IETF Logo Mail Archive

Re: [Sidrops] Andrew Alston's Discuss on draft-ietf-sidrops-rov-no-rr-06: (with DISCUSS)

Andrew Alston - IETF <andrew-ietf@liquid.tech> Fri, 26 August 2022 12:04 UTC

Return-Path: <andrew-ietf@liquid.tech>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5350C159494 for <sidrops@ietfa.amsl.com>; Fri, 26 Aug 2022 05:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=liquid.tech
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBsPUyjY80eg for <sidrops@ietfa.amsl.com>; Fri, 26 Aug 2022 05:04:50 -0700 (PDT)
Received: from eu-smtp-delivery-182.mimecast.com (eu-smtp-delivery-182.mimecast.com [185.58.85.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24B31C1524A9 for <sidrops@ietf.org>; Fri, 26 Aug 2022 05:04:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=liquid.tech; s=mimecast20210406; t=1661515488; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/XPcOBAxoywn362AS9m7WaJQCl8/mY/IRfXdYFrjyKA=; b=aCfdMOQbo0K9u3y4N2dp1KbuPIhR/eSr0YZTWh6N4WVmxVsC9cM5RHosAdk6qcoHWxFM8I KP/ieM854dIRt3q0XnFbQvjjOEHIBPz4z9eGg157lYvYb0ZE6MJkrmzIXKkpxJqqaLV579 fqZCqV994jn59CdATw0MQ3GWD0gI6uo=
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05lp2106.outbound.protection.outlook.com [104.47.17.106]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id uk-mta-218-s3IpAv7QOOCQUc0GBQRQsg-1; Fri, 26 Aug 2022 13:03:43 +0100
X-MC-Unique: s3IpAv7QOOCQUc0GBQRQsg-1
Received: from AM7PR03MB6451.eurprd03.prod.outlook.com (2603:10a6:20b:1b3::22) by AM6PR03MB3894.eurprd03.prod.outlook.com (2603:10a6:20b:22::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5566.15; Fri, 26 Aug 2022 12:03:41 +0000
Received: from AM7PR03MB6451.eurprd03.prod.outlook.com ([fe80::cd56:f0ab:95b5:8de4]) by AM7PR03MB6451.eurprd03.prod.outlook.com ([fe80::cd56:f0ab:95b5:8de4%6]) with mapi id 15.20.5566.016; Fri, 26 Aug 2022 12:03:41 +0000
From: Andrew Alston - IETF <andrew-ietf@liquid.tech>
To: Randy Bush <randy@psg.com>, Andrew Alston via Datatracker <noreply@ietf.org>
CC: The IESG <iesg@ietf.org>, "draft-ietf-sidrops-rov-no-rr@ietf.org" <draft-ietf-sidrops-rov-no-rr@ietf.org>, SIDR Operations WG <sidrops@ietf.org>
Thread-Topic: Andrew Alston's Discuss on draft-ietf-sidrops-rov-no-rr-06: (with DISCUSS)
Thread-Index: AQHYuIW+T7WI6GD0+EKs+u7zRQNrPK2/7gSAgAEnaJA=
Date: Fri, 26 Aug 2022 12:03:41 +0000
Message-ID: <AM7PR03MB645132A6E8E833013C988573EE759@AM7PR03MB6451.eurprd03.prod.outlook.com>
References: <166143374280.8949.4490792736652212362@ietfa.amsl.com> <m2bks8mbeu.wl-randy@psg.com>
In-Reply-To: <m2bks8mbeu.wl-randy@psg.com>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_ActionId=14ca1606-140d-4ff9-a3b1-17e92b7fb1bf; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_ContentBits=0; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_Enabled=true; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_Method=Standard; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_Name=Internal All Employees; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_SetDate=2022-08-26T11:59:02Z; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_SiteId=68792612-0f0e-46cb-b16a-fcb82fd80cb1
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7ea353e1-f34d-4729-3bec-08da875b049d
