Re: [sidr] draft-ietf-sidr-origin-validation-signaling - new version submitted recently... WGLC?
Randy Bush <randy@psg.com> Thu, 24 October 2013 18:07 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 216B011E8347 for <sidr@ietfa.amsl.com>; Thu, 24 Oct 2013 11:07:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.495
X-Spam-Level:
X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiPnmM9sHdYa for <sidr@ietfa.amsl.com>; Thu, 24 Oct 2013 11:07:54 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) by ietfa.amsl.com (Postfix) with ESMTP id 0144611E81BE for <sidr@ietf.org>; Thu, 24 Oct 2013 11:07:49 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1VZPJv-0007As-JH; Thu, 24 Oct 2013 18:07:44 +0000
Date: Thu, 24 Oct 2013 20:07:42 +0200
Message-ID: <m24n86wnip.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Jay Borkenhagen <jayb@braeburn.org>
In-Reply-To: <21097.24175.772599.34788@oz.mt.att.com>
References: <5267E19C.7000208@ops-netman.net> <21097.24175.772599.34788@oz.mt.att.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Cc: Chris Morrow <morrowc@ops-netman.net>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-origin-validation-signaling - new version submitted recently... WGLC?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 18:07:55 -0000
> Note that routers do not perform prefix origin validation (compute > the validation state as defined in [I-D.ietf-sidr-pfx-validate]) > for IBGP learnt routes. that is opposite of 6811 and running code When a BGP speaker receives an UPDATE from a neighbor, it SHOULD perform a lookup as described above for each of the Routes in the UPDATE message. The lookup SHOULD also be applied to routes that are redistributed into BGP from another source, such as another protocol or a locally defined static route. > In a network where all edge routers are capable and configured to > perform prefix origin validation on EBGP learnt routes it should not > be necessary to perform that function also on IBGP learnt routes internal router A has a nail-up for prefix P which it gates to ibgp. it is not (yet) validation capable, so does not realize it was fat fingered and does not own P. it announces ibgp to B, a border router within the AS which is validation enabled. you want B to catch the fat finger and not propagate it to a neighbor whose noc then calls you to tell you that you have net bad breath. validation of routes locally originated and those heard via ibgp is good sanitation. randy
- [sidr] draft-ietf-sidr-origin-validation-signalin… Chris Morrow
- Re: [sidr] draft-ietf-sidr-origin-validation-sign… Stephen Kent
- Re: [sidr] draft-ietf-sidr-origin-validation-sign… Jay Borkenhagen
- Re: [sidr] draft-ietf-sidr-origin-validation-sign… Randy Bush
- Re: [sidr] draft-ietf-sidr-origin-validation-sign… Pradosh Mohapatra