Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt
Matthias Waehlisch <m.waehlisch@fu-berlin.de> Sun, 15 January 2017 23:04 UTC
Return-Path: <m.waehlisch@fu-berlin.de>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C94129481; Sun, 15 Jan 2017 15:04:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.72
X-Spam-Level:
X-Spam-Status: No, score=-4.72 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDPzBBY7XYh1; Sun, 15 Jan 2017 15:04:23 -0800 (PST)
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBE0A1293F0; Sun, 15 Jan 2017 15:04:22 -0800 (PST)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from <m.waehlisch@fu-berlin.de>) id <1cStqU-003fL7-VN>; Mon, 16 Jan 2017 00:04:18 +0100
Received: from x5ce7e1b5.dyn.telefonica.de ([92.231.225.181] helo=mw-PC.fritz.box) by inpost2.zedat.fu-berlin.de (Exim 4.85) with esmtpsa (TLSv1:AES256-SHA:256) (envelope-from <m.waehlisch@fu-berlin.de>) id <1cStqU-002sKz-K5>; Mon, 16 Jan 2017 00:04:18 +0100
Date: Mon, 16 Jan 2017 00:03:40 +0100
From: Matthias Waehlisch <m.waehlisch@fu-berlin.de>
To: Nick Hilliard <nick@foobar.org>
In-Reply-To: <587A9DE9.1000608@foobar.org>
Message-ID: <alpine.WNT.2.00.1701152315390.14048@mw-PC>
References: <148433210469.9788.12815016683609966013.idtracker@ietfa.amsl.com> <20170113184009.GC1055@Vurt.local> <7C35D47D-6605-4D6D-A97E-BD7139F36DBA@gmail.com> <7f08f967-247e-4060-b643-52bc45d8ab29@Spark> <1E278B10-A5BF-40BE-95C4-7A9B6AF6C817@gmail.com> <c55845cc-ca06-45c8-9b2e-075421d0447c@Spark> <58795A0B.6000009@foobar.org> <alpine.WNT.2.00.1701141045460.14048@mw-PC> <587A03CF.3010001@foobar.org> <alpine.WNT.2.00.1701141619550.14048@mw-PC> <587A9DE9.1000608@foobar.org>
User-Agent: Alpine 2.00 (WNT 1167 2008-08-23)
X-X-Sender: waehl@mail.zedat.fu-berlin.de
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Originating-IP: 92.231.225.181
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/uWCSUI7c3dXiR-atZdkQ3ppFS7c>
Cc: "Carlos M. Martinez" <carlosm3011@gmail.com>, sidrops@ietf.org, GMO Crops <grow@ietf.org>, job@ntt.net
Subject: Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2017 23:04:24 -0000
I don't know if we are losing sight. The argument that RS is doing best path selection was stated several times. However, I still don't buy the argument "route servers and rpki are an uncomfortable fit." I buy the argument that fine-grained policy configuration challenges RS operation. And for sure the principle is indepdent of RPKI. In the most boring case, the decision results in "Prefer the route received from the lowest peer address." Ups, is this the IP address of the peering LAN, given by the IXP. What is specific to RPKI is proxying of security-related meta data (i.e., easier deployment of new protocols via RS). For example, in the case of policy prefer-valid-over-invalid AND there is no valid, RS would announce the (invalid) prefix to peer P. P also established private peering and receives announcement for the invalid prefix. Without deploying RPKI, this BGP speaker could benefit from RS meta data, dropping both. Cheers matthias On Sat, 14 Jan 2017, Nick Hilliard wrote: > Matthias Waehlisch wrote: > > the current discussion makes clear that documentation of > > origin-validation-signaling in IXP context is needed > > rpki is conceptually no different to any other type of signaling > mechanism: it's simply another input into the BGP decision engine > process, just like communities or meds or as-path. > > What we're losing sight of here is that it's the route server which > calculates the best path for each route using the routing decision > engine, and then sends a _single_ best path to the client. Conceptually, > it doesn't matter whether the tie-breaker on the route server is > communities, meds, as-path or rpki: the point is that the policy > decision mechanism needs to be configured on the route server itself, > because the route server is the device which is calculating the best > path. If the route server operator doesn't do this, the clients will > end up with path hiding (see 2.3.1 in rfc7947). I.e. it's nothing > specific to rpki. > > This is already extensively documented in rfc7947 and rfc7948. > > Nick > -- Matthias Waehlisch . Freie Universitaet Berlin, Computer Science .. http://www.cs.fu-berlin.de/~waehl
- [Sidrops] I-D Action: draft-ietf-sidrops-route-se… internet-drafts
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-rout… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-rout… Carlos M. Martinez
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-rout… job
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-rout… job
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-rout… Carlos M. Martinez
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-rout… job
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-rout… Randy Bush
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Christopher Morrow
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… joel jaeggli
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Nick Hilliard
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Christopher Morrow
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Job Snijders
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Randy Bush
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Matthias Waehlisch
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Nick Hilliard
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Nick Hilliard
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Nick Hilliard
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Matthias Waehlisch
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Christopher Morrow
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… joel jaeggli
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… joel jaeggli
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Nick Hilliard
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Randy Bush
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Job Snijders
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Matthias Waehlisch
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… i3D.net - Martijn Schmidt
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… joel jaeggli
- Re: [Sidrops] [GROW] I-D Action: draft-ietf-sidro… Marco Marzetti