IETF Logo Mail Archive

Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt

"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Tue, 13 March 2018 16:15 UTC

Return-Path: <oliver.borchert@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBD9B120724; Tue, 13 Mar 2018 09:15:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q_0P6b64vyeo; Tue, 13 Mar 2018 09:15:08 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0101.outbound.protection.outlook.com [23.103.200.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5B49124217; Tue, 13 Mar 2018 09:15:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Athyb8vN2V6uT2LJ1eVsvrcRnDKhms5cnfhPlFzNlCc=; b=oJWod7GISw3l09O92MmpJtMBCcDq831iYTVaZHp1BotmrO2EXukA39Zo/3ydyiOladt4CB/L5RYzyxdCDsrOZv3xCpiniZyiF86Dd8twYY0a7MyuOEyGpAOi1izfMPhn1rEJOIEW7q01opLMyrecAOe6cDqod+NVg9gg9tNpzuA=
Received: from BN6PR09MB2131.namprd09.prod.outlook.com (10.173.160.147) by BYAPR09MB2776.namprd09.prod.outlook.com (52.135.224.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Tue, 13 Mar 2018 16:15:05 +0000
Received: from BN6PR09MB2131.namprd09.prod.outlook.com ([10.173.160.147]) by BN6PR09MB2131.namprd09.prod.outlook.com ([10.173.160.147]) with mapi id 15.20.0548.021; Tue, 13 Mar 2018 16:15:01 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>, Tim Bruijnzeels <tim@ripe.net>
CC: "sidrops-chairs@ietf.org" <sidrops-chairs@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt
Thread-Index: AQHTtNWhXON2Dcq5nUC1pRJAkmEmtqPDaEWAgAMAtQCAAv5sAIABGDMAgAKBDACAAR+AAA==
Date: Tue, 13 Mar 2018 16:15:01 +0000
Message-ID: <31BADAAF-FDAD-4569-A8F9-731885E70BF1@nist.gov>
References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <BYAPR09MB2773819AB3961189CDA9B4D784D90@BYAPR09MB2773.namprd09.prod.outlook.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <BYAPR09MB27737CE855DAF3B51632F4F884DC0@BYAPR09MB2773.namprd09.prod.outlook.com> <BYAPR09MB277387883770941BD85F995B84D30@BYAPR09MB2773.namprd09.prod.outlook.com>
In-Reply-To: <BYAPR09MB277387883770941BD85F995B84D30@BYAPR09MB2773.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.a.0.180210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov;
x-originating-ip: [2610:20:6222:140:15f4:8e1c:6c1c:c84f]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR09MB2776; 7:IJGnD3C3GgWOrxQ8M2a18htvWPpdqQ5ulEj3x84cEVcNJ+0ikWOaPU+oL0WntrsAGr3giiaq+pZonGzxqVRsrQdYhdyjAhxAlrzp9HQlKPHSaFxSMSGN/2kxbIUs54irbLHKJsWb23zrJoq+2SWvhmETGZEtP3xbdsQElSzegqezqP+JvTk8mhCmQrQszYsK5LSVAcNTbQH7Cp/Yj2r5NK/JUKHmDeENOauvbnNTIqBQC4K5E2IS5PcUEVq+6WCP
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(979002)(39860400002)(396003)(346002)(39380400002)(366004)(376002)(199004)(189003)(86362001)(97736004)(105586002)(6486002)(110136005)(58126008)(81156014)(8936002)(82746002)(7736002)(106356001)(316002)(83716003)(46003)(3280700002)(8676002)(6436002)(76176011)(14454004)(6246003)(6512007)(478600001)(54906003)(53936002)(81166006)(99286004)(2900100001)(77096007)(36756003)(3660700001)(2906002)(33656002)(229853002)(305945005)(5660300001)(2950100002)(102836004)(6116002)(93886005)(6506007)(4326008)(68736007)(25786009)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2776; H:BN6PR09MB2131.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: cf97c538-c660-4a42-488f-08d588fd9313
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2776;
x-ms-traffictypediagnostic: BYAPR09MB2776:
x-microsoft-antispam-prvs: <BYAPR09MB2776E61B1867BE6FA9ABA37A98D20@BYAPR09MB2776.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501244)(52105095)(6055026)(6041310)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011); SRVR:BYAPR09MB2776; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2776;
x-forefront-prvs: 0610D16BBE
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-microsoft-antispam-message-info: FIkrwTdTTKBn71zLc0tXNYYc9JWXZMsrsV5f7ITetz3odK6tZqNtoRLgVBPnd/H0+/h1qxuwr5zln+GHobE2zc6hDxIUELGCbeoYrRaf0t3nXTqBdw/HMirvnol1sc8+cMsG5kvjryro16uWCLo1l4QNg/6DjxXU8cDx60KIhdLlQunPGgqjgj4+9sMXG3D0xp7Y5XjsOPfFFOrM6mcq8UKxnvy1GA1E+NRmitGg6OrWrYg/SmiXsGOe33x5FxFCvYGZIr0SWl5q0/Pp8EFqX8V53ZcKEFb6bhXMfZlcKFDvc5qcTkkZYuCWMCgXG2iDBIpMrHv4o1GGtcwSxUZXcw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <E1692A89615E874AB6FFE384E952DB07@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: cf97c538-c660-4a42-488f-08d588fd9313
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2018 16:15:01.6379 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2776
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/UDt3UQnAg-DX93ZIYuvpG-BIK2o>
Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 16:15:15 -0000

I believe, the end goal in mind should be "drop invalid". 
Said that, I also don’t believe we are there yet. In my opinion, during the deployment
stage, DISR allows a safe “drop invalid” as long as it is still routable. 

And yes, DISR clearly does poke holes into the draconian “drop invalid policy”. I also 
believe that address owners should have to capability to specify their address space as a 
“DISR free zone”. 

For this I look at AS-0 in a somewhat more simplistic way:

What if regarding to DISR, AS 0 is defined the following way:
- “Any prefix with the validation state ‘invalid’ and covered by an AS-0 ROA 
    must be dropped or ignored!”

And if DISR gets extended by:
- “Drop or ignore routes with validation state ‘invalid’ if still routable and 
    NOT covered by an AS 0 ROA!”

Another simpler definition for both above in one could be:
- “DISR will not be employed for address space covered by an AS-0 ROA”

In the later one, an AS-0 ROA disables DISR for the specific address space and if DISR is not
deployed at all, AS-0 ROA ROV just does the same as it already does today!

This is simple, to the point and not really difficult to implement. 

Thanks,
Oliver

v2.23.0 | Report a Bug | By Email