Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard

Jared Mauch <jared@puck.Nether.net> Wed, 26 April 2017 14:02 UTC

Return-Path: <jared@puck.nether.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01EE7129C19 for <idr@ietfa.amsl.com>; Wed, 26 Apr 2017 07:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.203
X-Spam-Level:
X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6iSuXbxQGGKb for <idr@ietfa.amsl.com>; Wed, 26 Apr 2017 07:02:05 -0700 (PDT)
Received: from puck.nether.net (puck.nether.net [204.42.254.5]) by ietfa.amsl.com (Postfix) with ESMTP id D7EB0129C31 for <idr@ietf.org>; Wed, 26 Apr 2017 07:01:45 -0700 (PDT)
Received: by puck.nether.net (Postfix, from userid 162) id 9DE77540AA7; Wed, 26 Apr 2017 10:01:45 -0400 (EDT)
Date: Wed, 26 Apr 2017 10:01:45 -0400
From: Jared Mauch <jared@puck.Nether.net>
To: Robert Raszuk <robert@raszuk.net>
Cc: Gert Doering <gert@space.net>, Jared Mauch <jared@puck.nether.net>, idr wg <idr@ietf.org>
Message-ID: <20170426140145.GA28909@puck.nether.net>
References: <CA+b+ER=hq0=JNRfF8VA76_aqeRMBCeyQm5aTbapysXGTgaGS_g@mail.gmail.com> <50353B76-1323-4828-88D6-25954DA1E344@puck.nether.net> <20170425221104.GS30063@pfrc.org> <023e01d2be72$031ac180$4001a8c0@gateway.2wire.net> <20170426095547.GP25069@Space.Net> <CA+b+ERk4FxB4KQ3N0xtjV6uaQptd=EGKdpbKcpoL2TH41fVSYg@mail.gmail.com> <20170426113954.GA18318@puck.nether.net> <CA+b+ER=Ej7G1EEOQ7uBU-z7LeBAGNSfPkE5yGmo+z52ncKhVdg@mail.gmail.com> <20170426125417.GU25069@Space.Net> <CA+b+ERm1iDv3+GNk+N_gqjDWsd+E4QjmfhmwDN4vQVQVZ1EMpw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CA+b+ERm1iDv3+GNk+N_gqjDWsd+E4QjmfhmwDN4vQVQVZ1EMpw@mail.gmail.com>
User-Agent: Mutt/1.8.0 (2017-02-23)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/yhrwp6Lb580unM2B-YKUdFAJWQ0>
Subject: Re: [Idr] IETF LC for IDR-ish document <draft-ietf-grow-bgp-reject-05.txt> (Default EBGP Route Propagation Behavior Without Policies) to Proposed Standard
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2017 14:02:10 -0000

On Wed, Apr 26, 2017 at 03:56:25PM +0200, Robert Raszuk wrote:
> >
> > > And if you are customer and have 4 prefixes in BGP table thing are fine.
> > If
> > > you by accident become transit and advertise fulm table around I think we
> > > can do better in BGP to protect from it then mandate policy.
> >
> > Evidence shows that, as of today, we can not.
> >
> 
> ​Have anyone actually tried ?​

	Yes.

	Please see the past decade of history.

> The BGP origin validation was at least one attempt.
> 
> The other one could be as simple as *"ebgp policy auto"* where based in the
> IRRDB and your peer's AS router can build a policy automagically using say
> BGPQ3.
> 
> http://snar.spb.ru/prog/bgpq3/
> 
> Otherwise while Jared, you and perhaps most folks on this list already have
> automated ways to build nice and accurate policies I suspect they are those
> which do not. And those would either put "allow all" or will now start
> looking for hints "what do I put in".

> And if the end result is what you are doing twice a day why router's can't
> do it themselves assuming IRRDB or any other src of truth is accurate ?

	You use the best available data you have as a network operator.

	- Jared

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.