Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)
"Jakob Heitz (jheitz)" <jheitz@cisco.com> Fri, 03 March 2017 21:15 UTC
Return-Path: <jheitz@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F80A1294AE; Fri, 3 Mar 2017 13:15:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ah6Tui_zFs08; Fri, 3 Mar 2017 13:15:09 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2382812896F; Fri, 3 Mar 2017 13:15:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5498; q=dns/txt; s=iport; t=1488575709; x=1489785309; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=JMR7PWssz4i5X7wWM0un5E0dK+drFhdhlJbpVS4Tvpc=; b=UUgS+WLW/bRzhrwFRs5SJDRvY7BCXBurJ2jNqve9LdT82KOZvITB5uSj ddIPN7AJe//i0FpxE+0Q7IX/5+xKs9g0vql6+JrlieXrK29Egg+1dxkDU qIKYtfOb6YS/niXZTijkhTgMQ/klUHhAh1p1tgqos9cV15aCacrAcyADk E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DKAQD/27lY/5tdJa1eGQEBAQEBAQEBAQEBBwEBAQEBg1FhgQoHg1eKCpFHlTeCDR8NhXYCGoJMPxgBAgEBAQEBAQFiKIRwAQEBBAEBIRE6CwwEAgEIEQQBAQECAh8EAwICAiULFAEICAIEAQ0FCAyJZw6zRYImiwIBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYELhUOEb4Rrgm+CXwWcLAGGdYs0kSiTOgEfOFgrVhU/hQqBSnaHUyuBA4ENAQEB
X-IronPort-AV: E=Sophos;i="5.35,238,1484006400"; d="scan'208";a="393179031"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Mar 2017 21:15:08 +0000
Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v23LF8nl028692 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 3 Mar 2017 21:15:08 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 3 Mar 2017 15:15:07 -0600
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1210.000; Fri, 3 Mar 2017 15:15:07 -0600
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Keyur Patel <keyur@arrcus.com>, The IESG <iesg-secretary@ietf.org>, IETF-Announce <ietf-announce@ietf.org>
Thread-Topic: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)
Thread-Index: AQHSbB8KL4goLDO+zUCyR+oqQEK9nqF2Wu8wgA3u+wD//6L1QA==
Date: Fri, 03 Mar 2017 21:15:07 +0000
Message-ID: <4ae6d6be76c547f4a6a131cc0f3431be@XCH-ALN-014.cisco.com>
References: <148414831932.11019.14685466226406323027.idtracker@ietfa.amsl.com> <904eb4e5f3b54f8fb5eeddba482566c6@XCH-ALN-014.cisco.com> <EE5B24BB-386F-47E0-9F0C-3E6E48FBDFF1@arrcus.com>
In-Reply-To: <EE5B24BB-386F-47E0-9F0C-3E6E48FBDFF1@arrcus.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.90.253]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/EJUhE5WhHsg_Tq8vEk3pGqQNQeM>
Cc: "draft-ietf-sidr-origin-validation-signaling@ietf.org" <draft-ietf-sidr-origin-validation-signaling@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, The IESG <iesg@ietf.org>, "sandy@tislabs.com" <sandy@tislabs.com>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>
Subject: Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2017 21:15:11 -0000
I assume that the ext-comm passes policy. Thanks, Jakob. > -----Original Message----- > From: Keyur Patel [mailto:keyur@arrcus.com] > Sent: Friday, March 03, 2017 12:43 PM > To: Jakob Heitz (jheitz) <jheitz@cisco.com>; The IESG <iesg-secretary@ietf.org>; IETF-Announce <ietf- > announce@ietf.org> > Cc: draft-ietf-sidr-origin-validation-signaling@ietf.org; sidr@ietf.org; sidr-chairs@ietf.org; The IESG > <iesg@ietf.org>; sandy@tislabs.com; rfc-editor@rfc-editor.org > Subject: Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard > (draft-ietf-sidr-origin-validation-signaling-11.txt) > > Jacob, > > Apologies for the delayed response. Comments #Keyur > > On 2/23/17, 1:26 PM, "Jakob Heitz (jheitz)" <jheitz@cisco.com> wrote: > > What happens if a BGP speaker validates a route in its own RPKI database > and finds it to be either Valid or Invalid (not NotFound) and also receives > the extended community that specifies a different validation state? > > #Keyur: That pretty much means that ibgp speakers has out of sync rpki data. This could very well happen if the ibgp > speakers have different refresh intervals for polling the rpki data (or some error has occurred that has resulted > into a stale state). > > I don't see that condition covered in the draft. > I would say to ignore the extended community. > > #Keyur: I am not sure if we need to add any text? Extended community maps to a policy on a n inbound side. Policy > would dictate how you would want to use the community. Implementations could always log any conflicting rpki state > they encounter? > > Regards, > Keyur > > Thanks, > Jakob. > > > -----Original Message----- > > From: sidr [mailto:sidr-bounces@ietf.org] On Behalf Of The IESG > > Sent: Wednesday, January 11, 2017 7:25 AM > > To: IETF-Announce <ietf-announce@ietf.org> > > Cc: draft-ietf-sidr-origin-validation-signaling@ietf.org; sidr@ietf.org; sidr-chairs@ietf.org; The IESG > > <iesg@ietf.org>; sandy@tislabs.com; rfc-editor@rfc-editor.org > > Subject: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard > > (draft-ietf-sidr-origin-validation-signaling-11.txt) > > > > The IESG has approved the following document: > > - 'BGP Prefix Origin Validation State Extended Community' > > (draft-ietf-sidr-origin-validation-signaling-11.txt) as Proposed > > Standard > > > > This document is the product of the Secure Inter-Domain Routing Working > > Group. > > > > The IESG contact persons are Alvaro Retana, Alia Atlas and Deborah > > Brungard. > > > > A URL of this Internet Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-sidr-origin-validation-signaling/ > > > > > > > > > > > > Technical Summary > > > > This document defines a new BGP opaque extended community to carry > > the origination AS validation state inside an autonomous system. > > IBGP speakers that receive this validation state can configure local > > policies allowing it to influence their decision process. > > > > Working Group Summary > > > > This document has had consistent interest from the working group. > > Because it defines a new BGP community, it was reviewed by the idr > > working group as well. > > > > Document Quality > > > > The document has been implemented by major router vendors. > > It is known to be in use in two large IXPs, AMS-IX and DE-CIX. > > > > Personnel > > > > Document Shepherd: Sandra Murphy > > Responsible Area Director: Alvaro Retana > > > > _______________________________________________ > > sidr mailing list > > sidr@ietf.org > > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] Protocol Action: 'BGP Prefix Origin Valida… The IESG
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Jakob Heitz (jheitz)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Alvaro Retana (aretana)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Randy Bush
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Montgomery, Douglas (Fed)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Jakob Heitz (jheitz)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Keyur Patel
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Jakob Heitz (jheitz)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Montgomery, Douglas (Fed)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Jakob Heitz (jheitz)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Randy Bush
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Chris Morrow
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Randy Bush
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Chris Morrow
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Jakob Heitz (jheitz)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Randy Bush
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Chris Morrow
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Jakob Heitz (jheitz)
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Randy Bush
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Keyur Patel
- Re: [sidr] Protocol Action: 'BGP Prefix Origin Va… Jakob Heitz (jheitz)