IETF Logo Mail Archive

Re: [Idr] I-D Action: draft-chen-idr-asloop-aggr-00.txt

Robert Raszuk <robert@raszuk.net> Mon, 18 October 2021 19:31 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E43B3A05F0 for <idr@ietfa.amsl.com>; Mon, 18 Oct 2021 12:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20RE0Z3w14j8 for <idr@ietfa.amsl.com>; Mon, 18 Oct 2021 12:30:55 -0700 (PDT)
Received: from mail-ua1-x92f.google.com (mail-ua1-x92f.google.com [IPv6:2607:f8b0:4864:20::92f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACEDC3A0651 for <idr@ietf.org>; Mon, 18 Oct 2021 12:30:55 -0700 (PDT)
Received: by mail-ua1-x92f.google.com with SMTP id f4so2758949uad.4 for <idr@ietf.org>; Mon, 18 Oct 2021 12:30:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/qtzxlI41NGK2TQq42BozVq7UKgaTOb0Wtwng2lsFwk=; b=OHKZvzSc+UbOS3d/cyR5MvOh1eYYKIKYanifzxMjCcSLO7jS2qyxRlSwREfoH8bmsg OhTF42F85Num4kY+vDpUC4+K8HrUlegk3jU+s2Pz2cEggWvoYiODBbk5HklAyWAkgL3R 1mafm5EiiV+tDZCKLIDoknrHtrJ85uajZ9oNg9bGwlyLPerNSBIKQ9ZQro5lB056Wtgi dT+jQD57TUy6gUzOvfHnjdf1BkNrlzq4DUhhs5o+2rlUs4qoGDl5UIZCnVZs6tuK+7eR U5vwyCxeuWLOivwiizuyDCAzSZBAi6BNWtfVB0+y9QgWPNSxrvSjdWnZtfjMD8Gl00HX dZ2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/qtzxlI41NGK2TQq42BozVq7UKgaTOb0Wtwng2lsFwk=; b=tAwDZjP24wsdf0hbs7SP9c7QiAKdUxSrArKDS8yaL5zd8RKS6NfsFYifwBf9tCTrLs ilz+qxYG0ek1oLAGnOCWbw2QBTP1hgrJlQ5V7w8zJtJ0pukMaRHs/cJs7ontQn7e1NyE 3kSiqCRcUPIVBXEXVPbT3Q6IcqacSofSE/AHbBBOHi8KwoNgAcK00m7PfX7Xh4RhhPUo QP2onUxUHq65wQMpxpZO4hSb3PXxIznZgbdnuQCGWquvUz1SIYXrehKoSMh9tnKqOeby TGs/RQtmuGXXJDYLORCSGWJWBLM1aZ7bPGmS3D2d/TEV1ScZyEwqm2gj6nLQfJJ4D39F EaRg==
X-Gm-Message-State: AOAM5302ZTLK8OpnTRYBpAM3b3Mz8zOxkMC9hG4X/nC3ab8zFJUqItqi 5NZ5CfxrdL5XLhaga37zoJGPZqp3emOkRgTsaeADjw==
X-Google-Smtp-Source: ABdhPJxBJh6dvbFdzT+542BBWOtRla6Zf7e4Fh1Y7OteE/HW/oup+6O48/LviEEuh2pt4ikZv0B+cy6Ugrrh1wUoa2c=
X-Received: by 2002:a9f:2438:: with SMTP id 53mr27620364uaq.116.1634585453383; Mon, 18 Oct 2021 12:30:53 -0700 (PDT)
MIME-Version: 1.0
References: <163458093219.3621.7765724720864471412@ietfa.amsl.com> <CAOj+MMHm0t4UfPQ88S6fGW=PkRK1H50ODQc1fbbQ3oqVcN6-xw@mail.gmail.com> <CANJ8pZ-eq=MHehH=B8nJnD=zT-=21YrG748r3+TCHWuzEisEMw@mail.gmail.com>
In-Reply-To: <CANJ8pZ-eq=MHehH=B8nJnD=zT-=21YrG748r3+TCHWuzEisEMw@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 18 Oct 2021 21:31:02 +0200
Message-ID: <CAOj+MMGH0V-5QziAbJ-cj_Pk=t0JEG7MEM4pATo9f=_E-SNMFw@mail.gmail.com>
To: Enke Chen <enchen@paloaltonetworks.com>
Cc: Stefan Olofsson <stefan@graphiant.com>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004de99005cea595e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/wg3EJ1wuLZxGuRoho2nfsakwrag>
Subject: Re: [Idr] I-D Action: draft-chen-idr-asloop-aggr-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2021 19:31:01 -0000

Hey Enke,

> Wouldn't it be better to mitigate from the source (i.e., protocol) so
there would be
> one less thing for people to worry about?

Perhaps, but not at all cost.

See the draft said that creating an aggregate is like generating new prefix
so no need to put atomic ASN members and no need to act on them to prevent
loops.

Well please notice that in many DMZs there is plenty /32s and ASBRs
actually aggregate those /32s into one prefix being injected to the ISPs.
That prefix may be sent with ASN of the src AS or AS-SET containing as a
single AS source AS.

I have seen this in number of enterprise production networks. That ASN
there is really needed to prevent loops or not to break intra vs inter
domain routing today.

