IETF Logo Mail Archive

Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Sun, 11 March 2018 04:51 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E57512025C; Sat, 10 Mar 2018 20:51:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11rYRuou2SnZ; Sat, 10 Mar 2018 20:51:40 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0115.outbound.protection.outlook.com [23.103.200.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46DB01200C5; Sat, 10 Mar 2018 20:51:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3vchkhz6Ecvpd6zEee2SZR/iOD7LpLv273fothWxAIQ=; b=qubhNZVv+di0OKacmrXcU4rB6muCvWyqTpJApeFM4XIoE9zxplkKkpFmjqXweMKznjHFxXk/4O4fTCpxh2SrS7k9SjVYfJNZ2o9BqtDzuyes9gHx0o1Wntl46Oy1eLO2kd9+ybUFG+ospREZsGKyr+kipSrthsBB0lO0UvAP+LU=
Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Sun, 11 Mar 2018 04:51:36 +0000
Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95%13]) with mapi id 15.20.0548.021; Sun, 11 Mar 2018 04:51:36 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Job Snijders <job@ntt.net>, Tim Bruijnzeels <tim@ripe.net>
CC: "sidrops-chairs@ietf.org" <sidrops-chairs@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt
Thread-Index: AQHTtNWhXGiptyuPFE2FzpnwC7YBGqPDZQDegAMD+gCAAv5sAIABBZeG
Date: Sun, 11 Mar 2018 04:51:36 +0000
Message-ID: <BYAPR09MB27737CE855DAF3B51632F4F884DC0@BYAPR09MB2773.namprd09.prod.outlook.com>
References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <BYAPR09MB2773819AB3961189CDA9B4D784D90@BYAPR09MB2773.namprd09.prod.outlook.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net>, <20180310120844.GC35705@vurt.meerval.net>
In-Reply-To: <20180310120844.GC35705@vurt.meerval.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.222.37]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR09MB2773; 7:3o6KKKnUDnwjkNDODgJdlnQgTRd8Tc8axEnwJvvxOQdRzAVj/ICCkj1mnpd0MITojJy4P3dK1J4jKS8HC/b3BHxzoHq4oMC/dRvfEqJaSOrHWkJHwBhNK0Ak7yJSj5Mlo4C3svtfPA0ODUWj3Ggm49WC+2umjTxtZpyzJQALY48vJ8gKxTBp6CkZ5NguxwHdZk0+HUbe1BKvIPVxzi0e/hKAIevVD6dGblIizieRJ6RNoHc4VDUnLLfB5JEHl7IX
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: e978bd28-734e-4b75-e4ed-08d5870bc52c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2773;
x-ms-traffictypediagnostic: BYAPR09MB2773:
x-microsoft-antispam-prvs: <BYAPR09MB2773BED009CF33B8C43ACAC084DC0@BYAPR09MB2773.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(6055026)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:BYAPR09MB2773; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2773;
x-forefront-prvs: 0608DEDB67
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(39850400004)(39380400002)(366004)(189003)(199004)(6116002)(8936002)(68736007)(229853002)(106356001)(81166006)(81156014)(9686003)(53936002)(33656002)(74316002)(2900100001)(6506007)(59450400001)(5660300001)(2906002)(7736002)(3280700002)(305945005)(478600001)(4326008)(3846002)(25786009)(97736004)(6436002)(55016002)(8676002)(14454004)(2950100002)(6246003)(5250100002)(3660700001)(66066001)(105586002)(93886005)(186003)(102836004)(110136005)(54906003)(26005)(99286004)(86362001)(316002)(76176011)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2773; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-microsoft-antispam-message-info: j+Eo7+R5XTUjwsRVYnrAU80bS/YYF5L/eq42FxPPBfQqI3dR4U0LUbXv/ahnlhrEeJhVzlXuyRrYyqxveGG2b6mesoVmRZPQt1kD2NNnep3zwRub2/qbuYgQy3waMe921yP1a5FkGdm/qgzsDRVLJVnmU1tqkTUqpL8SO6EfAInIKowYfiK2biZhF0qmT8YN61d2F+MHnz7dU665GWEjB+fO1n55Do+8E8dD7ltxjnzpWOm3rvORlh1ycw6XyRrbtoa/q6SUbzkybnA23+l2NIUOewQ/L6wlnG2FlcUYC7iC6eBgy8PLpAPVcyecVnHJRKOyM+/MS7xVbrjgeYMzbA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: e978bd28-734e-4b75-e4ed-08d5870bc52c
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2018 04:51:36.1955 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2773
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/yDHCVrMbwWANpvJAuEG1H4JkaPo>
Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2018 04:51:43 -0000

Job,

Tim wrote:
>>One remark on the content.. would it make sense to have 
>>a different treatment in case an AS0 ROA is issued? 
>>I.e. in case an announcement is invalid due to AS0 and 
>>there is no valid announcement (there can’t be) - still drop it?

Job wrote:
>Aside from complications related to AS 0 (it being an unroutable ASN) -
>there is another type of prefixes where INVALID announcements should
>never be accepted: IXP Peering LAN prefixes.
-- snip --
>DE-CIX is not announcing the peering lan prefix for various operational
>reasons, and the ROA should help supress global visiblity, especially
>the global visibility of more-specifics. More-specifics of the peering lan
>are disastrous for IXPs.

This seems like a nice use case for AS 0 ROA and DISR with Tim's suggested modification.
The IXP should create an AS 0 ROA for their LAN prefix.
And they should delete the ROA they currently have with their own AS.
(IXP is not announcing the LAN prefix.)
Then, any announcements of their prefix will be Invalid and dropped
by the DISR policy including Tim's suggested modification.
Also, with the AS 0 ROA, there is the added advantage that 
even forged-origin hijacks will be impossible.

Sriram

v2.23.0 | Report a Bug | By Email