IETF Logo Mail Archive

Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer

Andrei Robachevsky <andrei.robachevsky@gmail.com> Wed, 15 July 2015 15:00 UTC

Return-Path: <andrei.robachevsky@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00FE71ACC88; Wed, 15 Jul 2015 08:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SEwBKZu-d1K0; Wed, 15 Jul 2015 08:00:27 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDD1E1ACC81; Wed, 15 Jul 2015 08:00:26 -0700 (PDT)
Received: by widjy10 with SMTP id jy10so2294328wid.1; Wed, 15 Jul 2015 08:00:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=5MTJwI3qr3FS/9n+9dq0ooOnLcuvN/FTueKJNTYABFo=; b=axU3VsHDHITxsJT0i/TmPdSVsPIaZ6trwVeDecc8T7BddggOTQxUKvtpJI4HbA+1Ri QU3HcEpMWr7jXBmzU2Ub2JpYWsZfWbrlSj2wbpBq+bLBe8nhS/2A3xSEqcLg/FGPODNJ tMGNWgh0tVTLGsydp0amCuD6qyNjxqiz3e2JNDbu+WNI3wkuhfwWQYzXbAKDCJiN3shG gqUgcpsW/qH+PZoDD0OxOZBdm+bA915OHiQ3yvcWk0m3H407XxVjCXYF5wh0psbhY0hM 1tdg1o0uu/uJSotM8SdGC+cvLM+djV4hSiYI+oK9gv2tsadGbyJ1GxmKMvLhl3LuHrT6 /KcA==
X-Received: by 10.194.94.101 with SMTP id db5mr9066079wjb.91.1436972425596; Wed, 15 Jul 2015 08:00:25 -0700 (PDT)
Received: from ISOC-A1FD58.local ([92.109.76.43]) by smtp.googlemail.com with ESMTPSA id jy6sm8352902wjc.4.2015.07.15.08.00.23 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Jul 2015 08:00:24 -0700 (PDT)
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
References: <005901d0b283$ea07bd20$be173760$@ndzh.com> <m2fv52b1w1.wl%randy@psg.com> <CY1PR09MB07939BA36BB01C19AD9AC2A384930@CY1PR09MB0793.namprd09.prod.outlook.com> <CAL9jLab5LOfeSYGzt=ywAwkoJdbe4moXD2w5LsGF-L_Cju_TUw@mail.gmail.com> <CY1PR09MB0793E39F703D436A3E21805B84900@CY1PR09MB0793.namprd09.prod.outlook.com> <55A4CB9B.2050207@gmail.com> <SN1PR09MB0799CC8746BA0C27BEA5B5D4849A0@SN1PR09MB0799.namprd09.prod.outlook.com>
From: Andrei Robachevsky <andrei.robachevsky@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <55A67586.6050604@gmail.com>
Date: Wed, 15 Jul 2015 17:00:22 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <SN1PR09MB0799CC8746BA0C27BEA5B5D4849A0@SN1PR09MB0799.namprd09.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="rb8bjcPqK7w9r3rRQLBw7WkpwPpbVVpMl"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/O8qYnDGSVGv87ztKWR8Hhb-CQ6A>
Cc: idr wg list <idr@ietf.org>, "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 15:00:32 -0000

Thank you for your response, Sriram.

Let me understand the semantics of the RLP field better. I am assuming
that it indicates that a leak happened somewhere in the path, not
necessarily at the adjacent AS (your customer or your peer). If this is
indeed so, the only case I can think of when an RLP-marked update is not
a leak, is when it came from the upstream.

And if we follow the same logic an RLP-marked update from the upstream
can still be a leak (and not just downstream announcements), but I think
it would be difficult to distinguish between the two.

If my considerations are correct, there are only two cases -
upstreams/transit providers, for which RLP doesn't matter, and others
(customers and peers) where an RLP indicates a leak and has to be dealt
accordingly.

Related to the latter - what would be in your opinion a reason to accept
a leaked route? Is it just for reachability (i.e. only one route to the
destination), or are there "legitimate" cases for route leaks?

Thanks,

Andrei

Sriram, Kotikalapudi wrote on 15/07/15 15:03:
> Andrei,
> 
> Thank you for reading the draft and offering comments -- certainly very helpful
> towards refining the proposal as well adding greater clarity in the document.
> 
>> It seems to me that sections 3.2.1. and 3.2.2. propose the same
>> algorithm (modulo the BGP neighbor is a customer or a peer). 
> 
> Your observation is correct. It has to do with the semantics of RLP bits.
> For now, we have RLP = 00 (default; nothing said) and RLP = 01 ('do not propagate up').
> 'Do not propagate up' certainly means that the update should not subsequently 
> propagate from a customer to its provider.
> However, a receiver can (at its own discretion) interpret RLP = 01 more strictly 
> to mean 'do not propagate to provider or peer'. 
> That is because if an ISP is not supposed to forward an update with RLP = 01 
> 'up' to a provider, then normally it should not forward it 'laterally' to a peer either.
> So we have separated the receiver detection procedures for 
> (a) when the update comes from a *customer* (section 3.2.1), and 
> vs. (b) when it comes from a *peer* (section 3.2.2).
> The difference is the stricter interpretation (in Section 3.2.2) of RLP = 01.
> Initially the attempt is to see if we can keep the RLP semantics simple,
> and still accomplish the detection objectives w.r.t. customer/peer. 
> These two section can be merged into one if, for example, 
> RLP = 01 is specified to denote 'do not propagate to provider or peer'.  
> 
>> The difference in the "possible actions" (3.3.) is not clear to me either.
> 
> When an update is detected and 'marked' as 'route leak' (based on section 3.2.1 or 3.2.2 detection),
> then the same/similar method(s) of mitigation can be applied (in the two cases). 
> The draft should not specify a mitigation method because that is left to operator policy.
> So we describe only an *example* policy: Suspend the "prefer customer" policy;
> i.e. instead of a 'marked' update from a customer, prefer an 'unmarked'
> update from a provider or peer. Some similar policy can be applied for a peer. 
> Let the operator decide the actual policy to be used in each case.
> 
>> Finally, what is the proposed action when an RLP-marked update is
>> received from an upstream?
> 
> Good point. The draft currently does not discuss this. If the customer
> is single-homed and does not have any alternate path for the prefix,
> then it would install the route learned from its sole provider even if it is 'marked'.
> If the customer is multi-homed, it should prefer an 'unmarked' update from 
> one provider over a 'marked' update from another provider. Etc.
> Again these actions/methods are left to operator policy.
> However, in the next revision, we will include a subsection to outline this.  
> 
> Sriram
>

v2.23.0 | Report a Bug | By Email