Re: [sidr] Question about draft-ietf-sidr-pfx-validate-03
John Scudder <jgs@juniper.net> Sun, 13 November 2011 08:21 UTC
Return-Path: <jgs@juniper.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D56E221F8B0D for <sidr@ietfa.amsl.com>; Sun, 13 Nov 2011 00:21:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.492
X-Spam-Level:
X-Spam-Status: No, score=-6.492 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWWzW+WU3TpF for <sidr@ietfa.amsl.com>; Sun, 13 Nov 2011 00:21:39 -0800 (PST)
Received: from exprod7og105.obsmtp.com (exprod7og105.obsmtp.com [64.18.2.163]) by ietfa.amsl.com (Postfix) with ESMTP id 235F721F8B0C for <sidr@ietf.org>; Sun, 13 Nov 2011 00:21:39 -0800 (PST)
Received: from P-EMHUB02-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob105.postini.com ([64.18.6.12]) with SMTP ID DSNKTr9+EqTHLzi8uTkPw6+NvxlivKXqp0kC@postini.com; Sun, 13 Nov 2011 00:21:39 PST
Received: from EMBX02-HQ.jnpr.net ([fe80::18fe:d666:b43e:f97e]) by P-EMHUB02-HQ.jnpr.net ([fe80::88f9:77fd:dfc:4d51%11]) with mapi; Sun, 13 Nov 2011 00:17:07 -0800
From: John Scudder <jgs@juniper.net>
To: Danny McPherson <danny@tcb.net>
Date: Sun, 13 Nov 2011 00:17:06 -0800
Thread-Topic: [sidr] Question about draft-ietf-sidr-pfx-validate-03
Thread-Index: Acyh3KG1WY3zhIjYSrWMy2LRzLmIbQ==
Message-ID: <258A421C-BC96-4076-8DDA-A9C87045151A@juniper.net>
References: <E3CAD10A-758F-435F-B79F-62171DD373CC@tcb.net>
In-Reply-To: <E3CAD10A-758F-435F-B79F-62171DD373CC@tcb.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Question about draft-ietf-sidr-pfx-validate-03
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2011 08:21:40 -0000
Danny, IMO the way to handle this is observe that all routes have a validity state attribute and that it needs to be settable in policy. I believe the draft already says this (I will check though) and so it provides the necessary minimum toolset needed to apply a given state to local routes. It might be worth saying something about what state a route should take by default, which I'm pretty sure we don't do now. (If done this might need to be broken down into several cases, e.g. EBGP vs. IBGP vs. locally originated.) --John On Nov 13, 2011, at 12:54 AM, Danny McPherson wrote: > > My read of the current draft suggests that if there's a route generated by the > local AS in BGP it could never have a "Valid" state, and by definition would > either posses a "Not found" or "Invalid" state -- even though the local > AS may well have a "ROA" and reside in the mapping table as well(!). > > I do not believe the current text is Section 5 is sufficient to address this case, > specifically with either this: > > "Considering invalid routes for BGP decision process is > a pure local policy matter and should be done with utmost care." > > or this: > > "In some cases (particularly when the selection algorithm is > influenced by the adjustment of a route property that is not > propagated into IBGP) it could be necessary for routing > correctness to propagate the validation state to the IBGP > peer. This can be accomplished on the sending side by setting > a community or extended community based on the validation > state, and on the receiving side by matching the (extended) > community and setting the validation state." > > I could think of a number of way to address this, but for there to exist the > possibility that an internally generated prefix (for which a ROA may well exists) > could NEVER have a "Valid" state needs to be corrected. > > Also, S 4: s/to rest of the network/to the rest of the network/ > > Thanks, > > -danny > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… Randy Bush
- [sidr] Question about draft-ietf-sidr-pfx-validat… Danny McPherson
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… Brian Dickson
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… Pradosh Mohapatra
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… Danny McPherson
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… John Scudder
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… John Scudder
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… Danny McPherson
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… Pradosh Mohapatra
- Re: [sidr] Question about draft-ietf-sidr-pfx-val… Brian Dickson