Re: [Sidrops] Robert Wilton's No Objection on draft-ietf-sidrops-rov-no-rr-06: (with COMMENT)
Randy Bush <randy@psg.com> Thu, 25 August 2022 16:35 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC5B5C14CF09; Thu, 25 Aug 2022 09:35:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0tH14fwpRSZe; Thu, 25 Aug 2022 09:35:49 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32305C15A720; Thu, 25 Aug 2022 09:35:30 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.93) (envelope-from <randy@psg.com>) id 1oRFpI-001iy6-Vh; Thu, 25 Aug 2022 16:35:29 +0000
Date: Thu, 25 Aug 2022 09:35:28 -0700
Message-ID: <m2h720nuwf.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Robert Wilton via Datatracker <noreply@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-sidrops-rov-no-rr@ietf.org, SIDR Operations WG <sidrops@ietf.org>
In-Reply-To: <166142366881.563.17776871880687632671@ietfa.amsl.com>
References: <166142366881.563.17776871880687632671@ietfa.amsl.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/av6uWB_mSz25S9ecWhhTQ39Afb8>
Subject: Re: [Sidrops] Robert Wilton's No Objection on draft-ietf-sidrops-rov-no-rr-06: (with COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2022 16:35:49 -0000
rob:
thanks for the review.
> 1.
> but on the order of
> the in-degree of ROV implementing BGP speakers.
>
> Being ignorant, I didn't know what "in-degree" meant before I looked
> it up. Possibly, clarifying here would be beneficial.
i am torn. if you insist, i will hack. but it is a well-known term.
> 2.
> As storing these paths could cause problems in resource constrained
> devices, there MUST be a knob allowing operator control of this
> feature. Such a knob MUST NOT be per peer, as this could cause
> inconsistent behavior.
>
> I would suggest that you use text like "config setting" rather than
> "knob".
As storing these routes could cause problems in resource
constrained devices, there MUST be a global operation, CLI, YANG,
etc. allowing the operator to enable this feature, storing the
dropped routes. Such an operator control MUST NOT be per peer, as
this could cause inconsistent behavior.
> I think that it would be useful to understand whether there is any
> IETF YANG configuration module to control this behaviour, either
> existing, or in the works.
not to my limited knowledge. if any of this august company knows of
such, please send a cite.
> Such a knob MUST NOT be per peer, as this could cause
> inconsistent behavior.
>
> Would this necessarily give inconsistent behaviour? Wouldn't it just
> mean that it would always need to resync against some BGP peers, but
> not others? It feels quite prescriptive for an RFC to be banning more
> granular configuration options.
you seem to be suggesting that the device store dropped routes from some
peers but not others. so how does it know which peers had invalidated
routes and therefore to which peers it needs to send route refresh when
new rpki data come in? or does it just hammer on those not configured
to be keep-dropped?
> 4.
> Operators deploying ROV and/or other RPKI based policies SHOULD
> ensure that the BGP speaker implementation is not causing
> unnecessary Route Refresh requests to neighbors.
>
> Given these are "unnecessary Route Refresh", I was wondering why this
> couldn't be a MUST rather than a SHOULD.
because someone else whacked be the other way :). in fact, it is
currently a lower case, non-normative (deviant?:) 'should'. i can go
with either. guidance solicited.
> 5.
> If the BGP speaker has insufficient resources to support either of
> the two proposed options,
>
> It was not 100% clear to me what the two proposed options are, I'm presuming
> that it is: "BGP Speakers MUST either keep the full Adj-RIB-In or implement the
> specification in Section 4.", but perhaps worth considering if this could be
> made clearer.
If the BGP speaker's equipment has insufficient resources to
support either of the two proposed options (keeping a full
AdjRibIn or at least the dropped routes), it MUST NOT ...
as these are not major, i will wait for feedback on the above and other
issues before pushing a revised version.
randy
- [Sidrops] Robert Wilton's No Objection on draft-i… Robert Wilton via Datatracker
- Re: [Sidrops] Robert Wilton's No Objection on dra… Randy Bush