IETF Logo Mail Archive

Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt

"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Thu, 15 March 2018 20:15 UTC

Return-Path: <oliver.borchert@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D46701205F0 for <sidrops@ietfa.amsl.com>; Thu, 15 Mar 2018 13:15:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CEDXBi_Vvmu6 for <sidrops@ietfa.amsl.com>; Thu, 15 Mar 2018 13:15:38 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0090.outbound.protection.outlook.com [23.103.200.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EA87124BAC for <sidrops@ietf.org>; Thu, 15 Mar 2018 13:15:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WJatZQdxHKQCJtgq3cchBjP2DJ9oaOj6xdAG3twwipQ=; b=SbnRIvbIWw0WypjRVX/i8qmYXaChzfrqBkgpOIaralJyIhpEy0+pxc/PpoEag+T9DaeXeTR9Z9GBJnVTQWLApdKqt9TPgPXhwvFQUINlVcougxUVD2DF0V3UrlDRKVl5b07am4zIhrfoTmz0Yv7dawpwnktCHmORI5+QkLghc68=
Received: from DM5PR09MB2137.namprd09.prod.outlook.com (10.173.130.139) by DM5PR09MB2139.namprd09.prod.outlook.com (10.173.130.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.567.14; Thu, 15 Mar 2018 20:15:37 +0000
Received: from DM5PR09MB2137.namprd09.prod.outlook.com ([fe80::ac83:90b1:9b37:c9b4]) by DM5PR09MB2137.namprd09.prod.outlook.com ([fe80::ac83:90b1:9b37:c9b4%18]) with mapi id 15.20.0567.018; Thu, 15 Mar 2018 20:15:36 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: Randy Bush <randy@psg.com>
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt
Thread-Index: AQHTtNWhXON2Dcq5nUC1pRJAkmEmtqPDaEWAgAMAtQCAAv5sAIABGDMAgAKBDACAAR+AAIABC9OAgAJcD4A=
Date: Thu, 15 Mar 2018 20:15:36 +0000
Message-ID: <5E8A17FF-669D-4622-8B46-FD692216544F@nist.gov>
References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <BYAPR09MB2773819AB3961189CDA9B4D784D90@BYAPR09MB2773.namprd09.prod.outlook.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <BYAPR09MB27737CE855DAF3B51632F4F884DC0@BYAPR09MB2773.namprd09.prod.outlook.com> <BYAPR09MB277387883770941BD85F995B84D30@BYAPR09MB2773.namprd09.prod.outlook.com> <31BADAAF-FDAD-4569-A8F9-731885E70BF1@nist.gov> <m2zi3bb8gg.wl-randy@psg.com>
In-Reply-To: <m2zi3bb8gg.wl-randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.b.0.180311
x-originating-ip: [2610:20:6222:140:cc31:1de4:ddc3:999e]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR09MB2139; 6:zaQBYIKBmn3953eCgWGwc8kecC8gcbnUpwf5RN9FM23jGk8xeSNX3nUPOH0rWWD7ueo4d29HR0aUeI5qXCR9scad1njR8dHRZEHnGCaV9fvoXHo/Bl3xTiJ1bz8L66JILxhdWgm4q2HH/pNoF1aXrG2rlCfTHnO4yLVLGfxcHH7dIDJUEYCVFE1snST+8i4XJ/c3cIjgi7drYx7TiYq/CFmXMw47NEgMVP0Q8Ha1dqYgDwfTl3v9oau8FBrtJ1BiMLNzrUTQVbBd8pb4WRdEZxv3/5gnOs3Z273nTWpHUrihVRKJSlgVgqcwtTKAsjRum739vmZI2KYA2QYgMM0vjUn8sAM9ZcOmkcwcE0DHc7LmC22yR2RZ0zDDyOIDX1fE; 5:hIk8ueucXI2B2RulWTmRpLwsGmrSu4/DZ9Ua/JR/Zz+s8K5y14kGl7WMuli9YNQfwLtjKvcw8cDcepX9ZfT5LIXzi/rjzLNQ7Wkl1slTCNse3xU1vr8sLSj4fOPPjDOaZm8wbnnW2/zbRIFnsovyoIHiybSHII0GUL65Efvsr2c=; 24:qwkUSOJzvkGLklMwbdtf0Oa03ZMks/5U43xmFojYcRfgd0u+3Eo+HpT9pW/Ivh+6/2U0EV3IKsZoS1DEm6D51ntFsbDMy8lR7UbSt2ebP1A=; 7:39r6UfO0BM9muwX2cLnDJp05PgF56bEjUY1nPYgq5c5lkP3NNYpX2tG5itwfhs2fKqYoSmlda+lZ7m01m9dPcYpI6Vr2OOYcF7J1IJy1yh2aLjqoWGQgwrh209o4AGBiBU7VunJjy4DmmKjAsf2cA46f48NVn069E9d2S0Yrck3hgvT8TEgEDjD8+VhPIM7sYnB/LrzzH0hw0yXKwjNkEDeF9ko6hfW/tmelgR87qe/RUvKiTYWY0ymV7HNNxbGi
