IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt

t.petch <ietfc@btconnect.com> Sat, 15 October 2016 11:52 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB6BD129651 for <idr@ietfa.amsl.com>; Sat, 15 Oct 2016 04:52:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3fs2mPe5AFbi for <idr@ietfa.amsl.com>; Sat, 15 Oct 2016 04:51:58 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0114.outbound.protection.outlook.com [104.47.1.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D8C6126FDC for <idr@ietf.org>; Sat, 15 Oct 2016 04:51:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector1-btconnect-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2YYC8itiXBu+pd/ZMy+vDpwW2WjmdL1Ej/NpAYfWpTM=; b=ju/YOdgITluwfDauM0mA/zutimSGAD1smbE6t8ewRI3Ear5q62eeYu7Mrce1w/PTUULkXzEPN2gyo6EbpTMQ0r31ltf8LUrJf4aSIK8z/G+m4LmNXwbTpFyG+hNEHw94+YFhRAl31KR0ML6UpfvzATDXTaeiL+ys+upNDdIm3lI=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
Received: from pc6 (81.159.102.255) by HE1PR0701MB3002.eurprd07.prod.outlook.com (10.168.93.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.5; Sat, 15 Oct 2016 11:51:55 +0000
Message-ID: <015001d226da$32df80c0$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, Julian Seifert <js@dacor.de>, Peter Hessler <phessler@theapt.org>
References: <20161003115723.GD20697@Vurt.local> <57F27D3F.7090404@foobar.org> <00da01d22085$4f0f2ee0$4001a8c0@gateway.2wire.net> <57F78B7D.609@foobar.org> <333030E6-0422-4A34-B07B-90D5F8E9F116@gmail.com> <57F92043.20301@foobar.org> <A9BBA442-361F-444F-9AFC-33FAAF5F6061@gmail.com> <00ff01d22214$a9832440$4001a8c0@gateway.2wire.net> <57FAD3EA.6070800@foobar.org> <020b01d223a1$f0e34a20$4001a8c0@gateway.2wire.net>, <20161011095417.GL19434@gir.theapt.org> <1476317462333.82977@dacor.de> <00fb01d2252f$700c2360$4001a8c0@gateway.2wire.net> <370dd06bff7c425db78dc82c5bce8907@XCH-ALN-014.cisco.com>
Date: Sat, 15 Oct 2016 12:49:28 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [81.159.102.255]
X-ClientProxiedBy: AM4PR0101CA0033.eurprd01.prod.exchangelabs.com (10.167.254.43) To HE1PR0701MB3002.eurprd07.prod.outlook.com (10.168.93.136)
X-MS-Office365-Filtering-Correlation-Id: bbebfc1b-e126-45f4-1979-08d3f4f1a962
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 2:f/NfcPiJU/Jaizw038DuTBKVCbBHPwox5jGDTf1p0yxUyq64k7PsosoLcgx9cnQZSo/uq+rKWISBBOxPZEcD4Gxi1JUqXV2n4Rt8ShXzrnUGGZ6Og8cXbpbw3umMbmpYT9LRsAK5rsXPbZJ+hAlANOfgmpfQ3TmFd28HcA3JcqUn5/h7KMCdJu3xgqk2aZ2vX001Z/j43dMFUnk6JRYZyw==; 3:y4gy0wgef2WOK6po6wL6SaoUF3Ubah7FnLRHgzhZWGZZsw6uk6g18zaiC6WNvH9r4Vnq2qYIPYZgSMPBXrAJTusQ0ZvIIQFbnhwE/nue+tMLlSd6/XDhVmnH1ZHummgn98nJXuthjQPxSACkck4QBw==; 25:nX7nvQgOvgJ12xU6jhUfMCZtPCQmCXLx40yyRbAl9R+hdcXPggNDtXpc8O/mqxjeWcVUgfzMe+Ffj4WsEsLHV38/UXIjNJFfeMzvSmLyYPfNON6Z4Tq/pXYr1jCn1CDIvIRoRXe/jShC5QtZYbHT7II0LvDiPNLxvhDITm4Jz+dRonkCkTG0OsI7Ln8YkgBEw8cMngakZR7w+lM2KraZTqdxroZfBUk1Imi9GZ4zmM7GVuePdAfw4ksVKJi/6E902vumWpOkaBkH4HYEebgvke9jFU6O3VSIDKwTHj6hMIrO1E1nJvZYbpitz7Cc0Yv7/7MkRFgi5ModbvP9Zh34Z+Q5BIrS9ZVVAq0Txh6ctod3ugHy10HB2Lr1c7FdiMSjU6K+tw/1zqHybRyatEDYzbSgs5oNTGU8rdSug/8OLAuczjHdlS8ZkgjS55gkU/1X
