Re: [Sidrops] Multiple origin validation states in draft-ietf-sidrops-validating-bgp-speaker

"Montgomery, Douglas (Fed)" <dougm@nist.gov> Tue, 23 July 2019 20:16 UTC

Return-Path: <dougm@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 194DD120910; Tue, 23 Jul 2019 13:16:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sy18CWIHdngS; Tue, 23 Jul 2019 13:16:25 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830091.outbound.protection.outlook.com [40.107.83.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D11912097B; Tue, 23 Jul 2019 13:16:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=s6Eg3ike46M9D+XWvgY/wDJGNRCpc36q7FWtxytdZ9In0pcs9/Lyvmbuf/ZrCntslbLDLrMlRpnhWtcXw3HY5y8JL8JKXYHjfkDdlhCSu/u3B+5J1JXA9pKpqNj6Uyy0G1lkeBGRHMJErQ3koDJMJkPhPdyNDXbt9XgmbnYtSkc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a421CNux6xpmCQcFhFzMSc+aRuQeyrModus0Isj7OIc=; b=kB/N72aer1JvAB7iPuSY8uXhn9XXW63hh1wcJDYqNBDVs+5mX3SqSW5LgTS3MNmmQZ7CbjR6UezPKZ+QW9xenPi7fxnp/IIQCs1dLYgjsaoBZ7VsRvZXrH/nZR74A+0SatOiJXsPosw2p73z5ihJrTOJeX1od5jajfxSKkrXsuM=
ARC-Authentication-Results: i=1; test.office365.com 1;spf=none;dmarc=none;dkim=none;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a421CNux6xpmCQcFhFzMSc+aRuQeyrModus0Isj7OIc=; b=jWAqMxRmWWCtObqOvIEl5ulEFJn5sLjB/02Gr/ovQ880BZUoqDoKEDiDWQBuHHq54NpifySOYmc0xjFBTGLCPwTC08ue1U13SmtpaqffdSUwb0I4zYiZxqrBF19Vigi2ncJeDyxx0bZWljmHxVjbdYKBed+hUueCPEwZcVR1ORM=
Received: from BN7PR09MB2596.namprd09.prod.outlook.com (52.135.255.12) by BN7PR09MB2596.namprd09.prod.outlook.com (52.135.255.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.16; Tue, 23 Jul 2019 20:16:23 +0000
Received: from BN7PR09MB2596.namprd09.prod.outlook.com ([fe80::a073:b2d8:358d:ab15]) by BN7PR09MB2596.namprd09.prod.outlook.com ([fe80::a073:b2d8:358d:ab15%7]) with mapi id 15.20.2008.014; Tue, 23 Jul 2019 20:16:23 +0000
From: "Montgomery, Douglas (Fed)" <dougm@nist.gov>
To: John Scudder <jgs=40juniper.net@dmarc.ietf.org>, "draft-ietf-sidrops-validating-bgp-speaker@ietf.org" <draft-ietf-sidrops-validating-bgp-speaker@ietf.org>
CC: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] Multiple origin validation states in draft-ietf-sidrops-validating-bgp-speaker
Thread-Index: AQHVQZN/uAi/HjY/skm0X8KG3/dHkQ==
Date: Tue, 23 Jul 2019 20:16:23 +0000
Message-ID: <381E492B-BE40-4AAE-B581-FC3CB90C7A38@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.c.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov;
x-originating-ip: [31.133.158.224]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 90e8f470-ee51-445a-c3e9-08d70faaa225
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BN7PR09MB2596;
x-ms-traffictypediagnostic: BN7PR09MB2596:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BN7PR09MB25966E277083A0576602E1B5DEC70@BN7PR09MB2596.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(346002)(39860400002)(136003)(376002)(189003)(199004)(6512007)(110136005)(6306002)(6116002)(186003)(316002)(102836004)(58126008)(66066001)(3846002)(8936002)(2501003)(36756003)(81156014)(99286004)(6246003)(14444005)(256004)(81166006)(86362001)(71190400001)(76116006)(91956017)(71200400001)(2906002)(25786009)(66476007)(476003)(66946007)(6486002)(45080400002)(229853002)(66446008)(66556008)(64756008)(14454004)(26005)(4326008)(6436002)(33656002)(5660300002)(478600001)(2616005)(6506007)(68736007)(486006)(966005)(305945005)(8676002)(53936002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR09MB2596; H:BN7PR09MB2596.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: mRortVP2SEMQNZ9Yr2RRHkGXjXZBKVt5NHxoCBDUNPI+4+dMa+rmTHanAoBziHRbpgSSQ0Q+IFudKKNBG91OiE9nD43W+utwVMZCSWA8SjGVBfilGlkpGUGIjTjXzcf+WPPbhsngDLndyyN1xaUURYE01cmi+GS0X9rLUoh/kxJfBEXzGNPsqS1iM7FymNFPX7Fj/GTkvsPSqdjHHRg2aTN2S/AvrXRmKab2AK32Co+URS286pzawT9HXczF/RkOETygR6Qvu23Gj35sPZhHKcMzTb5y53y1r43q0TuIcCOdjQbv3ZdppZ3iqy/WljPVbe6quuKAjJ6Dziwatkg2PeHMxb5gteNOXE00P7O09NdXcvZ+gR1WouYajTw059tU9WUkfVQgFWJ+ZOW2pefo6D0D3igP0DBXODwdjqmWSJw=
Content-Type: text/plain; charset="utf-8"
Content-ID: <32B1707E76F34C46954FBB259913E3DC@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 90e8f470-ee51-445a-c3e9-08d70faaa225
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 20:16:23.3006 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dougm@nist.gov
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR09MB2596
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/XJ3eWEwo_pxJtYkRe8FrmkKO9TI>
Subject: Re: [Sidrops] Multiple origin validation states in draft-ietf-sidrops-validating-bgp-speaker
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 20:16:28 -0000

So we are talking about a single update containing two instances of the validation result community?   

Now, I really wonder how this can happen?   

Isn't this a sign that the RS is either (a) broken and inserting two results itself, or (b) the RS is ignoring the requirement to strip the community upon receipt?

dougm
--- 
Doug Montgomery @ NIST / ITL / ANTD  

On 7/23/19, 4:11 PM, "Sidrops on behalf of John Scudder" <sidrops-bounces@ietf.org on behalf of jgs=40juniper.net@dmarc.ietf.org> wrote:

    My comment at the mic was based on the verbal description of the slide. What I see in the draft text is different:
    
    5.4.  Error Handling at Peers
    
       A route sent by a validating BGP speaker SHOULD only contain none or
       one EBGP Prefix Origin Validation State Large Community.
    
       A peer receiving a route from a validating BGP speaker containing
       more than one EBGP Prefix Origin Validation State Large Community
       SHOULD only consider the largest value (as described in Table 1) in
       the validation result field and disregard the other values.  Values
       larger than two in the validation result field MUST be disregarded.
    
    This is different from what was described verbally. The written version seems fine to me. So, I would like to withdraw my comment.
    
    I do suggest changing both SHOULD to MUST unless you can think of a use case for doing differently; if you can I suggest adding a MAY clause to describe the exception case.
    
    Thanks,
    
    —John
    _______________________________________________
    Sidrops mailing list
    Sidrops@ietf.org
    https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsidrops&amp;data=02%7C01%7Cdougm%40nist.gov%7C05d79330bd044b01e38d08d70fa9f40e%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C636995094938987004&amp;sdata=f2GbGNJKpHR4a6RblTNYfCdTWYVyXiEYVZOdVXadqP0%3D&amp;reserved=0