speakers within the data forwarding
25 path to originate BGP Flow Specifications. Sometimes it is desirable
26 to originate the BGP Flow Specification any place within the
27 autonomous system itself, for example, from a centralized BGP route
28 controller. However, the validation procedure will fail in this
29 scenario. The modification proposed herein relaxes the validation
30 rule to enable Flow Specifications to be originated within the same
31 autonomous system as the BGP speaker performing the validation.
32 Additionally, this document revises AS_PATH validation rules so Flow
33 Specifications received from an eBGP peer can be validated when such
34 peer is a BGP route server.
[nit] s/Specification any place/Specification from any place
[nit] s/revises AS_PATH/revises the AS_PATH
...
93 2. Introduction
...
127 Figure 1 illustrates this principle. R1 (the upstream router) and RR
128 need to validate the Flow Specification whose embedded destination
129 prefix has a best-match unicast route (dest-route) originated by
130 ASBR2. ASBR2 could originate the Flow Specification, and it would be
131 validated when received by RR and R1. Sometimes the Flow
132 Specification needs to be originated on AS1. ASBR1 could originate
133 it, and Flow Specification would still be validated. In both cases,
134 the Flow Specification is originated by a router in the same
135 forwarding path as the dest-route. For the case where AS1 has
136 thousands of ASBRs, it becomes impractical to originate different
137 rules on each ASBR in AS1 based on which ASBR each dest- route is
138 learned from. The objective is to advertise all the Flow
139 Specifications from the same route-controller.
[nit] s/originated on AS1/originated inside AS1
[minor] s/different rules/different Flow Specification rules
[nit] s/dest- route/dest-route
...
159 3. Motivation
...
234 In addition, an operator MAY extend the requirements above for a
235 group of ASes via policy. This is described in section (b.2.3) of
236 the validation procedure.
[minor] Let's keep the Normative actions to the mechanism: s/MAY/may
...
251 4.1. Revision of Route Feasibility
...
264 2. The AS_PATH attribute of the Flow Specification is empty or
265 contains only AS_CONFED_SEQUENCE and/or AS_CONFED_SET segments
266 [RFC5065].
[] I had suggested only AS_CONFED_SEQUENCE because of the recommendations in rfc6472 and draft-ietf-idr-deprecate-as-set-confed-set. I'm ok if you want to leave the current text -- an alternative would be to mention (in the "Explanation" below) that only AS_CONFED_SEQUENCE should be present and to add an Informative reference to draft-ietf-idr-deprecate-as-set-confed-set.
268 1. This condition SHOULD be enabled by default (it may be
269 disabled by explicit configuration as described on the
270 next list item (b.2.1)).. an empty AS_PATH.
[] The update left some orphaned text. Also, the new text above (b.2) now mentions the empty AS_PATH so there's no need for this bullet.
And it refers to itself (b.2.1).
272 2. This condition MAY be disabled by explicit configuration
273 on a BGP speaker. A possible case would be if we know for
274 a fact that only the right egress border routers (i.e.
275 those that are also egress border routers for the best
276 routes) are originating a Flow Specification NLRI.
[nit] Who are "we"? s/if we know for a fact /if it is known
278 3. As an extension to this rule, a given non-empty AS_PATHs
279 (or AS_PATHS containing only AS_CONFED_SEQUENCE and/or
280 AS_CONFED_SET segments), MAY be validated by policy. A
281 possible case would be if the AS_SEQUENCE and AS_SET
282 contained only ASes that are known to belong to our own
283 administrative domain.
[minor] The new text is confusing mentioning first AS_CONFED_* and then AS_*.
Suggestion>
3. As an extension to this rule, a given non-empty AS_PATH MAY be
validated by policy. A possible case would be if AS_PATH contained
only ASNs that are known to belong to a common administrative domain.
...
306 4.2. Revision of AS_PATH Validation
308 [RFC8955] states:
310 BGP implementations MUST also enforce that the AS_PATH attribute of a
311 route received via the External Border Gateway Protocol (eBGP)
312 contains the neighboring AS in the left-most position of the AS_PATH
313 attribute.
[minor] Indent this paragraph to show that it is a quote from rfc8955.
315 This rule prevents the exchange of BGP Flow Specification NLRIs at
316 Internet exchanges with BGP route servers [RFC7947]. Therefore, this
317 document also redefines the [RFC8955] AS_PATH validation procedure
318 referenced above as follows:
320 BGP Flow Specification implementations MUST enforce that the AS in
321 the left-most position of the AS_PATH attribute of a Flow
322 Specification route received via the External Border Gateway Protocol
323 (eBGP) matches the AS in the left-most position of the AS_PATH
324 attribute of the best-match unicast route for the destination prefix
325 embedded in the Flow Specification NLRI.
[minor] Indent this paragraph to show that it is the updated text.
...
370 5. Topology Considerations
372 [RFC8955] indicates that the originator may refer to the originator
373 path attribute (ORIGINATOR_ID) or (if the attribute is not present)
374 the transport address of the peer from which the BGP speaker received
375 the update. If the latter applies, a network should be designed so
376 it has a congruent topology amongst ipv4 unicast routes and Flow
377 Specification routes. By congruent topology, it is understood that
378 for the two equivalent routes (i.e. the Flow Specification route and
379 its best-match unicast route) are learned from the same peer accross
380 the AS. That would likely not be true, for instance, if some peers
381 only negotiated one type of address-family or if each address-family
382 had a different set of policies.
[minor] the generic text should apply to any AF. s/ipv4 unicast routes/unicast routes
...
389 Explanation:
391 Consider the validation procedure preceding this document. The
392 second condition (b.2) does not exist. The two following
393 scenarios have a non-congruent topology:
[] The original text made sense. Suggestion>
Consider the following scenarios of a non-congruent topology without the
second condition (b.2) being added to the validation procedure:
...
430 7. Security Considerations
432 This document updates the route feasibility validation procedures for
433 Flow Specifications learned from iBGP peers and through route
434 servers. This change is in line with the procedures in [rfc8955] and
435 thus maintain security characteristics equivalent to the existing
436 security properties of BGP unicast routing.
[nit] s/rfc8955/RFC8955
[End -13.]
- [Idr] AD Review of draft-ietf-idr-bgp-flowspec-oi… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Susan Hares
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… David Smith (djsmith)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Susan Hares
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-flowspe… Juan Alcaide (jalcaide)