Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-11.txt
Alvaro Retana <aretana.ietf@gmail.com> Thu, 09 February 2023 13:00 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60638C14F6EC; Thu, 9 Feb 2023 05:00:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IFZe_hLzqiwg; Thu, 9 Feb 2023 05:00:05 -0800 (PST)
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78C23C14EB1E; Thu, 9 Feb 2023 05:00:05 -0800 (PST)
Received: by mail-pl1-x62f.google.com with SMTP id u9so2683334plr.9; Thu, 09 Feb 2023 05:00:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:from:to:cc:subject:date :message-id:reply-to; bh=miroFgNfAqLL3o7af6+tcuUkioGepTbJejafk1cU8no=; b=DGIORS2k2o5cc1NOjSHvGx7VBWvUzb3PsRMvJ3//Dxd4shNtwujpuK2f1OKTfqmLj+ cNReY1JwqtFa4HvxUw+/7t8Pp60+EhxVEm+BXPQlksV8U+jZGdR6hj0foQCo2CClqqxw WaKD3YFIXWrY4OBqZNVk2d7W2zvo9w+7fvIX/t78adZwviEEJWnEgnwbfM4N/1DtFT0V 6+dIKTfK20919X3FlTvZoavAMdKZczXD+pXgfChc+8eMWCwk6B0KtA8GQU+rnAtBtps8 hr43rPVQz808Duh4q7Aem0XJ4b0cSUSyA16Sn1KjXye6/FtNrLxEZ77Ipft/ftMkSK0R 15HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=miroFgNfAqLL3o7af6+tcuUkioGepTbJejafk1cU8no=; b=EGGvRLT0iqRQHerYhIMry/bqIv4yILsPOoH97b8/Zcxn3IUX7f6kE1RLIuFyg6cEyp is97sqhbW6v7EXBIKn5+VfABvw2VMKM3fLg2omIMQbs4S6JDdxKj+eKll9z/OpIbvtzq cTx6ZzoqHpjNmDgn9CiepNq3DszwTQkAU3ULTFKMCzo+bqFmFitCNsJqz9d7U75+92Ze U8AZiPb9NJxAm8948/dvmV0/d96DG0k4krsPVYhILtJ8dEIANVlfXZmkZnDMlLfYD5Lq uPovICreHCUKP79iKoKM+cWzPFMXhEa0+brMp9/KA64oc1/gOQ/PoifRiB8xelOxhqnd szNA==
X-Gm-Message-State: AO0yUKW+XwvbYCHt1VwS6pwgpRMu8f7YdpX7toK1MeF+xlPoxMIrD1Ko 2MxGXhXK8PANGMQJuZ6xVvrCkFJiftWzRGUgdujG6/fZ
X-Google-Smtp-Source: AK7set+0GYg3+YvU/JkF22DTFUrzCJdwz82wqCpJC3xd4XSXHokJ0BGiAcK+CesumqADxkzknSA3CH0aqSyazGF/Gu0=
X-Received: by 2002:a17:90a:9293:b0:231:2812:e916 with SMTP id n19-20020a17090a929300b002312812e916mr802902pjo.47.1675947604873; Thu, 09 Feb 2023 05:00:04 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Thu, 9 Feb 2023 05:00:03 -0800
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <F1DFEA4B-600C-4989-AA84-F81AAF3BD19B@cisco.com>
References: <F1DFEA4B-600C-4989-AA84-F81AAF3BD19B@cisco.com>
MIME-Version: 1.0
Date: Thu, 09 Feb 2023 05:00:03 -0800
Message-ID: <CAMMESszKAZwwNFWBqitrS_rEsYhN3UuyFAvMBYob1VPPBEgTzQ@mail.gmail.com>
To: Acee Lindem <acee.ietf@gmail.com>
Cc: "draft-ietf-lsvr-bgp-spf@ietf.org" <draft-ietf-lsvr-bgp-spf@ietf.org>, "lsvr@ietf.org" <lsvr@ietf.org>, lsvr-chairs@ietf.org, Victor Kuarsingh <victor@jvknet.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/Iu-mFX3iFBypHbvjszd9-rHqd64>
Subject: Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-11.txt
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2023 13:00:09 -0000
On February 15, 2021 at 10:55:53 AM, Acee Lindem wrote: Hi! This message covers the initial set of up-front comments/questions. Thanks! Alvaro. > [**] > > > It would be ideal for the document to include a "Summary of Operation" > > section, similar to ??3/rfc4271. This would also serve as a place to > > point back at what applies and what doesn't. > > We've added a "Document Overview" in section 1.3. This should suffice in > giving the reader a preview of what is coming. 241 1.3. Document Overview 243 The document begins with sections defining the precise relationship 244 that BGP SPF has with both the base BGP protocol [RFC4271] 245 (Section 2) and the BGP Link-State (BGP-LS) extensions [RFC7752] 246 (Section 3). This is required to dispel the notion that BGP SPF is 247 an independent protocol. The BGP peering models, as well as the 248 their respective trade-offs are then discussed in Section 4. The 249 remaining sections, which make up the bulk of the document, define 250 the protocol enhancements necessary to support BGP SPF. The BGP-LS 251 extensions to support BGP SPF are defined in Section 5. The 252 replacement of the base BGP decision process with the SPF computation 253 is specified in Section 6. Finally, BGP SPF error handling is 254 defined in Section 7 [major] Before I forget, please update the rfc7752 reference to draft-ietf-idr-rfc7752bis. That document is already in front of the IESG; I expect to approve it by March. [minor] "This is required to dispel the notion that BGP SPF is an independent protocol." Not needed. [nit] The last couple of sentences are a little repetitive, and there's a period missing at the end. Suggestion> The document begins with sections defining the precise relationship that BGP SPF has with both the base BGP protocol [RFC4271] (Section 2) and the BGP Link-State (BGP-LS) extensions [RFC7752bis] (Section 3). The BGP peering models, as well as the their respective trade-offs are then discussed in Section 4. The remaining sections define the protocol enhancements necessary to support BGP SPF including BGP-LS extensions (Section 5), the replacement decision process with the SPF computation (Section 6), and error handling (Section 7). > > (1) Use of the BGP Base (rfc4271) > > > > - The well-known RIB structure from BGP (Adj-RIB-In, Loc-RIB, Adj-RIB-Out) > > didn't quite make it into BGP SPF. It looks like the LSNDB may correspond > > to the Adj-RIB-In, and there is a Local RIB. The non-existence of an > > Adj-RIB-Out implies changes. [Note that it is obviously ok to not follow > > the same structure -- what needs to be explained are the differences.] > > Since we have completely replaced the base BGP decision process, we don't use > these terms. [major] You did change the "Local RIB" for "LOC-RIB", but the definition is not the same as Loc-RIB in rfc4271. Even if the case is different, it would be better to change the terminology (maybe back to "Local RIB") to eliminate any confusion. ... > > - About the attributes... In ??5.1 you mention that attributes that "would > > influence the Decision process...are ignored". > > > > What about other attributes, the ones that don't influence the Decision > > Process? If all the information is encoded in the NLRI or carried in the > > BGP-LS Attribute, does BGP SPF need any other attribute? Maybe requiring > > that other attributes not to be included (especially the mandatory ones) is > > too much, but can it be recommended? Given that BGP (and rfc7606) require > > specific actions if the attributes are malformed, it would be bad if we > > apply treat-as-withdraw because of an error in an attribute that is not > > relevant in BGP SPF. [Note: we need to add this risk to the Security > > Considerations.] ... > We clarified the usage of the attributes in section 2. Error handling is > covered in section 7. §2: 273 Due to the changes to the decision process, there are mechanisms and 274 encodings that are no longer applicable. While not necessarily 275 required for computation, the ORIGIN, AS_PATH, MULTI_EXIT_DISC, 276 LOCAL_PREF, and NEXT_HOP path attributes are mandatory and will be 277 validated. The ATOMIC_AGGEGATE, and AGGREGATOR are not applicable 278 within the context of BGP SPF and SHOULD NOT be advertised. However, 279 if they are advertised, they will be accepted, validated, and 280 propagated consistent with the BGP protocol. [minor] s/are mandatory/are mandatory [RFC4271] To clarify that they are not mandatory in this specification. [major] What about other attributes [1]? I know that most are not mandatory but they could still be included in an UPDATE. Is it possible to generalize the statement above? Here's a suggestion: s/ The ATOMIC_AGGEGATE, and AGGREGATOR are not applicable within the context of BGP SPF and SHOULD NOT be advertised. However, if they are advertised, they will be accepted, validated, and propagated consistent with the BGP protocol. / Unless explicitly specified in the context of BGP SPF, all other attributes SHOULD NOT be advertised. However, if they are advertised, they will be accepted, validated, and propagated consistent with the BGP protocol. [1] https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtml#bgp-parameters-2 [major] Processing non-applicable attributes represents an increase in the attack surface. A rogue node can advertise a non-applicable attribute and affect the routing decisions; for example a malformed Community results in "treat-as-withdraw". This is not a new threat. The difference is that for other BGP AFI/SAFIs alll the attributes are "applicable". In the case of BGP SPF, this document explicitly says that the nodes will accept, validate, and propagate information that is not relevant. One option to reduce the attack surface is to ignore/drop non-applicable attributes, or even mandate that they must not be included. I understand that implementation-wise that is not the best option. Please include a couple of sentences in the Security Considerations to show that the threat was considered -- that it is an existing threat -- ... ... > > - Using a Confederation ID is mentioned, which seems ok. I don't see an > > advantage/reason for having Confederations in a BGP SPF network. Is there > > one? > > Confederations are no longer applicable. >From §5.2: The BGP Confederation Member (TLV 517) [RFC7752] is not appliable and SHOULD NOT be included. If TLV 517 is included, it will be ignored. [nit] s/appliable/applicable [?] s/will be ignored/MUST be ignored
- [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-11.txt Acee Lindem (acee)
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Alvaro Retana
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Alvaro Retana
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Alvaro Retana
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Alvaro Retana
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Acee Lindem
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Acee Lindem
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Alvaro Retana
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Alvaro Retana
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Acee Lindem
- Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-1… Acee Lindem