Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

Nick Hilliard <nick@foobar.org> Fri, 21 April 2017 15:45 UTC

Return-Path: <nick@foobar.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18A7A129535 for <idr@ietfa.amsl.com>; Fri, 21 Apr 2017 08:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uVAlMB4qPBhw for <idr@ietfa.amsl.com>; Fri, 21 Apr 2017 08:45:31 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71CCD129528 for <idr@ietf.org>; Fri, 21 Apr 2017 08:45:31 -0700 (PDT)
X-Envelope-To: idr@ietf.org
Received: from cupcake.local (089-101-195156.ntlworld.ie [89.101.195.156] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id v3LFjRe0070629 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Apr 2017 16:45:28 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-195156.ntlworld.ie [89.101.195.156] (may be forged) claimed to be cupcake.local
Message-ID: <58FA2913.8080206@foobar.org>
Date: Fri, 21 Apr 2017 16:45:23 +0100
From: Nick Hilliard <nick@foobar.org>
User-Agent: Postbox 5.0.12 (Macintosh/20170323)
MIME-Version: 1.0
To: Gert Doering <gert@space.net>
CC: Robert Raszuk <robert@raszuk.net>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "idr@ietf.org" <idr@ietf.org>
References: <75AC1A50-3DF8-4852-8FC6-BC302B121946@cisco.com> <CAH1iCirf=ha1mrw8EUzPp34R-DF=4J+=aFyMwVn2udi1UKNifw@mail.gmail.com> <CA+wi2hMPYcwbNhHtuWKWUXb4Lg3x81p786yLqeNEHFV1okGRvg@mail.gmail.com> <dc04fe80-f844-29b1-2676-8f2bbda0ecbe@juniper.net> <28014_1492762849_58F9C0E0_28014_6541_1_53C29892C857584299CBF5D05346208A31CC3773@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20170421090145.f5yuhimb4qg7knrf@Vurt.local> <19977_1492775899_58F9F3DB_19977_3102_1_53C29892C857584299CBF5D05346208A31CC3DAC@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20170421124011.mdxpyoijvfh7eus4@Vurt.local> <1334_1492785121_58FA17E1_1334_3109_1_53C29892C857584299CBF5D05346208A31CC4307@OPEXCLILM21.corporate.adroot.infra.ftgroup> <CA+b+ERn1vX_b20CGyNbck+_Gm0Dt=fqnxqWzdqHmHiPKNTWD_Q@mail.gmail.com> <20170421153741.GT25069@Space.Net>
In-Reply-To: <20170421153741.GT25069@Space.Net>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/vcz0X6M3wnWkfa5ScO0uTIDmgkg>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 15:45:34 -0000

Gert Doering wrote:
> On Fri, Apr 21, 2017 at 05:19:28PM +0200, Robert Raszuk wrote:
>> Are we really that bad in Internet NOCs ? Do we need configuration
>> enforcement and RFCs like this ?
> 
> Yes, and yes.
> 
> Even if I cannot discern whether this was meant as rhetoric questions - 
> the answer is still yes.  If you assume that 40.000 of those ASes have
> noone on-site who has any idea how BGP works, you are likely still too
> optimistic about the level of understanding out there.

+ yes, and yes again.

I am sick to the back teeth of handling the fallout from unintentional
routing leaks.  Incidentally, in my experience, these are NOC size
invariant - large multinational NOCs are just as likely to leak a DFZ as
tiny rural WISPs, which suggests to me that the problems are inherently
tied to non-sensible defaults.

Vendors please note: your defaults cause continual and serious
operational problems.  This is not ok.

Nick