Re: [Idr] Roman Danyliw's No Objection on draft-ietf-idr-bgp-flowspec-oid-14: (with COMMENT)

"Juan Alcaide (jalcaide)" <jalcaide@cisco.com> Mon, 17 May 2021 22:37 UTC

Return-Path: <jalcaide@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9494B3A10D3; Mon, 17 May 2021 15:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.896
X-Spam-Level:
X-Spam-Status: No, score=-11.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fh+wn0h0; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=I61CEik+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNc8UGF7XLdT; Mon, 17 May 2021 15:37:48 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AAD53A10CA; Mon, 17 May 2021 15:37:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5600; q=dns/txt; s=iport; t=1621291068; x=1622500668; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=M47Ua/erEYsgn8laJTUUBpET2337F6QMKeC5ccyIVJc=; b=fh+wn0h005GD6tJCQDb43Q8dfwWUO9snbMs0VOpIfBqSvi/PfrL/jRl8 S3LlmqNpUfvrk9am66BDFX5OSrmlg5ZBFXx2mcwVR0vqpxTKCscbWqSOQ ZHMR0kjvolY4VzQD1WxhnAOgSAoT7E9aIGebG2uBotD2QRDo0x+IQz7EX 0=;
X-IPAS-Result: =?us-ascii?q?A0ADAACE76JgmIwNJK1aGQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?RIBAQEBAQEBAQEBAQFAgUQDAQEBAQELAYFSUX5aNjELhDyDSAOFOYhzA4ENi?= =?us-ascii?q?TGPKYEuFIERA1QLAQEBDQEBNQoCBAEBhE8CF4FdAiU1CA4CBAEBAQEDAgMBA?= =?us-ascii?q?QEBBQEBBQEBAQIBBgQUAQEBAQEBAQFohVANhkQBAQEEIxEMAQE3AQsEAgEID?= =?us-ascii?q?gMEAQEDAiYCAgIfERUICAIEAQ0FCIJpAYJVAy8BAwueRQKKH3qBMoEBggYBA?= =?us-ascii?q?QYEBIFIQYMWDQuCEwMGgRAqAYJ6hA6CY4N3JxyBSUSBFUOCKTY+gh9CAgECg?= =?us-ascii?q?SgBEgEjFYMANoItgVhsZwMEIhkIDgJ/BhNSFxGRV4J3AUKmLFsKgxaKAo18B?= =?us-ascii?q?IVaEYNaixOWUJU2jAaDIo9uhGwCAgICBAUCDgEBBoFVATZrWBEHcBWDJFAXA?= =?us-ascii?q?g6OHwwNCRWDOYUUhUlzAjYCBgEJAQEDCXyLAwGBEAEB?=
IronPort-PHdr: A9a23:fdR5DBGWkp7fHN7+QsCdrZ1GfjoY04WdBeZdwpEqka4Idb6srNzuP 03asPNqilKBHYDW8OlNhOeetaf8EXcB7pCMvDFnEtRMWhYJhN9Qk1kmB8iIWkb2NuKsaDY1T 4xOUVZ/9CS9Nk5YUM/1e1zVpCi06jgfUhXyPAZ4PKL7AInX2s+2zOu1vZbUZlYguQ==
IronPort-HdrOrdr: A9a23:MNPsKqjmXaE2+OzAOyvUbBkL6HBQXw913DAbv31ZSRFFG/FwyP rOoB1L73HJYWgqN03IwerwR5VpQRvnhPlICPoqTMmftW7dySqVxeBZnMXfKljbexEWmdQtrp uIH5IObeEYSGIK8foSgzPIU+rIouP3ipxA7N22pxwGIG0aCNAD0+46MHfnLqQcfnghOXNNLu vl2iMxnUvYRZ14VLXeOlA1G8z44/HbnpPvZhALQzQ97hOVsD+u4LnmVzCFwxY3SVp0sPQf2F mAtza8yrSosvm9xBOZ/XTU9Y5qlNzozcYGLNCQi/ISNi7nhm+TFcZcsvy5zXUISdOUmREXee r30lEd1gNImirsl1SO0F/QMs/boW4TAjHZuASlaDDY0L3ErXoBerp8bMRiA0HkA45KhqAh7E qNtFjp6qa/RCmw7xjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklXavoMRiKo7zPKt MeRv00JcwmB29yZEqp8lWHAObcFkjbOy32DXTqlvblpwS+rUoJhnfwnvZv60vo3KhNPKWsyd 60QJhVqA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,307,1613433600"; d="scan'208";a="687722024"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 May 2021 22:37:47 +0000
