IETF Logo Mail Archive

Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018

"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Wed, 30 October 2019 17:50 UTC

Return-Path: <oliver.borchert@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DC8212001A for <sidrops@ietfa.amsl.com>; Wed, 30 Oct 2019 10:50:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ixaCpSi6lVhZ for <sidrops@ietfa.amsl.com>; Wed, 30 Oct 2019 10:50:10 -0700 (PDT)
Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840122.outbound.protection.outlook.com [40.107.84.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B78112000F for <sidrops@ietf.org>; Wed, 30 Oct 2019 10:50:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PEsqCumasCj5bhXofvXGYztl0jIu8ARBlf5Zc4Bntn3wto0z/aoEZuLjpnqe0s6OCHLxqMSeUdeYYLYopSjZhaGrforO/k2L31t2QegMvDUCCa/Tj/Nu/z/GFfx9CjerYe9gT1tthRU5Oz88yOkoIPgveHRH37AHsT6RyAxxFlswuIwnLdIdrnk1/bzgFx4eKU5V5PAaaqNvFiIHqRToVHwDvdccncDOL+t8ZmjRd5oN+Ss7TDXtoX7om3NukZ/HuDj/z3EmTne7v1uatQ8gJ7fmLk9oT/phrBf8XBMaCMHWH0Gb1S+HQN9p9oMfOwLAc1h3VM5g+EW8PEtYhnjNew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7UhX4f+zJ1ZrpNQ+9WrfsSK0CQYNdndBoG21EVS+f60=; b=W5oo9F/JNR7M/2mK20usKAGJeaxw9CXHKWBKtH3t0vmyj3Cg5R4fkfa1DWyz5Zy9KAFQkjG6ZsTwNGcXypuAohP1/7QejsIMjcC5ga3RHI2nOpfYpvk3ZTrtKLn7Yb07dC+wvpl62WF0h8S9DHe1D8E5aJCSvRSHUVZQRwiHMBfg4qIpdzUnNz0b5aalixdTEuQs+2GxV0crnmQtJeOTAVTKQGKZGEq7UbuCz5MV9lhHPgvp+RFRnTRhMDAdgSsn9FYcHYZi4Xqdpic3BiXr6cqui7ok5USYusr8rMIH/9tU+k+KmdXZ2m4bLLQULYP6B6kuM32ulxbMbjiSbUvnGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7UhX4f+zJ1ZrpNQ+9WrfsSK0CQYNdndBoG21EVS+f60=; b=zi+Rg/Kyd2RXzoewYKJP5ZWNPyV6Uj8Xe1m2HzAherDBvKmLotDzVyMBmTu82H7MqxMhu7MoKsEmtfI5ErWTNNsDATyJCdujbKcBH5GAhYgFJsww1eY/XUIumHob2fu3hNYOfGaSAN51iJ9d7YdcJVJJB8d5RazLIfZS6Eh1tr4=
Received: from SN6PR09MB3024.namprd09.prod.outlook.com (20.177.251.157) by SN6PR09MB2893.namprd09.prod.outlook.com (52.135.90.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Wed, 30 Oct 2019 17:50:07 +0000
Received: from SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd]) by SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd%6]) with mapi id 15.20.2387.028; Wed, 30 Oct 2019 17:50:07 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: Randy Bush <randy@psg.com>, Christopher Morrow <christopher.morrow@gmail.com>
CC: SIDR Operations WG <sidrops@ietf.org>, Daniel Kopp <daniel.kopp@de-cix.net>, Job Snijders <job@ntt.net>, "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
Thread-Topic: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018
Thread-Index: AQHUOifAhl7zE1LMVU2nqG1i5PteIKTL8neAgAMH8gCAEWE+gIAA7XyAgAAYbQCAAfNCgIAABTQAgAGYyoCCjf5JgIAAEWcAgALbDwA=
Date: Wed, 30 Oct 2019 17:50:07 +0000
Message-ID: <B41CC456-40F8-4D6C-8B5B-CD7705A1C6E7@nist.gov>
References: <CAL9jLaYqGt1+f3GaccNwjPOHxM34ifWDu5bhRx24PMYHpqV4XQ@mail.gmail.com> <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <CAL9jLaaYzZmGVgEPfuDze5D_yN5x_CMKFEnY7XwM2F7EycwEOQ@mail.gmail.com> <m2y3cgo4ta.wl-randy@psg.com> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> <F812E3F2-8882-410F-82A2-942BA3B3096C@de-cix.net> <CAL9jLaZrVYDyUEWVqn992wxGMurGsjrmDeu-jjR6Rp6smCv+1g@mail.gmail.com> <m2a79kd9gz.wl-randy@psg.com>
In-Reply-To: <m2a79kd9gz.wl-randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov;
x-originating-ip: [2610:20:6222:140:a4f5:713d:1ea1:f9a2]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 5835e85c-486a-41e8-b19e-08d75d619a48
x-ms-traffictypediagnostic: SN6PR09MB2893:|SN6PR09MB2893:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <SN6PR09MB2893CFAA8ED60577CFE6309D98600@SN6PR09MB2893.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(39860400002)(366004)(136003)(346002)(199004)(189003)(76176011)(66556008)(64756008)(186003)(6512007)(66476007)(478600001)(6506007)(66946007)(316002)(86362001)(107886003)(58126008)(66446008)(102836004)(76116006)(45080400002)(4326008)(14454004)(91956017)(6116002)(2906002)(14444005)(7736002)(486006)(5660300002)(6246003)(36756003)(6306002)(6436002)(46003)(8936002)(229853002)(81166006)(33656002)(8676002)(81156014)(2616005)(110136005)(446003)(11346002)(54906003)(256004)(99286004)(71200400001)(476003)(71190400001)(305945005)(25786009)(6486002)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB2893; H:SN6PR09MB3024.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: E+Li9tPhkq+dC4G9n8YkgzvPu/08HKo+XMeRWOhpiYPTuRSS21QTRbsJTDMrVBWoCCjklEoBCKoK1gXe5+JrzkiKKpc9VKl5WoUmWqJMxt7GTUDd1P/Y3tjBnhialSQxADjXxv1C1RLOMLtWo1+whuV0MzBpgVc4D5GceeIngCsqjREktSbgWxhCLS4HR5FEQAvIMiQgH6DF/hyNYeedGxJi3YLGaUb0olfYYwNF6Q8kHv8bEqyoGXacuVyRprRnNAuHDZcegpSeWLbCXNfqVD1/a8ncv9Wls8W2hxaL8haMbp6vUB0qmF9h6OMXjLpZ18ZbR4t8D3Sk39D8Shvidn9GUoN6fusaCUFK3nm+zf0a/4LFt06hqpq3NJ4U6dRzNCsGP3wFkSUtlsEdxYK27fLiPAhGMQTro40meDj2UNP3ZQZHwa5uuRdv3RTzhC3usjnxPkpl9WvRs2XWHF6DxxualyHTcrM/8PWLaJw01os=
Content-Type: text/plain; charset="utf-8"
Content-ID: <E0BB3431912B404998C046F80EA334A4@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 5835e85c-486a-41e8-b19e-08d75d619a48
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2019 17:50:07.5142 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WtC4ccL7oqLjLotif5qaFI3uR40/vH4fw8N5AhlPp8o8sn2+YWkl1W+23C+4ipgJ7C04BE2FVBG3iAJuJIxBHQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB2893
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/8CfY2T07U81igfwAxGzjF5aq1iQ>
Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 17:50:14 -0000

