IETF Logo Mail Archive

Re: [sidr] origin attribute

heasley <heas@shrubbery.net> Wed, 24 October 2012 16:58 UTC

Return-Path: <heas@shrubbery.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA63F21F8855 for <sidr@ietfa.amsl.com>; Wed, 24 Oct 2012 09:58:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.745
X-Spam-Level:
X-Spam-Status: No, score=-4.745 tagged_above=-999 required=5 tests=[AWL=1.854, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHZFzaPDifsg for <sidr@ietfa.amsl.com>; Wed, 24 Oct 2012 09:58:06 -0700 (PDT)
Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A61221F880B for <sidr@ietf.org>; Wed, 24 Oct 2012 09:58:06 -0700 (PDT)
Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 2A0C79A6C8; Wed, 24 Oct 2012 16:58:07 +0000 (UTC)
Date: Wed, 24 Oct 2012 16:58:07 +0000
From: heasley <heas@shrubbery.net>
To: Shane Amante <shane@castlepoint.net>
Message-ID: <20121024165807.GP79235@shrubbery.net>
References: <m2sj95nru4.wl%randy@psg.com> <4B14E6F9-195C-4C1F-97E8-69ECE0F08041@juniper.net> <C0619671-4FA8-4B0C-9F78-D9836BE8B5FB@ericsson.com> <4EC7E1D2-1385-4BFC-89C6-CCF98B27D734@juniper.net> <2EBD8BE2-CFD3-4909-8BF9-9C2826A9BB1C@tcb.net> <FE9E6372-0F47-457F-B426-B314AB0241A0@castlepoint.net> <A64741BE-036C-4131-8459-8A6C665DB592@tcb.net> <BDF858CE-D3E6-4CCC-B6A9-329601DEBB92@castlepoint.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <BDF858CE-D3E6-4CCC-B6A9-329601DEBB92@castlepoint.net>
X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc
X-note: live free, or die!
X-homer: i just want to have a beer while i am caring.
X-Claimation: an engineer needs a manager like a fish needs a bicycle
X-reality: only YOU can put an end to the embarrassment that is Tom Cruise
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] origin attribute
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 16:58:08 -0000

Wed, Oct 24, 2012 at 10:53:58AM -0600, Shane Amante:
> Danny,
> 
> On Oct 24, 2012, at 9:11 AM, Danny McPherson <danny@tcb.net> wrote:
> > On Oct 23, 2012, at 6:03 PM, Shane Amante wrote:
> > 
> >> I suspect John is referring to the operational practice employed by some networks, right now, whereby they overwrite ORIGIN during receipt of an UPDATE into their network to 'normalize' ORIGIN to a consistent value.
> > 
> > Ironically, if "normalize[ing] ORIGIN to a consistent value" at an upstream AS results in a change to the ORIGIN code for a given path, you've _created INconsistent ORIGIN codes for the prefix in the routing system.  I suppose I understand why this might be desirable for a transit network provider, but as an edge AS I'd prefer to not have intermediate networks changing the values I set.
> 
> Fair enough.  In my defense :-), RFC 4271 does state that ORIGIN code "SHOULD NOT" be changed by any other speaker <http://tools.ietf.org/html/rfc4271#section-5.1.1>.  Fortunately, it doesn't say: "MUST NOT".  :-)
> 
> Perhaps a better question should be: is ORIGIN code still required, particularly from a BGP path selection perspective, in today's networks?  I would say "no".  (If you wanted to know the 'source' of a BGP route, there are already a plethora of BGP communities to help operators narrow this down ... but, this is more for convenience of troubleshooting, it doesn't need to be in path selection).
> 
> IOW, instead of "securing" ORIGIN, maybe folks should be looking at deprecating it?  IMO, this would have likely been a far more productive use of time than the deprecation of AS_SET's, (the latter of which I still maintain was a bad idea, done primarily for convenience w/out adequate consideration of it's _long-term_ usefulness).

its used as a "TE" knob, whether danny likes it or not.  given the lack of
TE knobs, a lot of hatred should be expected if its taken away (deprecated or
"secured").

> 
> >> This is especially valuable in cases where one network, A, is multi-homed to an adjacent network, B, and network A may not be announcing a consistent set of BGP path attributes associated with a set of IP prefixes at all locations.  Ultimately, this practice allows network B to consistently skip over ORIGIN and, instead, evaluate more well-understood BGP Path Selection criteria like MED's, IGP metric, etc.
> >> across the full set of "common" BGP routes, (i.e.: those with the same AS_PATH, LOCAL_PREF, etc.), learned across all exit points to network B.
> > 
> > I'm pretty sure MEDs and "IGP metric" are far more ambiguous and broken in practice than ORIGIN code (e.g., [1]), especially when comparing across paths learned from different adjacent ASes.
> 
> FWIW, I wasn't actually referring to to MED or IGP metric comparison across different AS_PATHs, rather MED or IGP metric comparison across same AS_PATHs.
> 
> Regardless, your point is valid that comparison of MED's, even just across the same AS_PATH, is oftentimes fraught with operational headaches/brokenness.  However, in defense of MED's :-), I believe that the root cause problem here is, most likely, an inability (or, worse, unwillingness) for the network sending MED's to continually fine-tune not only the MED value(s), but at the same time (just as importantly) to __intelligently__, (i.e.: only when necessary), deaggregate [very] large prefixes in order that more relevant MED values can be targeted at those more specifics resulting in better 'signals' toward upstream networks.  Then again, we might agree to disagree on this.   :)
> 
> 
> To the larger point of going back to actual requirements for this work, then why hasn't there been discussion in the requirements or threats documents about 'securing':
> - ORIGIN
> - NEXT_HOP: third-party NEXT_HOP at IXP's anyone?
>   BTW, I would note that the above would be an extremely clever way to divert traffic through a bad guy's network that would be completely invisible within the AS_PATH, (but could show up in traceroutes).  w00t!
> - MED's
> - BGP communities: which are quite commonly used to manipulate an upstream's BGP path selection algorithm (i.e.: raise/lower LOCAL_PREF) and/or _scope_ the announcement toward adjacent ASN's/routers, (i.e.: no-export, no-advertise, being the two standards-based ones)?
> 
> ... not even a mention of being "out-of-scope" and for what reason(s), even though draft-ietf-sidr-bgpsec-reqs-05 states: "As noted in the threat model, [I-D.ietf-sidr-bgpsec-threats], this work is limited to threats to the BGP protocol."  
> 
> Then again, there still isn't a serious acknowledgement that 'route leaks' are, in fact, a much more serious "threat to the BGP protocol", than manipulation of most of those BGP attributes even though the route-leaks problem has been crisply defined in 1.5 pages:
> http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01
> ... with further elaboration in this and associated drafts:
> http://tools.ietf.org/html/draft-dickson-sidr-route-leak-def-03
> 
> <sigh>
> 
> -shane
> 
> 
> 
> > -danny
> > 
> > 
> > [1] <http://www.nanog.org/meetings/nanog29/abstracts.php?pt=Njk2Jm5hbm9nMjk=&nm=nanog29>
> 
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email