Received: from mail.cisco.com (xbe-rcd-004.cisco.com [173.37.102.19]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 14HMblSv021799 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 17 May 2021 22:37:47 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xbe-rcd-004.cisco.com (173.37.102.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Mon, 17 May 2021 17:37:47 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Mon, 17 May 2021 17:37:46 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 17 May 2021 18:37:45 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ANOSVfNteWTc+io1VOmYbhoxMt96qI/pCgwMK+E/z8EDEp1nCpH7aVXznCvk0BYX1kkyf5eTwciY9x1JPQc6CtSV5PVB+1K+JZh0pL7YQ7Z9jaMLH2xwVbg6g1pxHXcD9EMJFoX0ZjsFGacV6oFtCdZ0xeBWsNkzacQXkPeYFcotecOHVfGUZ56Wc1oSvinLo5AUv9UhbcU5TkfgLaVuxRnA8wm3LT3g0d3ugkhIO2YQJKmx79JMwsNay4Omy5jbCtqFqXMbgsenIlhPBCXia0wab4fiAamSmHQSJdZDHcq0URnfeB31oNkpqQoUpiFPU8Gvjuy/9U69GV3VVcbD+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M47Ua/erEYsgn8laJTUUBpET2337F6QMKeC5ccyIVJc=; b=BJsLEwK6GWWH7hNpgR7Q6RXCPu1nkWBkRvQI6UvFD3B5U617K7u+Qu74dt8uWLbDRo+IPykbOfUKwhMpHtubOr8p4Bal27oqDgxvuZCjsa9eQ+eA9WKirr4t7udtNBsbkQ0dmnU4bZreCtK+UWums3kFASdS7HuMVgjzPr42wzAuiY+vIV7q9azOnRB69JeXw0R9Jn22Qosd7C6HqbjuMeVlklpteWLMZ5GvYXxiif9ipvsY0qMaaomsWRq5uUKVc940w12xlmcJAQFiFEoie+WzSRqFkPu2J/I/xhr1Y/to3P+nJr+ywInE5RRSYM9cfzW4jkFe4CMzfeAyFnEcMg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M47Ua/erEYsgn8laJTUUBpET2337F6QMKeC5ccyIVJc=; b=I61CEik+lu6hBbA8z4CZkbnhtzRbFyZO2wKQrLVDlth/S6aWtUFZvXkevLADhnU1tX7ubEU9TsPWNW6oUsBa+ZmnJ7L2/ljRj0fhpeA8O9tLcuwy2hyyu8dlsqluYEYvZnihw5PeNPNaN/19HanRw/18Mvm7atqVRwykZDcVPt0=
Received: from BL1PR11MB5416.namprd11.prod.outlook.com (2603:10b6:208:319::22) by MN2PR11MB4302.namprd11.prod.outlook.com (2603:10b6:208:179::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Mon, 17 May 2021 22:37:44 +0000
Received: from BL1PR11MB5416.namprd11.prod.outlook.com ([fe80::95e1:5bbb:188a:1aed]) by BL1PR11MB5416.namprd11.prod.outlook.com ([fe80::95e1:5bbb:188a:1aed%7]) with mapi id 15.20.4129.031; Mon, 17 May 2021 22:37:44 +0000
