Re: [sidr] Signed vs unsgned and bgp best path decision
Robert Raszuk <robert@raszuk.net> Fri, 23 March 2012 10:30 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7C5E21F84D5 for <sidr@ietfa.amsl.com>; Fri, 23 Mar 2012 03:30:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.077
X-Spam-Level:
X-Spam-Status: No, score=-2.077 tagged_above=-999 required=5 tests=[AWL=-0.417, BANG_GUAR=0.939, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IY+z3EG5gUMT for <sidr@ietfa.amsl.com>; Fri, 23 Mar 2012 03:30:31 -0700 (PDT)
Received: from mail1310.opentransfer.com (mail1310.opentransfer.com [76.162.254.103]) by ietfa.amsl.com (Postfix) with ESMTP id 8C32D21F856D for <sidr@ietf.org>; Fri, 23 Mar 2012 03:30:31 -0700 (PDT)
Received: (qmail 793 invoked by uid 399); 23 Mar 2012 10:30:30 -0000
Received: from unknown (HELO ?192.168.1.57?) (pbs:robert@raszuk.net@83.9.122.1) by mail1310.opentransfer.com with ESMTPM; 23 Mar 2012 10:30:30 -0000
X-Originating-IP: 83.9.122.1
Message-ID: <4F6C50C9.8070702@raszuk.net>
Date: Fri, 23 Mar 2012 11:30:33 +0100
From: Robert Raszuk <robert@raszuk.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: Christopher Morrow <morrowc.lists@gmail.com>
References: <19249.1332451876@x37.NIC.DTAG.DE> <4F6BB594.5040202@raszuk.net> <CAL9jLaZBWFWxCVBDLMnGn+SypnObRzsLH8hCGHB=8tStCkQg4g@mail.gmail.com>
In-Reply-To: <CAL9jLaZBWFWxCVBDLMnGn+SypnObRzsLH8hCGHB=8tStCkQg4g@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Signed vs unsgned and bgp best path decision
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert@raszuk.net
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2012 10:30:35 -0000
Chris, I am talking about inter-domain policy not intra-domain. "ACHTUNG" may not help as folks around seem very reluctant to share their internal policies outside. When compared to what is today I don't think folks are mandated by any RFC to make a choice between two attributes which carry the same metric to decide which one should win on a per AS basis. Jakob, > I think this question is more about what step in the route selection > process (rfc 4271, 9.1.2.2) at which to consider the verification state. > > I would answer: nowhere. Really ? Assume there is no policy set by the operator. You have received on your ASBR a net with two paths from two different upstreams. One SIGNED containing sequence of embedded paths with pCounts hacks and the other path with just old plane AS_PATH. First you need to expand internally the signed path to mimic the old AS_PATH format for comparison (both length and content for multipath). So you can't just clearly do nothing with the signed path - I hope we all agree on that. Now let's talk policy. An operator would like to express his policy to mean: "PREFER SIGNED PATHS ONLY IF NOT LONGER THEN NOT SIGNED PATHS" How do you express such policy with local_pref or with cost_community today ? --- While I think it is very easy to say BGPSEC just works as enhancement to today's policy I think I have illustrated above that it is not right analogy in all case. --- Also on the topic of other email reg replace-as functionality I described in http://goo.gl/7aT5c what is router supposed to do when it receives signed as_path and replace-as is in the in/out policy ? Thx, R. > On Thu, Mar 22, 2012 at 7:28 PM, Robert Raszuk<robert@raszuk.net> wrote: >> By chaos I meant complete autonomous selection of what paths are preferred >> to be chosen as best on an AS by AS basis. In the case of mixed SIGNED and > > how is the above any different that what happens today? (inside a > single ASN, each router decides what it thinks is 'best', hopefully > with a coordinated policy across all devices, but ... that is not > guaranteed!) > >> UNSIGNED paths being consider in this _local_ decision as you stated it >> seems to me just like it is the case with bad uncorrelated policies more >> harm can be accomplished then good. > > sure... should someone say: "ACHTUNG!! OPENZ PEEPERZ!! USE THE SAME > POLICY ON ALL DEVICES!!" ? > > I think, I thought, I hope that the above message is (perhaps less > comically) stated to all network engineers when they graduate and get > their striped hats... (so thus NOT a required statement in an RFC-like > document) > > -chris > >
- [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Sriram, Kotikalapudi
- Re: [sidr] route leaks message to IDR George, Wes
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Sriram, Kotikalapudi
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- [sidr] Signed vs unsgned and bgp best path decisi… Robert Raszuk
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] Signed vs unsgned and bgp best path de… Ruediger Volk
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow
- Re: [sidr] Signed vs unsgned and bgp best path de… Jakob Heitz
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow