IETF Logo Mail Archive

Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06

"Smith, Donald" <Donald.Smith@CenturyLink.com> Fri, 11 May 2018 14:50 UTC

Return-Path: <Donald.Smith@CenturyLink.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3604127419; Fri, 11 May 2018 07:50:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fOPf0mVOzVh3; Fri, 11 May 2018 07:50:27 -0700 (PDT)
Received: from lxomp52w.centurylink.com (lxomp52w.centurylink.com [155.70.50.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC0C9124235; Fri, 11 May 2018 07:50:27 -0700 (PDT)
Received: from lxomp90v.corp.intranet (lxomp90v.corp.intranet [151.117.203.59]) by lxomp52w.centurylink.com (8.14.8/8.14.8) with ESMTP id w4BEoNqc035168 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 11 May 2018 09:50:24 -0500
Received: from lxomp90v.corp.intranet (localhost [127.0.0.1]) by lxomp90v.corp.intranet (8.14.8/8.14.8) with ESMTP id w4BEoIpa016041; Fri, 11 May 2018 09:50:18 -0500
Received: from lxdnp32k.corp.intranet (lxomp81v.corp.intranet [151.117.18.14]) by lxomp90v.corp.intranet (8.14.8/8.14.8) with ESMTP id w4BEoIEG016027 (version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=NO); Fri, 11 May 2018 09:50:18 -0500
Received: from lxdnp32k.corp.intranet (localhost [127.0.0.1]) by lxdnp32k.corp.intranet (8.14.8/8.14.8) with ESMTP id w4BEoIBG037844; Fri, 11 May 2018 08:50:18 -0600
Received: from vddcwhubex502.ctl.intranet (vddcwhubex502.ctl.intranet [151.119.128.29]) by lxdnp32k.corp.intranet (8.14.8/8.14.8) with ESMTP id w4BEoHgP037828 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 11 May 2018 08:50:18 -0600
Received: from PDDCWMBXEX503.ctl.intranet ([fe80::9033:ef22:df02:32a9]) by vddcwhubex502.ctl.intranet ([151.119.128.29]) with mapi id 14.03.0339.000; Fri, 11 May 2018 08:50:17 -0600
From: "Smith, Donald" <Donald.Smith@CenturyLink.com>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, John Scudder <jgs@juniper.net>, "idr@ietf. org" <idr@ietf.org>
CC: "draft-ietf-idr-bgp-flowspec-oid@ietf.org" <draft-ietf-idr-bgp-flowspec-oid@ietf.org>, "nl7942@att.com" <nl7942@att.com>, "Schiel, John" <John.Schiel@centurylink.com>
Thread-Topic: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
Thread-Index: AQHT3ZkE/arcG/QefEmi41lu0QPjP6QpwroA//+fEJ6AARx2AIAANIT8
Date: Fri, 11 May 2018 14:50:17 +0000
Message-ID: <68EFACB32CF4464298EA2779B058889D53DB4D80@PDDCWMBXEX503.ctl.intranet>
References: <DB4DB79D-22DD-45A7-980A-B33C5E58C1C7@juniper.net>, <2997BE5D-F4C6-4AC2-9B00-126436FC5141@juniper.net> <68EFACB32CF4464298EA2779B058889D53DB49B4@PDDCWMBXEX503.ctl.intranet>, <e0e1857b46104431be4f655fe8d1e0b1@XCH-ALN-014.cisco.com>
In-Reply-To: <e0e1857b46104431be4f655fe8d1e0b1@XCH-ALN-014.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [151.119.128.7]
Content-Type: multipart/alternative; boundary="_000_68EFACB32CF4464298EA2779B058889D53DB4D80PDDCWMBXEX503ct_"
MIME-Version: 1.0
X-TM-AS-MML: disable
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/xH9XiIHwr_vye8SDl-dltRN4sMU>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 14:50:30 -0000

That would work of course MAY would be caps :) But that should cover the case I was describing.

All the other BGP security issues would still apply.

Cc'ing the two architects that have been working on this concept with me, in case they have anything to add.





Metric System < +000 > -000
Extra People's Terribly Good Meals Kept mY uNCLE    Ned   Purring For     Ages
Exa   Peta        Tera     Giga   Mega  Kilo milli Micro(u) Nano Pico    Femto Atto
Donald.Smith@centurylink.com<mailto:Donald.Smith@centurylink.com>
________________________________
From: Jakob Heitz (jheitz) [jheitz@cisco.com]
Sent: Thursday, May 10, 2018 11:39 PM
To: Smith, Donald; John Scudder; idr@ietf. org
Cc: draft-ietf-idr-bgp-flowspec-oid@ietf.org
Subject: RE: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06

I support the draft.

Donald, are you saying that AS1 should accept a flowspec rule from AS2 for traffic going to AS3?
If AS1 can trust the flowspec from AS2, then I don't see why not.
Maybe we can add text to the effect of:
The rules stated here are for default behavior.
Local policy may allow flow specifications from other EBGP neighbors to be accepted.

Thanks,
Jakob

From: Idr <idr-bounces@ietf.org> On Behalf Of Smith, Donald
Sent: Thursday, May 10, 2018 11:58 AM
To: John Scudder <jgs@juniper.net>; idr@ietf. org <idr@ietf.org>
Cc: draft-ietf-idr-bgp-flowspec-oid@ietf.org
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06


This supports some of the bi-lateral, ddos-peering work we want to do, so support.



https://pc.nanog.org/static/published/meetings/NANOG71/1447/20171003_Levy_Operationalizing_Isp_v2.pdf



That is almost always going to be between some set of systems not one hop away, not directly in the forwarding plane, probably not really IBGP peers.



" It thus becomes necessary to modify step (a) of the RFC 5575<https://tools.ietf.org/html/rfc5575>
   validation procedure such that an IBGP peer that is not within the
   data forwarding plane may originate flow specification NLRIs."



While you could have the IBGP peer directly in the forwarding plane, forward it like a route reflector, requiring it to seems counter intuitive as it is more likely to come from some BGP speaking tool in ISP requesting the filter.



Next lots of references to IBGP and a few to EBGP, when I think of IBGP, IBGP is internal to a single AS (yes I know there are exceptions) but that is kind of the meaning, while this is mostly between peers (whom could do IBGP between them but is that required? Can't we validate without IBGP direct connections?)




Metric System < +000 > -000
Extra People's Terribly Good Meals Kept mY uNCLE    Ned   Purring For     Ages
Exa   Peta        Tera     Giga   Mega  Kilo milli Micro(u) Nano Pico    Femto Atto
Donald.Smith@centurylink.com<mailto:Donald.Smith@centurylink.com>
________________________________
From: Idr [idr-bounces@ietf.org] on behalf of John Scudder [jgs@juniper.net]
Sent: Thursday, May 10, 2018 12:28 PM
To: idr@ietf. org
Cc: draft-ietf-idr-bgp-flowspec-oid@ietf.org<mailto:draft-ietf-idr-bgp-flowspec-oid@ietf.org>
Subject: Re: [Idr] WGLC for draft-ietf-idr-bgp-flowspec-oid-06
Hi All,

On Apr 26, 2018, at 3:58 PM, John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>> wrote:

The authors have requested a working group last call for draft-ietf-idr-bgp-flowspec-oid-06. Please respond with your comments before Friday, May 11.

A quick update on the status of this WGLC:

- All the authors have responded about IPR (thank you!).
- Three people who are not authors (Acee, Shyam, Keyur) have responded supporting publication.
- Nobody has responded with other comments or opposition.

Three respondents is not a very large number; it would be helpful if others would chime in.

The WGLC period is scheduled to end tomorrow.

Thanks,

--John
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.

v2.23.0 | Report a Bug | By Email