Discussion:
Genart LC review: draft-ietf-idr-large-community-11
Robert Sparks
2016-12-12 18:43:33 UTC
Permalink
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-idr-large-community-11
Reviewer: Robert Sparks
Review Date: 12 Dec 2016
IETF LC End Date: 16 Dec 2016
IESG Telechat date: 5 Jan 2017

Summary: Ready with nits

First a question (I don't know if this should lead to a change in the
document). You say the use of reserved ASNs is NOT RECOMMENDED and later
that the attribute MUST NOT be considered malformed if it has a reserved
ASN in it. Is it clear what a recipient is supposed to do if one of
these reserved ANSs shows up here? If so (for my own education) could
you point me to where that's described?

Nits:

Section 11.3 in the references is only referenced by the implementation
status section which you instruct the rfc-editor to delete. Do you
intend for the reference to also be deleted? If so, save yourself a
round-trip with the RFC-editor and add instructions now. If not, you'll
need to find a way to work a reference in that won't be deleted.

David Farmer makes a suggestion at
https://mailarchive.ietf.org/arch/msg/idr/wHOtQfblIiTPqqXsgcGHZOfMQ_s
that looks reasonable to me. Please consider it.

The security consideration section start out with a sentence that
strongly implies the reader might learn something about the security
considerations for this document by reading RFC1997. That document's
security considerations section says only that "Security issues are not
discussed in this memo." I suggest simply deleting this first sentence.
Please also consider if there are other BGP documents with substantive
security considerations sections that you can point to instead.
Job Snijders
2016-12-12 19:11:59 UTC
Permalink
Dear Robert,
Post by Robert Sparks
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed by
the IESG for the IETF Chair. Please treat these comments just like
any other last call comments.
Thank you for taking the time to review this document!
Post by Robert Sparks
Document: draft-ietf-idr-large-community-11
Reviewer: Robert Sparks
Review Date: 12 Dec 2016
IETF LC End Date: 16 Dec 2016
IESG Telechat date: 5 Jan 2017
Summary: Ready with nits
First a question (I don't know if this should lead to a change in the
document). You say the use of reserved ASNs is NOT RECOMMENDED and
later that the attribute MUST NOT be considered malformed if it has a
reserved ASN in it. Is it clear what a recipient is supposed to do if
one of these reserved ANSs shows up here? If so (for my own education)
could you point me to where that's described?
If two ASNs agree to exchange Large Communities with each other where
the mutually agreed upon Global Administrator value happens to be a
reserved ASN, that is something for those two networks to decide. The
key point here is that implementations must not impose any restrictions
on the uint32 value in the Global Administrator field. It is entirely at
the operator's discretion what to do with any Large Community, this
applies to reserved and non-reserved values.

The document recommends people to use their globally unique ASN, but
this will not be enforced through implementations.

The security section refers to "Network administrators should note the
recommendations in Section 11 of BGP Operations and Security [RFC7454]."
There is some wisdom there to be gleaned.
Post by Robert Sparks
Section 11.3 in the references is only referenced by the implementation
status section which you instruct the rfc-editor to delete. Do you intend
for the reference to also be deleted? If so, save yourself a round-trip with
the RFC-editor and add instructions now. If not, you'll need to find a way
to work a reference in that won't be deleted.
Yes, the intention is that the reference to RFC7942 is to be deleted
before publication.

This is my mistake: I mistook the hyperlink in
https://tools.ietf.org/html/rfc7942#section-2.1 to be a reference, but
its just an automagically converted hyperlink. We'll remove the
reference in the next version.
Post by Robert Sparks
David Farmer makes a suggestion at
https://mailarchive.ietf.org/arch/msg/idr/wHOtQfblIiTPqqXsgcGHZOfMQ_s that
looks reasonable to me. Please consider it.
I do not believe there is consensus at this moment to make a blanket
recommendation based on the contents of the registry (whatever they
may be in the future), but rather work with the precise and concise
approach which is currently described.

Jakob Heitz responded to the suggestion to extend the reserved Global
Administrator values, but for some reason I can't find that email in the
IETF IDR archive, I've copy+pasted it here:

-------------
Date: Mon, 05 Dec 2016 03:16:52 +0100
From: "Jakob Heitz (jheitz)" <***@cisco.com>
To: David Freedman <***@uk.clara.net>
Cc: "***@ietf.org" <***@ietf.org>
Subject: Re: [Idr] New Version Notification for draft-ietf-idr-large-community-11.txt

No new text is required to cover this: 23456 is not an ASN.
Besides, if anyone were to put it into a large community, no harm
would be done other than what would happen if any other unassigned
ASN were used.

