IETF Logo Mail Archive

Re: [savnet] Fw: New Version Notification for draft-li-sidrops-bicone-sav-00.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Tue, 19 March 2024 15:19 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: savnet@ietfa.amsl.com
Delivered-To: savnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 481CEC14F6FB for <savnet@ietfa.amsl.com>; Tue, 19 Mar 2024 08:19:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.108
X-Spam-Level:
X-Spam-Status: No, score=-3.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.999, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMLFLnzIIC_3 for <savnet@ietfa.amsl.com>; Tue, 19 Mar 2024 08:19:02 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2081.outbound.protection.outlook.com [40.107.91.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26B56C14F5FD for <savnet@ietf.org>; Tue, 19 Mar 2024 08:19:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SpT9nM9Bxw5gGorNJZ/xId93ydXU0zYPZCtMpUxL4xDB0BlSFn+YyTI8CCJQIyzRLQCyIpi7kWgrrbOvecvedV7zmsLk/ro3i28mMD1Y3bYuNru4W5hwPvZx72Cycm79cyfLobumKwQbH9tIauB1c03wekVOdBEud/CeLCeS/QsCqO+4Su8aA+OFUgxYcHQJ9Dt4YbwoS60aozuHihnyMA4VVz6scPa9KTyDPSBna+tLNxr2wZvwnJhCDHxcPLfic4G2ItL5bUmHbdPuMVewnvSXZTK2NCrSt7TLrzS/5+F9n54aU1/5vKvzn1tjLHXYi4LCVyMXCrCLwJ93TOY2JQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pmRp0PGp/hiISZSSldxsRMXl4YMDEM3pq5dyKA9dip8=; b=Z9+bMP+wQL67p1Dh2Iy/ks+tSqBP/+lmCgFS7PBiXhQbRiQu2DHdS6V/j9O0fNdwp9HhV1lRGa7INvps1Ao9uiirL4Tbi7mhEnsIygVYbccwkrtgqoR+c17zkN7jwfTHnssxDZauspiTPqYAZphGpSmb4J2dNfA8jfoToyMns6tkVQnuVNSs7QOXnHP2mcHB0VCKzhc65g+WK2CQeVFnZQfEA3Nt0T7eeo5ACPzYSurlOdYaA4+1InLtZUHlGnObnfDHxSvuUbFsz+2yTvmQPzphcnIQE4xE/byDf2ukw98BUBGqmdGacL1fs0cdwQFyEOOSNIuZreaoauMxYaPK3Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pmRp0PGp/hiISZSSldxsRMXl4YMDEM3pq5dyKA9dip8=; b=kvQiH0cqlSPiGQEHqFl/jidLpwxlPbD5D5XsM71DdQ23jSbkfky7rgji4bKgfLhbOBCkBkzwFlWaZYbmsfJj9k0cb3gZLbYSTZsn7QK0AcsyRy5squvp2HozozF30xLbuoKtnSzKUSoQWtrKt331/4Rl2qxyUc8zN+UaR1vmby6+n8KVrJ84L/cl2BsEuSZvl9HuiwkltUUWEn5v33/0ea/T5iLv8WEAi+Hs18l4gPsvM5pe86lueM8vgm2yvoFnfqh6w1jhTIasEWEO16UiB5nqzKuFzSTqsFjD4Jpu15mSi81464hTprnyUCCrNDS63k8FHOrViAXPcGQ/xOIiFA==
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SJ0PR09MB10214.namprd09.prod.outlook.com (2603:10b6:a03:469::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.29; Tue, 19 Mar 2024 15:18:58 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::c99a:be4f:8505:4ac7]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::c99a:be4f:8505:4ac7%4]) with mapi id 15.20.7386.025; Tue, 19 Mar 2024 15:18:58 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Lancheng Qin <qlc19@mails.tsinghua.edu.cn>, "savnet@ietf.org" <savnet@ietf.org>
