Re: [Idr] draft-ietf-idr-as0-02
Enke Chen <enkechen@cisco.com> Thu, 12 January 2012 17:49 UTC
Return-Path: <enkechen@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE48E21F859A for <idr@ietfa.amsl.com>; Thu, 12 Jan 2012 09:49:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CD3iUZBu-sFp for <idr@ietfa.amsl.com>; Thu, 12 Jan 2012 09:49:13 -0800 (PST)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id D68D421F8594 for <idr@ietf.org>; Thu, 12 Jan 2012 09:49:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=enkechen@cisco.com; l=7040; q=dns/txt; s=iport; t=1326390553; x=1327600153; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=1pnxuU2eGiTeqcBYV/Nx9FEEVBZkAebpuUTFhiG52CM=; b=OAOItgqmHNykyRJsWT2bbtnmep2+yMhGVdwtztLg4vjmCA+dmsKFSK2y UxEoHzms1C2GPlggmj1FHakDPywlzZCPx2HIqNk+FmIERrB9CKSHZWnax MNbCcUO94UlslN2xHpHN+kWYqOdam70e9fY/naOjAp0PLYLemlTCEH/f8 o=;
X-IronPort-AV: E=Sophos;i="4.71,499,1320624000"; d="scan'208";a="25102518"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-3.cisco.com with ESMTP; 12 Jan 2012 17:49:13 +0000
Received: from sjc-vpn6-1773.cisco.com (sjc-vpn6-1773.cisco.com [10.21.126.237]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id q0CHnDW6009168; Thu, 12 Jan 2012 17:49:13 GMT
Message-ID: <4F0F1DE8.1010105@cisco.com>
Date: Thu, 12 Jan 2012 09:52:40 -0800
From: Enke Chen <enkechen@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: bruno.decraene@orange.com
References: <20111216182324.17528.28150.idtracker@ietfa.amsl.com> <9CD76392-6F52-441C-BCF5-2335D7F49B8F@kumari.net> <4EEBEAEB.8070304@cisco.com> <0156DFD0-B706-42B0-93AB-89C9E6E252FD@kumari.net> <20120105014532.GC7464@slice> <0ED867EB33AB2B45AAB470D5A64CDBF6181C654044@EUSAACMS0701.eamcs.ericsson.se> <F8B1F64B-7E4A-4320-9AC9-17F5141B80B5@kumari.net> <24590_1326357933_4F0E9DAD_24590_2274_1_53C29892C857584299CBF5D05346208A0166A9@PEXCVZYM11.corporate.adroot.infra.ftgroup>
In-Reply-To: <24590_1326357933_4F0E9DAD_24590_2274_1_53C29892C857584299CBF5D05346208A0166A9@PEXCVZYM11.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "keyupate@cisco.com" <keyupate@cisco.com>, "idr@ietf.org" <idr@ietf.org>
Subject: Re: [Idr] draft-ietf-idr-as0-02
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2012 17:49:15 -0000
Hi, Bruno:
This is really well said, and I share the same concern:
And for existing fields, IMHO, this document should be conservative with regards to its
change on existing specifications. IMHO it should only forbid the use of AS 0 when necessary
for your new use case).
So far I have not seen much justifications (nor need) for expanding
error conditions of AS 0 beyond the AS_PATH / AS4_PATH.
Thanks. -- Enke
On 1/12/12 12:45 AM, bruno.decraene@orange.com wrote:
> Hi Warren, Keyur, all,
>
>> From: Warren Kumari>Sent: Wednesday, January 11, 2012 12:53 AM
> [...]
>
>> Keyur also pointed out that AS numbers show up in all sorts of other places (as
>> an example, AS specific Extended Communities) -- as they may show up in yet
>> more places as BGP gets extended I also inserted some fairly generic text
>> saying that you SHOULD handle these as malformed and respond appropriately.
>> While not ideal, I think it is OK.
> Warren, thanks for highlighting the diff on the IDR mailing list.
>
> v02 of the draft adds: "As UPDATE with zero in any other field where an AS number is expected (for example, "4-Octet AS specific Extended Community" [RFC5668]) SHOULD be treated as malformed and handled appropriately."
>
> 1) This is in contradiction with the use of AS number 0 for "well known" / IANA assigned communities. Both regular ones as defined in RFC 1997 and extended ones as defined in draft-ietf-idr-reserved-extended-communities. So at the minimum, these 2 usages must be allowed.
>
> 2) More generally, I tend to disagree with this addition:
> - for existing fields, this document should specify where the use of AS 0 is accepted or not (and hence treated as error). (for simplicity, I guess it's enough to defined fields when it's not accepted)
> - for future fields, IMO this document should only call for asking further specifications to define what should be the behavior with AS 0.
