IETF Logo Mail Archive

Re: [sidr] [Idr] I-D Action: draft-ietf-sidr-origin-validation-signaling-08.txt

Jeffrey Haas <jhaas@pfrc.org> Mon, 14 December 2015 17:50 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 810D11ACEBA; Mon, 14 Dec 2015 09:50:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.578
X-Spam-Level:
X-Spam-Status: No, score=-1.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPtjfvyzD939; Mon, 14 Dec 2015 09:50:10 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id B8E281ACEAF; Mon, 14 Dec 2015 09:50:10 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id EC3CA1E45D; Mon, 14 Dec 2015 12:51:28 -0500 (EST)
Date: Mon, 14 Dec 2015 12:51:28 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: "John G. Scudder" <jgs@juniper.net>
Message-ID: <20151214175128.GA28772@pfrc.org>
References: <20151214170534.11198.66446.idtracker@ietfa.amsl.com> <CC4BE1A0-479E-44C5-87E5-0BD2A5501BF8@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CC4BE1A0-479E-44C5-87E5-0BD2A5501BF8@juniper.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/d8Lk26BazyULFFyQGUaIRgvu3Bc>
Cc: idr wg <idr@ietf.org>, "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] [Idr] I-D Action: draft-ietf-sidr-origin-validation-signaling-08.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 17:50:11 -0000

On Mon, Dec 14, 2015 at 12:09:09PM -0500, John G. Scudder wrote:
> Hi Everybody,
> 
> Just when we thought we were completely done with this draft, we were approached by Thomas King who pointed out a use case that can be enabled by validation signaling, which benefits from a minor revision in the language of the draft. Here's the revision:
[...]
> NEW:
>    By default, implementations SHOULD drop the origin validation state
>    extended community if received from an EBGP peer, without further
>    processing it.  Similarly, by default an implementation SHOULD NOT
>    send the community to EBGP peers.  However it SHOULD be possible to
>    configure an implementation to send or accept the community when
>    warranted.  An example of a case where the community would reasonably
>    be received from, or sent to, an EBGP peer is when two adjacent ASes
>    are under control of the same administration.  A second example is
>    documented in [I-D.kklf-sidr-route-server-rpki-light].
> 
> The change does two things. One is to add an informative reference to Thomas's draft. The second is a change in emphasis. Whereas we formerly said that an implementation MAY be configured to send and/or receive the community over EBGP, now we say it SHOULD be possible to configure it to do that.

For what it's worth, I'm highly supportive of this.  (In spite of the fact
that it's going to make me change code...)

We're seeing a generalized trend toward "if your feature says eBGP, you
might relax it in the following circumstances".

Pity confederations never caught on.

-- Jeff

v2.23.0 | Report a Bug | By Email