CC: Ben Maddison <benm@workonline.africa>
Thread-Topic: [savnet] Fw: New Version Notification for draft-li-sidrops-bicone-sav-00.txt
Thread-Index: AQHaRIOol9gxOXRbT0yJSGV/4/Zs7rE/itDg
Date: Tue, 19 Mar 2024 15:18:58 +0000
Message-ID: <SA1PR09MB8142EAF735256A16E4CE81D0842C2@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <170495617326.14067.5855645553840831931@ietfa.amsl.com> <139ef37d.22028.18cf856f11a.Coremail.qlc19@mails.tsinghua.edu.cn>
In-Reply-To: <139ef37d.22028.18cf856f11a.Coremail.qlc19@mails.tsinghua.edu.cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|SJ0PR09MB10214:EE_
x-ms-office365-filtering-correlation-id: ababf8be-8bc7-4200-8695-08dc4827e62a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: czEMiSOEUQtQtRhTjfr7SQBqJ5ucMhElaXRxBZO44Ix75DmfPn1URXzbW3U0d7qMLMdffqylBVtAlbhoyRXi67U7GnyA96hJKFgYoao3Jos8mu85S8tMu8Sng4FtsoBjA57Pm3ZiGp8KuwKtGE716g57DBzwsnEmbGlZqI3Z24nAz3+y3zYkOY/nfRh7VSsVT7zKSbBa9nBAf/17YQu4U0MXBKR8dLd+JMW0T+sjhEStP8Bs8nFe+qqq1aVuSbF+vyP+eDVQgC0r6hEcVrr8P3+lN+p4nQcL4M3sL7MzyfS9PEs0T/K34fDQAZIZzpZN/k3Ssg4Zaiix2M1OpzoaDJhZAeAfs0HbWiLCHXvSAthJ4dAUrGdwH9EfknjGs0SNprpeD3o8TEUgbExEPwEqia88sDQJ8Iq1lYqPRuMA/Dv1n9uiFfQ4bTNFIRprIDpHfPjxyodq/nmGJRTyyRtmi4Zes5V3qV3MPwyE7v6dGGsuNWa4NWvncyvuNG0ShN9iqaK8ChyGse6VayEBWk5BdmLC8geuo9TV1fmutgZLww23bsl6CYst2bp6RD16mwq6qMRfl6tlCWUdasrds9R4O8ObwaYsLr9k9ual9RORY0rN7ZDUmAfzI0YGpbBUlaSisiAF6OAs5mJ2hdm2RXmG14fIf+GC5tOa4CKAepE7eS3Y6Ieti797tEMx6gAwW0mKYLDGCpWNaxxyCXftWkjDeAJi+NVnlXy9qNb0iLByRak=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Yir1CgyFuZ5yTsYGmhIFxbPzzeov9JyK1odCA635hP3pL69bEGosle3tGx1GiEhL3vB6JOtEGAtYLRmtkgfXgL5ct5v1wi/LUftjhNi0wm76uS1rZ4DvYBKr5sfGln6Tb86xQt8sq1udaFyMAPG43bZK1+lcex6g5vGwJGR1yjn664Zc44Q3aj54PkaP+yh0IVYE5BdoZuXKiVrrvTzK7mJ2EIIL7hKp6fA9GXz3AL7cg9oWCUvTRLG9Hq92HRaw58NZYijMlAyXmL8zMTyFdVCP/qGlI0C3eIcSkj7xZkPNyaPLznOniB/7FPr47wDyG2HUt5SOoLSVSBF3Y+sj7ZrOBzFaQWaGe/Ep65UcXa2dwVT2iXQsq1yv5GmQO9qFQHRDe45cnofaFiPZL0Cz4gkQPIiUIWb2abhI54bA7oE572CaLO0Uf/H+PYTwSLnmL6KcVOLnLfdoZz0Qo/CScGFPyk6RG1ahPs65Uq1lGNwpwtq3PJ8g1lYx0E04zHcOiEzqbVN96sJLghof/IFQFPBLkvX8WrWw1dNr69Gfh38SLQm+BNU6TA0/oFnoIZ91lHWZQdhA92cLPzrky0Z1IRbvBjDY2FtG+x/6QaLxb8TMf84j7cfqDYtG/1h3NF4Fg4kbiRUDdibh9M42RJ5rT8NOwgUT/uMuwUV0W6AWYqSyb7vMghn8TlcJSoejK+mUEfduqF7RNB8ZBUXC+sTgEzsxT/yEyY/M/Kpc1FMz1cypval0VFmHW5cnxqhPrUiduofIvtDTL2Z+j4xU03enkU4EgGTiq1uE2OPwlFDzVb67GUzUV6F6ZAtmJs5/t/u6MWQ9h8jOlP0sXz0lIttvGGDLjPmukA5OXyQqM751zOAQlRPasValGnRypGub8pcQQYILnbX2iZyPaSLWqT0E5ClDyZAuklbTSTxzswiVK3dqoGYtIIZU+7qm4lGD/l8FaXtHnN6347WNEbMHoTAJhvqzMNoPXHGtLkVsBftJLZhvSGfe2ApbkSSESbwKX2i4noylGqQNdC/RFvswApi08hyjzTfxRXfgn2jyqDWJ2jOptqOJG2XeegQp0avqsUGVJzSAivGgUVdrXdde9JvIwKnUDvLvOtNTpRmr5HLuYmWiEfapgDpTqeu2L8LG+u1Iiu57AdVIWyGarrGQ3VN1wUyeLlDDfzcItNn78jKFq06cTjp1D7r+IUeDg36XA4JYATpAybe+aV/UtDy0g14bovhkLevqJU+56rcZu+rLJgOry/ZHZGrGWf0+vHOpPtBQxSOy/0g3CVbyRl9zHvftJ+zrhnmiy8HnnAzSTQY/iRalgKb+M3dFQWxHeI7YLc3A/oI2r3Ym50+lEcIEjkl9p+tFVgBngmEypauwPstul1roqk5dE6jq3xaMp4Akxf+xSjQaHf9brqkmc3wvC44QbOSYtBBsV1eRLqTPEm6OPjShKZ8POvwq0Z+j6Z/O5X0J+dT+tlTBUxUXQf7UhWMZ6id/X+IDCgDXvnNgVEuoePgUzKQR4AxGc5nLISA3JQbEDIYikeaixgAwX9TdhqJuW/gii6gBj31jxTqZfcf8UTk=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ababf8be-8bc7-4200-8695-08dc4827e62a
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2024 15:18:58.2086 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR09MB10214
Archived-At: <https://mailarchive.ietf.org/arch/msg/savnet/ivb5Q8GNNE-ZWVFAnrcio1mdao0>
Subject: Re: [savnet] Fw: New Version Notification for draft-li-sidrops-bicone-sav-00.txt
X-BeenThere: savnet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Source Address Validation in Intra-domain and Inter-domain Networks <savnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savnet>, <mailto:savnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/savnet/>
List-Post: <mailto:savnet@ietf.org>
List-Help: <mailto:savnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savnet>, <mailto:savnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 15:19:06 -0000

Hi Lancheng,

You requested me to explain in more detail my comment yesterday during your presentation on this draft in the SAVNET meeting.

The Bicone proposal makes source address (SA) in the prefixes that are not in the blocklist or the allowlist to be "allowed". That means that effectively only the SA in prefixes in the blocklist are blocked on ingress on a customer interface and any other SA is permitted. So, the allowlist is not really used. Improper admits would increase a lot. This points to the design flaw. 

Simple example: Consider AS A and AS B are lateral peers. AS A is doing Bicone on its customer interfaces. Bicone makes SA in the prefixes in the customer cone of AS B allowed on AS A's customer interfaces.

In trying to solve the NO_EXPORT situation, a much more important thing is overlooked by Bicone. I think BAR-SAV gets it right. If an AS has the unusual NO_EXPORT on all prefixes towards a provider, it should have an ASPA. This fixes the issue. Also, we may be making a bigger issue of "all prefixes having NO_EXPORT" than what might be true. I mean it might be very rare or non-existent. Usually, when more-specific prefixes have NO_EXPORT, there would be a covering less-specific prefix that propagate everywhere.

Thanks.

Sriram

v2.23.0 | Report a Bug | By Email