Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018

Job Snijders <job@ntt.net> Wed, 05 September 2018 07:34 UTC

Return-Path: <job@instituut.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD81A130DE1 for <sidrops@ietfa.amsl.com>; Wed, 5 Sep 2018 00:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M39XcKp1NfV6 for <sidrops@ietfa.amsl.com>; Wed, 5 Sep 2018 00:34:58 -0700 (PDT)
Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F6E2128CB7 for <sidrops@ietf.org>; Wed, 5 Sep 2018 00:34:57 -0700 (PDT)
Received: by mail-ed1-f66.google.com with SMTP id l5so5261568edw.9 for <sidrops@ietf.org>; Wed, 05 Sep 2018 00:34:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=GMMjTMeKWvGjrLhlceglpFNpJXzL2Rs5bdoPfoTfzlU=; b=Vh+mmvalm1PFRlrYCvnTRR1gUKzO5kbo2VOsy/NCysZ+Xsm5ozryUh36CFQaoK3arl w7UmmJHArgD5advtixZ4jgz/0OniYAyDC3nALdEAZRk6K9/d2K5KrafLXaj58bctT6JN 06U0rppiISlZVDpoE/rfGG8rus2Fw7jmyTu13zAYVK2RGX1vSboL0WpvtlciSuE3iOSl ZHxFDDNb6E9992RMdtQ7bbC5NFjKl+4vU9HWbBtKRSf5FkE6q4cC/RtmxyN6lylPEmH2 ctWA4K7ZMZJb0sdp2rHM1o4cJqx1/Rlv3oApKfovujvSDBqjeN8kkD/HXggOdGFwXmNh XMwg==
X-Gm-Message-State: APzg51Awf9GGvupzw/UVVQ6kuOmCnOGuhzFZ54OeQObrtw/MWfWI5C/5 c3jvnW/86h4GBzf1chzg2d0Ldg==
X-Google-Smtp-Source: ANB0Vdb5sbXavtsfq9wZ8H5Q9dIHDyjKbWDBAR6IhRGahBg5AZ3NxEG2KJo5D/M7I3wgGmpe/gl8kw==
X-Received: by 2002:a50:cb8c:: with SMTP id k12-v6mr40758858edi.171.1536132896041; Wed, 05 Sep 2018 00:34:56 -0700 (PDT)
Received: from localhost (hanna.meerval.net. [192.147.168.57]) by smtp.gmail.com with ESMTPSA id j10-v6sm776957ede.5.2018.09.05.00.34.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Sep 2018 00:34:55 -0700 (PDT)
Date: Wed, 5 Sep 2018 09:34:54 +0200
From: Job Snijders <job@ntt.net>
To: Randy Bush <randy@psg.com>
Cc: Christopher Morrow <christopher.morrow@gmail.com>, SIDR Operations WG <sidrops@ietf.org>
Message-ID: <20180905073454.GU3097@hanna.meerval.net>
References: <CAL9jLaYqGt1+f3GaccNwjPOHxM34ifWDu5bhRx24PMYHpqV4XQ@mail.gmail.com> <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <CAL9jLaaYzZmGVgEPfuDze5D_yN5x_CMKFEnY7XwM2F7EycwEOQ@mail.gmail.com> <m2y3cgo4ta.wl-randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <m2y3cgo4ta.wl-randy@psg.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/jrq3Sbax1W-gyn3l4ppj0kpF8vA>
Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2018 07:35:00 -0000

On Tue, Sep 04, 2018 at 11:07:29PM -0700, Randy Bush wrote:
> >   1) "route origin validation is not as hard to see deploying today"
> 
> see draft-ietf-sidrops-ov-clarify-05.txt.  essentially vendors'
> implementations are funky and so it is hard for me to do it myself.
> 
> and it is not only ov-clarify.  test whether your fave implementation
> re-evaluates a bgp prefix when a roa change comes in over rpki-rtr.  the
> messy story goes on.

the IXP route server software (that is used in practise) is provided by
a single vendor. Perhaps this single vendor got it right, but from a
conceptual point of view they wouldn't be exempted and may still need
'ov-clarify'.

> >   2) "just introducing an IXP lan/RS that simply implements the validation
> > and takes action(s) is the right course of action"
> 
> s/the right course/one right course/
> 
> what is nice is that the ixp-provided filter does not have the same
> problems as above.

because of the single vendor? or because of some other reason? how
exactly is their bgp more magic than others?

> so it is a leapfrog while hardware vendors catch up.  it is driving
> origin validation deployment.

except that we cannot point at a single instance where the approach has
driven origin validation. on the other side, i can point at many
instances where IXP route servers have negatively impacted businesses
because they propagated/amplified incorrect routing information.

What /actually/ drives origin validation is customers asking their
providers (be it ISPs or IXPs) to implement origin validation. This
approach has already been succesfully tested at FranceIX, AMS-IX, and
later this year will be yield positive results at DE-CIX and LINX.

I have to ask, (given the author's affiliations) - if this draft is
published as an RFC, will you turn back the clock and start propagating
invalid route announcements to your customers (marked with an extended
community)? 

Kind regards,

Job