Re: [Sidrops] rfc7607 & multiple ROAs covering same resource
Declan Ma <madi@zdns.cn> Wed, 22 March 2017 02:06 UTC
Return-Path: <madi@zdns.cn>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 276B1129422 for <sidrops@ietfa.amsl.com>; Tue, 21 Mar 2017 19:06:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JqDP5kM3gE0B for <sidrops@ietfa.amsl.com>; Tue, 21 Mar 2017 19:06:28 -0700 (PDT)
Received: from gw1.turbomail.org (gw1.turbomail.org [159.8.83.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA9A0126BF7 for <sidrops@ietf.org>; Tue, 21 Mar 2017 19:06:27 -0700 (PDT)
X-TM-DID: 9b50029a547c1665d896c12ada7d969c
Content-Type: text/plain; charset="gb2312"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Declan Ma <madi@zdns.cn>
In-Reply-To: <D3D544F1-4120-4EA0-A053-8CAD2F16986D@juniper.net>
Date: Wed, 22 Mar 2017 10:01:56 +0800
Cc: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, "sidrops@ietf.org" <sidrops@ietf.org>, Job Snijders <job@ntt.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <22F74981-4FF1-43E6-A2A6-BE54226EAB46@zdns.cn>
References: <20170321135423.tye6fyixctuyzzay@Vurt.local> <D0532F66-BDD0-4E08-B7FC-F8555F89CA06@zdns.cn> <20170321155018.ufekfatlgrelgih5@Vurt.local> <44BEFF34-13C2-4660-8439-B46F86E935F2@zdns.cn> <15c6acae82454db0861f4dddf998669a@XCH-ALN-014.cisco.com> <D3D544F1-4120-4EA0-A053-8CAD2F16986D@juniper.net>
To: "John G. Scudder" <jgs@juniper.net>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/7KZFoxOA0e4kWDXHT3ZZjOWEorg>
Subject: Re: [Sidrops] rfc7607 & multiple ROAs covering same resource
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 02:06:31 -0000
John, > 在 2017年3月22日,02:26,John G. Scudder <jgs@juniper.net> 写道: > > To add to this, there's a fairly obvious use case for having two extant ROAs, one for AS 0 and one for another ASN -- make-before-break. I'm not sure why you'd persistently have both of them, but it seems harmless. Or at least "mostly harmless" to quote D. Adams. > Agreed. “Make-before-break” is making sense here :-) > As for 7606 itself, I think nothing needs to be changed. The text related to ROAs is only there to provide motivation -- the only normative language in the RFC is in section 2, and it doesn't talk about ROAs or route validation. I just reread the section and it seems clear to me. In short: don't put AS 0 on the wire in a BGP message. The conversation we’re now having is evidence no good deed goes unpunished -- if the motivating text had been omitted and only section 2 published, we'd be good I guess. > > The 6483 section 4 language trips over itself a bit -- if it were still in draft I'd suggest removing the "by convention" language since it's nonsense. But it’s harmless nonsense (or at least "mostly harmless") since in the very next clause it says "this is not a strict requirement". > > Doesn’t seem like there's a problem in need of fixing. Right. It also seems to me there is no need of fixing. I comprehended “by convention” as a sort of suggestion, while “not a strict requirement” do leaves it to operator to do at its discretion. Huh, one is free to have multiple ROAs existence with ROA 0 included. Yet I believe the very implication is quite conspicuous. Declan (Di) > > --John > >> On Mar 21, 2017, at 1:56 PM, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote: >> >> RFC 7607 does use the word "only": >> >> This allows a resource holder to signal >> that a prefix (and the more specifics) should not be routed by >> publishing a ROA listing AS 0 as the only origin. >> >> >> https://tools.ietf.org/html/rfc6483 >> >> In an environment of a collection of valid ROAs, a route's validity >> state is considered to be "valid" if any ROA provides a "valid" >> outcome. It's validity state is considered to be "invalid" if one >> (or more) ROAs provide an "invalid" outcome and no ROAs provide a >> "valid" outcome. >> >> The ROA for AS 0 provides an "invalid" outcome. >> However, the other ROA provides a "valid" outcome. >> Therefore, the final outcome is "valid". >> >> Thanks, >> Jakob. >> >> >>> -----Original Message----- >>> From: Sidrops [mailto:sidrops-bounces@ietf.org] On Behalf Of Declan Ma >>> Sent: Tuesday, March 21, 2017 9:00 AM >>> To: Job Snijders <job@ntt.net> >>> Cc: sidrops@ietf.org >>> Subject: Re: [Sidrops] rfc7607 & multiple ROAs covering same resource >>> >>> Job, >>> >>>> 在 2017年3月21日,23:50,Job Snijders <job@ntt.net> 写道: >>>> >>>> Hi Declan, >>>> >>>> On Tue, Mar 21, 2017 at 11:22:36PM +0800, Declan Ma wrote: >>>>> [RFC6483] states “A ROA with a subject of AS 0 (AS 0 ROA) is an >>>>> attestation by the holder of a prefix that the prefix described in the >>>>> ROA, and any more specific prefix, should not be used in a routing >>>>> context.” >>>>> >>>>> I believe this issue bears relevance with how RP software responds to >>>>> multiple ROAs existence with ROA 0 included. >>>>> >>>>> As for the example you provide, if both ROAs have been validated >>>>> successfully, it is up to RPs to generate output to BGP speakers. >>>>> >>>>> Even a ROA with AS 0 doesn’t preclude other valid ROAs, we should not >>>>> encourage this operation. >>>> >>>> How and why would you discourage this, if it is a valid mode of >>>> operation? Clarity is king. There may be legitimate use cases for doing >>>> this. >>>> >>> >>> There MAY be legitimate use cases for doing this. >>> >>> These cases should be justified before the WG discuss how to update RFC 7607. >>> >>> I am open to this operation, hoping to see more detailed context in which you said the owner of the ROAs was >>> intentional to do that. >>> >>> Declan (Di) >>> >>> _______________________________________________ >>> Sidrops mailing list >>> Sidrops@ietf.org >>> https://www.ietf.org/mailman/listinfo/sidrops >> >> _______________________________________________ >> Sidrops mailing list >> Sidrops@ietf.org >> https://www.ietf.org/mailman/listinfo/sidrops > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops
- [Sidrops] rfc7607 & multiple ROAs covering same r… Job Snijders
- Re: [Sidrops] rfc7607 & multiple ROAs covering sa… Declan Ma
- Re: [Sidrops] rfc7607 & multiple ROAs covering sa… Job Snijders
- Re: [Sidrops] rfc7607 & multiple ROAs covering sa… Declan Ma
- Re: [Sidrops] rfc7607 & multiple ROAs covering sa… Jakob Heitz (jheitz)
- Re: [Sidrops] rfc7607 & multiple ROAs covering sa… John G. Scudder
- Re: [Sidrops] rfc7607 & multiple ROAs covering sa… Declan Ma
- Re: [Sidrops] rfc7607 & multiple ROAs covering sa… Randy Bush