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0701MB3002;
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 31:/ha2IBiza7yOJyo0TekLpwoHVsQY1o/cUcIFyU70dkCjVxx+q8HtAbcTgbXVTUZ6/r9X/PEZLbyq9MXunYZg+cT6jToXHf/SGkFB01Vl0PSg2SPNotpVgvi8bMnX/xi9IDowZ5PBhatopuSen+NuiJJVFh2sDcqYthYzBMyowIBCWhf8h0tmZ426J60hgAc6b2FQn+uHCA62lKS90y6DD6aeoK0H5M2RRFgS6A2c7D0ZS338sfzSzDfZlQUaojBE; 4:70Ciom44nLird/R4+jEvh+6cjYyfDuzj5kjjXVLMI6EPxy/KsRpmwLJZQYbjXHBuhnNPcBzeomAoxTLMbKz+D4eRqZa9YvVSZ58z+kG7Ok5SIWA+YwpXGyTPTjtyVTcRxKMeW06yRqwP3IQLkCWatSBaifZ5K2c7X/QqODVn9VeCp2j/SfWFl+ZIlrX1uqT0s5zeM/4JveKGC8kqpHwxPs8gPuH/L0ZBn3zvqZFChbOt/UbhN3o2PGcHnrqziO5QF+GM0b6qKWPcXzt+VGgNNyXJ95Ff+/k6vr0/4a+lZ5bhVsrYQikWq2kez6ZXPBFQ72ecO2pVOR01j4OpCIRctCECNTZPWTdqd9LqJWizUK3m28zM+PvLVnRoFURG70mnjiQRPPoWHqoWGRrI5LrtAshlGw1PfkdBMO0PSIH6UuOfY1Kc9aO0yrpl/ueqmVCdPTeAgqKe48jlf0e78ESGccwh7UIS0dIv+nYutbc7peDH4jS29ac/IqGf+Cj0nXF/C5rINw+hbARnht/VKeU6QA==
X-Microsoft-Antispam-PRVS: <HE1PR0701MB3002BDA5785C37D9D327A298A0DE0@HE1PR0701MB3002.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(35073007944872)(95692535739014);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:HE1PR0701MB3002; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0701MB3002;
X-Forefront-PRVS: 00963989E5
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(51444003)(199003)(377454003)(189002)(13464003)(116806002)(101416001)(93886004)(44736004)(44716002)(62236002)(230700001)(50466002)(6116002)(3846002)(586003)(77096005)(1456003)(86362001)(2906002)(84392002)(6666003)(19580395003)(4720700003)(50226002)(9686002)(68736007)(66066001)(14496001)(47776003)(92566002)(4326007)(19580405001)(61296003)(5001770100001)(5660300001)(23756003)(106356001)(42186005)(76176999)(81166006)(81156014)(8676002)(230783001)(1556002)(81816999)(50986999)(81686999)(7736002)(97736004)(7846002)(189998001)(33646002)(305945005)(105586002)(74416001)(7726001)(7756004); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0701MB3002; H:pc6; FPR:; SPF:None; PTR:InfoNoRecords; A:0; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 