Re: [sidr] [Idr] I-D Action: draft-ietf-sidr-origin-validation-signaling-08.txt
Sandra Murphy <sandy@tislabs.com> Wed, 06 April 2016 12:56 UTC
Return-Path: <sandy@tislabs.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F29612D0B5 for <sidr@ietfa.amsl.com>; Wed, 6 Apr 2016 05:56:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id th-xD1mjPVHh for <sidr@ietfa.amsl.com>; Wed, 6 Apr 2016 05:56:39 -0700 (PDT)
Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2535312D1A2 for <sidr@ietf.org>; Wed, 6 Apr 2016 05:56:39 -0700 (PDT)
Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 82A3F28B003D; Wed, 6 Apr 2016 08:56:38 -0400 (EDT)
Received: from [IPv6:::1] (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id ABECE1F801E; Wed, 6 Apr 2016 08:56:37 -0400 (EDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_1D2F3452-9391-4C66-930D-B1705C5E189B"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5.2
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <CC4BE1A0-479E-44C5-87E5-0BD2A5501BF8@juniper.net>
Date: Wed, 06 Apr 2016 08:55:09 -0400
Message-Id: <51663D87-1ABC-45D0-B8A9-B59041793FE4@tislabs.com>
References: <20151214170534.11198.66446.idtracker@ietfa.amsl.com> <CC4BE1A0-479E-44C5-87E5-0BD2A5501BF8@juniper.net>
To: John Scudder <jgs@juniper.net>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/_8nR2zkivLLNHPhSD_qMncNmyzI>
Cc: "sidr@ietf.org list" <sidr@ietf.org>, Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] [Idr] I-D Action: draft-ietf-sidr-origin-validation-signaling-08.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 12:56:41 -0000
There being no complaint from sidr about this post-wglc change, and the idr review also being judged as successful, the wg consensus is judged to support publication of this version of the draft. A publication request will be issued shortly. —Sandy, speaking as wg co-chair On Dec 14, 2015, at 12:09 PM, John G. Scudder <jgs@juniper.net> wrote: > Hi Everybody, > > Just when we thought we were completely done with this draft, we were approached by Thomas King who pointed out a use case that can be enabled by validation signaling, which benefits from a minor revision in the language of the draft. Here's the revision: > > OLD: > By default, implementations SHOULD drop the origin validation state > extended community if received from an EBGP peer, without further > processing it. However an implementation MAY be configured to accept > the community when warranted, for example when the EBGP session is to > a neighbor AS under control of the same administration. Similarly, > an implementation SHOULD NOT send the community to EBGP peers but MAY > be configured to do so if warranted. > > NEW: > By default, implementations SHOULD drop the origin validation state > extended community if received from an EBGP peer, without further > processing it. Similarly, by default an implementation SHOULD NOT > send the community to EBGP peers. However it SHOULD be possible to > configure an implementation to send or accept the community when > warranted. An example of a case where the community would reasonably > be received from, or sent to, an EBGP peer is when two adjacent ASes > are under control of the same administration. A second example is > documented in [I-D.kklf-sidr-route-server-rpki-light]. > > The change does two things. One is to add an informative reference to Thomas's draft. The second is a change in emphasis. Whereas we formerly said that an implementation MAY be configured to send and/or receive the community over EBGP, now we say it SHOULD be possible to configure it to do that. > > I'm hoping this change will be noncontroversial and we can continue to move forward towards RFC, however I anticipate the respective working group chairs of SIDR and IDR (for obvious reasons I'm recusing myself) may want to have a period to allow people to comment. > > Thanks, > > --John > >> On Dec 14, 2015, at 12:05 PM, internet-drafts@ietf.org wrote: >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. >> >> Title : BGP Prefix Origin Validation State Extended Community >> Authors : Pradosh Mohapatra >> Keyur Patel >> John Scudder >> Dave Ward >> Randy Bush >> Filename : draft-ietf-sidr-origin-validation-signaling-08.txt >> Pages : 5 >> Date : 2015-12-14 >> >> Abstract: >> This document defines a new BGP opaque extended community to carry >> the origination AS validation state inside an autonomous system. >> IBGP speakers that receive this validation state can configure local >> policies allowing it to influence their decision process. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-sidr-origin-validation-signaling/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-sidr-origin-validation-signaling-08 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-origin-validation-signaling-08 >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr
- [sidr] I-D Action: draft-ietf-sidr-origin-validat… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-origin-val… John G. Scudder
- Re: [sidr] [Idr] I-D Action: draft-ietf-sidr-orig… Jeffrey Haas
- Re: [sidr] [Idr] I-D Action: draft-ietf-sidr-orig… Acee Lindem (acee)
- Re: [sidr] [Idr] I-D Action: draft-ietf-sidr-orig… Sandra Murphy