Re: [sidr] draft-ietf-sidr-origin-validation-signaling - new version submitted recently... WGLC?

Randy Bush <randy@psg.com> Thu, 24 October 2013 18:07 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 216B011E8347 for <sidr@ietfa.amsl.com>; Thu, 24 Oct 2013 11:07:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.495
X-Spam-Level:
X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiPnmM9sHdYa for <sidr@ietfa.amsl.com>; Thu, 24 Oct 2013 11:07:54 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) by ietfa.amsl.com (Postfix) with ESMTP id 0144611E81BE for <sidr@ietf.org>; Thu, 24 Oct 2013 11:07:49 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1VZPJv-0007As-JH; Thu, 24 Oct 2013 18:07:44 +0000
Date: Thu, 24 Oct 2013 20:07:42 +0200
Message-ID: <m24n86wnip.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Jay Borkenhagen <jayb@braeburn.org>
In-Reply-To: <21097.24175.772599.34788@oz.mt.att.com>
References: <5267E19C.7000208@ops-netman.net> <21097.24175.772599.34788@oz.mt.att.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Cc: Chris Morrow <morrowc@ops-netman.net>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-origin-validation-signaling - new version submitted recently... WGLC?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 18:07:55 -0000

> Note that routers do not perform prefix origin validation (compute
> the validation state as defined in [I-D.ietf-sidr-pfx-validate])
> for IBGP learnt routes.

that is opposite of 6811 and running code

   When a BGP speaker receives an UPDATE from a neighbor, it SHOULD
   perform a lookup as described above for each of the Routes in the
   UPDATE message.  The lookup SHOULD also be applied to routes that are
   redistributed into BGP from another source, such as another protocol
   or a locally defined static route.

> In a network where all edge routers are capable and configured to
> perform prefix origin validation on EBGP learnt routes it should not
> be necessary to perform that function also on IBGP learnt routes

internal router A has a nail-up for prefix P which it gates to ibgp.  it
is not (yet) validation capable, so does not realize it was fat fingered
and does not own P.  it announces ibgp to B, a border router within the
AS which is validation enabled.  you want B to catch the fat finger and
not propagate it to a neighbor whose noc then calls you to tell you that
you have net bad breath.

validation of routes locally originated and those heard via ibgp is good
sanitation.

randy