23:SBFRskPC1Mqv16v4RFF1NzwTbd605tP3y79YJcPZTgxHs0TM+gsVweIG2QEU6F76U3yLNjQ+UbQJLFg4HQzb+iPWX/ODXXPdyonEgobXPQBkSj1p2ZPLBpfOLG70mSZZU1oeI1hVQcm9H0STMQt9KzqRW3RhwE3tLKghN9jmvQF2/F9uotrMOe/6EDjZnyvdd2zk3I/6iYwns5NH8BrKzJixxHVpkehiAvEuW/fGfFsr+UHKKuL+H5aunLbc66zjGwsctYnN8l7vQfGmGprfxV11laTF2dlqwqd7vCUdOQhBa++BRgRNu7HGaGdR56Ltwbi8s2fbrymds6GN5n5F5VIFfBUrr5pmn9vO/5q+1lrOpFj21b8sYkm/eLpC1VTGPSyioVZeWt0B5YZCiT03yEpTV8NbCAcGNTOukSoNEEOFVyMBc/9Ss8DF79lgJW8gelLTxqzFx9Vq8fv3a9Uj5/tzqSjhAu33MR9rjO6eWnCGpynYY7x2ufRXuWur5Sbrli7dDSOcPyrN+EzYcqSPdSgzuNMwk5o2HwLjXToyIbg7TxACeJSorAGPjPo4FewEcRhNuMwZnsULJKZK0pLrbo8ekAnUn/QqVSKPlZjjhz1esmwNnCvATKETjprqp5dnnrb3Gd91875ktZ5MJVqu4S6hxJPF2CaC0toW6F8ARu7lMtN2NovLg/vt9Dzz7rOjobuYH4YzVFROzARFyCAFhy8fIhWn3da58mstwNy3HQ39L4zQeUbqnl7CjHywUK2LfBw7UHxL42HOGiDynb7MSgfPUEq3xFce2+tsHPcAjleGA/hijZTNzoMcOkep3I3RbtK5Lu7ylcaGdwocqvgVunwC7+MkOu6EXbfZx5Y1XEbzvSCaupBwjSTUykfVFfJ/mbVIe6thDB21nLgCGuXUuds9Sbc8LWEN9iiTKpMY/vVHLa+gpBLgegE60J02jkb7skTV/y1gY9Wopab2A5NXoYMCn2o6acsBbbL1ixAF9HLxOxR6v2hecGNhKhz2VurPS0tLmwo6RUJAhaJktgmtdO7rMDpV0j6Q6APGKdwe/eWXL0wcf4Qi/52quBsrbYO/mMMoUwmwIJsQtixI20B7alrvUxBoxwn/tnkP2mQ9OOkW1OTeR4VS+axnNzMmbJHxt/SQEq3WgLIaQN59ujv+8fTonPiQP0GgRz+zaCNAn2taSCfsQXCdqjIesBy506f0kuh22nnAHRVT76D5vuq/Qki9+m61NCCO0gEQ8V1XVYN5+BC8X+DcoA8ADYi12paotHLjSXXeEYh60YFtADq2VAoPrOKgASb/rJXjWum+7nH5h/k80aNgbFGKoOEKHEOwSl7RTrdOeX4sAZLxO3VC4BvP/W/RRmdmajQ/UljuolfgiaIyIKzlphOF85QNRCyw46qkVv+yqGkO0g++I3vP+tWGvyFIY0DHfmxSmuXsBTmJPBVKFmWsK1eLL+X6AT30
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 6:7D99OpTrWjdKbrfSW3Kw+DFXvUpl82Dp4wkT6Jxux1oA23J0JYlf7brl75ZTkqjo0uVPmBEwviYW9g+DFhz4i9FDfpH2Oqu8s6+T9Bmv1+J/TODYtKLwtWKQyrN9IyGpfZ1NuWaIG3D8UcQ1pi72SZmCw7Y8PTkgbaRv/kwtPxHTnp+rpL5SCrbOib6CudsrzrDBEzsqO18L5TspjEOmNYkogOhnQJ2UlCZsL5KG/q+L1jBAOIrfCixEsWDaPNlaVm5Bx/HeiwG/79jnp46tsMrkk9h3H40QMMBNLt+uW2ELObn1dR/wMrRTu9ibrZEM; 5:wv6fT3+AuhzAQ1ABrTxMZ0FJzhc7Mr9p21BpKHjDYDPPdpjkhjas0QwZAQG++aPkUimPIDyU8Y3FniMJBMJmJl/k/YSLOvaWcbl3uMEf+9v+xFAwkYRsaq8rZN/xvO7YnEy16k1rzvd1+5/cWigua6/qe2M+ITH/k+Jb/O7AzaM=; 24:fiMjZxXYW06wKRafjUbPPRLgEG25V01/SVkS6MB+6/d1PbGb3wdhTKHNAQgu7T/qbyfeXmfK+2q78+amiucMgI+KZAqxjid+Vi5uCsThzCg=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 7:Y6k7/fWHJ86YVDgyDVdIl8Hd01Tb4doHP0aLIxSxogsUh0KWumI+vn6DmkGPAUeYvfuXPfUH/Je/vqiMQ8KKMX02/UUwkfJAsba6agMxstruAf3cIFQ18M3O4/fC34nzo8gJyqys5+qg6a7Ruc6hvNMoo0hjBAQS1TgCfw2Tkc7Wp05kL1sQZjIpFR7DM0Ak00nPkYwILekoiHNaIl2WLi7sQsTphNpHTmask65ASuWHZpJiQg6SrODhkS3kOzb4yQ+zOntYATKmbMifA5g55uM2VxczFVZ/NtJyS7ZC9MlHVj2WBR2XfRSI0XSBXMmuVUktSusx02lO3dSoCSqi53GiOW8WbiTvPpcArGdFCFk=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2016 11:51:55.0291 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3002
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/v9kkupZY0J8EZ2EOsXvwTqhlzAM>
Cc: idr <idr@ietf.org>
Subject: Re: [Idr] I-D Action: draft-ietf-idr-large-community-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2016 11:52:01 -0000

