Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Wed, 15 July 2015 21:21 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B22E81A8851; Wed, 15 Jul 2015 14:21:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lo6k6XRTwlAV; Wed, 15 Jul 2015 14:20:59 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0771.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::771]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63E441A873C; Wed, 15 Jul 2015 14:20:59 -0700 (PDT)
Received: from CY1PR09MB0795.namprd09.prod.outlook.com (10.163.43.145) by CY1PR09MB0377.namprd09.prod.outlook.com (10.160.147.14) with Microsoft SMTP Server (TLS) id 15.1.213.14; Wed, 15 Jul 2015 21:20:39 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com (10.163.43.143) by CY1PR09MB0795.namprd09.prod.outlook.com (10.163.43.145) with Microsoft SMTP Server (TLS) id 15.1.213.14; Wed, 15 Jul 2015 21:20:38 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) by CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) with mapi id 15.01.0219.000; Wed, 15 Jul 2015 21:20:38 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Andrei Robachevsky <andrei.robachevsky@gmail.com>
Thread-Topic: draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer
Thread-Index: AQHQvhEfZNxwzI8V2ECO5TICdbuD2Z3cfN/4gAAk8ACAAGNnMA==
Date: Wed, 15 Jul 2015 21:20:38 +0000
Message-ID: <CY1PR09MB0793D6E945971BC4B4AD031D849A0@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <005901d0b283$ea07bd20$be173760$@ndzh.com> <m2fv52b1w1.wl%randy@psg.com> <CY1PR09MB07939BA36BB01C19AD9AC2A384930@CY1PR09MB0793.namprd09.prod.outlook.com> <CAL9jLab5LOfeSYGzt=ywAwkoJdbe4moXD2w5LsGF-L_Cju_TUw@mail.gmail.com> <CY1PR09MB0793E39F703D436A3E21805B84900@CY1PR09MB0793.namprd09.prod.outlook.com> <55A4CB9B.2050207@gmail.com> <SN1PR09MB0799CC8746BA0C27BEA5B5D4849A0@SN1PR09MB0799.namprd09.prod.outlook.com> <55A67586.6050604@gmail.com>
In-Reply-To: <55A67586.6050604@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [129.6.140.100]
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0795; 24:SLWKECSJpE7V9pVNXfLI17B9A/SsI4LK5nIxK3AOGakzFAsnsCaSBg5Z1IOnAw/ooZN2W/eoFgVdDD05AU2TcjDGUDr3aqTySzM0Ya3Cz+A=; 20:sOJr3S0yz5tagYHdgQh5mGfeGB/PYHRjyLq9QYN+d4/wzWdJOpEjHLmmp7eyK3dRMuHnBIb7jyXbh0xVakiAGA==
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0795; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0377;
cy1pr09mb0795: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <CY1PR09MB07959966BFBD6EDB5BE55855849A0@CY1PR09MB0795.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:CY1PR09MB0795; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0795;
x-forefront-prvs: 0638FD5066
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(122556002)(189998001)(40100003)(74316001)(2656002)(86362001)(87936001)(62966003)(77156002)(106116001)(92566002)(5001960100002)(66066001)(5002640100001)(46102003)(93886004)(77096005)(33656002)(102836002)(2900100001)(2950100001)(50986999)(230783001)(54356999)(76176999)(76576001)(5003600100002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR09MB0795; H:CY1PR09MB0793.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2015 21:20:38.2873 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0795
X-Microsoft-Exchange-Diagnostics: 1; CY1PR09MB0377; 2:pbOJ3YoSkywa2XNrIGKi3DpxY8/J0uSJZCaJ/HzYm3q/V8kLx47n1dL8qe10zqV1; 3:qlH7jr6CtaK2xlw3V1DKvEqwyF0rADFadkTY+VygURecjko0YYz3yOlwC7jywwVUk3WFOTdywV8rLTkXUGuJyiYfCkwuVNhYG7wS2A+PglNoSVxrYhjEeKdUk4jBFcyvf0bKYabhExkrWzYmlpqEyQ==; 25:HCPx1MxiqyjUa2lBthc3Pelrtw5vsbEQNpbbMpKRnKIE6i58PvMvN0mOkcUyzJ1IqswBVDxeV3LhjEZZC/ZgLv2gLMPK8C3pwWtcMJ6LS9CGUgckPN6F4VwFjL868wNkYE2R/3YoblFVM06kLTMJHtYsT+CxiG1wf9xVP4wfyIugt5n90AvBocqNnpxYpsI/l9n9ebkb+FE+LYJXNOyD1ea7RcT9rBTk2eqSc8GAvwtTK3CM66+GK8soK8Njncc63DAgjMqt6e1iTQim2aqL2Q==; 20:BnQCZ0tbt/kgJi7t3Zs/c3ak6KTj3KJPOCSIHqrbO2zupnibBT2dY92/q/966Rvcg4KTIT+Tv78n25icB5+9jg==; 23:H6ye0PB/Khn4ENnv6VdNfNsC9Yc6I4W24vznwjQEQIqcZR/Y/UoNcv/DzpHHT5W8+DSBdslyp0MJL0pV514qa2deDBW4aUehPWy7DcJ4/LC7LCQFLSljZkEp5/BRXTgpy9t72uTtq/+uBplpeqJfncIz47CXLZLEr+KyHu3WNXuQk4RYVDANd8X6QHGtiHQtPknK6sKItweUk/tvbrqvy/lKOBs1LBUBgy5I9he/S1YI5l0rkCEckoc27GCYpvtk
CY1PR09MB0377: X-MS-Exchange-Organization-RulesExecuted
X-OriginatorOrg: nist.gov
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/R4j04CQHKm8td5jWeGrYv2Hf5jk>
Cc: idr wg list <idr@ietf.org>, "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 21:21:01 -0000
>Let me understand the semantics of the RLP field better. I am assuming
>that it indicates that a leak happened somewhere in the path,
RLP field does not indicate (or encode) that a *leak happened*.
