IETF Logo Mail Archive

Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer

Andrei Robachevsky <andrei.robachevsky@gmail.com> Thu, 16 July 2015 08:14 UTC

Return-Path: <andrei.robachevsky@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 340CA1B3754; Thu, 16 Jul 2015 01:14:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.3
X-Spam-Level:
X-Spam-Status: No, score=0.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MANGLED_TOOL=2.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7c71zW9pAUPn; Thu, 16 Jul 2015 01:14:01 -0700 (PDT)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD8C21B3752; Thu, 16 Jul 2015 01:14:00 -0700 (PDT)
Received: by wgkl9 with SMTP id l9so51846567wgk.1; Thu, 16 Jul 2015 01:13:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=vTQ57BLBTJoi6YMKiB0evw0PY+AxnyQ6fAbpR1FBd8M=; b=Er/TrzCoUDYd/Lh5jrND1gqDYg1+6Ci5NjXMUN3gOQ8cAgBW2E6VD7F5D4mVgbikgq V3F2jeljaRr3hYuvTBasSOgp88V9KMHd7Qdiny4Q9IVbQCtPIytdPcid8+7JG/tF3Cod 4NLAav1ivMqtc+V4nGKPt0qsA7+6EXuue+bdF9ZAvsgcOmjWtPxJIy1Bn/d7pVDglZmZ acAQO73H1Q9UNbq/T5FKhYSJvoKW9pbmVHBxaM5vQ664VL4gIKGfMBhScZJAVE5VDc5N NxWX1GwjnFsJuRZQMzWKdkm7WIyTOznmyI5TmUdXVZpM2Qgla7A5QsIfdTLz18FEBj2B i+zA==
X-Received: by 10.194.78.14 with SMTP id x14mr17096642wjw.48.1437034439551; Thu, 16 Jul 2015 01:13:59 -0700 (PDT)
Received: from ISOC-A1FD58.local ([92.109.76.43]) by smtp.googlemail.com with ESMTPSA id ec19sm2297181wic.0.2015.07.16.01.13.58 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Jul 2015 01:13:58 -0700 (PDT)
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
References: <005901d0b283$ea07bd20$be173760$@ndzh.com> <m2fv52b1w1.wl%randy@psg.com> <CY1PR09MB07939BA36BB01C19AD9AC2A384930@CY1PR09MB0793.namprd09.prod.outlook.com> <CAL9jLab5LOfeSYGzt=ywAwkoJdbe4moXD2w5LsGF-L_Cju_TUw@mail.gmail.com> <CY1PR09MB0793E39F703D436A3E21805B84900@CY1PR09MB0793.namprd09.prod.outlook.com> <55A4CB9B.2050207@gmail.com> <SN1PR09MB0799CC8746BA0C27BEA5B5D4849A0@SN1PR09MB0799.namprd09.prod.outlook.com> <55A67586.6050604@gmail.com> <CY1PR09MB0793D6E945971BC4B4AD031D849A0@CY1PR09MB0793.namprd09.prod.outlook.com>
From: Andrei Robachevsky <andrei.robachevsky@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <55A767C5.3090805@gmail.com>
Date: Thu, 16 Jul 2015 10:13:57 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <CY1PR09MB0793D6E945971BC4B4AD031D849A0@CY1PR09MB0793.namprd09.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="1JxceUR20vfWJapxxd97CeQKnOLX3EI1b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/jllyy-VfunUgO6L7WRwwM-soXH4>
Cc: idr wg list <idr@ietf.org>, "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-idr-route-leak-detection-mitigation: difference between a peer and a customer
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 08:14:02 -0000

Sriram,

Your explanations make it very clear, thanks.

Sriram, Kotikalapudi wrote on 15/07/15 23:20:
> Example 2:
> 
> P---AS A  ---{ RLP(AB) =01 } ---> AS B (cust. of A)  --- { RLP(AB) =01, RLP(BC) =00) } --->  AS C (provider of B)
> 
> B (in the middle) has two providers A and C.
> B learned a route from A and is leaking the route to C, and C detects it.
> C looks at RLP(AB) = 01, and therefore it knows that B's update is a leak.
> So C marks B's update as a route leak.  
> 
>> not necessarily at the adjacent AS (your customer or your peer). 
> 

Yes. What I meant here is a case when you extend your example to AS D (a
peer or a provider of AS C). Assuming that AS C has no route-leak
mitigation policy and propagates the update further, AS D may detect the
leak, which happened somewhere in the path (where precisely - D does not
know and does not need to know).

The only thing that matters is that the update has the RLP field set to
'01' indication for one or more hops (excluding the most recent) in the
AS path (that is what I called the RLP-marked in my note) *and* it does
not come from the upstream/transit provider.


[...]
>>
>> If my considerations are correct, there are only two cases -
>> upstreams/transit providers, for which RLP doesn't matter, and others
>> (customers and peers) where an RLP indicates a leak and has to be dealt
>> accordingly.
> 
> Yes, I agree that detecting route leaks from customers/peers matters.
> Detecting route leaks from upstreams/transit providers does not really matter
> (as explained above).

I guess what I am arguing for is that the semantics of RLP 01 should be
"propagate only down" rather than "do not propagate up" and any updates
with the RLP field set from a peer or a customer should be treated as a
leak.

Thanks,

Andrei

v2.23.0 | Report a Bug | By Email