Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oid-10.txt [8/9 to 8/24/2019]
"UTTARO, JAMES" <ju1738@att.com> Mon, 26 August 2019 13:44 UTC
Return-Path: <ju1738@att.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC1C0120047 for <idr@ietfa.amsl.com>; Mon, 26 Aug 2019 06:44:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level:
X-Spam-Status: No, score=-2.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOpjp4nqCRXA for <idr@ietfa.amsl.com>; Mon, 26 Aug 2019 06:44:22 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 170E212004C for <idr@ietf.org>; Mon, 26 Aug 2019 06:44:22 -0700 (PDT)
Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.27/8.16.0.27) with SMTP id x7QDdW56047950; Mon, 26 Aug 2019 09:44:19 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049462.ppops.net-00191d01. with ESMTP id 2umf4qtfeq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 26 Aug 2019 09:44:17 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x7QDiGAH027863; Mon, 26 Aug 2019 09:44:17 -0400
Received: from zlp27126.vci.att.com (zlp27126.vci.att.com [135.66.87.47]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x7QDi8Wu027731 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 26 Aug 2019 09:44:09 -0400
Received: from zlp27126.vci.att.com (zlp27126.vci.att.com [127.0.0.1]) by zlp27126.vci.att.com (Service) with ESMTP id 906E64030708; Mon, 26 Aug 2019 13:44:08 +0000 (GMT)
Received: from MISOUT7MSGHUBAA.ITServices.sbc.com (unknown [130.9.129.145]) by zlp27126.vci.att.com (Service) with ESMTPS id 0C1634030712; Mon, 26 Aug 2019 13:44:08 +0000 (GMT)
Received: from MISOUT7MSGUSRCD.ITServices.sbc.com ([169.254.4.73]) by MISOUT7MSGHUBAA.ITServices.sbc.com ([130.9.129.145]) with mapi id 14.03.0468.000; Mon, 26 Aug 2019 09:44:07 -0400
From: "UTTARO, JAMES" <ju1738@att.com>
To: Christoph Loibl <c@tix.at>, Susan Hares <shares@ndzh.com>
CC: idr wg <idr@ietf.org>
Thread-Topic: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oid-10.txt [8/9 to 8/24/2019]
Thread-Index: AdVOwctpm51ZalEESYutdODWLBbXYQNbQJ+AAAbqW6A=
Date: Mon, 26 Aug 2019 13:44:06 +0000
Message-ID: <B17A6910EEDD1F45980687268941550F4D8A3E60@MISOUT7MSGUSRCD.ITServices.sbc.com>
References: <01a501d54ec2$78335670$689a0350$@ndzh.com> <5A54FF55-68B9-454A-B176-0B1CF241EF40@tix.at>
In-Reply-To: <5A54FF55-68B9-454A-B176-0B1CF241EF40@tix.at>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.196.141]
Content-Type: multipart/mixed; boundary="_004_B17A6910EEDD1F45980687268941550F4D8A3E60MISOUT7MSGUSRCD_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-08-26_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908260148
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/uAesQYC-htVirchOcOS9RhIP0Xo>
Subject: Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oid-10.txt [8/9 to 8/24/2019]
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2019 13:44:29 -0000
Christoph, The change to rfc5575 may be noted, are you suggesting a change to the method of modification of the validation rules in draft-ietf-bgp-flowpec-oid.txt ? Are you suggesting that the following addition to the validation procedure changes the behavior of the OID draft? Thanks, Jim Uttaro P.S. I have attached the original rationale being the dissemination of FS updates from a centralized controller. View in slide mode for the animation... A Flow Specification NLRI must be validated such that it is considered feasible if and only if all of the below is true: a) A destination prefix component is embedded in the Flow Specification. b) The originator of the Flow Specification matches the originator of the best-match unicast route for the destination prefix embedded in the Flow Specification. c) There are no more specific unicast routes, when compared with the flow destination prefix, that has been received from a different neighboring AS than the best-match unicast route, which has been determined in rule b). Rule a) MAY be relaxed by configuration, permitting Flow Specifications that include no destination prefix component. If such is the case, rules b) and c) are moot and MUST be disregarded. From: Idr <idr-bounces@ietf.org> On Behalf Of Christoph Loibl Sent: Monday, August 26, 2019 8:54 AM To: Susan Hares <shares@ndzh.com> Cc: idr wg <idr@ietf.org> Subject: Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oid-10.txt [8/9 to 8/24/2019] Hi, I think that a review of section 4 of this draft should be considered. At a very late stage we made changes to section 6 (validation procedure) of I-D.ietf-idr-rfc5575bis and I think that these changes should somehow be reflected in the flowspec-oid draft. For example the flowspec-oid redefines the validation procedure from section 6 of rfc5575bis the following way (which seems to be based on a older version of rfc5575bis): a. One of the following conditions MUST hold true. * The originator of the flow specification matches the originator of the best-match unicast route for the destination prefix embedded in the flow specification. * The AS_PATH attribute of the flow specification does not contain AS_SET and/or AS_SEQUENCE segments. While rfc5575bis has been modified in the meantime (to resolve the case where there is no destination-prefix embedded, this should somehow also be reflected in the flowspec-oid): A Flow Specification NLRI must be validated such that it is considered feasible if and only if all of the below is true: a) A destination prefix component is embedded in the Flow Specification. b) The originator of the Flow Specification matches the originator of the best-match unicast route for the destination prefix embedded in the Flow Specification. c) There are no more specific unicast routes, when compared with the flow destination prefix, that has been received from a different neighboring AS than the best-match unicast route, which has been determined in rule b). Rule a) MAY be relaxed by configuration, permitting Flow Specifications that include no destination prefix component. If such is the case, rules b) and c) are moot and MUST be disregarded. Just for the record: Older versions of rfc5575bis had something very similar to the current version of flowspec-oid (ignoring the fact, that a FS NLRI may not have a destination-prefix embedded): A Flow Specification NLRI must be validated such that it is considered feasible if and only if: a) The originator of the Flow Specification matches the originator of the best-match unicast route for the destination prefix embedded in the Flow Specification. b) There are no more specific unicast routes, when compared with the flow destination prefix, that has been received from a different neighboring AS than the best-match unicast route, which has been determined in step a). Cheers Christoph -- Christoph Loibl c@tix.at<mailto:c@tix.at> | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nextlayer.at&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=9OpnxK3SZYsQrbeo0Q3UtMdhNTcb1igCFz2H_5K29u0&e=> On 09.08.2019, at 16:55, Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>> wrote: This begins a 2 week WG LC for draft-ietf-idr-bgp-flowspec-oid-10.txt [8/9 to 8/24/2019] In your comments, please consider: 1) including "support" or "no support" 2) if this addition to RFC5575bis which allows a route controller in an AS to originate Flow Specifications is useful in deployments, and 3) if there are any technical issues or editorial Issues that need to be adjusted in this specification prior to publication. If you think adjustments need to be made in the text, Indicate whether you think the adjustments are Technical or editorial in nature. Cheerily, Sue ============= A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Inter-Domain Routing WG of the IETF. Title : Revised Validation Procedure for BGP Flow Specifications Authors : James Uttaro Juan Alcaide Clarence Filsfils David Smith Pradosh Mohapatra Filename : draft-ietf-idr-bgp-flowspec-oid-10.txt Pages : 11 Date : 2019-08-09 Abstract: This document describes a modification to the validation procedure defined in [RFC5575bis] for the dissemination of BGP Flow Specifications. [RFC5575bis] requires that the originator of the Flow Specification matches the originator of the best-match unicast route for the destination prefix embedded in the Flow Specification. This allows only BGP speakers within the data forwarding path (such as autonomous system border routers) to originate BGP Flow Specifications. Though it is possible to disseminate such Flow Specifications directly from border routers, it may be operationally cumbersome in an autonomous system with a large number of border routers having complex BGP policies. The modification proposed herein enables Flow Specifications to be originated from a centralized BGP route controller. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-flowspec-oid/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Didr-2Dbgp-2Dflowspec-2Doid_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=kTmc6mhSAtqEx0qn_AGWeCoWJjlqhWsMHd08GgcJejc&e=> There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-idr-bgp-flowspec-oid-10<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Didr-2Dbgp-2Dflowspec-2Doid-2D10&d=DwQFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=7uvdBQ711KNLMCe1u3rkVW0hqlh6nNd9p7LRJAIwOEM&e=> https://datatracker.ietf.org/doc/html/draft-ietf-idr-bgp-flowspec-oid-10<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Didr-2Dbgp-2Dflowspec-2Doid-2D10&d=DwQFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=uXmtTvmFP868DzDL7fg9vQY0SyWZR3udjbqad3eIa2k&e=> A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-bgp-flowspec-oid-10<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dietf-2Didr-2Dbgp-2Dflowspec-2Doid-2D10&d=DwQFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=HfAGxq6F5PaV6PeXjDEEb0WAw7fa2uKgoD_RYXjyw3k&e=> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/<https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwQFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=cg5bhk72IbGx_dhxIXRrHXDfBQpTihxaWc1bww1_c_o&e=> _______________________________________________ Idr mailing list Idr@ietf.org<mailto:Idr@ietf.org> https://www.ietf.org/mailman/listinfo/idr<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwQFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=D_WxjFn3Lm4rnJKWX36hklz3FZ5uDkW3NwEJXbheH14&e=> _______________________________________________ Idr mailing list Idr@ietf.org<mailto:Idr@ietf.org> https://www.ietf.org/mailman/listinfo/idr<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwQFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=s7ZzB4JbPv3nYuoSx5Gy8Q&m=ylAzKv1c8UKkwohuI0aC6U5ERl-cN1sb-PVTboVAo0c&s=D_WxjFn3Lm4rnJKWX36hklz3FZ5uDkW3NwEJXbheH14&e=>
- [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oid-10… Susan Hares
- Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oi… Jeffrey Haas
- Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oi… Christoph Loibl
- Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oi… UTTARO, JAMES
- Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oi… Christoph Loibl
- Re: [Idr] WG LC on draft-ietf-idr-bgp-flowspec-oi… Susan Hares