Hi Med, >This confirms my initial thoughts. As an AD, I think we need to reset >draft-ietf-grow-route-leak-detection-mitigation (that is, park it) and work >with the WG/IDR to explore a more implementable/deployable approach.
I think you understand that the parallel IDR work is already done and published. That is RFC 9234 https://datatracker.ietf.org/doc/rfc9234/ There are open-source implementations of RFC 9234 and some IXPs have deployed it: https://lists.nanog.org/archives/list/[email protected]/thread/DX3HDX2EXOUZJEGCS7OY7NP6D3NETGJN/#DX3HDX2EXOUZJEGCS7OY7NP6D3NETGJN Many network operators already use an approach like that in draft-ietf-grow-route-leak-detection-mitigation to prevent route leaks locally at their AS. The difference is that the BGP Community (tag) they use internally from ingress to egress is non-transitive and they normally try to strip it at the egress router. I agree with you draft-ietf-grow-route-leak-detection-mitigation needs major revision to come up to the same level as RFC 9234. The former can incorporate many of the same IDR/GROW WG comments/feedback which RFC 9234 benefited from. Plus, comments from your review. Maybe we need not rush. Authors can connect with you at the next IETF in person. Sriram From: [email protected] <[email protected]> Sent: Friday, April 11, 2025 4:44 AM To: Sriram, Kotikalapudi (Fed) <[email protected]>; [email protected] Cc: [email protected] Subject: RE: Review of draft-ietf-grow-route-leak-detection-mitigation-14 Hi Sriram, (apologies for the delay to follow-up) Thank you for the clarification. This confirms my initial thoughts. As an AD, I think we need to reset draft-ietf-grow-route-leak-detection-mitigation (that is, park it) and work with the WG/IDR to explore a more implementable/deployable approach. Thank you. Cheers, Med De : Sriram, Kotikalapudi (Fed) <[email protected]<mailto:[email protected]>> Envoyé : samedi 8 mars 2025 04:49 À : BOUCADAIR Mohamed INNOV/NET <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Cc : [email protected]<mailto:[email protected]> Objet : RE: Review of draft-ietf-grow-route-leak-detection-mitigation-14 Med, I forgot to reply to one other question you asked. Here it is. >Unless I'm mistaken, there is no registry to record the requested class. We did try to create one: https://datatracker.ietf.org/doc/html/draft-heitz-idr-wklc-07 https://datatracker.ietf.org/meeting/interim-2020-idr-02/materials/slides-interim-2020-idr-02-sessa-bgp-well-known-large-community-02.pdf But apparently that wasn't the right approach, i.e., setting aside a wide range of 4 octet AS numbers for well-known large community (WKLC). The Chairs of IDR suggested that we instead request one or a few WKLC values (4 octet ASN or Global Administrator values). We might do that when the draft is brought back into active pursuit. Sriram From: Sriram, Kotikalapudi (Fed) Sent: Friday, March 7, 2025 9:45 AM To: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: RE: Review of draft-ietf-grow-route-leak-detection-mitigation-14 Hi Med, Thank you so much for taking the time to review the draft. I am writing a quick response for now. Will look at your detailed comments in the next few days. The draft is in a keep alive mode (with no changes) for the last few years since the work on RFC 9234 and ASPA (both have Alexander and me as co-authors) took precedence. Yes, if we continue to pursue it, a major revision will be made and there will be consistency with RFC 9234. We'll take all your comments into consideration. Some network operators and IETF colleagues had been encouraging us to pursue both approaches: (1) transitive BGP Path Attribute (OTC in RFC 9234) and (2) transitive BGP Community (Down Only (DO)) in this draft. The rationale was that DO can be deployed in the short term by network operators, OTC in the medium term, and ASPA in the long term. That rationale can be revisited. OTC and ASPA seem to be well liked and considered very promising. OTC is already RFC 9234. ASPA should get there soon (may be this summer! ASPA verification and profile drafts in a mature state; 8210bis will catch up). Current deployment of OTC is minimal (in some IXPs). I know vendors are very aware of RFC 9234 and its benefits, but I am not fully aware of their implementation plans/timelines. People are eagerly awaiting ASPA publication as RFCs. I understand that many network operators currently use a BGP Community tag internally in their AS to prevent route leaks locally in their AS. It is like the DO but non-transitive (utilized with the AS to signal from the ingress to egress). Operators had expressed the thought that if this draft could become an RFC, the transitive DO can be deployed very quickly. Sharing some history and status of things from my perspective. Your thoughts in response to the above observations? Sriram From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Sent: Friday, March 7, 2025 3:05 AM To: [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: Review of draft-ietf-grow-route-leak-detection-mitigation-14 Hi Kotikalapudi/Alex, Thank you for your effort put into this document. FWIW, you may find my review can be found at (*): * Pdf: https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/2025/draft-ietf-grow-route-leak-detection-mitigation-12-rev%20Med.pdf * Doc: https://github.com/boucadair/IETF-Drafts-Reviews/raw/refs/heads/master/2025/draft-ietf-grow-route-leak-detection-mitigation-12-rev%20Med.doc I'm supportive of means to help route leak prevention/detection, however I have some reservations about the approach in the draft: * The main argument (not technical one, though) is that the solution can be faster to deploy. That argument is appealing... however, I don't think that argument stands anymore after several years. * Unless I'm mistaken, there is no registry to record the requested class. * The doc mandates how policies are configured (including on those ASes not adhering to the spec!): I'm not comfortable with that tone in the draft, let alone that we don't have means to enforce these various MUST on policies. Cheers, Med (*) I'm definitely missing of the context around the draft (*) I know that it is frustrating to receive this kind of comments after ten years working on a proposal. Sorry for that.
_______________________________________________ GROW mailing list -- [email protected] To unsubscribe send an email to [email protected]
