IETF Logo Mail Archive

Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)

Robert Raszuk <robert@raszuk.net> Fri, 11 March 2022 20:33 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17D303A089A for <idr@ietfa.amsl.com>; Fri, 11 Mar 2022 12:33:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrF-goor_aYu for <idr@ietfa.amsl.com>; Fri, 11 Mar 2022 12:33:04 -0800 (PST)
Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA18E3A06E7 for <idr@ietf.org>; Fri, 11 Mar 2022 12:33:03 -0800 (PST)
Received: by mail-vs1-xe2d.google.com with SMTP id v128so10726496vsb.8 for <idr@ietf.org>; Fri, 11 Mar 2022 12:33:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GYG697+2S/sh00ZVXMvBeUm9C3ZnAXkJs48pA3se7mU=; b=UY9DD/x45CEGfxalFJ2uIc2yfQjOhQeCqy4HUCCVDfloXZpcnje2ZIOzhA9fjq4aGL ZNYFEwJp/9LJhG+ePBEuK6naoTJ6Cx4ojrdatoBuJOuYkDH5XIxKtCftfexndwBWVkKR UDOLhaXsZLOqT/LeYr934N+wX8hoOpRgagZi+B29zr1DzCfcP6i+V2cid01R7ReyvI1j ldr1kvUDGTpU9+RoirwRzb2StejhoJjSb4V4wAbPl9EEYSubg/QSgyi9jplZq1xNH86m B0pM5wF/EzYGlstUcKlJDLkdNIQi/XXKDolRhdx+2Cnvjk9KQ2ZiBCyymdQZ1Sglf5xV cvtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GYG697+2S/sh00ZVXMvBeUm9C3ZnAXkJs48pA3se7mU=; b=2nmC2IdlsKdKFqfcPEv1VEQNpuqaP6STeJMtqL2pYXBQuEKbMYG+8POsdhm6DifSE1 sTP+00qcjBcFLy+WhD7lg2Zo43mrwnDPYBPlm6BuL8nLVVZR3zu32BekJvSeQOhvisvH h+Ky/Vpj2mDSakYVaAkH6DHe1VBCYxOdpqP9GvEirAuoiilFktCZWOVPeUZ9O8MZ1R7m FE6w75bCuaBu7Da7FqImtL9PQLr+0j1W3gQz8dxqRF1Uv8Tk0rah0c0O+3kxn6YChDzb 2QgTdLD9+EkOjLmcGQ6g83EOjJI5wt2OD/yxVHXkf5OkHUX2bn0I7OavYl17D7lF2K9O +X4w==
X-Gm-Message-State: AOAM531Ll+Yy35orMmSqrufkbjj3jNRT0LfsUl7ZRb7j+wpJepTPF2tg stgn1oVzXUMGhuuVbAhGxsu3CLhNAwGxVyyOvQiYm3e8GOkRvA==
X-Google-Smtp-Source: ABdhPJy7NExmpGoh4rqOk8nzCQ9CtIt7dEbokQpf2WxHMoeD+xzRR/n3iY0R+nnLh0OOflJBeWVwDjB2OG+/gy5Xn7c=
X-Received: by 2002:a05:6102:501:b0:320:a5fb:2bf7 with SMTP id l1-20020a056102050100b00320a5fb2bf7mr5938137vsa.27.1647030782332; Fri, 11 Mar 2022 12:33:02 -0800 (PST)
MIME-Version: 1.0
References: <00ca01d8348c$8b05d270$a1117750$@ndzh.com> <20220311181711.GA29551@pfrc.org>
In-Reply-To: <20220311181711.GA29551@pfrc.org>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 11 Mar 2022 21:33:29 +0100
Message-ID: <CAOj+MMGYnkN8Yx7riO-nd+Th3abXOW7+r9CZ4AXFDsYmXdMySQ@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Susan Hares <shares@ndzh.com>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b7296605d9f73c8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/zbth7On9W5oGjIoS2aFOowC_o0A>
Subject: Re: [Idr] Adoption call for draft-wang-idr-bgp-ifit-capabilities-04 (3/10 to 3/24)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 20:33:09 -0000

Hello Jeff & WG,

I am a big supporter of In-Situ Telemetry. Well modulo the fact - and in
fact show stopper - that to make it really useful very precise nano seconds
clock synchronization is required and that by itself is not an easy task to
accomplish in WAN or MAN networks. The only tools I see to help here are
PTP or gPTP but PTP mostly is deployable in DCs not in WANs.

As far as BGP is concerned I must ask why do we really need p2mp signalling
to spray such information to all BGP speakers ? In Situ telemetry can be
deployed end to end beyond BGP speaking network elements so it will not
help.

Moreover we are really stepping again on using BGP protocol as a network
management carrier. Such distribution would be much better served by the
pub-sub model. Such model can be realized by any message bus or by
leveraging a recent proposal from Tony -
https://datatracker.ietf.org/doc/draft-li-lsr-liveness/  Yes this currently
was done to address IGP node liveness propagation, but nothing stands
against reusing such idea for pub-sub distribution of other node
capabilities like ifit.

Bottom line - not everything that can be fitted into a BGP attribute should
be carried by BGP protocol.

Kind regards,
R.


On Fri, Mar 11, 2022 at 7:17 PM Jeffrey Haas <jhaas@pfrc.org> wrote:

> Sue and Working Group,
>
> I'm generally supportive of IFIT for BGP.
>
> For this particular document, I think it'd be helpful if the authors
> provided some more detail on the scoping of the BGP Extended Community
> attributes and their security considerations.
>
> In particular:
>
> On Thu, Mar 10, 2022 at 09:38:43AM -0500, Susan Hares wrote:
> > This begins a 2 week WG Adoption call (3/10/2022 to 3/24/2022)
> >
> > for draft-wang-idr-bgp-ifit-capabilities-04
> >
> > https://datatracker.ietf.org/doc/draft-wang-idr-bgp-ifit-capabilities/
> >
> > In your comments please consider if:
> >
> > 1) Do the additions to BGP (2 Communities and
> > TLV for next-hop-capability attribute)
> > help the distribute information regarding the  IFIT options
> > from tail (egress) nodes to head nodes (ingress)?
> >
> > Are there any cases where these BGP
> > Communities should be removed or ignored?
>
> >From the Security Considerations for draft-ietf-idr-sr-policy-ifit-03:
>
> :   IFIT data MUST be propagated in a limited domain in order to avoid
> :   malicious attacks and solutions to ensure this requirement are
> :   respectively discussed in [I-D.ietf-ippm-ioam-data] and
> :   [I-D.ietf-6man-ipv6-alt-mark].
>
> The NextHop Capability leveraged in this draft as part of prior learnings
> has specified itself as an Optional, Non-Transitive Path Attribute.  This
> means that behaviors can be enforced on a hop-by-hop basis.
>
> BGP Extended Communities are only scoped for as-transitive or not.
>
> It'd be useful for the authors to comment on what the expected behaviors
> for
> BGP speakers downstream of not the IFIT egress. Also, potentially outside
> of the IFIT domain.  What are the Security Considerations for such
> additional propagation of these Extended Communities?
>
> I'm unclear whether the intent of the Extended Communities is whether they
> should ONLY be propagated with the NextHop Capability or not.
>
> Please note that forms of this question were raised both on the mailing
> list
> in prior threads and also during IDR IETF sessions.
>
> -- Jeff
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>

v2.23.0 | Report a Bug | By Email