IETF Logo Mail Archive

Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt

Marco Marzetti <marco@lamehost.it> Sun, 15 January 2017 15:03 UTC

Return-Path: <marco@lamehost.it>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1293912959D for <sidrops@ietfa.amsl.com>; Sun, 15 Jan 2017 07:03:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lamehost-it.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGwiYrNss9mZ for <sidrops@ietfa.amsl.com>; Sun, 15 Jan 2017 07:03:50 -0800 (PST)
Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com [IPv6:2607:f8b0:400c:c08::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6026612947A for <sidrops@ietf.org>; Sun, 15 Jan 2017 07:03:50 -0800 (PST)
Received: by mail-ua0-x232.google.com with SMTP id 35so66711116uak.1 for <sidrops@ietf.org>; Sun, 15 Jan 2017 07:03:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lamehost-it.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=HtWKAVrV3NW8eCs8iPZxYEqRMv1fm8l1ybHYJ9SQ2DM=; b=a7ewK+OXBnkGxjNN9W5o8DgITKRoCVIkntSqU5WMGPXnXNE/acXQ1EAQdGDIAhZkXf uj4UO52xONvfUL1ITbCkb3lq0idAciNg3PvZVTRWiIUYD4ztLhfSR1gf+7LNM4cKFnCQ dfpmkzpUJJE03XqsROxyRXAJSREhfh/OWP/4Z9CTM8GOpjo65LubFjYY9sA7dRlxq2o4 iBJ6VjZQ0222lNERER4fQW9GcbLLQYgR0ZUM6rZmOCUIlZ6r5bUQ1wqfKcRTIQY6vyu6 84Y98OIybFU1Od9lCzq3f4QJEFQZJuvhnlOL6pAn1Xd1oKvMQY/tB7NaCwrC2Sjco8ek U9iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=HtWKAVrV3NW8eCs8iPZxYEqRMv1fm8l1ybHYJ9SQ2DM=; b=r3Xu7Ou2KGX+1XFqRBmPUk/jw9Et6Cf36buzCma08PB/Ba4cOgINdWrNJkaJySHEyt iAKmP13Gv9XcobhiOTibDhdrQOkN3qbs3ryRii5PGOwQ1XdGNvby1S2SL1HKFW8LftOJ /lgxtTladfv3xLU5mhT33x9yAb7xtNfW6EcHkPaNbQmaEH7NvSuvpfTP9gMI+QkFhdip rquymEMMDNynkHgCa1xYrk52ulZW24gF8p8oPlQcPub8tHxgr1Rs4fuIG4z2QHDB2+X9 QhpP5gbxEtVrk8SyqMls4yMPk4MP9t+RBv1++JSWy7Dz1XOkbQRNTWiXhLn7uGO4PmzN h+OQ==
X-Gm-Message-State: AIkVDXKQ0TDnrsR2GHH8HB8478aDqVsn+DC1O43pLaDM8VPXnUE11SKj6KqYfcu2IJfMVfbc/VKlJYdlVNhlkg==
X-Received: by 10.176.75.149 with SMTP id v21mr15178074uaf.94.1484492629529; Sun, 15 Jan 2017 07:03:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.52.214 with HTTP; Sun, 15 Jan 2017 07:03:48 -0800 (PST)
X-Originating-IP: [95.252.41.226]
In-Reply-To: <20170115144943.GF1062@Vurt.local>
References: <7f08f967-247e-4060-b643-52bc45d8ab29@Spark> <1E278B10-A5BF-40BE-95C4-7A9B6AF6C817@gmail.com> <c55845cc-ca06-45c8-9b2e-075421d0447c@Spark> <m2lgueejxr.wl-randy@psg.com> <CAO367rX1jjOdenqgouzbTRBfeaWz+TFoUjGFJVtUr9tifwAw3g@mail.gmail.com> <20a8eefe-06e5-e1c9-04f8-3c4a66bc38f1@bogus.com> <CAO367rWdDkG7f7eF+FPj9VONsajZHYjTk7cEpWsxQKR1V9dnWw@mail.gmail.com> <44b83365-8ada-4e35-e485-885caa150f44@bogus.com> <m2eg05cgdl.wl-randy@psg.com> <CAO367rX_2SOhFGw5RnA13UdZcjZH7+Hks0XUmGD57SRKQk3VHA@mail.gmail.com> <20170115144943.GF1062@Vurt.local>
From: Marco Marzetti <marco@lamehost.it>
Date: Sun, 15 Jan 2017 16:03:48 +0100
Message-ID: <CAO367rV3zMnCiQ98USNMoYp0W+fBUfU9-+aFrcA2dbQXQhKhXg@mail.gmail.com>
To: Job Snijders <job@instituut.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/KgVt-2033GELGoGY-lxQ3ad4C3A>
Cc: Randy Bush <randy@psg.com>, sidrops@ietf.org, GMO Crops <grow@ietf.org>
Subject: Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2017 15:03:52 -0000

On Sun, Jan 15, 2017 at 3:49 PM, Job Snijders <job@instituut.net> wrote:
> On Sun, Jan 15, 2017 at 03:39:37PM +0100, Marco Marzetti wrote:
>> On Sun, Jan 15, 2017 at 1:32 AM, Randy Bush <randy@psg.com> wrote:
>> > [ first, i do not use route serves (because of the data/control non-
>> >   congruence), so my opinion here is worth even less than it normally
>> >   is. ]
>> >
>> >> An ixp route-server is not a transit provider, all of the nexthops
>> >> exposed are in fact peers. So no I do not consider such a  device an
>> >> "upstream" it exists to service the policy needs of the peers on the
>> >> fabric  rather than that of the exchange operator.
>> >
>> > to repeat my previous; those policy needs might vary across ix members.
>> > some may want the ix to enforce origin validation for them, some may
>> > not.  those exchanges which offer validation today offer the choice.  i
>> > think that is the right thing; let the member make the choice at set-up
>> > with the route server.
>>
>> I think RSs should do RPKI by default and allow for two behaviors:
>> 1) Drop (default)
>> 2) Add ext-community as this draft suggests (upon request)
>
> Or perhaps we consider a Route Server to be "Just Yet Another Autonomous
> System"? Why should there be a difference between Autonomous Systems
> with regard to routing security recommendations?
>

I do consider it "another AS".

> If the recommendation is to drop/ignore/reject "RPKI Invalid"
> announcements, then that applies to Route Servers too, if the
> recommendation is to just attach an Extended BGP Community, then that
> will apply to all ASNs.

What's the current recommendation now?

Regards

-- 
Marco

v2.23.0 | Report a Bug | By Email