From: "Juan Alcaide (jalcaide)" <jalcaide@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-idr-bgp-flowspec-oid@ietf.org" <draft-ietf-idr-bgp-flowspec-oid@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "idr@ietf.org" <idr@ietf.org>, Susan Hares <shares@ndzh.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-idr-bgp-flowspec-oid-14: (with COMMENT)
Thread-Index: AQHXS1iPKElZ/iVRmEy/4NgHXglKIKroQKAA
Date: Mon, 17 May 2021 22:37:44 +0000
Message-ID: <BL1PR11MB541646854EFE0CBBFD0F4ED3CD2D9@BL1PR11MB5416.namprd11.prod.outlook.com>
References: <162128216980.1477.17054655210832056547@ietfa.amsl.com>
In-Reply-To: <162128216980.1477.17054655210832056547@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [83.38.90.229]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: baf9d49d-552c-4963-2780-08d919846377
x-ms-traffictypediagnostic: MN2PR11MB4302:
x-microsoft-antispam-prvs: <MN2PR11MB43024D446C1B8D7EC7C36CA0CD2D9@MN2PR11MB4302.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: U95Ry6erPqhWXuEMRQnz0bitPrmh86ramjdTyVGe3hz1ia7I2FPlvJ9jnCjjywNDKF1SwE5pTGGAIdXqncpfgDqJUKSHuCwBYm6em4ZKcqDeqObxlBML0q2pRwuRgyY0ylQgxkK7qQTl83dF9mtnD9SInqHnDCBMhmsmbMlGky2EIt66XADdQCe56FDVH7znUmZ2Dvcpz+HP0mWHYRfqto2XfUYTBYf2AylgyoQt97RE0vvvG3KNV3n2eQtBLugKna3NGyol7hnEYewyYxGJ8ia8XOXkV/MFyxXSO3MsUmzdi7dm9cuAP+YPhxZehiTlj33CHqsmO75GGKIxg7kvotjOgLZ2CCpZB85wgkd2C2f1eRQ//0GB3MDXsUDjlPxR2zOfnrn43yRUGFVjz+o6L/Jo3iI1y2rMB31xH5WGmtQ4eqkrOjuzZm4Av0zgJl8+j3583Mqm5ZNt/TXAQ+QQOySsMxAsxYviNrZ//CRv9GdR/hqpKdKBscgd1TWTwvSNntF1sZmHLZQmeIODwTboOXBO+5Xc1HbRPN6csiP/pXPd204Wn1nzRKSGP2tHft9iQGlQfUBU1IqP9iXyPrbGSkaU4Cz9OYVZ+a/5k/DUfvSKdYqxhXFQeRJVP/lKHgeDY0e3olQp7/PYlYK0WHWZLX60ccGUk47uWVqNcX7N28e6b88t6nnK0XRzW8rO7Pm+rz+FZyDXVG0GD/GADBFNoA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL1PR11MB5416.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(346002)(136003)(366004)(39860400002)(376002)(966005)(66446008)(66476007)(66556008)(76116006)(122000001)(5660300002)(53546011)(7696005)(33656002)(86362001)(83380400001)(71200400001)(478600001)(52536014)(2906002)(54906003)(316002)(66946007)(9686003)(38100700002)(8936002)(186003)(4326008)(8676002)(110136005)(64756008)(26005)(6506007)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?UkZGWk9hR0ZRWC9CeXh6cERPK2FuWXNNYmVOd1BuOWZvREpSMWw3OEQyNEti?= =?utf-8?B?elg0WTRkR0p0UjlHSDBuZzdzYmZaRnlPalB1dkR3dkJzUTRKa21FejEzelZU?= =?utf-8?B?ajF1MVVXZXF1d1JDVS84aml4TjJZd3dCL1daa3NZNDhXQUVOT2xhb0JodGdk?= =?utf-8?B?UFFqaU1BeVB0cDZkT0RCd29Ib2JISmw3ODZFQ3AxOVU3cDBTblQ5MkNaOEUz?= =?utf-8?B?M0dkR01CSEtZaVRVYkJucnhBclBPV0R4ODcrNFdZYk54ajRrQ0l5azUyaS9C?= =?utf-8?B?S1VvaUZ6RFBzU21naXNoNDMvOWZRbG9JSTFPcW8xNjRtbkNzZzNlTUE5Tnha?