Modification to draft-ietf-sidr-bgpsec-protocol after IESG Approval
"Alvaro Retana (aretana)" <aretana@cisco.com> Tue, 18 April 2017 13:57 UTC
Return-Path: <aretana@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C3D612EC82; Tue, 18 Apr 2017 06:57:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.121
X-Spam-Level:
X-Spam-Status: No, score=-13.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MLd-hFo8HQPc; Tue, 18 Apr 2017 06:57:40 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09ED912EC9E; Tue, 18 Apr 2017 06:57:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=125121; q=dns/txt; s=iport; t=1492523860; x=1493733460; h=from:to:cc:subject:date:message-id:mime-version; bh=TxqjEgbpGI6k28SWo+l/otFetqWi7I6fW98QBdX9A84=; b=h12JDD6tmpHrU6Hsel+dmUVNKnXkIna4siWkBuy6hYAngEbhl8jKz7Wy i1S2Ff4VJDIOxhCsT/GnGqj/95RHwB8JO3KFkku1dfoVx4q4O4jM2w1Tj WxKXsbQr8JMbN1KVIjULqOn6DafFm0RXqeM4saJklkw8bmP+q8ZuKnqEd A=;
X-Files: Diff_ draft-ietf-sidr-bgpsec-protocol-22-download.txt - draft-ietf-sidr-bgpsec-protocol-23.txt[1].html : 75707
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C8AQCSGvZY/4cNJK1CGhkBAQEBAQEBAQEBAQcBAQEBAYJuOithgQsHg1+CBoIfhXCnRIIPMIQagVocg1gVKhgBAgEBAQEBAQFrHQuFGhwBCAo6EhIBQAEJAgQwJwQOBQkFBooFDjGoWBCBIIImK4p3AQEBAQEBAQEBAQEBAQEBAQEBAQEBDg+GUoFcASuGBYEGFjoVglougjEFhReEFQeNAYIyhDwBg32DBoEAhVaFEIIAGTyBC4NRiF2BOohrhnuEJwEfOBVwYxVEEQGEGzYDHIFjdQEEhkoBJAeBA4ENAQEB
X-IronPort-AV: E=Sophos;i="5.37,219,1488844800"; d="html'217?scan'217,208,217";a="409018703"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Apr 2017 13:57:37 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v3IDvbJG007116 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 18 Apr 2017 13:57:37 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Apr 2017 08:57:36 -0500
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1210.000; Tue, 18 Apr 2017 08:57:36 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "ietf@ietf.org" <ietf@ietf.org>
CC: "draft-ietf-sidr-bgpsec-protocol@ietf.org" <draft-ietf-sidr-bgpsec-protocol@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>
Subject: Modification to draft-ietf-sidr-bgpsec-protocol after IESG Approval
Thread-Topic: Modification to draft-ietf-sidr-bgpsec-protocol after IESG Approval
Thread-Index: AQHSuEu7elkQV/cZ6UWBAunm2r6P1g==
Date: Tue, 18 Apr 2017 13:57:36 +0000
Message-ID: <6F27B6F2-25AB-4D8D-B6E1-866E147B6CAA@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1f.0.170216
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.15.6]
Content-Type: multipart/mixed; boundary="_004_6F27B6F225AB4D8DB6E1866E147B6CAAciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/usHYiAEvdqWgpFLpsdIbRCICg-c>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 13:57:43 -0000
Hello!
This message is to inform the community of a modification to draft-ietf-sidr-bgpsec-protocol after IETF Last Call and even IESG Approval. I will go forward with the proposed changes unless I hear significant objection by April 26th, 2017.
“BGPsec Protocol Specification” (draft-ietf-sidr-bgpsec-protocol) [1] went through IETF Last Call in early December, 2016 [2]. The IESG approved publication soon after, and the document is now sitting in the RFC Editor’s queue waiting (along with 6 other dependent documents [3]) for “Extended Message support for BGP” (draft-ietf-idr-bgp-extended-messages) [4], which is a Normative reference. After discussion in the relevant WGs (sidr + sidrops and idr) [5], we want to remove that dependency.
[Tl;dr version] It was thought that BGPsec would need extended BGP messages because of the signatures included in the Updates. But with the current algorithms [6], it is expected that we would pass the current maximum BGP message size (of 4k octets) if the AS path length is close to 40 – the current average observed on the Internet is < 4, and the maximum is 15 [7]. IOW, there’s no risk of needing bigger updates any time soon.
I’m attaching the proposed diffs (-23 has not been posted yet). Please take a look.
To summarize, the changes are: (1) remove mention of/references to draft-ietf-idr-bgp-extended-messages, and (2) add the following text in Section 4.1. (General Guidance):
All BGPsec update messages MUST conform to BGP's maximum message
size. If the resulting message exceeds the maximum message size,
then the guidelines in Section 9.2 of RFC 4271 [RFC4271] MUST be
followed.
[For easier reference, I put the relevant text from 9.2 below.]
The result is then that draft-ietf-sidr-bgpsec-protocol doesn’t depend on draft-ietf-idr-bgp-extended-messages. Instead, when referring to the size of the messages, it depends on rfc4271, which is the base BGP Specification. If the size is increased later (by draft-ietf-idr-bgp-extended messages or any other document), then rfc4271 would have to be Updated and BGPsec would be able to use that facility from BGP (with no Updates to BGPsec).
In the spirit of full disclosure… Besides BGPsec not needing extended messages, I returned draft-ietf-idr-bgp-extended-messages to the idr WG for more processing as a result of my AD review. This action triggered the discussion that led to wanting to change the dependency.
Please let me know if you have any concerns.
Given that this document has already been approved by the IESG, the process going forward is:
- consult the WG (done!)
- inform the IESG of the intent (done!)
- inform the ietf@ietf.org of the changes (this thread)
- publish an updated draft
- continue the publication process
Each step may, obviously, require additional discussion and could result in changes to the current plan.
Thanks!!
Alvaro.
[1] https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-protocol/
[2] https://mailarchive.ietf.org/arch/msg/ietf-announce/tP4hZpI4IocpwiLt0i2QEKdPW1E/?qid=ef145748d9672b09b99e1202d3d43f76
[3] https://www.rfc-editor.org/cluster_info.php?cid=C306
[4] https://datatracker.ietf.org/doc/draft-ietf-idr-bgp-extended-messages/
[5] https://mailarchive.ietf.org/arch/msg/sidr/6mlQGSRn9tfBLD8nGyOToIe562s/?qid=e3fd0cb8d3a7d9410398796ba4cb77fb
[6] https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs
[7] https://www.ietf.org/proceedings/98/slides/slides-98-sidrops-decoupling-bgpsec-documents-and-extended-messages-draft-00.pdf
https://tools.ietf.org/html/rfc4271#section-9.2
9.2. Update-Send Process
…
If, due to the limits on the maximum size of an UPDATE message (see
Section 4), a single route doesn't fit into the message, the BGP
speaker MUST not advertise the route to its peers and MAY choose to
log an error locally.
- Modification to draft-ietf-sidr-bgpsec-protocol a… Alvaro Retana (aretana)