Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-ov-egress-01
Ben Maddison <benm@workonline.africa> Sat, 21 March 2020 07:59 UTC
Return-Path: <benm@workonline.africa>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A21F3A0C34; Sat, 21 Mar 2020 00:59:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KvzAk3gWhYwj; Sat, 21 Mar 2020 00:59:19 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2075.outbound.protection.outlook.com [40.107.21.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64A4C3A012A; Sat, 21 Mar 2020 00:59:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LEzmSYeVpyn+n0mxwiBcN77Ru8eje2iCbzweo7vwvTnk0YgRx3LRotd5h3B+zIt0WZ8/RRZzfQGc4huf2e912KlpC/lrzeY3fUM57BoLFF+r5OnG2l0KJBeJA8vK7YP18ny73st5I1bEk3bPWdAt3XFDYa6fbJdChgB7+NIrVeUD6PaoX0Ip+G44FTt14mcgzWPtgvgV0hGX8oM6xJ0RvT75MNmhFmItdl5ZeljQ+rTtfUeNbPORpzuY+md9jBRIb09J/6qPJLwiV8+lzy7R5O8hvZ95rdUY7ZBJ0uKHOTl7TNvXEtx7YxfA4yN9Nxe9/Bj9+N1nM0mXEmD06jnB3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=M18C1WInZIKHJ+CeNUgbhX8KDrmHDEuzAHPYi8MODjY=; b=YYR9tUJ18SqOLprntv2awzhU2FA36EMD4KSEKR9oDFY4AGU2k/DsZBLiOeUarX+30jYHTK52YcBzswrUOBul4s8Ry+X8JBsMb1b3wmcv99ANEUPDb5FvRP/Hcj9PMM28FtqptuJ2DOfwnZq+4yw+mbBjkPNo8CmV5jvmgr+1HLcWtmuEWa6+hLtnXL9Xj1QAPF1o3IipV64vf3vcvB+FpxotoRIaTl5YwMmcdGVOyY+EQxQw+GsL9q3/VXuwVDIA0r7wCrIu8NRuPHBlQ0bOAWT+TxyFepB7p7490WEDtwnCbeU5tG9xePLHn6b/JapgyM4LGgHxY02esGE3JJKKoQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=M18C1WInZIKHJ+CeNUgbhX8KDrmHDEuzAHPYi8MODjY=; b=OtUiHThCFfTvv35TneTaYiociD9UZ3irgxckCE7JdyGntdKBtXNy2bCg+NbH+ttp/EdEbg9wv7bAZ3++9CtqsZdJjA9jOam2XS83v3HXs80s6CdfnHz+2kpyOcJP6+W5WtwUPh/HhTgYJCF0tN8L861/epAwKa5R9XNNGN/rSI8=
Received: from AM7P190MB0583.EURP190.PROD.OUTLOOK.COM (52.135.56.21) by AM7P190MB0742.EURP190.PROD.OUTLOOK.COM (52.135.59.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.20; Sat, 21 Mar 2020 07:59:12 +0000
Received: from AM7P190MB0583.EURP190.PROD.OUTLOOK.COM ([fe80::994a:aedb:e28a:2252]) by AM7P190MB0583.EURP190.PROD.OUTLOOK.COM ([fe80::994a:aedb:e28a:2252%7]) with mapi id 15.20.2814.025; Sat, 21 Mar 2020 07:59:12 +0000
From: Ben Maddison <benm@workonline.africa>
To: "randy@psg.com" <randy@psg.com>, "warren@kumari.net" <warren@kumari.net>
CC: "nick@foobar.org" <nick@foobar.org>, "job@ntt.net" <job@ntt.net>, "last-call@ietf.org" <last-call@ietf.org>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "linda.dunbar@futurewei.com" <linda.dunbar@futurewei.com>, "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-ov-egress.all@ietf.org" <draft-ietf-sidrops-ov-egress.all@ietf.org>
Thread-Topic: [Sidrops] Opsdir last call review of draft-ietf-sidrops-ov-egress-01
Thread-Index: AQHV/Kb2XJdSWmlaN0iV0dnimUseQ6hNg3WAgAALw4CAAAK9gIADsLgAgABnuICAAAbTgIABAq2A
Date: Sat, 21 Mar 2020 07:59:12 +0000
Message-ID: <a160f13b6c796f05f404a02afb973b93397df3c0.camel@workonline.africa>
References: <158448201565.32201.9748655174984394118@ietfa.amsl.com> <624bd5c7-5459-64c2-5694-b77dde5835a6@foobar.org> <20200318012635.GE77479@vurt.meerval.net> <m2wo7i78bs.wl-randy@psg.com> <55f529777e4524b2ac2f6f94c0955611d04aa250.camel@workonline.africa> <m2k13f3t62.wl-randy@psg.com> <CAHw9_iJLPd9JTgY84o+sQD3saR839+zA+hf9rho9+Cyx8+beMA@mail.gmail.com>
In-Reply-To: <CAHw9_iJLPd9JTgY84o+sQD3saR839+zA+hf9rho9+Cyx8+beMA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=benm@workonline.africa;
x-originating-ip: [160.119.236.50]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 16d3c8e6-dbee-48dc-9b1f-08d7cd6dbe71
x-ms-traffictypediagnostic: AM7P190MB0742:
x-microsoft-antispam-prvs: <AM7P190MB0742ACFD58AC72657EC40D0FC0F20@AM7P190MB0742.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:295;
x-forefront-prvs: 034902F5BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(376002)(39840400004)(366004)(136003)(199004)(6512007)(2906002)(91956017)(66476007)(66946007)(76116006)(64756008)(186003)(6486002)(81166006)(26005)(86362001)(81156014)(2616005)(8936002)(5660300002)(316002)(66556008)(66446008)(966005)(8676002)(4326008)(6506007)(53546011)(54906003)(71200400001)(508600001)(110136005)(46492006)(99106002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM7P190MB0742; H:AM7P190MB0583.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: workonline.africa does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bNsDblJK61+MxtqxhGIsnAaZz7MZ4Tn8IZ3qrXV04YQhsY0CicqhIO7cb6tlTEnvzHHPfGMTlM2VUxkShXBgQBwOCsbQT4wzvqFSofW4cixH/RoxxzHhoY8QTD2C4sbNVVYLTdFOUikr8vbIbS6KBp2zeTjVic0F6yQ7Rl+jK9GRvtKqP157xO/Hm5dHFOWNERiC4nkl4/OUSEq2bonxH2AeCPh7e4B24o6ngOznRAmuJwv6VwejFBbVYB0vBF9s1lj2PYUpr8x6W+ZL05kQswn7FXq+n5iRbVlrf0zFU2dZxZkvLMBeva27xir/jmYJRg1aDHTI7w0b/9PWA1XopMi5GLiaIAfgUhPnIf6jbmJcE+vgowWroY5+ZC54cp+NVgknhexAOq43iDzXqNyqVXTk0Vlnk4i55Q5eP2alfyDR1EUP+obBiIQ2NY2XofgQZPMI7UgDvl7MVQCaq6AuHs+OimX31hL0RNpdKu//bAXHqEe+6PEDZrD4h2AncvlGJpL6L/q1i9MwRnzXxo94C9TJhguOpDhgQfNsRkOwlVPReiM/h/0JvGgRl0iIDlSGouzcMldOJjXNETyZOFixyIkzqd/ADtP2P0y+IUrhROA=