= =?utf-8?B?NHZYTUsrRHFmNFFNVkY0RklKTkFqcHB3bmtKWWVxUm9ydm52eGgxbDJDZEtY?= =?utf-8?B?ajFHZ0c2OS9xdndDeENycmRJWjdKQ0FhemkySW5vTEJJZlNJWkFSZVljSzNL?= =?utf-8?B?aVJ2a3JmVXpSSVFCc21LNUxXN2RCQmRvUTRLOGFnSGpPKzcrRExKUHZKNENp?= =?utf-8?B?ZTIzcThvRWN2WXE5aDNKVzQvczBWVUhpOURZUzU4YkZaYWRUNTlpWjByRFA1?= =?utf-8?B?S2FaaEk0R2xuQXJsYnhYcDNzQkRSN0R3YXc2TkJaaUg4YmVKeUtrRmhuamhn?= =?utf-8?B?UkZaMEtlMC9oMFpGQUVZN2NYaUxHMi9nTFljTFFRek81d2dpeE5FQU14S1NO?= =?utf-8?B?MDNJOVJjRitmV3NaTTR4S3U3LzQzWnlTYVdsL0F2VkdzYThnZm1aeUdvUWFu?= =?utf-8?B?Nm9vYmpuUElBZTNZNEZxUE83ZnRWLzFEMWprSEFRcXY3U0RvTnVqanZoYmkv?= =?utf-8?B?MVpWMHpqY001U0RzYllxL296bnYzMzRlNnJtUEpzaUFsaVBkcW1SUnBGc2Jj?= =?utf-8?B?WjNvQXdHVkJ4K2UwUjNJK3k1emkzRXdlYVVWUTRXT0dNUmdUTkNkNm1hSW80?= =?utf-8?B?R3kxVUFrcysvcUloeUhUVytQZzBDVVBkajZDdGJlZTJFc2NTMC9NeXoxdVBW?= =?utf-8?B?cEpvRyswaHN2WXVLYkUvVlM5aTNJYWFsSzlaUkUrQUdRWUlTSTRsdkk4Z3Ez?= =?utf-8?B?THlUNENqRzNxcEdzbHVIeFlnMWNpTkZvelNkSWxtMUhPVTRMb3FPT285TmVU?= =?utf-8?B?UzYwQjBnaCtHR0FWY0Q4TDM2dC81VTkwMzhzdEJ5WHgxcEIrdHVOSmdncHpk?= =?utf-8?B?azk4K1ZNR0JDYTA4aUdtZk9rSnRvV0ZzMC9kNW83N3dObW5ReDZnc0xyL2Jw?= =?utf-8?B?NXlkMVJSMWdmZGx3K29zZWcwUVMxMng4RUZicVc1ekdReUZCWnZoLzI5akVm?= =?utf-8?B?Y1pZb2E4dlJhY09TWWdxYXJzTGpHQ3dpZ3hURmhOTUJsdXhta1NMbERrekZK?= =?utf-8?B?M09hSWMzUUQ0RTJZZGlCMUladEtHU0JDbVRWSVVqUnd1ZXFhK0ZOSEo0QWc3?= =?utf-8?B?cXlDR3Y3MHFiZ0Z2UlBDdkVWenRiMXdtOXhqOWRYSjRiMlA2T2Y2WDRlSmVW?= =?utf-8?B?eEIzdmtoY1BZeVVCNVREQmVVOFdNVUZuL2ZRYnVnK29mVzdqQTFnNlJBYUFv?= =?utf-8?B?VTJKVHYvZG1qdDJaaDdnTCtac1FPRjNYNDQ0RWhvNDYxRzdNUEUrb3JKWlVi?= =?utf-8?B?eDVDdU1lMkZkNUhXK2NwZmR2TVlTRzE4MGRYejNjNXYwRkRpVklTVzk1UGha?= =?utf-8?B?WFcyVUFGT2hzaTJZVlpEdHBxL3R4eUtNQVNkRVluL0hvUEk4dHN5a0NTQlpj?= =?utf-8?Q?x0Hm8/A2XdbpZtxFng=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL1PR11MB5416.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: baf9d49d-552c-4963-2780-08d919846377
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 May 2021 22:37:44.2566 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3C8ItTuyng4yVeOB7K8nz8EVdjpbnWS18hOYZ6N7EAMkSBe7WntemwJdQK0D5f0OUHhhMgU2XRyqWMjseUuvNA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4302
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.19, xbe-rcd-004.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/twIn7g15uqSNwfdvBizcBqusD_I>
Subject: Re: [Idr] Roman Danyliw's No Objection on draft-ietf-idr-bgp-flowspec-oid-14: (with COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2021 22:37:54 -0000

