Re: [sidr] AD review and progressing draft-ietf-sidr-as-migration-02
"George, Wes" <wesley.george@twcable.com> Mon, 02 February 2015 18:39 UTC
Return-Path: <wesley.george@twcable.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76FEC1A87A9 for <sidr@ietfa.amsl.com>; Mon, 2 Feb 2015 10:39:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.926
X-Spam-Level: **
X-Spam-Status: No, score=2.926 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PgtgJKrL0xhH for <sidr@ietfa.amsl.com>; Mon, 2 Feb 2015 10:38:58 -0800 (PST)
Received: from cdcipgw02.twcable.com (cdcipgw02.twcable.com [165.237.91.111]) by ietfa.amsl.com (Postfix) with ESMTP id 268231A884E for <sidr@ietf.org>; Mon, 2 Feb 2015 10:38:57 -0800 (PST)
X-SENDER-IP: 10.136.163.15
X-SENDER-REPUTATION: None
X-IronPort-AV: E=Sophos;i="5.09,507,1418101200"; d="scan'208,217";a="213796786"
Received: from unknown (HELO PRVPEXHUB06.corp.twcable.com) ([10.136.163.15]) by cdcipgw02.twcable.com with ESMTP/TLS/RC4-MD5; 02 Feb 2015 13:30:28 -0500
Received: from PRVPEXVS10.corp.twcable.com ([10.136.163.41]) by PRVPEXHUB06.corp.twcable.com ([10.136.163.15]) with mapi; Mon, 2 Feb 2015 13:38:56 -0500
From: "George, Wes" <wesley.george@twcable.com>
To: Alia Atlas <akatlas@gmail.com>, "draft-ietf-sidr-as-migration@tools.ietf.org" <draft-ietf-sidr-as-migration@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Date: Mon, 02 Feb 2015 13:38:53 -0500
Thread-Topic: AD review and progressing draft-ietf-sidr-as-migration-02
Thread-Index: AdA/F4AazMPW/KhpQamgGz77RvqMOg==
Message-ID: <D0F5254B.41CBA%wesley.george@twcable.com>
References: <CAG4d1reTZ8xcR8EO61Ap_VHsEdfgh19tk46o0ns+QFRAD=mPDQ@mail.gmail.com>
In-Reply-To: <CAG4d1reTZ8xcR8EO61Ap_VHsEdfgh19tk46o0ns+QFRAD=mPDQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_D0F5254B41CBAwesleygeorgetwcablecom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/w_D3ChcImM92kJgXEeXNE_jWG_4>
Subject: Re: [sidr] AD review and progressing draft-ietf-sidr-as-migration-02
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2015 18:39:00 -0000
Alia – thanks for the review. Consider this ACK for all comments except the ones below, inline with WG] I have a –03 draft in the edit buffer, and will publish once the below is resolved. Thanks, Wes From: Alia Atlas <akatlas@gmail.com<mailto:akatlas@gmail.com>> Date: Friday, January 30, 2015 at 3:50 PM To: "draft-ietf-sidr-as-migration@tools.ietf.org<mailto:draft-ietf-sidr-as-migration@tools.ietf.org>" <draft-ietf-sidr-as-migration@tools.ietf.org<mailto:draft-ietf-sidr-as-migration@tools.ietf.org>>, "sidr@ietf.org<mailto:sidr@ietf.org>" <sidr@ietf.org<mailto:sidr@ietf.org>> Subject: AD review and progressing draft-ietf-sidr-as-migration-02 Resent-To: <sandy@tislabs.com<mailto:sandy@tislabs.com>>, "George, Wes" <wesley.george@twcable.com<mailto:wesley.george@twcable.com>> a) Language around draft-ietf-idr-as-migration is more tentative than is appropriate when that draft and this are going to be RFCs. Please clean that up. WG] other than removing the first paragraph of section 4 (done), and fixing the intro (removed de facto), were there other places that this needs to be addressed? b) In Sec 3.1, it says "If the route now shows up as originating from AS64500, any downstream peers' validation check will fail unless a ROA is *also* available for AS64500 as the origin ASN, meaning that there will be overlapping ROAs until all routers originating prefixes from AS64510 are migrated to AS64500." I think the second AS64500 should be AS64510. WG] no. This is saying that a ROA already exists for 64510, but needs to exist for 64500. The distinction the second half of that section is making is that in addition to generating a ROA for 65400 for any prefixes originated by the router being moved, because of replace-AS, you may have to generate ROAs for 65400 for routes that are originating on routers still in 65410. If that explanation is any clearer, I can try to edit the text to reflect this. e) In draft-ietf-idr-as-migration, the case of handling AS migration in iBGP sessions is also covered. I assume that because it is iBGP sessions, there is no work to be done for BGPsec. Could you please add a quick obvious statement to that effect? WG] hmm. This solution was originally written before the iBGP stuff was added, and it didn't occur to me that it may need to be discussed here. Pitfalls of two largely parallel docs, I guess. The iBGP AS migration discussed is basically just listening for open on either ASN, but otherwise treats the session as iBGP even if the ASN is not the same as the globally-configured one. Thus there are two ASNs involved, and this is mainly the same as AS migration with eBGP, in that the migrating router would need to have a pcount=0 from old ASN to New in order to hide that path in routes that are signed to the old ASN from downstream eBGP peers. The wrinkle is that instead of the migration point being on the edge router between its eBGP peers and its iBGP peers, the migration point is now one router upstream, between two iBGP peers (i.e. The router in the old ASN doesn't necessarily know to mask its global ASN with pcount=0, and so the router that is at the actual border between the two ASNs will have to do the pcount=0 trick to the "iBGP" updates it receives. I'll need to add some text in 5.3 to cover this case. Good catch. ________________________________ This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
- Re: [sidr] AD review and progressing draft-ietf-s… Randy Bush
- [sidr] AD review and progressing draft-ietf-sidr-… Alia Atlas
- Re: [sidr] AD review and progressing draft-ietf-s… Alia Atlas
- Re: [sidr] AD review and progressing draft-ietf-s… George, Wes
- Re: [sidr] AD review and progressing draft-ietf-s… Christopher Morrow
- Re: [sidr] AD review and progressing draft-ietf-s… George, Wes
- Re: [sidr] AD review and progressing draft-ietf-s… George, Wes
- Re: [sidr] AD review and progressing draft-ietf-s… George, Wes
- Re: [sidr] AD review and progressing draft-ietf-s… Alia Atlas
- Re: [sidr] AD review and progressing draft-ietf-s… Alia Atlas