IETF Logo Mail Archive

Re: [Idr] Returning draft-ietf-idr-rfc5575bis to WG, new 2 week discussion period

Robert Raszuk <robert@raszuk.net> Fri, 14 June 2019 16:01 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6BE1120430 for <idr@ietfa.amsl.com>; Fri, 14 Jun 2019 09:01:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8YWniko0HvcZ for <idr@ietfa.amsl.com>; Fri, 14 Jun 2019 09:01:35 -0700 (PDT)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5A5D120416 for <idr@ietf.org>; Fri, 14 Jun 2019 09:01:34 -0700 (PDT)
Received: by mail-qt1-x82b.google.com with SMTP id n11so3040902qtl.5 for <idr@ietf.org>; Fri, 14 Jun 2019 09:01:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=P8WsvpwogBTD8ayp/yPgTmoJ2FxTzoJdy4biJXe0T38=; b=Jfgd4QS33vuU9sjpH5lWF7fBE0QQN61DIlCqIfMLFDAvqDTujG2bedI7c5HhWN8OV+ PYCL+DXKMZk64MfAZ8bz0drH11ODFe1U8z96A7jRDzHkfUu9mcxuX0Vtd0EVv+NhBrjb WjDToVKSP74S674/HkZNWTk9KqbuInaWY9QMuzPIcD84lK44vNQKT5MjM9LLUrsZEKpb dAFeImWn2IBcWyJe93fNOQP7oe0mSM/48pC4hYyqAt68V4NIvp58MlD6hOwWykf3uDdY aZNRCR0wdcCC0D+NOl5xdtJnFPTDZzHcvbnY+TDn823AenCNrRfgzEI/GpbgRYyUPKQy WWSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P8WsvpwogBTD8ayp/yPgTmoJ2FxTzoJdy4biJXe0T38=; b=FNMDDfDWD0zhN/oQNAWcTIJDvvQpp9b5cr9rCYC/UQo5B3sOOmu8ssW+q5F40gAu14 kGbSZ6s4w3e5jxQa0JsYn1+S4nljM/vr7foHgDuXoTNbWyhS0Ha26SQMF3SwnOxpbNNM snZiZyTtBFVXir7HFNYRthGsX4QaaPMCtoYg3vwzHScm1/YlxgSC6zVErY214ZTJvfhk thktCh4U1i0KVX8ZSPW2IzdIiikhSiACLGaNP78SQvVbS7LWFLcjba/GJoq6Tz0JRMUo fkieVj8aMNjZXSDP4ILI3t5O+AyBnA7L6IJ7H8U1Y+P6xumUhsCeXmM/9Abea0/6+RZV jQNw==
X-Gm-Message-State: APjAAAU/tOJp8QzenCAwjrIWUedYiK1+EVifpZwotiedRryf0mpG4yGx v3NkA5CUC+ZGTbJkeOm3qSA7cYeeMYdC5lSVKKQFG+nMvog=
X-Google-Smtp-Source: APXvYqzy21CRreGdcVb2gomEyvA5gk0A+Xi7ho1EWvo2pzrRTbLiHZy0yglUT43zlS8JZxLu7hPebiXGX3rfTOwRVqg=
X-Received: by 2002:aed:228d:: with SMTP id p13mr22151900qtc.208.1560528093921; Fri, 14 Jun 2019 09:01:33 -0700 (PDT)
MIME-Version: 1.0
References: <A68BF050-9846-4E14-918D-297548E078A2@juniper.net> <99A607F0-84C5-4D3D-99EF-36B733DE205A@tix.at> <20190613205310.GI23231@pfrc.org> <374ACD0E-45BC-4416-AE8B-8D5C1AF6535D@tix.at> <20190614154743.GL23231@pfrc.org> <CAOj+MMH8gb=6xSG1ju5gBkgAb+EYHLhHknfv+hzh+0vQ9pQKxQ@mail.gmail.com> <20190614155451.GN23231@pfrc.org>
In-Reply-To: <20190614155451.GN23231@pfrc.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 14 Jun 2019 18:01:18 +0200
Message-ID: <CAOj+MMFD9J76TN8C1mOYh5JqY-=biBcZFTx-Q4Oos4ubZeNsiA@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Christoph Loibl <c@tix.at>, John Scudder <jgs=40juniper.net@dmarc.ietf.org>, "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b35da2058b4ac29f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/uGRoNlm34iySquQuWg5cugVOqxQ>
Subject: Re: [Idr] Returning draft-ietf-idr-rfc5575bis to WG, new 2 week discussion period
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 16:01:38 -0000

> DDoS is mentioned as only one of the applications in the draft.  (See
> Abstract, etc.)

Yes and second one is traffic filtering for L3VPNs. No more.

So both use cases rather use destination prefix (even if such prefix would
be just an RD part of the NLRI in the latter case).

But we all know that validation has been implemented by number of vendors
to be optional in flow spec - hence the former comment - for those use
cases which go beyond the two listed in base RFC5575 spec.

Thx,
R.


On Fri, Jun 14, 2019 at 5:53 PM Jeffrey Haas <jhaas@pfrc.org> wrote:

> Robert,
>
> On Fri, Jun 14, 2019 at 05:49:31PM +0200, Robert Raszuk wrote:
> > > Juniper's implementation doesn't do useful things when the dest-prefix
> is
> > absence and validation is on.
> >
> > I would classify this as deployment misconfiguration.
> >
> > If you are using flow spec for other then DDoS use cases you should
> disable
> > validation.
>
> DDoS is mentioned as only one of the applications in the draft.  (See
> Abstract, etc.)
>
> The validation procedures don't have an "opt-out".
>
> -oid does have such an opt-out.
>
> -- Jeff
>

v2.23.0 | Report a Bug | By Email