x-ms-traffictypediagnostic: AM6PR03MB3894:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: gY8KcZ6bxZRlGirOEePCIlRfykjY7bfETXr3IsyLgqhlWR2aGtrLfl/TAe74oAmo6EhW+RBEW+XPaGlIUObQj4amRXkGpa/afY1+gRVpFF8YIkZmdAIzWJX5p4QyJxmbdqq2mbr/O5NN8vjoE9RuYS99UuFyLQKUX3jKTh34ezNwywSqeFtEEUOoH/V83ti1UE/F8rrEpojyMy+WE+09CcF/3d7kran/XEJhXCnz0pYpDheiQrYFoJw5Msksl0VByRKjb88vm1lBpSMyJV8owLeseFm2YDoO4rcCvTpeMHXLHwk/CFZhjhN71E2OC54u0VQn5m8TSGbt/w1xkG86WA7TK3nEAoEyQOZaWPJrOrnLwxu55EuXuBtZEiQAG1aD2BGfhCQN0gAZ4SaRLnJCBjvRLmeGqCrNZ2cCuXOepH5nqr8e8fHVZLo2KoU7QBNVRRj/4XFq4s9m6premwie7u6ZuDhlnPPJSEp1Fgva1p+jK3NsLF2dM1yytPm8Eae3kpak+DTPTVNRA0A5y+5UQORnhInfXgUljTWTnehFAYrTpEVgSUIsMhA+1SRCmmWLq9fM11V8UiK+yzfLIvOhble3glgoQ5JaIJIUCJ5ufY1Rm0ryEqcEK+6JUK2L6vOXQLFCisB5VmCrBg+ezUE6naMnKpsSXhW5nUIX7P6jGWlrG7gPd1+I4xcYvsjRv17bt3g/bNF6ViFJiVbf8pJCS46DTqw+h7a01MYmMmU4q/qPBciyWxN9VSupRvtsTYyvpTytuuAx7h91OIEf5ZveYw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR03MB6451.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(39860400002)(346002)(376002)(136003)(366004)(38070700005)(66946007)(186003)(66476007)(33656002)(66556008)(122000001)(4326008)(66446008)(86362001)(8676002)(64756008)(76116006)(110136005)(38100700002)(6506007)(26005)(9686003)(7696005)(53546011)(478600001)(71200400001)(41300700001)(55016003)(316002)(2906002)(54906003)(5660300002)(8936002)(52536014)(83380400001); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FF80CVqd2aieseNKxR1LzFnZuNF+KDN6sI8oI+QdcR3Al48JY6FGXASYbkgZWdAOOtqzHWMps0qk2jHRe2iiOOH8DE7QUSheglYpB51iLo8QcvUueMdjjxnjWVP+3za7CCpS57s9+yVTkA1rxgQHkSp5geF/rvQuvWUzZ25QAW8xyewAqoggtDm/o++fS0IykchwJG4d7cXj2sU2x71l4qqk3eBXwdSivXSgBGqzrm8k0ZUbQbwok87XN9VUWu4wFsssH10ZM+bvYTYYseicm/EJOhGhHOdz5/5T/IFAP7Yo8PstpWqoaFXlYZQw5hoUB3iIQqtNI4VJKlIng0Cwv4PVXLRgB8UowpK09WDBxC+AsQUvSxvVXepos6oFJYYSaLZEHymT9Svn+ajV4zfNXmky6PyXGYnlF7kJLpf7eEDAAM44tgdVevnxyB1wzFy/oZ3ZG1hWaZYBCxmQUZXObx+KbGUTbpTSJOBJneE5adVZM+jgaqQFRn1gSo1NDt8QZxMLTNOC/BU2qZsGNGkUu0b7PouW401B8btUaphuzks3lfl4BeblFHlh+J77shhmvTE4uIKekKa762CzQmpCW3KrVOb0eGF98n9LUN27Tz1fBc6vCSFnUzPb7lm1urHMvU2fW1rovFqB+WU+ZjpB6Oostm+bQ8eZCYgDqxELqCytu+pOEo8ffUj0uGiIZGDZO4MRQzKr2qAhsWxtIL9SOs7RyGxh2QTN/5mUPuFoDQU/e6f5+u7wjJsH8Rz3SVD28f0d/LBSxu30LjhTIBZBq/Kjsryeezf8LYzKOADJxq+p+EVuKiarIJ8keDgdryCmtPHxhW8iEDf/yKsV+2ok3MImY+WPqs7DtXu6zSG4u9n/uNvr6UGeTir5u0zmJcCR3K2lxbXKdU+F62hrRGPfBv+AjJVS8H4Tsy3xemm/dkCDFlu+jm6OpUmZk0+AOlFSbVyAgBKeZ2Wgxo9xscCQjj65ZEkDDPtt/xaQ7bmxbxlzhxMqIgQfNsD/nx5kxYU9FOxaRLR1lGr5Nd68d+TYsKqAVEeEYHRzgpuqpnB9/p0FxuhvFp4jWj/Nigl8MhxPFG7CjfrUVcWyIx5E6SnJZBZLCkkBtXSMTtiQhYxLoCKLpanX0PRqtgyeEXIZyR/9lkG3v660Nq1AYDidiT/uKIjdwVN6+q/rPb2iVIU92Ggpj294Wnzk7e4Kbp3h6zlpk5HVc/SF+qETsSuZzOdv8/mStWBT1rEtcWlYzeSJLO8f17/c4xSGLPiTLOZfmO1A8kZkrhpn1CjnTQW/heooVOhGmnyWrQJdHyPbglQm6g5r2Q7g5KE0EIMvOqWxpYDI/L7i/eTtOFVBUMHbAdsPh7mnwfeeOK3oSsv6GxN7yD/13Ds5+v2nkTmQPAHY1Ctb2n9tgJCMDUijQrcdLT/bkdtGfc+ix83hWXOOyCjT6UER8luQbQKKWyk5FSvFkj/XRo702WixwZeN8KM4E2OEpVJ/KJ5sEm3GfchKbopHlclI8UyS6hth2FFf/5eVx9/2Y3I1CW1GvL4jnxNa0z4vvIXVXtAa0/e4mtNyDdYe8KHoK5KDSMYX5aIKspfiJpFLeZGYtyGg3ziyg3H83hdazA==
MIME-Version: 1.0
X-OriginatorOrg: liquid.tech
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6451.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ea353e1-f34d-4729-3bec-08da875b049d
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Aug 2022 12:03:41.4893 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68792612-0f0e-46cb-b16a-fcb82fd80cb1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ymHyqQFGmj4KDKtVjwUfiAXLqu+cHYzaBgcyzxKHzcCMddZil3mi3xXMirSyryPLIFZXMs9/KKs/2ix/QAhUpWKjx92EN2Cyk7/ktdVoj44=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR03MB3894
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: liquid.tech
Content-Language: en-US
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/S3E9aCyv4MgKEjnnBebmEpwL6hA>
Subject: Re: [Sidrops] Andrew Alston's Discuss on draft-ietf-sidrops-rov-no-rr-06: (with DISCUSS)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2022 12:04:55 -0000