x-ms-exchange-antispam-messagedata: 2RIQDbTglov2NIEkTSGU9325wkGjI5cOJHYN5Y8OXVzTsqYBV9qR9J6D41ITu4rVHbzwLSE5rFZNAfQTjooM3SM9ybnpV+sc+GsGaRoqB4s48+CQPf//Tm6fcC/NsjsUc08IIoCYqVu4DZVJr4yI3g==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <0DE8DEBFE64AE946BE415DB98DE0CC59@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: 16d3c8e6-dbee-48dc-9b1f-08d7cd6dbe71
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2020 07:59:12.4458 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UzIviff3svCW4+Ovd+LApeNH1CBnCnCu6bDQ+Wim+HMU+f5/FTM7Pu+vdht+zT0GZTVsS2lXivLZU4krAw+2pA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P190MB0742
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/7NQsjF_FSc3xxVVv8nyg59wEm98>
Subject: Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-ov-egress-01
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Mar 2020 07:59:23 -0000
Hi Warren, On Fri, 2020-03-20 at 12:33 -0400, Warren Kumari wrote: > On Fri, Mar 20, 2020 at 12:11 PM Randy Bush <randy@psg.com> wrote: > > > > > > > BGP implementations have to take removal of private AS(s), > > > > > confederation, AS migration, etc into consideration. > > > > > > > > and the winds of summer. we do not need to enumerate all > > > > knobs, as > > > > if we could. > > > > > > > > > > But enumerating *some* helps the reader understand the context in > > > which > > > this is important/useful. > > > > which is why > > > > When applied to egress policy, the effective origin AS MUST be > > used > > to determine the Origin Validation state. The effective origin > > AS is > > that which will actually be the origin AS in the > > announcement. It > > might be affected by removal of private AS(s), confederation, AS > > migration, etc. > > > > One of the things that I personally like most about this document is > that it concise - it clarifies something for *implementors* to keep > in > mind / points out something where they might trip over something and > hurt themselves. > I only partially agree. For three reasons: - My experience over the last 12 months of running invalid==deny in production is that some implementors have managed to take every ambiguity in the various rov-related RFCs and translate it into bugs or fragile/hostile behavior. I think our lesson should be that even obvious-seeming spec gaps ought to be filled in this area. - Operators using implementations of this draft will observe behavioural differences between similar-seeming policy applied at different attachment points. This document should help them understand those differences. - We may very well see some implementations wind up with separate policy knobs for "enable rpki-rov" and "enable rpki-rov-egress". Again, operators will need a spec against which to validate that feature behaviour if it is claiming RFC compliance. > While I generally like examples and detail in RFCs, in this case it > would be "teaching your grandmother to suck eggs"[0] - the readers in > this case are folk who write BGP, the document basically says > "Warning: sharp object, careful with fingers" - having too much > detail > decreases the utility in this case. > > Again, I generally agree that documents should enumerate all of the > corner cases, have examples, etc - but in this case I think it would > do more harm than good... > I'm not suggesting turning this into a use-case doc. But enough color to make the mental link between real-world policy and protocol concepts is necessary, imho. Cheers, Ben > W > [0]: https://en.wikipedia.org/wiki/Teaching_grandmother_to_suck_eggs > > randy > > >
- [Sidrops] Opsdir last call review of draft-ietf-s… Linda Dunbar via Datatracker
- Re: [Sidrops] Opsdir last call review of draft-ie… Chris Morrow
- Re: [Sidrops] Opsdir last call review of draft-ie… Nick Hilliard
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush
- Re: [Sidrops] Opsdir last call review of draft-ie… Job Snijders
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush
- Re: [Sidrops] Opsdir last call review of draft-ie… Linda Dunbar
- Re: [Sidrops] Opsdir last call review of draft-ie… Ben Maddison
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush
- Re: [Sidrops] Opsdir last call review of draft-ie… Warren Kumari
- Re: [Sidrops] Opsdir last call review of draft-ie… Ben Maddison
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush