Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-ov-egress-01
Nick Hilliard <nick@foobar.org> Wed, 18 March 2020 00:44 UTC
Return-Path: <nick@foobar.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDCFF3A0CE7; Tue, 17 Mar 2020 17:44:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vtPEvtt6bo6M; Tue, 17 Mar 2020 17:44:40 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE0B43A0CE4; Tue, 17 Mar 2020 17:44:39 -0700 (PDT)
X-Envelope-To: ops-dir@ietf.org
Received: from crumpet.local (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id 02I0iV2T070529 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Mar 2020 00:44:32 GMT (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.local
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: ops-dir@ietf.org, last-call@ietf.org, sidrops@ietf.org, draft-ietf-sidrops-ov-egress.all@ietf.org
References: <158448201565.32201.9748655174984394118@ietfa.amsl.com>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <624bd5c7-5459-64c2-5694-b77dde5835a6@foobar.org>
Date: Wed, 18 Mar 2020 00:44:29 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:52.0) Gecko/20100101 PostboxApp/7.0.12
MIME-Version: 1.0
In-Reply-To: <158448201565.32201.9748655174984394118@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/NBAQq57EG7FeNPenzUsDATdwcp8>
Subject: Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-ov-egress-01
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 00:44:43 -0000
Linda Dunbar via Datatracker wrote on 17/03/2020 21:53: > Section 3 Egress Processing only has one sentence stating that > "When applied to egress policy, validation state MUST be determined using the > effective origin AS of the route as it will (or would) be announced to the > peer." What other choices there are ? Are there any routers that support RFC > 6480 RPKI not performing this step? how? jumping the gun on the authors here, there's a mismatch between what coders implemented and what operators figured would be workable in terms of how policy semantics need to be handled on production routers. This is a fancy way of saying that some router vendors ticked the ROV tickbox, but the way they did it was too limited for real life. RPKI provides a policy management mechanism. The ID says that this needs to be hooked into the three major policy application points which are implemented in most, if not all, bgp rib engines. These points are: 1. bgp ingress, i.e. at the point between the adj-rib-in and loc-rib 2. on redistribution to other routing protocols 3. bgp egress, i.e. at the point between the loc-rib and adj-rib-out This didn't happen for ROV on all vendor stacks. It's kinda obvious to operators that it should have been. Also, it's not the first time that this sort of feature lapse has happened in the history of routing management. There's been a bit of a history of this sort of thing happening over the years. Nick
- [Sidrops] Opsdir last call review of draft-ietf-s… Linda Dunbar via Datatracker
- Re: [Sidrops] Opsdir last call review of draft-ie… Chris Morrow
- Re: [Sidrops] Opsdir last call review of draft-ie… Nick Hilliard
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush
- Re: [Sidrops] Opsdir last call review of draft-ie… Job Snijders
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush
- Re: [Sidrops] Opsdir last call review of draft-ie… Linda Dunbar
- Re: [Sidrops] Opsdir last call review of draft-ie… Ben Maddison
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush
- Re: [Sidrops] Opsdir last call review of draft-ie… Warren Kumari
- Re: [Sidrops] Opsdir last call review of draft-ie… Ben Maddison
- Re: [Sidrops] Opsdir last call review of draft-ie… Randy Bush