Thanks Roman for your comments. I'll add them if already not mentioned.

But in particular:

"   While the
   proposed modification cannot be used for inter-domain coordination of
   traffic filtering, it greatly simplifies distribution of intra-domain
   traffic filtering policies within an autonomous system which has a
   large number of border routers having complex BGP policies."
"
We framed it as applicability because it contrast with the previous applicability description and aim of this draft.
First, we talk about intra-domain  traffic filtering and then about inter-traffic filtering. Do you have any particular suggestion?


"
Disabling the new condition above (b.2.2) is RECOMMENDED in networks where policy prohibits Flow Specification from originating inside the local domain or where configuration dictates that only the egress border routers (i.e. those that were also egress border routers for the best routes) will originating a Flow  Specification NLRI.
"

'policy' may be a bit ambiguous term, no? What about

"
Disabling the new condition above (b.2.2) is RECOMMENDED in networks where network policy prohibits Flow Specification from originating inside the local domain or where network configuration dictates that only the right egress border routers (i.e. those that were also egress border routers for the best routes) will be originating Flow  Specification NLRIs.
"

-J





-----Original Message-----
From: Roman Danyliw via Datatracker <noreply@ietf.org> 
Sent: Monday, May 17, 2021 10:09 PM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-idr-bgp-flowspec-oid@ietf.org; idr-chairs@ietf.org; idr@ietf.org; Susan Hares <shares@ndzh.com>om>; aretana.ietf@gmail.com; shares@ndzh.com
Subject: Roman Danyliw's No Objection on draft-ietf-idr-bgp-flowspec-oid-14: (with COMMENT)

Roman Danyliw has entered the following ballot position for
draft-ietf-idr-bgp-flowspec-oid-14: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-flowspec-oid/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you Magnus Nystrom for the SECDIR review and for the subsequent updates by the authors.

** Section 2.  Editorial. s/same autonomous system than/same autonomous system as/

** Section 2.

   While the
   proposed modification cannot be used for inter-domain coordination of
   traffic filtering, it greatly simplifies distribution of intra-domain
   traffic filtering policies within an autonomous system which has a
   large number of border routers having complex BGP policies.

Should the above key detail be explicitly framed in an applicability statement?

** Section 4.1.  Editorial + normative guidance which frames the text on the intent of the designed network, not the operator “knowing something”.

OLD
Disabling the new condition above (b.2.2) could be a good practice
      if the operator knew with certainty that a Flow Specification
      would not be originated inside the local domain.

An additional
      case would be if it was known for a fact that only the right
      egress border routers (i.e. those that were also egress border
      routers for the best routes) were originating a Flow Specification
      NLRI.

NEW
Disabling the new condition above (b.2.2) is RECOMMENDED in networks where policy prohibits Flow Specification from originating inside the local domain or where configuration dictates that only the egress border routers (i.e. those that were also egress border routers for the best routes) will originating a Flow  Specification NLRI.