Hi Randy,

Thanks for the prompt response.  You make some good points and I admit - I need a bit of time to think this through, because while I do acknowledge your points, I also see the issues that I've raised in the original discuss and want to give it a few days thought to see if I can't possibly find some other suggestion that may be more palatable.

I'll come back to you shortly - hope you don't mind the request for a few days of consideration.  Will also discuss this with Mark face to face when I see him.

In the meantime - if you have any further thoughts on how we could potentially address the issues I've raised I'd love to hear them - since if my reading is correct you can see where I'm coming from on this.

Thanks

Andrew

-----Original Message-----
From: iesg <iesg-bounces@ietf.org> On Behalf Of Randy Bush
Sent: Thursday, August 25, 2022 9:22 PM
To: Andrew Alston via Datatracker <noreply@ietf.org>
Cc: The IESG <iesg@ietf.org>; draft-ietf-sidrops-rov-no-rr@ietf.org; SIDR Operations WG <sidrops@ietf.org>
Subject: Re: Andrew Alston's Discuss on draft-ietf-sidrops-rov-no-rr-06: (with DISCUSS)

andrew:

thanks for reviewing.

> I however would like to discuss the following:
>
>    If the BGP speaker's equipment has insufficient resources to
>    support either of the two proposed options, it MUST NOT be used for
>    Route Origin Validation.  The equipment should either be replaced
>    with capable equipment or ROV not used.  I.e. the knob in Section 4
>    should only be used in very well known and controlled
>    circumstances.
>
> My concerns with this are two fold - firstly - it's entirely unclear
> what is meant by "well known and controlled circumstances".

hmmm.  point.  do you have suggestions or cites for a rigorous operators test methodology?

> More importantly, I'm concerned that this paragraph as written could
> lead to a situation that where people read this as "if you can't
> support this behavior - forget BGP security" - and that I would think
> would be a more dangerous situation than the route refresh behavior.

a number of issues here

  o rov is not bgp security; it presents no real barrier to attack, cf.
    this week's event.  as a fellow researcher said the other month, rov
    is bgp safety not security

  o indeed it does say that, if you can not run rov without acting
    badly, then do not run it.  but it does not say do not run any bgp
    security mechanism, for example gtsm, route filters, ...

  o but, indeed, the intent is that, if a device can not do rov without
    the described bad behavior, it should not run rov.

> a.) Either say that operators should plan for upgrades - but turn off
> RPKI in the meantime

well, it kind of says that.  but it does not say rpki in general.  this spec concentrates on rov.

and it does not say the operator shoud turn rov off in general, only on the device(s) incapable of doing full adjribin or saving dropped routes.

as close as i could get is

      If the BGP speaker's equipment has insufficient resources to
      support either of the two proposed options (keeping a full
      AdjRibIn or at least the dropped routes), it MUST NOT be used for
      Route Origin Validation.  The equipment should either be replaced
      with capable equipment or ROV not used.

> or b.) Change the wording such that it says something along the lines
> of "it MUST not be used for ROV without the informed consent of the
> peers"

wow!  do you really want to go down this path?  are there other spec violations that we suggest peers negotiate?  exceedingly long as path prepends might be popular this season :)

all sorts of operational complexity, e.g. my peer's staff changes next month and the new staff does not like me beating on their routers.

all in all, i can see such under the table negotiations happening occasionally.  but i am uninclined to put a recipe in the spec.  and it would have no actual technical content anyway.

> Either option prevents the position where operators running smaller
> older hardware are handed an excuse to forgo RPKI entirely - or to
> turn it off - because in my experience once someone turns something
> off, getting them to turn it back on again, can be a tricky
> proposition.

again, this is per device, not per operator.  and (rpki != rov).  the device might be capable of other rpki-based functions.

but, having put a lot of time and effort over the last two decades trying to keep the specs achievable on existing hardware, i have great sympathy for the direction you're trying to go.  i just don't see how to get there simply and realistically.  send more clue.

in general, i see your comments in an operational sense.  but this is a protocol, not operational draft.  it is not a bcp or a bcop.  perhaps you would care to work on an rov bcop?

randy


Internal All Employees

v2.23.0 | Report a Bug | By Email