IETF Logo Mail Archive

Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt

joel jaeggli <joelja@bogus.com> Mon, 16 January 2017 23:10 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3AFE12986A; Mon, 16 Jan 2017 15:10:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.099
X-Spam-Level:
X-Spam-Status: No, score=-10.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.199] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4c_DPrqv5hn; Mon, 16 Jan 2017 15:10:45 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE38129867; Mon, 16 Jan 2017 15:10:45 -0800 (PST)
Received: from mb-3.local ([IPv6:2601:647:4201:9e61:28fe:64ab:9f0b:9580]) (authenticated bits=0) by nagasaki.bogus.com (8.15.2/8.15.2) with ESMTPSA id v0GNAhdE006852 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 16 Jan 2017 23:10:43 GMT (envelope-from joelja@bogus.com)
X-Authentication-Warning: nagasaki.bogus.com: Host [IPv6:2601:647:4201:9e61:28fe:64ab:9f0b:9580] claimed to be mb-3.local
To: Marco Marzetti <marco@lamehost.it>
References: <148433210469.9788.12815016683609966013.idtracker@ietfa.amsl.com> <20170113184009.GC1055@Vurt.local> <7C35D47D-6605-4D6D-A97E-BD7139F36DBA@gmail.com> <7f08f967-247e-4060-b643-52bc45d8ab29@Spark> <1E278B10-A5BF-40BE-95C4-7A9B6AF6C817@gmail.com> <c55845cc-ca06-45c8-9b2e-075421d0447c@Spark> <m2lgueejxr.wl-randy@psg.com> <CAO367rX1jjOdenqgouzbTRBfeaWz+TFoUjGFJVtUr9tifwAw3g@mail.gmail.com> <20a8eefe-06e5-e1c9-04f8-3c4a66bc38f1@bogus.com> <CAO367rWdDkG7f7eF+FPj9VONsajZHYjTk7cEpWsxQKR1V9dnWw@mail.gmail.com> <44b83365-8ada-4e35-e485-885caa150f44@bogus.com> <CAO367rW7pGpK1y8EMBg7oWTx-Sz0N8EtBHqNupkhj5ECKmzCag@mail.gmail.com>
From: joel jaeggli <joelja@bogus.com>
Message-ID: <329500bc-d283-bf93-d6a6-79a0dae6e284@bogus.com>
Date: Mon, 16 Jan 2017 15:10:42 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Thunderbird/50.0
MIME-Version: 1.0
In-Reply-To: <CAO367rW7pGpK1y8EMBg7oWTx-Sz0N8EtBHqNupkhj5ECKmzCag@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="mHdHG0FtvRQE6V1Copl7METbAGuJ7gK0W"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/9p7OHZuJxUDTa3CvDVWBq71eqgg>
Cc: Randy Bush <randy@psg.com>, sidrops@ietf.org, GMO Crops <grow@ietf.org>, Job Snijders <job@ntt.net>
Subject: Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2017 23:10:47 -0000

On 1/15/17 6:35 AM, Marco Marzetti wrote:
> On Sat, Jan 14, 2017 at 9:10 PM, joel jaeggli <joelja@bogus.com> wrote:
>> On 1/14/17 3:58 AM, Marco Marzetti wrote:
>>> Joel,
>>>
>>> So you don't want your upstreams to honor RPKI just because they're
>>> 3rd parties between you and the other end?
>>
>> An ixp route-server is not a transit provider, all of the nexthops
>> exposed are in fact peers. So no I do not consider such a  device an
>> "upstream" it exists to service the policy needs of the peers on the
>> fabric  rather than that of the exchange operator.
>>
> 
> You can easily do the same in transit providers by disabling next-hop-self.

Nope, The router expressing nexthop self retains the available nexthops.
Under no circumstance is the router-server in the forwarding path, were
it, the route-server would be an upstream.

> 
>> I would  expect that a ixp route server that had a state policy of
>> validating rpki would not propagate invalid routes.
>>
>>> In the context of IXPs: instead of peering with the RS you should
>>> setup direct sessions with your partners if you really want to do
>>> prefix/path validation by yourself.

Consider the case where the invalid route masks an valid but longer path
from being advertised via the route server as the best path. in that
case the validating route-server is facilitating a prefix hijacking
which it would not have, had it discarded the route. You might argue
that this is no worse than not validating, however I think that is a
somewhat dubious point given that the rib on the route-server would show
otherwise.

>> No, I setup bilateral peering arrangements because they actually load
>> balance to my multiple ports, because the loci of control is
>> unambiguous, because it facilitates greatly build per session prefix
>> filters, and because they converge the control and forwarding path,
>> which has a tendency to fail much more gracefully in the face of l2
>> failures in distributed exchange fabric designs then does the route-server.
>>
> 
> Aren't we saying the same thing?
> Bilateral peering brings more control over what you send and receive.

we have a similar concurrence respecting the advantages. We appear to
differ on whether the route server offering a feature or not confers a
similar outcome.

> I just take an additional step and say that RPKI should be part of the
> default decision process of RSs

To confer the advantage you need to not allow invalid routes into your
best path selection processing.

> Regards.
> 
>>> Regards
>>>
>>>
>>> On Fri, Jan 13, 2017 at 11:28 PM, joel jaeggli <joelja@bogus.com> wrote:
>>>> On 1/13/17 1:54 PM, Marco Marzetti wrote:
>>>>> <rant>
>>>>> Every time one suggests a change related to the IXPs world we spend
>>>>> days arguing if it affects the neutrality and how.
>>>>> Do we really need that?
>>>>> </rant>
>>>>>
>>>>> Anyway, i can't see why IXPs can blackhole traffic (if the destination
>>>>> requests it), but cannot do the same with prefixes.
>>>>> After all if a prefix is invalid the owner requested it to be verified
>>>>> by the other parties.
>>>> In general the consequences for IX operator that either allows it
>>>> customers to attack each other over the exchange route-server or does so
>>>> itself seems severe. Loss of confidence in the disposition of one's own
>>>> routes seems like immediate grounds for depeering. If the routes remain
>>>> afterwards with the short as path; the operator is engaged in prefix
>>>> hijakcing.
>>>>
>>>> I personally find it dubious that I would choose to honor a third
>>>> parties efforts at origin validation if I did not myself validate them
>>>> but a signal from the exchange that it did validate the origin or that
>>>> there an invalid roa floating around is at a minimum very interesting.
>>>>> I suggest to default to drop and, if possible, to switch to announce
>>>>> with community if the peer requests it (for instance someone may want
>>>>> to collect invalid routes for analysis).
>>>>>
>>>>>
>>>>> On Fri, Jan 13, 2017 at 10:20 PM, Randy Bush <randy@psg.com> wrote:
>>>>>>> Adding grow@ietf.org for reality check.
>>>>>> no comment :)
>>>>>>
>>>>>> when you choose to use a route server [0], you have out-sourced much of
>>>>>> your policy and operational responsibilities.  seems to me that whether
>>>>>> this includes security decisions is a contract between the user and the
>>>>>> route server.
>>>>>>
>>>>>> so i might tell the server to drop invalids.  if i do not take that
>>>>>> (configurable, i presume) option, having the server mark them seems
>>>>>> helpful.
>>>>>>
>>>>>> randy
>>>>>>
>>>>>> --
>>>>>>
>>>>>> 0 - i suspect none of job, carlos, or i do.  so this is the experts
>>>>>>     telling other people what they should do. :)
>>>>>>
>>>>>> _______________________________________________
>>>>>> GROW mailing list
>>>>>> GROW@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/grow
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
> 
> 
>

v2.23.0 | Report a Bug | By Email