>
> And for existing fields, IMHO, this document should be conservative with regards to its change on existing specifications. IMHO it should only forbid the use of AS 0 when necessary (for your new use case).
> As an another example, I don't think treating as an error a BGP/MPLS VPN route having an AS 0 in its Route Target or Route Distinguisher field is a good idea. This may unexpectedly withdraw VPN routes in some live networks. And I don't see a reason for this.
>
> Thanks,
> Regards,
> Bruno
>
> PS: Obviously my comment also applies to the following v02 addition "A BGP speaker SHOULD NOT generate or propagate an UPDATE with zero in any field where an AS number is expected (for example, "4-Octet AS specific Extended Community" [RFC5668])
>
>> W
>>
>>
>>> Regards,
>>> Jeff
>>> -----Original Message-----
>>> From: idr-bounces@ietf.org [mailto:idr-bounces@ietf.org] On Behalf Of Jeffrey
>> Haas
>>> Sent: Wednesday, January 04, 2012 5:46 PM
>>> To: Warren Kumari
>>> Cc: keyupate@cisco.com; idr@ietf.org
>>> Subject: Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt
>>>
>>> [Explicit cc on the draft-ietf-idr-error-handling authors for the comments
>> below.]
>>> Warren,
>>>
>>> On Sat, Dec 17, 2011 at 12:26:10PM -0500, Warren Kumari wrote:
>>>> On Dec 16, 2011, at 8:05 PM, Enke Chen wrote:
>>>>> 1) Is it really necessary to make AS 0 an error in the AGGREGATOR and
>> AS4_AGGREGATOR attributes? What is the gain?
>>>> I'll double check with co-authors on Monday -- I don't think it is strictly
>> necessary to prevent attack, rather it seemed more elegant to check AS 0 where
>> ever it occurs.
>>> While I generally agree with Enke that treating as a malformed route is
>> probably excessive, I think the recommended behavior is desirable. The mandate
>> that the error-handling draft procedures must be used makes it acceptable.
>> Without those procedures, bouncing the session is almost certainly the wrong
>> thing to do.
>>>> It was brought up on the NANOG list that some vendors support zero'ing
>>>> out the AGGREGATOR (see Junipers "no-aggregator-id" as an example --
>>>> this appears to only zero out the router ID, but I haven't checked all
>>>> implementations), so checking for AS 0 in the .*AGGREGATOR may be a
>>>> bad idea, so at the moment I'm leaning towards removing it (obviously,
>>>> this being a WG doc, with the WG's approval)
>>> Older varieties of gated had bugs with respect to the AS number that was
>> selected to be placed in the aggregator AS field. JunOS may have had similar
>> bugs at one point but the behavior that I can see in a cursory check of the
>> code should result in a system AS number being placed there.
>>> My recommendation for the as0 draft is that we leave in the current text and
>> let the attribute be treated as "malformed" by the error-handling draft.
>>> The behavior in that draft of attribute-discard is reasonable.
>>>
>>>>> 2) The error handling for AS4_PATH / AS4_AGGREGATOR is specified in
>> rfc4893bis (draft-ietf-idr-rfc4893bis-04.txt). Thus it should be referenced if
>> you specify AS 0 as an error for the AS4_PATH / AS4_AGGREGATOR.
>>>> Doh! This was mentioned a few times and I intended to do so, but it
>> completely slipped my mind when typing... Thanks for reminding me....
>>> Similarly, there should be references for these attributes added to the
>> error-handling draft.
>>> -- Jeff
>>> _______________________________________________
>>> Idr mailing list
>>> Idr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/idr
>>>
>>
>> ---
>> Don't be impressed with unintelligible stuff said condescendingly .
>> -- Radia Perlman.
>>
>> Warren Kumari
>> warren@kumari.net
>>
>>
>>
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org
>> https://www.ietf.org/mailman/listinfo/idr
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorization.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
- [Idr] I-D Action: draft-ietf-idr-as0-01.txt internet-drafts
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Warren Kumari
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Jakob Heitz
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Warren Kumari
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Jeffrey Haas
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Enke Chen
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Warren Kumari
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Jeff Tantsura
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Warren Kumari
- Re: [Idr] I-D Action: draft-ietf-idr-as0-01.txt Tony Tauber
- [Idr] draft-ietf-idr-as0-02 bruno.decraene
- Re: [Idr] draft-ietf-idr-as0-02 Enke Chen
- Re: [Idr] draft-ietf-idr-as0-02 Jeffrey Haas
- Re: [Idr] draft-ietf-idr-as0-02 Jie Dong
- Re: [Idr] draft-ietf-idr-as0-02 Russ White