It merely facilitates a receiving router to detect if an update
from a sending router (an adjacent AS) is a route leak.
Example 1: Route for prefix P propagates as follows:
P---AS A ---{ RLP(AB) = 01 }---> AS B (cust. of A) ---{ RLP(BC) = 01, RLP(AB) = 01 }---> AS C (cust. of B)
Sequentially, B is a customer of A, and C is a customer of B.
The expression in wiggly brackets {} shows the RLP values in the prefix update.
A transitive RLP field is added in the update for each hop in the path.
Each AS sets an RLP value for its hop to the next AS for the route it forwards for prefix P.
RLP = 01 indicates that the update SHOULD NOT be sent 'up' to a provider (or
'laterally' to a peer), but it is allowed to forward the update to a customer.
So no one in this Example 1 detects a route leak. There is no route leak.
Example 2:
P---AS A ---{ RLP(AB) =01 } ---> AS B (cust. of A) --- { RLP(AB) =01, RLP(BC) =00) } ---> AS C (provider of B)
B (in the middle) has two providers A and C.
B learned a route from A and is leaking the route to C, and C detects it.
C looks at RLP(AB) = 01, and therefore it knows that B's update is a leak.
So C marks B's update as a route leak.
>not necessarily at the adjacent AS (your customer or your peer).
As in the examples above, the receiver is only detecting if the update from
its adjacent router is a route leak. It does so by looking
at NOT the RLP field value set by the adjacent router
but the RLP field values set by the ASes that preceded it.
>If this is indeed so, the only case I can think of when an RLP-marked update is not
>a leak, is when it came from the upstream.
May be this question goes away in light of the proper understanding
of RLP field values provided above.
It is true that an upstream provider cannot leak any prefix route to its
customer by definition. Any prefix routes that the upstream has accepted
(after applying route leak detection/mitigation etc.), the upstream usually send all
those routes to its customer (except those learned from that customer).
So in general, a customer need not try to detect route leak from its upstream provider
(keep in mind that we are talking about the relationships on per prefix basis).
(Please ignore what I said in my previous reply to you about detecting route
leaks from a provider; the last paragraph.)
We have not used the term "RLP-marked" anywhere in the draft.
So I don't know what exactly you mean by it.
But hopefully the above explanations clarify things for you.
When we say an update is 'marked', it simply means that it was detected
to be a route leak (as it was received from a neighbor AS).
>And if we follow the same logic an RLP-marked update from the upstream
>can still be a leak (and not just downstream announcements), but I think
>it would be difficult to distinguish between the two.
>
>If my considerations are correct, there are only two cases -
>upstreams/transit providers, for which RLP doesn't matter, and others
>(customers and peers) where an RLP indicates a leak and has to be dealt
>accordingly.
Yes, I agree that detecting route leaks from customers/peers matters.
Detecting route leaks from upstreams/transit providers does not really matter
(as explained above).
>Related to the latter - what would be in your opinion a reason to accept
>a leaked route? Is it just for reachability (i.e. only one route to the
>destination), or are there "legitimate" cases for route leaks?
In this discussion and the draft, we have not called anything a
"legitimate" route leak. But some customer ASes could make mistakes.
For example, if X is single-homed stub customer of Y and Y is a customer of Z,
and if X sets RLP = 01 by mistake in its prefix update to Y, then Z detects and marks
the prefix route from Y as a route leak.
Z will not have any alternate path for that prefix because X is single-homed stub.
In this case, Z may accept the update for reachability even though it was
detected to be route leak. Again, we don't specify this.
We only specify the detection method, not the mitigation policy.
Thank you.
Sriram
- Re: [sidr] [Idr] Route Leaks and solutions Sriram, Kotikalapudi
- [sidr] draft-sriram-idr-route-leak-detection-miti… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Route Leaks and solutions Christopher Morrow
- Re: [sidr] [Idr] Route Leaks and solutions Sriram, Kotikalapudi