----- Original Message -----
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
Sent: Friday, October 14, 2016 12:22 AM

Tom

I understand your issue and I believe every major router vendor
does too.

What to do about it?

The router cannot check if the first word is a valid ASN
or if the ASN is the intended one. Even if the ASN is correct,
The rest of the community could still be junk.

A router vendor can provide tools to make it easier
for operators to be safe with communities, large or regular.

For example, there is a knob 'send-community' that must be
configured before a router will send communities on an ebgp
session. Therefore, an operator who is unaware of the problem
will not spray junk. Another tool is the 'peeras' keyword
that allows you to match the peer's ASN in any field of
the community. This makes it easier to write generic filters
in RPL. Excuse me if I'm tooting my own horn, but I do not
believe that this funcionality is unique to Cisco.
You can match private ASN and your own ASN too.

If anyone can suggest more tools, please do.

<tp>

Jakob

I think that Brian well expressed the issue in a post 15 minutes before
yours.

My concern starts with the protocol rather than the implementation,
seeing getting the protocol right as the first step, even if it does not
seem possible at present for a router to enforce the protocol rigidly.
I see BGP as a whole as somewhat weak on security, on authentication and
data integrity, and these things only getting fixed after a disaster or
two.  So I am content to specify a protocol which implementations may or
may not catch up with at a later date.

I agree the vendors can make it easier for an operator to get right and
that they should do so, and this in turn can influence the decision as
to whose products to use but do not want to see that as feeding back
into decisions as to what the protocol should be.

Tom Petch

Thanks,
Jakob.


> -----Original Message-----
> From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of t.petch
> Sent: Thursday, October 13, 2016 1:55 AM
> Julian
>
> I believe I understand the need that you express but the BGP protocol
> does not have the mechanics to express it!
>
> You say
> 'configure with meaning only for me and parties I interact with'
> but BGP has no such mechanism. As Jeff has already explained, an
> optional attribute either gets dropped, which is unlikely to work with
> route reflectors, or it gets passed on and this I-D chooses the option
> that it gets passed on.  So a community that only you and your fellow
> parties understand is let loose on the whole Internet where it is open
> to misinterpretation by everyone else because, e.g., they are
expecting
> an ASN and are getting something else that is private to you.
>
> And the remit of the IETF is to make the Internet as a whole work
better
> so in updating the specification of BGP, the IETF has to consider the
> trade off of something that benefits you and the parties you interact
> with versus the risk of causing some level of damage to the Internet.
>
> Obviously, I hope, I am concerned about the damage; you gain, but
> somewhere else across the globe, someone else's connectivity may fail.
>
> Of course it is possible to define a more sophisticated system that
> allows communities to go so far and no further but that is not the BGP
> we have.
>
> Tom Petch

v2.23.0 | Report a Bug | By Email