Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018

Nick Hilliard <nick@foobar.org> Wed, 05 September 2018 14:51 UTC

Return-Path: <nick@foobar.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 402FB130E2E for <sidrops@ietfa.amsl.com>; Wed, 5 Sep 2018 07:51:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yTP3lJmGosB3 for <sidrops@ietfa.amsl.com>; Wed, 5 Sep 2018 07:51:16 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D926A126CC7 for <sidrops@ietf.org>; Wed, 5 Sep 2018 07:51:15 -0700 (PDT)
X-Envelope-To: sidrops@ietf.org
Received: from cupcake.local (089-101-195156.ntlworld.ie [89.101.195.156] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id w85Dp8Mp077048 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Sep 2018 14:51:09 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-195156.ntlworld.ie [89.101.195.156] (may be forged) claimed to be cupcake.local
To: Randy Bush <randy@psg.com>
Cc: Christopher Morrow <christopher.morrow@gmail.com>, SIDR Operations WG <sidrops@ietf.org>
References: <CAL9jLaYqGt1+f3GaccNwjPOHxM34ifWDu5bhRx24PMYHpqV4XQ@mail.gmail.com> <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <CAL9jLaaYzZmGVgEPfuDze5D_yN5x_CMKFEnY7XwM2F7EycwEOQ@mail.gmail.com> <m2y3cgo4ta.wl-randy@psg.com>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <e6a23568-3c44-0749-fe6d-d9c76df97342@foobar.org>
Date: Wed, 5 Sep 2018 15:51:09 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 PostboxApp/6.1.2
MIME-Version: 1.0
In-Reply-To: <m2y3cgo4ta.wl-randy@psg.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/q2f-zzOkT0NcHlNew6PRvlZvslM>
Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2018 14:51:19 -0000

Randy Bush wrote on 05/09/2018 07:07:
> and it is not only ov-clarify.  test whether your fave implementation
> re-evaluates a bgp prefix when a roa change comes in over rpki-rtr.  the
> messy story goes on.
[...]
> what is nice is that the ixp-provided filter does not have the same
> problems as above.

really it does.  As Job suggested, the majority of ixp route servers run 
BIRD, and taking the example you mention, one of BIRD's known 
limitations is that it does not handle revalidation.  Another limitation 
would be that it doesn't handle aggregators as the last element in the 
as path.

In general, if the IXP uses any particular bgp stack (whether ios-xe, 
junos, bird, etc), it will be stuck with the bugs and shortcomings of 
that particular implementation, and under the proposals of the 
validating-bgp-speaker draft, everyone at the ixp will be subject to 
those particular bugs and shortcomings.  It's not valid to say that the 
IXP rpki implementation will be any better than a "hardware" router 
because - as Job pointed out already - it's just software under the hood.

Nick