Randy makes a good point by proposing to merge multiple efforts into one single approach. This will eliminate any possible confusion going forward. During the adoption call for signaling BGPsec path validation, a valid point was raised to use the current RFC 8097 signal and extend it using a section of the reserved field. Using BGPsec unverified as value 0 allows backwards compatibility and I am currently in the process of modifying draft-sidrops-bgpsec-validation-signaling to update 8097 for that purpose.

Today, I was talking to Daniel and I believe we can solve the issues addressed in draft-ietf-sidrops-validating-bgp-speaker. 
The current RFC 8097 already opens the door for signaling the attribute via EBGP. The end of section RFC 8097 section 5 reads:

"... However, it SHOULD be possible to configure an implementation to send or	 		
accept the community when warranted.  An example of a case where the	 		
community would reasonably be received from, or sent to, an EBGP peer	 		
is when two adjacent ASes are under control of the same	 		
administration.  A second example is documented in [SIDR-RPKI]."

With the current wording of "when warranted", one can make the case that a contractual agreement between two adjacent ASes which are NOT under control of the same administration could also warrant such exchange. Said that some extra wording to make this more clear or even simplify the issue can easily be added. This will also be helpful for future BGPsec validation state signaling where larger ISP's could perform the majority of BGPsec path validation and the client peer just would validate the last hop - if at all needed.

Regarding Operational Recommendations (section 5 of draft-ietf-sidrops-validating-bgp-speaker-03 ), I would propose to put this into a separate draft or maybe BCP. The different operational modes described there are worthwhile keeping but should be separate from the signaling,

Thoughts?

Oliver 


On 10/28/19, 2:13 PM, "Sidrops on behalf of Randy Bush" <sidrops-bounces@ietf.org on behalf of randy@psg.com> wrote:

    > At this point, I think a clear signal from the WG would help the
    > authors change their draft OR abandon it.
    
    this draft, and others, should merge to use a common signal.  i think
    oliver has the need here.
    
    randy
    
    _______________________________________________
    Sidrops mailing list
    Sidrops@ietf.org
    https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsidrops&amp;data=02%7C01%7Coliver.borchert%40nist.gov%7Cc9707c8f107741dd7a2208d75bd2941f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637078832292414198&amp;sdata=LHM0DkGM6sqMwy1%2F3vhzWvPyP5aHaaEujo%2FZLt4IqRU%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email