Re: [OPSEC] Reminder: Call for WG adoption of draft-sriram-opsec-urpf-improvements
Barry Greene <bgreene@senki.org> Tue, 17 April 2018 20:21 UTC
Return-Path: <bgreene@senki.org>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB5B612D9FF for <opsec@ietfa.amsl.com>; Tue, 17 Apr 2018 13:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B4NXJ1n-dWah for <opsec@ietfa.amsl.com>; Tue, 17 Apr 2018 13:21:54 -0700 (PDT)
Received: from smtp121.ord1d.emailsrvr.com (smtp121.ord1d.emailsrvr.com [184.106.54.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7D72126CD6 for <opsec@ietf.org>; Tue, 17 Apr 2018 13:21:54 -0700 (PDT)
Received: from smtp16.relay.ord1d.emailsrvr.com (localhost [127.0.0.1]) by smtp16.relay.ord1d.emailsrvr.com (SMTP Server) with ESMTP id E9F4240081; Tue, 17 Apr 2018 16:21:53 -0400 (EDT)
X-Auth-ID: bgreene@senki.org
Received: by smtp16.relay.ord1d.emailsrvr.com (Authenticated sender: bgreene-AT-senki.org) with ESMTPSA id 8DF2C4006D; Tue, 17 Apr 2018 16:21:52 -0400 (EDT)
X-Sender-Id: bgreene@senki.org
Received: from [10.101.0.129] (58-84-236-175.nzwireless.co.nz [58.84.236.175]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:465 (trex/5.7.12); Tue, 17 Apr 2018 16:21:53 -0400
From: Barry Greene <bgreene@senki.org>
Message-Id: <B153D7AF-3F8D-4BFE-9A8C-1361AB8A2731@senki.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_9D92C3CD-BFBF-4B5D-9B27-7ADE3B0973BC"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 18 Apr 2018 08:21:48 +1200
In-Reply-To: <209728A1-B747-4B59-AB0F-F21669B67E6C@juniper.net>
Cc: Ron Bonica <rbonica@juniper.net>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "opsec@ietf.org" <opsec@ietf.org>, "draft-sriram-opsec-urpf-improvements@ietf.org" <draft-sriram-opsec-urpf-improvements@ietf.org>
To: Jeff Haas <jhaas@juniper.net>
References: <62EC3E74-6837-4E22-B9C8-FD738316DED6@cisco.com> <SN6PR05MB4240AA845A5245E08E49CACAAEB70@SN6PR05MB4240.namprd05.prod.outlook.com> <A976E7E7-327B-4B30-B975-D92F6B2309B9@senki.org> <209728A1-B747-4B59-AB0F-F21669B67E6C@juniper.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/kBQtKMqJOwgWsW2BCzN3w7tsQLU>
Subject: Re: [OPSEC] Reminder: Call for WG adoption of draft-sriram-opsec-urpf-improvements
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 20:21:58 -0000
> On Apr 18, 2018, at 7:50 AM, Jeff Haas <jhaas@juniper.net> wrote: > > It should be noted that my contribution isn't intended to say "Juniper can support this out the door". Rather, the intent is to start discussion of the framework that addresses the problem space in a way that's more complete. With that done, FIBs that don't have the necessary properties to do the work that eventually comes from this or related documents can eventually be deployed. > > Now is better obviously. But right now, base BCP 38 (as you note) lives off of useful hacks. :-) I’ll read through and provide feedback to the document. There are sections where are erroneous. For example, Loose mode was never ever designed for SAV. People keep putting a share peg in a round hole. Loose mode is a DOS response tool. Another example is the absence of VRF mode. That mode does work with SAV on the downstream (towards the customer) and upstream (on the peering edge). Then you have this statement "It is well known that this method has limitations when networks are multi-homed and there is asymmetric routing of packets.” That is false. BCP84 is wrong. uRPF has been deployed with multi-homed downstream customers. It work _if_ you configure it correctly (i.e. use BGP Weights). But still, the core of this has to get into code capable modes on ASICs, FPGA, & NPs. Feasible path is not something that can be done easily on other vendor implementations (been there - tried that). A working group adoption where the WG takes on the task of pulling multiple vendor microcoders to ensure what is done is _codeable_ and _deployable_ would be a reason for working group adoption. Barry
- [OPSEC] Reminder: Call for WG adoption of draft-s… Eric Vyncke (evyncke)
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Ron Bonica
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Barry Raveendran Greene
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Jeff Haas
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Barry Greene
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Amir Herzberg
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Gert Doering
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Sriram, Kotikalapudi (Fed)
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Amir Herzberg
- Re: [OPSEC] Reminder: Call for WG adoption of dra… Jeff Haas