IETF Logo Mail Archive

Re: [sidr] AD review and progressing draft-ietf-sidr-as-migration-02

Alia Atlas <akatlas@gmail.com> Mon, 09 February 2015 18:31 UTC

Return-Path: <akatlas@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65A4B1A1BEC for <sidr@ietfa.amsl.com>; Mon, 9 Feb 2015 10:31:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.299
X-Spam-Level:
X-Spam-Status: No, score=-99.299 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vzexjKj69tlA for <sidr@ietfa.amsl.com>; Mon, 9 Feb 2015 10:31:16 -0800 (PST)
Received: from mail-yh0-x233.google.com (mail-yh0-x233.google.com [IPv6:2607:f8b0:4002:c01::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C241A1B6E for <sidr@ietf.org>; Mon, 9 Feb 2015 10:31:11 -0800 (PST)
Received: by mail-yh0-f51.google.com with SMTP id b6so3599471yha.10 for <sidr@ietf.org>; Mon, 09 Feb 2015 10:31:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=AkXtf+6Radfo5lyHr0cAY4QsMJUN+0eOJb9uIjZornQ=; b=EjXuGN9nnQ+NmYsAKRZU0BZiv84vdfTsxFl7o3cr7snvELmtgUb5ocGxHGEMvlAvkn v5HsVfyQvkHB4y8Dn5MOPI6hTi+HTa31YGoQMJMX/b+hqbhwVY6kDTcwuXKF7gdGESfT ofvlUX+f0aHpL6AerlvR/5Y/OrbbiRvs/ND1/v4LPKsfeOyjTZ3vGZib4bZJG83a/yeL sgw7yXqVc+H0U8y3iIb9C1ljx70MlLLt+Y3NHgENAn7LgFFB48dK5wBMW26iUP1tIICc RkdTbQwdDW+0oN6Tf0ZvzOsqqvbViZi1TFPSxf2ubQ3uAFkUmlaLqP8NB0YK6YI1/6jH STsQ==
MIME-Version: 1.0
X-Received: by 10.236.97.71 with SMTP id s47mr2004058yhf.38.1423506670889; Mon, 09 Feb 2015 10:31:10 -0800 (PST)
Received: by 10.170.133.80 with HTTP; Mon, 9 Feb 2015 10:31:10 -0800 (PST)
In-Reply-To: <D0F5254B.41CBA%wesley.george@twcable.com>
References: <CAG4d1reTZ8xcR8EO61Ap_VHsEdfgh19tk46o0ns+QFRAD=mPDQ@mail.gmail.com> <D0F5254B.41CBA%wesley.george@twcable.com>
Date: Mon, 09 Feb 2015 13:31:10 -0500
Message-ID: <CAG4d1rekT8+Eprea1KemHaiTMY62N6Z8iOy=frCvJnJM0Aq+3A@mail.gmail.com>
From: Alia Atlas <akatlas@gmail.com>
To: "George, Wes" <wesley.george@twcable.com>
Content-Type: multipart/alternative; boundary="001a11c1c35274300f050eabf97b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/LsKuJ8pXUeyi4tzDydIiA-X45K4>
Cc: "draft-ietf-sidr-as-migration@tools.ietf.org" <draft-ietf-sidr-as-migration@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] AD review and progressing draft-ietf-sidr-as-migration-02
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Feb 2015 18:31:19 -0000

Hi Wes,

In-line with [Alia]

On Mon, Feb 2, 2015 at 1:38 PM, George, Wes <wesley.george@twcable.com>
wrote:

>   Alia – thanks for the review. Consider this ACK for all comments except
> the ones below, inline with WG]
> I have a –03 draft in the edit buffer, and will publish once the below is
> resolved.
>
>
>  Thanks,
>
>
>
> Wes
>
>
>
>
>    From: Alia Atlas <akatlas@gmail.com>
> Date: Friday, January 30, 2015 at 3:50 PM
> To: "draft-ietf-sidr-as-migration@tools.ietf.org" <
> draft-ietf-sidr-as-migration@tools.ietf.org>, "sidr@ietf.org" <
> sidr@ietf.org>
> Subject: AD review and progressing draft-ietf-sidr-as-migration-02
> Resent-To: <sandy@tislabs.com>, "George, Wes" <wesley.george@twcable.com>
>
>  a) Language around draft-ietf-idr-as-migration is more tentative than is
> appropriate
> when that draft and this are going to be RFCs.  Please clean that up.
>
>  WG] other than removing the first paragraph of section 4 (done), and
> fixing the intro (removed de facto), were there other places that this
> needs to be addressed?
>

[Alia] That sounds about right.


> b) In Sec 3.1, it says
>
> "If the route now shows up as originating
>    from AS64500, any downstream peers' validation check will fail unless
>    a ROA is *also* available for AS64500 as the origin ASN, meaning that
>    there will be overlapping ROAs until all routers originating prefixes
>    from AS64510 are migrated to AS64500."
>
> I think the second AS64500 should be AS64510.
>
>  WG] no. This is saying that a ROA already exists for 64510, but needs to
> exist for 64500. The distinction the second half of that section is making
> is that in addition to generating a ROA for 65400 for any prefixes
> originated by the router being moved, because of replace-AS, you may have
> to generate ROAs for 65400 for routes that are originating on routers still
> in 65410. If that explanation is any clearer, I can try to edit the text to
> reflect this.
>

[Alia] Yes, if you could clarify it a bit that'd help.


>
>  e) In draft-ietf-idr-as-migration, the case of handling AS migration in iBGP sessions is also covered.  I assume that because it is iBGP sessions, there is no work to be done for BGPsec.  Could you please add a quick obvious statement to that effect?
>
>
>  WG] hmm. This solution was originally written before the iBGP stuff was
> added, and it didn't occur to me that it may need to be discussed here.
> Pitfalls of two largely parallel docs, I guess.
> The iBGP AS migration discussed is basically just listening for open on
> either ASN, but otherwise treats the session as iBGP even if the ASN is not
> the same as the globally-configured one. Thus there are two ASNs involved,
> and this is mainly the same as AS migration with eBGP, in that the
> migrating router would need to have a pcount=0 from old ASN to New in order
> to hide that path in routes that are signed to the old ASN from downstream
> eBGP peers. The wrinkle is that instead of the migration point being on the
> edge router between its eBGP peers and its iBGP peers, the migration point
> is now one router upstream, between two iBGP peers (i.e. The router in the
> old ASN doesn't necessarily know to mask its global ASN with pcount=0, and
> so the router that is at the actual border between the two ASNs will have
> to do the pcount=0 trick to the "iBGP" updates it receives. I'll need to
> add some text in 5.3 to cover this case. Good catch.
>

[Alia] Thanks - looking forward to it.

Alia


>
>
> ------------------------------
> This E-mail and any of its attachments may contain Time Warner Cable
> proprietary information, which is privileged, confidential, or subject to
> copyright belonging to Time Warner Cable. This E-mail is intended solely
> for the use of the individual or entity to which it is addressed. If you
> are not the intended recipient of this E-mail, you are hereby notified that
> any dissemination, distribution, copying, or action taken in relation to
> the contents of and attachments to this E-mail is strictly prohibited and
> may be unlawful. If you have received this E-mail in error, please notify
> the sender immediately and permanently delete the original and any copy of
> this E-mail and any printout.
>

v2.23.0 | Report a Bug | By Email