IETF Logo Mail Archive

Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-ov-egress-01

Job Snijders <job@ntt.net> Wed, 18 March 2020 01:26 UTC

Return-Path: <job@instituut.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D0653A0DC7 for <sidrops@ietfa.amsl.com>; Tue, 17 Mar 2020 18:26:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.111
X-Spam-Level:
X-Spam-Status: No, score=-3.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp5mf_bkLylq for <sidrops@ietfa.amsl.com>; Tue, 17 Mar 2020 18:26:40 -0700 (PDT)
Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E970E3A0DC5 for <sidrops@ietf.org>; Tue, 17 Mar 2020 18:26:39 -0700 (PDT)
Received: by mail-wr1-f46.google.com with SMTP id h6so7893518wrs.6 for <sidrops@ietf.org>; Tue, 17 Mar 2020 18:26:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=K5TqNyHfuQ3UO8dsk8IHy6u4F1B7kP95jluKX0UQL4M=; b=HmLb2WUnoYnjKtzQQYFDRyn9yxkmevQ+9tcJtsPp5TD1seKmlCnSgWThtNhv2g1uNe CFosVZW/reHaLC+n9P6OkZJXcaaILAtQoqSQnyGV/TVWf9xH5D6T2JKCbiTZ6mkxeXuD gUdvD6KUho63yEeS0HtCe0r7LZQNzv8VQ0/QSqHjAHF2ivTc8mTIG4172F6TrcTTl4M0 i4QXNja0GuM3PhXldjGRnCfFlCPCkD32e0m5CiLm8YpymnLw8LS5yYie8jvp3Xg+NHa2 WxTqXrg9AuAP8w5DcvpaGEA0WWt1tKLqmFkVZlrcMF8tiQWDeCEH0EyGEPgiDJHhZQiO ExVQ==
X-Gm-Message-State: ANhLgQ1Va60QjuHdP/1Lydk8i5IuDHkLMVMMbqGgdb5Y+eI6MUm2n/J7 7NujDOHb4Sw2sJ5aygVc4opjmsciyWc=
X-Google-Smtp-Source: ADFU+vsmjFtukD94cb2TpRG43rAxz5RiLhH72ChJDj1BEzKM6XlTokhzphaZC6EeZk6ZAPYqSAnfIg==
X-Received: by 2002:adf:aa92:: with SMTP id h18mr2013766wrc.139.1584494797413; Tue, 17 Mar 2020 18:26:37 -0700 (PDT)
Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id w19sm1572822wmi.0.2020.03.17.18.26.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Mar 2020 18:26:36 -0700 (PDT)
Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 7fc24496; Wed, 18 Mar 2020 01:26:35 +0000 (UTC)
Date: Wed, 18 Mar 2020 01:26:35 +0000
From: Job Snijders <job@ntt.net>
To: Nick Hilliard <nick@foobar.org>
Cc: Linda Dunbar <linda.dunbar@futurewei.com>, last-call@ietf.org, ops-dir@ietf.org, sidrops@ietf.org, draft-ietf-sidrops-ov-egress.all@ietf.org
Message-ID: <20200318012635.GE77479@vurt.meerval.net>
References: <158448201565.32201.9748655174984394118@ietfa.amsl.com> <624bd5c7-5459-64c2-5694-b77dde5835a6@foobar.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <624bd5c7-5459-64c2-5694-b77dde5835a6@foobar.org>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/dUvWk268yZY7JxmAbcXZW6QuBpA>
Subject: Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-ov-egress-01
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 01:26:42 -0000

On Wed, Mar 18, 2020 at 12:44:29AM +0000, Nick Hilliard wrote:
> Linda Dunbar via Datatracker wrote on 17/03/2020 21:53:
> > Section 3 Egress Processing only has one sentence stating that "When
> > applied to egress policy, validation state MUST be determined using
> > the effective origin AS of the route as it will (or would) be
> > announced to the peer." What other choices there are ?   Are there
> > any routers that support  RFC 6480 RPKI  not performing this step?
> > how?
> 
> jumping the gun on the authors here, there's a mismatch between what
> coders implemented and what operators figured would be workable in
> terms of how policy semantics need to be handled on production
> routers.
> 
> This is a fancy way of saying that some router vendors ticked the ROV
> tickbox, but the way they did it was too limited for real life.
> 
> RPKI provides a policy management mechanism.  The ID says that this
> needs to be hooked into the three major policy application points
> which are implemented in most, if not all, bgp rib engines.  These
> points are:
> 
> 1. bgp ingress, i.e. at the point between the adj-rib-in and loc-rib
> 2. on redistribution to other routing protocols 3. bgp egress, i.e. at
> the point between the loc-rib and adj-rib-out
> 
> This didn't happen for ROV on all vendor stacks.

Perhaps:

OLD:
    It might be affected by removal of private AS(s), confederation, AS
    migration, etc.  If there are any AS_PATH modifications resulting in
    origin AS change, then these MUST be taken into account.

NEW:
    BGP implementations have to take removal of private AS(s),
    confederation, AS migration, etc into consideration. If there are
    any AS_PATH modifications resulting in an Origin AS change, then
    these MUST be taken into account and only the final Origin AS is to
    be used as input into the Origin Validation procedure.

Kind regards,

Job

v2.23.0 | Report a Bug | By Email