Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer
Andrei Robachevsky <andrei.robachevsky@gmail.com> Wed, 15 July 2015 15:00 UTC
Return-Path: <andrei.robachevsky@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00FE71ACC88; Wed, 15 Jul 2015 08:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SEwBKZu-d1K0; Wed, 15 Jul 2015 08:00:27 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDD1E1ACC81; Wed, 15 Jul 2015 08:00:26 -0700 (PDT)
Received: by widjy10 with SMTP id jy10so2294328wid.1; Wed, 15 Jul 2015 08:00:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=5MTJwI3qr3FS/9n+9dq0ooOnLcuvN/FTueKJNTYABFo=; b=axU3VsHDHITxsJT0i/TmPdSVsPIaZ6trwVeDecc8T7BddggOTQxUKvtpJI4HbA+1Ri QU3HcEpMWr7jXBmzU2Ub2JpYWsZfWbrlSj2wbpBq+bLBe8nhS/2A3xSEqcLg/FGPODNJ tMGNWgh0tVTLGsydp0amCuD6qyNjxqiz3e2JNDbu+WNI3wkuhfwWQYzXbAKDCJiN3shG gqUgcpsW/qH+PZoDD0OxOZBdm+bA915OHiQ3yvcWk0m3H407XxVjCXYF5wh0psbhY0hM 1tdg1o0uu/uJSotM8SdGC+cvLM+djV4hSiYI+oK9gv2tsadGbyJ1GxmKMvLhl3LuHrT6 /KcA==
X-Received: by 10.194.94.101 with SMTP id db5mr9066079wjb.91.1436972425596; Wed, 15 Jul 2015 08:00:25 -0700 (PDT)
Received: from ISOC-A1FD58.local ([92.109.76.43]) by smtp.googlemail.com with ESMTPSA id jy6sm8352902wjc.4.2015.07.15.08.00.23 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Jul 2015 08:00:24 -0700 (PDT)
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
References: <005901d0b283$ea07bd20$be173760$@ndzh.com> <m2fv52b1w1.wl%randy@psg.com> <CY1PR09MB07939BA36BB01C19AD9AC2A384930@CY1PR09MB0793.namprd09.prod.outlook.com> <CAL9jLab5LOfeSYGzt=ywAwkoJdbe4moXD2w5LsGF-L_Cju_TUw@mail.gmail.com> <CY1PR09MB0793E39F703D436A3E21805B84900@CY1PR09MB0793.namprd09.prod.outlook.com> <55A4CB9B.2050207@gmail.com> <SN1PR09MB0799CC8746BA0C27BEA5B5D4849A0@SN1PR09MB0799.namprd09.prod.outlook.com>
From: Andrei Robachevsky <andrei.robachevsky@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <55A67586.6050604@gmail.com>
Date: Wed, 15 Jul 2015 17:00:22 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <SN1PR09MB0799CC8746BA0C27BEA5B5D4849A0@SN1PR09MB0799.namprd09.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="rb8bjcPqK7w9r3rRQLBw7WkpwPpbVVpMl"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/O8qYnDGSVGv87ztKWR8Hhb-CQ6A>
Cc: idr wg list <idr@ietf.org>, "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 15:00:32 -0000
Thank you for your response, Sriram. Let me understand the semantics of the RLP field better. I am assuming that it indicates that a leak happened somewhere in the path, not necessarily at the adjacent AS (your customer or your peer). If this is indeed so, the only case I can think of when an RLP-marked update is not a leak, is when it came from the upstream. And if we follow the same logic an RLP-marked update from the upstream can still be a leak (and not just downstream announcements), but I think it would be difficult to distinguish between the two. If my considerations are correct, there are only two cases - upstreams/transit providers, for which RLP doesn't matter, and others (customers and peers) where an RLP indicates a leak and has to be dealt accordingly. Related to the latter - what would be in your opinion a reason to accept a leaked route? Is it just for reachability (i.e. only one route to the destination), or are there "legitimate" cases for route leaks? Thanks, Andrei Sriram, Kotikalapudi wrote on 15/07/15 15:03: > Andrei, > > Thank you for reading the draft and offering comments -- certainly very helpful > towards refining the proposal as well adding greater clarity in the document. > >> It seems to me that sections 3.2.1. and 3.2.2. propose the same >> algorithm (modulo the BGP neighbor is a customer or a peer). > > Your observation is correct. It has to do with the semantics of RLP bits. > For now, we have RLP = 00 (default; nothing said) and RLP = 01 ('do not propagate up'). > 'Do not propagate up' certainly means that the update should not subsequently > propagate from a customer to its provider. > However, a receiver can (at its own discretion) interpret RLP = 01 more strictly > to mean 'do not propagate to provider or peer'. > That is because if an ISP is not supposed to forward an update with RLP = 01 > 'up' to a provider, then normally it should not forward it 'laterally' to a peer either. > So we have separated the receiver detection procedures for > (a) when the update comes from a *customer* (section 3.2.1), and > vs. (b) when it comes from a *peer* (section 3.2.2). > The difference is the stricter interpretation (in Section 3.2.2) of RLP = 01. > Initially the attempt is to see if we can keep the RLP semantics simple, > and still accomplish the detection objectives w.r.t. customer/peer. > These two section can be merged into one if, for example, > RLP = 01 is specified to denote 'do not propagate to provider or peer'. > >> The difference in the "possible actions" (3.3.) is not clear to me either. > > When an update is detected and 'marked' as 'route leak' (based on section 3.2.1 or 3.2.2 detection), > then the same/similar method(s) of mitigation can be applied (in the two cases). > The draft should not specify a mitigation method because that is left to operator policy. > So we describe only an *example* policy: Suspend the "prefer customer" policy; > i.e. instead of a 'marked' update from a customer, prefer an 'unmarked' > update from a provider or peer. Some similar policy can be applied for a peer. > Let the operator decide the actual policy to be used in each case. > >> Finally, what is the proposed action when an RLP-marked update is >> received from an upstream? > > Good point. The draft currently does not discuss this. If the customer > is single-homed and does not have any alternate path for the prefix, > then it would install the route learned from its sole provider even if it is 'marked'. > If the customer is multi-homed, it should prefer an 'unmarked' update from > one provider over a 'marked' update from another provider. Etc. > Again these actions/methods are left to operator policy. > However, in the next revision, we will include a subsection to outline this. > > Sriram >
- Re: [sidr] [Idr] Route Leaks and solutions Sriram, Kotikalapudi
- [sidr] draft-sriram-idr-route-leak-detection-miti… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Route Leaks and solutions Christopher Morrow
- Re: [sidr] [Idr] Route Leaks and solutions Sriram, Kotikalapudi