IETF Logo Mail Archive

Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Sat, 04 March 2017 04:28 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79FE5127071; Fri, 3 Mar 2017 20:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDn1FQwYNtDB; Fri, 3 Mar 2017 20:28:48 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF02612711D; Fri, 3 Mar 2017 20:28:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2064; q=dns/txt; s=iport; t=1488601727; x=1489811327; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=YtqtWCvYp0eBzEujqud/u/jJ7WWV2hJ2hfwzJTFtdcI=; b=l8bE11klqlNIXc6ElqqeKXIFS77YoUKbhh0jipKNsRs1FbKBiO9Xou0s q7mqSJuzFnOBBcPSO12t+lbXYk3YffbwBKN+FK5Ic9a6s5gKAAJ63GnuO 3olWmCfKOcBZi/ZhpCKYrb3gBuepupXfZA3o/lReaBSK0eEL4gUBnV4K/ c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ATAQCoQbpY/5ldJa1eGQEBAQEBAQEBAQEBBwEBAQEBg1GBaweNZZFGlTeCDYYiAoJmPxgBAgEBAQEBAQFiKIRwAQEBBDo/DAQCAQgRBAEBHwUEBzIUCQgCBAENBQgMiWe1IosDAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYZOhG+KOQWcLAGSKZEokzoBHziBA1YVhUmBSnaHUyuBA4ENAQEB
X-IronPort-AV: E=Sophos;i="5.35,239,1484006400"; d="scan'208";a="214071918"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Mar 2017 04:28:46 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v244Slbl025790 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 4 Mar 2017 04:28:47 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 3 Mar 2017 22:28:46 -0600
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1210.000; Fri, 3 Mar 2017 22:28:46 -0600
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Randy Bush <randy@psg.com>, Chris Morrow <morrowc@ops-netman.net>
Thread-Topic: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)
Thread-Index: AQHSbB8KL4goLDO+zUCyR+oqQEK9nqF2Wu8wgAEcsQCADL9tgIAATY4AgAA/IwCAAAGigP//nPfg
Date: Sat, 04 Mar 2017 04:28:46 +0000
Message-ID: <4f0301f24b794a5c8ea0ab9e86f97eb0@XCH-ALN-014.cisco.com>
References: <148414831932.11019.14685466226406323027.idtracker@ietfa.amsl.com> <904eb4e5f3b54f8fb5eeddba482566c6@XCH-ALN-014.cisco.com> <AF3156BF-6CC9-4DDF-8C7A-4D6EDB9668AB@cisco.com> <D4DF2B46.74CF0%dougm@nist.gov> <m27f45x5jx.wl-randy@psg.com> <yj9oo9xhr8tj.wl%morrowc@ops-netman.net> <m2tw79vg94.wl-randy@psg.com>
In-Reply-To: <m2tw79vg94.wl-randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.90.253]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/O2tvlGTNOdL8DBMBAj90ACpMoAk>
Cc: "draft-ietf-sidr-origin-validation-signaling@ietf.org" <draft-ietf-sidr-origin-validation-signaling@ietf.org>, "sandy@tislabs.com" <sandy@tislabs.com>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Mar 2017 04:28:49 -0000

Both are a bit mushy.
The ext-comm may come from an ebgp neighbor.
I want to make sure that the not-found state is not interpreted as
a locally achieved validation state. If the local state is not-found,
then the received ext-comm should count.

  "Similarly on the receiving IBGP speakers, the validation state of
  an IBGP route SHOULD be derived directly from the last octet of the
  extended community, if present. If a receiving router is performing
  RPKI validation locally and has determined a state other than
  not-found, then the state determined by the extended community
  SHOULD NOT be used."


Thanks,
Jakob.

> -----Original Message-----
> From: Randy Bush [mailto:randy@psg.com]
> Sent: Friday, March 03, 2017 8:05 PM
> To: Chris Morrow <morrowc@ops-netman.net>
> Cc: Montgomery, Douglas (Fed) <dougm@nist.gov>; Alvaro Retana (aretana) <aretana@cisco.com>; Jakob Heitz (jheitz)
> <jheitz@cisco.com>; draft-ietf-sidr-origin-validation-signaling@ietf.org; sandy@tislabs.com; sidr-chairs@ietf.org;
> sidr@ietf.org
> Subject: Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard
> (draft-ietf-sidr-origin-validation-signaling-11.txt)
> 
> > Section 2, 3rd paragraph:
> >
> >   "Similarly on the receiving IBGP speakers, the validation
> >    state of an IBGP route SHOULD be derived directly from the last octet
> >    of the extended community, if present."
> >
> > to:
> >  "Similarly on the receiving IBGP speakers, the validation state of
> >   an IBGP route SHOULD be derived directly from the last octet of the
> >   extended community, if present. A receiving router should use
> >   locally achieved validation state before trusting an IBGP neighbors
> >   state information."
> 
> sure.  or, tersified,
> 
>   "Similarly, a receiving IBGP speaker, in the absence of validation
>    state set based on local data, SHOULD derive a validations state from
>    the last octet of the extended community, if present."
> 
> randy

v2.23.0 | Report a Bug | By Email