IETF Logo Mail Archive

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10

Randy Bush <randy@psg.com> Fri, 02 December 2016 20:37 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9113128B44 for <sidr@ietfa.amsl.com>; Fri, 2 Dec 2016 12:37:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.797
X-Spam-Level:
X-Spam-Status: No, score=-9.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-ijW0ONY25u for <sidr@ietfa.amsl.com>; Fri, 2 Dec 2016 12:37:47 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E95A124281 for <sidr@ietf.org>; Fri, 2 Dec 2016 12:37:47 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from <randy@psg.com>) id 1cCuaX-0000wk-6S; Fri, 02 Dec 2016 20:37:45 +0000
Date: Fri, 02 Dec 2016 12:37:44 -0800
Message-ID: <m2wpfi12zr.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
In-Reply-To: <E9457A37-0B64-43AC-BC9D-546D86528232@cisco.com>
References: <1FBAD3F8-5387-47A3-9988-A49A3133490A@cisco.com> <m2d1i6r14l.wl-randy@psg.com> <E9457A37-0B64-43AC-BC9D-546D86528232@cisco.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/4xQomjKa36ud8E3D4CD_ckUG1nI>
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2016 20:37:49 -0000

unless someone screams

   As BGPsec will be rolled out over years and does not allow for
   intermediate non-signing edge routers, coverage will be spotty for a
   long time.  This presents a dilemma; should a router evaluating an
   inbound BGPsec_Path as Not Valid be very strict and discard it?  On
   the other hand, it might be the only path to that prefix, and a very
   low local-preference would cause it to be used and propagated only if
   there was no alternative.  Either choice is reasonable, but we
   recommend dropping because of the next point.

   Operators should be aware that accepting Not Valid announcements, no
   matter the local preference, will often be the equivalent of treating
   them as fully Valid.  Local preference affects only routes to the
   same set of destinations.  Consider having a Valid announcement from
   neighbor V for prefix 10.0.0.0/16 and an Not Valid announcement for
   10.0.666.0/24 from neighbor I.  If local policy on the router is not
   configured to discard the Not Valid announcement from I, then longest
   match forwarding will send packets to neighbor I no matter the value
   of local preference.

v2.23.0 | Report a Bug | By Email