IETF Logo Mail Archive

Re: [Sidrops] Genart last call review of draft-ietf-sidrops-ov-egress-01

Ben Maddison <benm@workonline.africa> Fri, 20 March 2020 10:12 UTC

Return-Path: <benm@workonline.africa>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D89A3A079E; Fri, 20 Mar 2020 03:12:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, T_SPF_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4R12EA_3f2rB; Fri, 20 Mar 2020 03:11:46 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20607.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::607]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED2673A079B; Fri, 20 Mar 2020 03:11:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iw+uHZxexffmYyFAIkjfTMEm4bQfxJi/eWWxZUD7K296dh0uHReDsdlYBv000zeYNgkH/JDw4qEeYi8BSLII63zqtasVlele2c/PaZ/PSmHbRub4QC5VMlZaQijgt+ontOTe00GdkZ5girkvkG75u/SoyhDcbPAGKuq46RJ4Hv7RiNZq4hUqKEub0tvGfsYpDKtfzJ9nCmrK8p0rblv3ktvhFmftoAaS4Y/bbeqveOdBi1zhx71+FYX/rGW2rzd/iC9p1EcluUp+17dGiE71ACHjDXwDEsyGMiy+k5K61R0wXQ73rfZvnyDV7TqA6wd7zbJFzMYj9UwZYCIOQftlkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=L9DrfwQkiJ/SKjCFZB4c76+SMCrNvkDwE0D16i62QDU=; b=Emgfg2MtF/VK6SCj0y0X+jVyRdWcDlOFrC27X694o1M92ZZ15Bvb9MFMbgo830xnn4EQE/qwk4/7SqVhaMUx4EfC/B2WBHVKpk11UWzKXOeTWjuL5WlRb4kLd8ho3jwi9NWETx3CjyG3B+8IpALKtPNO6yfocUhuAstwIUVOsXezMMr1LAad5op0V+vp+DF+eM/zVFBqghKwgJtGfkALUYI+gNjtqAMImxKfTmykpe8J/YzgzpHIyRc+ADo0SCVuStSIAARFLvZYLWC60FxaaRcbJbqwyounDZsmLzA8D45aClMClcMotae+Dw1hoDlljhniAtoC/DdDcTTsprk34Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=L9DrfwQkiJ/SKjCFZB4c76+SMCrNvkDwE0D16i62QDU=; b=UyPlsPG1zm7ZFdkfuxgiIDWwzSIAbiYx8nQUXXuxXRmaguPUyxV/vXZzYOguqm+Frd4vuxMg0caRP6EC3E9sK5KQV5DPDm7EvdqQ9qApFHkFMjvPnNSuGPOARealOR24folXmsZ6J54IaKZMqsGufPLzM2bTBH7+Pds7KrMjQgI=
Received: from AM7P190MB0583.EURP190.PROD.OUTLOOK.COM (52.135.56.21) by AM7P190MB0695.EURP190.PROD.OUTLOOK.COM (52.135.56.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.20; Fri, 20 Mar 2020 10:11:20 +0000
Received: from AM7P190MB0583.EURP190.PROD.OUTLOOK.COM ([fe80::994a:aedb:e28a:2252]) by AM7P190MB0583.EURP190.PROD.OUTLOOK.COM ([fe80::994a:aedb:e28a:2252%7]) with mapi id 15.20.2814.025; Fri, 20 Mar 2020 10:11:20 +0000
From: Ben Maddison <benm@workonline.africa>
To: "randy@psg.com" <randy@psg.com>, "keyur@arrcus.com" <keyur@arrcus.com>
CC: "last-call@ietf.org" <last-call@ietf.org>, "rjsparks@nostrum.com" <rjsparks@nostrum.com>, "sidrops@ietf.org" <sidrops@ietf.org>, "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-sidrops-ov-egress.all@ietf.org" <draft-ietf-sidrops-ov-egress.all@ietf.org>
Thread-Topic: [Sidrops] Genart last call review of draft-ietf-sidrops-ov-egress-01
Thread-Index: AQHV/VAnBdRzgu0rVUGGU8YdM7o2yKhOw/8AgAKBKwA=
Date: Fri, 20 Mar 2020 10:11:20 +0000
Message-ID: <37beff1136180992cc9b1a209cd5880a9db0dbff.camel@workonline.africa>
References: <158411258778.3418.757369789772046254@ietfa.amsl.com> <m2y2ry78fq.wl-randy@psg.com> <933a9d0d-319e-f6fb-4d02-82e27bb00509@nostrum.com> <m2o8su7383.wl-randy@psg.com> <5A210359-FE01-40BF-9BAD-E0250BB31BFC@arrcus.com> <m2v9n15teb.wl-randy@psg.com>
In-Reply-To: <m2v9n15teb.wl-randy@psg.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=benm@workonline.africa;
x-originating-ip: [165.0.73.66]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 458a3855-7139-4135-7d4b-08d7ccb7096f
x-ms-traffictypediagnostic: AM7P190MB0695:
x-microsoft-antispam-prvs: <AM7P190MB0695F879D021955204637423C0F50@AM7P190MB0695.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 03484C0ABF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39840400004)(136003)(199004)(64756008)(2906002)(26005)(6512007)(6506007)(66946007)(76116006)(91956017)(5660300002)(8676002)(81156014)(2616005)(66446008)(81166006)(54906003)(4326008)(86362001)(66476007)(66556008)(71200400001)(6486002)(316002)(8936002)(186003)(110136005)(508600001)(46492006)(99106002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM7P190MB0695; H:AM7P190MB0583.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: workonline.africa does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Wj2WRXok6wfCqhLpBleF1LyjRyRfRzybwWqQ5EckBdyHXGZ/KuJ3wc1rmwjyVcB7gpCz+BnyNTvtuR5aMWel75GBuRRR9C7QTbsCsgNUi5GXWK9uAZjynIP0NnX7Bhf0xNsjwIH8ebxXaHOpZjK2oVZu0iDdC8CE4TP+XdoRMf08aGeoW5CH4k3vMwui+F9xm7t7daulz+LUb0PDUjNE8FwJb44BB3et8bYojrPD8rlaNW8PNL3F83UdKnmdQ/dqe0EncMWhkknLQUo9WV+5b2SgVsZfTPzRaAijENFkQ2ea3AQdzQhKTnZpdgqWnKFGPXZd7jLPy6V1ZGYy0sbAyIfgAlYZemx1iVV/aYsVmyNU901ulSVPR0yIGhOmdlfTAmW+6SxJy7x/AcVMwowUV1YPGDVwmyqPVm0oRUKdkAIc1GebJzUmXgxsHpEMCVnyN/ZQYTEuZPFGExYlFF4yc50L1ireiId8aQzoFELhFBWML6sO2FfIgWPm5DlT4oxHNC74oyI3xFY+9UOTohjqGw==
x-ms-exchange-antispam-messagedata: 0/8rLiH4CRtaIPDdZhWekZ0qHkZTfGyUnBCbBpf6j/HKyzbKujJwCu6jiKmDI/nbGMPPvovqSKZjQvGgC0y5LWYZulEHkyaEm3XJmzJ8tCaLYDrKxxLrJTC2fK1Iz7kzIeN9s8p5nyTfkgU+Gt+cfg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <BB92EA537BBC6148AE0EFCAE12B5F2B2@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: 458a3855-7139-4135-7d4b-08d7ccb7096f
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2020 10:11:20.4452 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iT3ZZDZBwsPWg74MCBSoBXFWK1yGwXBFM/1HUCIHyHadBG0S/dqwEBP3aRMCBVTdiAeOtI0qDPOjfeXrKST9ww==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P190MB0695
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/6aeUv4VE0p99YqYfFCi12iD9_Dk>
Subject: Re: [Sidrops] Genart last call review of draft-ietf-sidrops-ov-egress-01
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2020 10:12:01 -0000

On Wed, 2020-03-18 at 12:56 -0700, Randy Bush wrote:
> ( warning: quote depth errors and top posting.  keyur's mta, well
> let's
> not get into that :)
> 
> > Speaking as a wg member.
> 
> and one of the first ROV implementors, tyvm.
> 
> > Shouldn’t you be checking the "my autonomous system number" in the
> > update message (when sending it out to the ebgp peer) as opposed to
> > "my autonomous system number" in the open message.
> > 
> > Regards, Keyur
> > 
> > On 3/17/20, 8:27 PM, "Randy Bush" <randy@psg.com> wrote:
> > 
> > > I wanted to avoid "be able to be" and have an explicit actor. I
> > > see
> > > the difficulty you point to below.
> > 
> > i am happy to change to the following
> > 
> > > > As the origin AS may be modified by outbound policy, a BGP
> > > > speaker
> > > > MUST apply ROV policy semantics using the My Autonomous System
> > > > number
> > > > in the BGP OPEN message (see RFC 4271 section 4.2) issued to
> > > > the peer
> > > > to which the UPDATE is being sent.
> > 
> > but, in my free opinion, as it is in IETF LC, the change is enough
> > that
> > it might require approval by chairs and/or AD.
> 
> i think you're right.  what counts for ROV is the origin AS in the
> UPDATE.  open a hole to deviate from that and ...
> 
> and we have to remember that, for these UPDATEs which are
> redistributed
> into BGP by this speaker, have their AS_PATH first created when sent
> to
> the peer.  i.e. we can not (yet) speak of the origin AS in the
> AS_PATH.
> 
> so maybe
> 
>     As the origin AS of a BGP UPDATE is decided by configuration and
>     outbound policy of the BGP speaker, a validating BGP speaker MUST
>     apply Route Origin Validation policy semantics against the origin
>     Autonomous System number which it will put in the AS_PATH (see
> RFC
>     4271 4.3 Path Attributes:b) of the UPDATE to the peer.
> 

Although a little more verbose, perhaps the following is more explicit?

    As the origin AS of a BGP UPDATE is decided by configuration and
    outbound policy of the BGP speaker, a validating BGP speaker MUST
    apply Route Origin Validation policy semantics against the Route
    Origin ASN as determined by applying the procedure in [RFC6811,
    Section 2] to the AS_PATH (see RFC 4271 4.3 Path Attributes:b) that
    it will send in the UPDATE to the peer.

Cheers,

Ben

v2.23.0 | Report a Bug | By Email