[savnet] A variation of DSAV as a BGP extension
"Lubashev, Igor" <ilubashe@akamai.com> Tue, 22 March 2022 04:15 UTC
Return-Path: <ilubashe@akamai.com>
X-Original-To: savnet@ietfa.amsl.com
Delivered-To: savnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 5CFC53A0DD2
for <savnet@ietfa.amsl.com>; Mon, 21 Mar 2022 21:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id iKvoqISiVGg2 for <savnet@ietfa.amsl.com>;
Mon, 21 Mar 2022 21:15:17 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com
[IPv6:2620:100:9005:57f::1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 6EA903A1D26
for <savnet@ietf.org>; Mon, 21 Mar 2022 21:15:16 -0700 (PDT)
Received: from pps.filterd (m0122330.ppops.net [127.0.0.1])
by mx0b-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22M0evEe018984
for <savnet@ietf.org>; Tue, 22 Mar 2022 04:15:15 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com;
h=from : to : subject :
date : message-id : content-type : content-transfer-encoding :
mime-version; s=jan2016.eng;
bh=FuDqk5PzdNz8m0dBkMhXrT/vbB6ZhZgTuMyYFlAa4/Q=;
b=MZOlMOMkknG/GFVYbdbkfYqJJX2H75lRYuFT84218YeeJoE79sq1s6j5kIAkEg2OJw8U
VeuQKOBvgZYu3lfRnvJsUZzndIXqOslXDv4EXxlnGUbclu6WUogCHoDUE/tr/scZqwvf
I/qIQKbNdmo7u9P+t6AaT7l+iap3Ce01avN9KGp490v51K+PJdlOCMnM5g8SjMzfl8+e
VWNuC8hNAb4i3Fht/DDeA+iS09fl93ShtrRlrUJ6efamtEUJ5/rL6ThD3PpjbJ4e03cm
AmzHcK+UXAgwgBTEc+WbFkF8HJxDsUda7zmR65g49ATfqvDZUd3BmDtCQO8PHjRbvMpy kg==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]
(may be forged))
by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3ew7q1s3c5-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <savnet@ietf.org>; Tue, 22 Mar 2022 04:15:14 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1])
by prod-mail-ppoint2.akamai.com (8.16.1.2/8.16.1.2) with SMTP id
22M453Ux026398 for <savnet@ietf.org>; Tue, 22 Mar 2022 00:15:14 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.30])
by prod-mail-ppoint2.akamai.com with ESMTP id 3ewagxm7cx-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
for <savnet@ietf.org>; Tue, 22 Mar 2022 00:15:14 -0400
Received: from USTX2EX-DAG1MB2.msg.corp.akamai.com (172.27.165.120) by
usma1ex-dag4mb5.msg.corp.akamai.com (172.27.91.24) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.2.922.27; Tue, 22 Mar 2022 00:15:13 -0400
Received: from USTX2EX-DAG1MB5.msg.corp.akamai.com (172.27.165.123) by
ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.165.120) with Microsoft SMTP
Server (TLS) id 15.0.1497.32; Mon, 21 Mar 2022 23:15:12 -0500
Received: from USTX2EX-DAG1MB5.msg.corp.akamai.com ([172.27.165.123]) by
ustx2ex-dag1mb5.msg.corp.akamai.com ([172.27.165.123]) with mapi id
15.00.1497.033; Mon, 21 Mar 2022 23:15:12 -0500
From: "Lubashev, Igor" <ilubashe@akamai.com>
To: "savnet@ietf.org" <savnet@ietf.org>
Thread-Topic: A variation of DSAV as a BGP extension
Thread-Index: Adg9nfAO1hcZ2EGeTFq3J3oLqYsPuw==
Date: Tue, 22 Mar 2022 04:15:12 +0000
Message-ID: <dcf252ce9dd04cb58fba15d5e5e228dd@ustx2ex-dag1mb5.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850
definitions=2022-03-21_10:2022-03-18,
2022-03-21 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=1 bulkscore=0
phishscore=0 malwarescore=0
spamscore=1 suspectscore=0 adultscore=0 mlxlogscore=221 mlxscore=1
classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000
definitions=main-2203220022
X-Proofpoint-ORIG-GUID: x2GOtCGc7JZJqBcr-Pj5kYDtxx5vc0uj
X-Proofpoint-GUID: x2GOtCGc7JZJqBcr-Pj5kYDtxx5vc0uj
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514
definitions=2022-03-21_10,2022-03-21_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0
mlxscore=0 adultscore=0
lowpriorityscore=0 phishscore=0 malwarescore=0 mlxlogscore=241 spamscore=0
bulkscore=0 suspectscore=0 priorityscore=1501 clxscore=1011
classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000
definitions=main-2203220023
Archived-At: <https://mailarchive.ietf.org/arch/msg/savnet/wAJLwFNuGiCh5g4y2_dP43X36LU>
Subject: [savnet] A variation of DSAV as a BGP extension
X-BeenThere: savnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <savnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savnet>,
<mailto:savnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/savnet/>
List-Post: <mailto:savnet@ietf.org>
List-Help: <mailto:savnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savnet>,
<mailto:savnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 04:15:23 -0000
I am glad to see some renewed attention paid to SAV. Here is a quick proposal I've made on the topic @ IETF-101. https://datatracker.ietf.org/meeting/101/materials/slides-101-rtgwg-sessb-ingress-filtering-for-asymmetric-routing-01 The quick summary of the above: 1. We have a problem today, because we use the same BGP reachability advertisements for two separate purposes: advertising reachability and SAV. 2. The proposal is a creation of a new "SAV Allow" SAFI. Advertisements with "SAV Allow" SAFI are never used for forwarding and can only be used for SAV. 2a. The advertisements are secured against spoofing by all the usual means that BGP advertisements are secured. 2b. "SAV Allow" SAFI advertisements are transitive, unless a route (a regular or "SAV Allow") with the same or a shorter prefix is advertised to a peer. This is because the advertised route already serves "SAV Allow" purpose. 2c. Only routers that support "SAV Allow" SAFI get these advertisements. 3. The upside is that this seems like it would solve SAV problem and use just a simple BGP extension for it. The downside is that incremental deployment can only start with the routers that are originating the routes -- upgrading an intermediary router does no good, unless all routers between the path originator and itself have been upgraded. 3a. Compared to RFC8704, RFC8704 does not solve SAV completely, but it allows for a much looser increment deployment to be useful. Happy to discuss this more, of course. - Igor
- [savnet] A variation of DSAV as a BGP extension Lubashev, Igor
- Re: [savnet] A variation of DSAV as a BGP extensi… Zhuangshunwan
- Re: [savnet] A variation of DSAV as a BGP extensi… tolidan
- Re: [savnet] A variation of DSAV as a BGP extensi… Lubashev, Igor
- Re: [savnet] A variation of DSAV as a BGP extensi… Zhuangshunwan
- Re: [savnet] A variation of DSAV as a BGP extensi… Jari Arkko