So such a bold statement to skip any ASN (even if single one) in AS-SET
during AS-PATH loop check is IMHO very dangerous.

Kind regards,
R.



On Mon, Oct 18, 2021 at 9:16 PM Enke Chen <enchen@paloaltonetworks.com>
wrote:

> Hi, Robert:
>
> Thank you for your comments. Please see my replies below.
>
> > Actually RFC6472 goes much further - it discourages use of aggregation
> from atomic routes.
>
> Regardless, BGP aggregation may continue to exist (Internet and/or
> enterprise) for a long time, given how long it has existed and how much
> training materials are there.
>
> > Furthermore, isn't the problem you are actually facing very easy to
> mitigate by use of different (even private) ASNs in customer's sites ?
>
> Wouldn't it be better to mitigate from the source (i.e., protocol) so
> there would be one less thing for people to worry about?
>
> > The draft is silent on the use case for such essentially significant
> and unconditional protocol change.
> > I hope we are talking about multiple sites - not a single site trying to
> learn the aggregate containing its own range.
>
> Yes, multiple sites / networks.
>
> > To me in the light of RFC6472 and all SIDR discussions around it this
> draft is trying to move in quite the opposite direction.
>
> IMO, RFC6472 ("not-to-use") is the eventual goal. This proposal is to
> provide immediate/current simplification for network operation (Internet
> and/or enterprise). I don't see any conflict.
>
> -- Enke
>
> On Mon, Oct 18, 2021 at 11:43 AM Robert Raszuk <robert@raszuk.net> wrote:
>
>> Hi Enke & Stefan,
>>
>> I have few observations on this draft:
>>
>> You say:
>>
>>    Although BCP 172 [RFC6472] makes a recommendation for not using the
>>    AS_SET path segment in BGP, the AS_SET path segment may remain in use
>>    for a long time.
>>
>> Actually RFC6472 goes much further - it discourages use of aggregation
>> from atomic routes.
>>
>> Furthermore, isn't the problem you are actually facing very easy to
>> mitigate by use of different (even private) ASNs in customer's sites ?
>>
>> The draft is silent on the use case for such essentially significant
>> and unconditional protocol change.
>>
>> I hope we are talking about multiple sites - not a single site trying to
>> learn the aggregate containing its own range.
>>
>> To me in the light of RFC6472 and all SIDR discussions around it this
>> draft is trying to move in quite the opposite direction.
>>
>> Cheers,
>> Robert
>>
>> ---------- Forwarded message ---------
>> From: <internet-drafts@ietf.org>
>> Date: Mon, Oct 18, 2021 at 8:15 PM
>> Subject: I-D Action: draft-chen-idr-asloop-aggr-00.txt
>> To: <i-d-announce@ietf.org>
>>
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>
>>
>>         Title           : Relax the AS Loop Detection for Aggregates in
>> BGP
>>         Authors         : Enke Chen
>>                           Stefan Olofsson
>>         Filename        : draft-chen-idr-asloop-aggr-00.txt
>>         Pages           : 4
>>         Date            : 2021-10-18
>>
>> Abstract:
>>    Currently an BGP aggregate may be denied or excluded by the AS loop
>>    detection mechanism when a more specific, contributing route contains
>>    the local AS number.  To help enhance network robustness and simplify
>>    network operations, in this document we propose that the AS loop
>>    detection be relaxed for aggregates with an AS_SET path segment.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-chen-idr-asloop-aggr/
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dchen-2Didr-2Dasloop-2Daggr_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=T_xcng-oorVtQ15en_EiOfUtR57jJpXGD_eXZHBAP2w&s=54ussX6B8_-A3VyRuC_Gi08lw8HapbWwsRJdn7CxSBc&e=>
>>
>> There is also an htmlized version available at:
>> https://datatracker.ietf.org/doc/html/draft-chen-idr-asloop-aggr-00
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dchen-2Didr-2Dasloop-2Daggr-2D00&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=T_xcng-oorVtQ15en_EiOfUtR57jJpXGD_eXZHBAP2w&s=e4OTI8zgXCY0hTK7rnRn_8XLi6yoGun6f7UPIpmalZo&e=>
>>
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>> <https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=T_xcng-oorVtQ15en_EiOfUtR57jJpXGD_eXZHBAP2w&s=dLm1FtWzLj6mE-5dm1rmsD044hrvUICba6Sz0fdAktQ&e=>
>>
>>
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_i-2Dd-2Dannounce&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=T_xcng-oorVtQ15en_EiOfUtR57jJpXGD_eXZHBAP2w&s=tBx-YXWDZXWatwUAAkrZQ85LbX_A3qpX1PU7yQXpGUo&e=>
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ietf.org_shadow.html&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=T_xcng-oorVtQ15en_EiOfUtR57jJpXGD_eXZHBAP2w&s=guMJ7Wovvl8Cgvb1LTnQ4PeLMIRU2vnVCGp9xweGtVc&e=>
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>> <https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_ietf_1shadow-2Dsites.txt&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=T_xcng-oorVtQ15en_EiOfUtR57jJpXGD_eXZHBAP2w&s=829zSl7wTwqYbVvDWdce7358g3MlKKqTviDgJhOQl_I&e=>
>>
>

v2.23.0 | Report a Bug | By Email