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(396003)(376002)(39860400002)(39380400002)(366004)(346002)(189003)(199004)(93886005)(25786009)(478600001)(14454004)(6246003)(68736007)(53936002)(83716003)(102836004)(86362001)(316002)(3660700001)(6512007)(106356001)(107886003)(36756003)(82746002)(6436002)(58126008)(2900100001)(4326008)(8936002)(99286004)(33656002)(186003)(6116002)(5660300001)(6506007)(5250100002)(2906002)(229853002)(305945005)(46003)(3280700002)(81166006)(105586002)(6916009)(2950100002)(81156014)(97736004)(8676002)(7736002)(6486002)(54906003)(76176011); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR09MB2139; H:DM5PR09MB2137.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b5011980-938f-4f87-e52b-08d58ab183a2
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR09MB2139;
x-ms-traffictypediagnostic: DM5PR09MB2139:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov;
x-microsoft-antispam-prvs: <DM5PR09MB21391A8D7B31A223542E6B1C98D00@DM5PR09MB2139.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231221)(944501273)(52105095)(6055026)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR09MB2139; BCL:0; PCL:0; RULEID:; SRVR:DM5PR09MB2139;
x-forefront-prvs: 0612E553B4
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-microsoft-antispam-message-info: pShV2j0ef8CxaYH6VaddJwmjmjgVLXyfivpkUlk6OT5yqAf+tk7rC4BqMkewhUlh5gGoD8ikBYLqDGST/R403c7D+5OyJP8523y2Hkn2f1X0D+evLgYV8gcacSgIWho6cYqMN8jYbYgZXyGHfa4CD3yIn4dkOL7ljJLtyO23HoQYdrZM/xHyPCW//5PpFUM8k+Aw2hgIVn4l4k6cnBQZrf9yNMRLnh4lojpeMcfQLbP6/KkWbNvx6C/RvPdDjPsDdMy59BlI/QosHibRLqdFiQ90sbMJ7j5Wrjoly4oZhfjUi1cAR2qLhfzqm+N2s7SBzTSFHsyj0tD1YzsW+Z3kUQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <D645D6A9AB640043B31EA11CAD812E70@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: b5011980-938f-4f87-e52b-08d58ab183a2
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2018 20:15:36.3878 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR09MB2139
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/d4Ycy3le2be9bvAiVhTm4sgPdOI>
Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 20:15:42 -0000

Sure, if the "accidental mis-origination" is the only origination made, DISR will not drop the invalid
and ROV did not help at all in preventing the particular "accidental mis-origination".
If on the other hand the "accidental mis-origination" is covered by another route, it will be dropped
and in this case ROV did prevent the " accidental mis-origination" from being propagated.

What DISR does, it allows to deploy a softer "drop invalid" without the danger of losing connectivity 
until the operator decides to turn off DISR and "drop invalid". 

At the end, it is all local policy what to do with invalid. DISR just provides a defined
algorithm on how to act upon ROV results during the deployment stage by reducing 
loss of reachability due to "mis-configuration" lack of ROA's etc.

Oliver

On 3/14/18, 12:13 AM, "Randy Bush" <randy@psg.com> wrote:

    > DISR allows a safe “drop invalid” as long as it is still routable.
    
    read that again with the goal of rpki-based origin validation, stopping
    accidental mis-originations, in mind.
    
    randy

v2.23.0 | Report a Bug | By Email