About reserving values, we don't reserve values because the values
are unusable, but because we may want to use them for other purposes
later. There is no need to reserve another value. 3 is more than
enough.

Thanks,
Jakob.
--------------

In addition to the above, although the document does not define any
Special-Use BGP Large Communities, the Global Administrator values
specified in Section 2 (0, 65535, 4294967295) could be used if there is
a future need for them. The purpose of recommending that these values
are not to be used is not because there is harm in doing so, but to
leave the door open for future things (should they ever arise). From
this perspective a blanket reservation based on the ASN registry
wouldn't make sense for me.
Post by Robert Sparks
The security consideration section start out with a sentence that
strongly implies the reader might learn something about the security
considerations for this document by reading RFC1997. That document's
security considerations section says only that "Security issues are
not discussed in this memo."
The reference to RFC 1997 was meant to leverage 20 years of experience
with implementing and operating networks which use RFC 1997 communities.
I agree that the security section of RFC 1997 is somewhat sparse, but
the principle still applies: RFC 1997 and Large Communities have similar
security implications, even if they are not properly documented in RFC
1997.
Post by Robert Sparks
I suggest simply deleting this first sentence. Please also consider if
there are other BGP documents with substantive security considerations
sections that you can point to instead.
A reference to RFC 7454 is included, I am not aware of other specific
resources that can be pointed at.

Kind regards,

Job
Robert Sparks
2016-12-12 19:52:41 UTC
Permalink
Post by Job Snijders
Dear Robert,
Post by Robert Sparks
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed by
the IESG for the IETF Chair. Please treat these comments just like
any other last call comments.
Thank you for taking the time to review this document!
Post by Robert Sparks
Document: draft-ietf-idr-large-community-11
Reviewer: Robert Sparks
Review Date: 12 Dec 2016
IETF LC End Date: 16 Dec 2016
IESG Telechat date: 5 Jan 2017
Summary: Ready with nits
First a question (I don't know if this should lead to a change in the
document). You say the use of reserved ASNs is NOT RECOMMENDED and
later that the attribute MUST NOT be considered malformed if it has a
reserved ASN in it. Is it clear what a recipient is supposed to do if
one of these reserved ANSs shows up here? If so (for my own education)
could you point me to where that's described?
If two ASNs agree to exchange Large Communities with each other where
the mutually agreed upon Global Administrator value happens to be a
reserved ASN, that is something for those two networks to decide. The
key point here is that implementations must not impose any restrictions
on the uint32 value in the Global Administrator field. It is entirely at
the operator's discretion what to do with any Large Community, this
applies to reserved and non-reserved values.
The document recommends people to use their globally unique ASN, but
this will not be enforced through implementations.
Thanks for the explanation. It would have avoided the question if the
document said that - consider explicitly adding the key point you point to.
Post by Job Snijders
The security section refers to "Network administrators should note the
recommendations in Section 11 of BGP Operations and Security [RFC7454]."
There is some wisdom there to be gleaned.
Post by Robert Sparks
Section 11.3 in the references is only referenced by the implementation
status section which you instruct the rfc-editor to delete. Do you intend
for the reference to also be deleted? If so, save yourself a round-trip with
the RFC-editor and add instructions now. If not, you'll need to find a way
to work a reference in that won't be deleted.
Yes, the intention is that the reference to RFC7942 is to be deleted
before publication.
This is my mistake: I mistook the hyperlink in
https://tools.ietf.org/html/rfc7942#section-2.1 to be a reference, but
its just an automagically converted hyperlink. We'll remove the
reference in the next version.
Post by Robert Sparks
David Farmer makes a suggestion at
https://mailarchive.ietf.org/arch/msg/idr/wHOtQfblIiTPqqXsgcGHZOfMQ_s that
looks reasonable to me. Please consider it.
I do not believe there is consensus at this moment to make a blanket
recommendation based on the contents of the registry (whatever they
may be in the future), but rather work with the precise and concise
approach which is currently described.
Jakob Heitz responded to the suggestion to extend the reserved Global
Administrator values, but for some reason I can't find that email in the
-------------
Date: Mon, 05 Dec 2016 03:16:52 +0100
Subject: Re: [Idr] New Version Notification for draft-ietf-idr-large-community-11.txt
No new text is required to cover this: 23456 is not an ASN.
Besides, if anyone were to put it into a large community, no harm
would be done other than what would happen if any other unassigned
ASN were used.
About reserving values, we don't reserve values because the values
are unusable, but because we may want to use them for other purposes
later. There is no need to reserve another value. 3 is more than
enough.
Thanks,
Jakob.
--------------
In addition to the above, although the document does not define any
Special-Use BGP Large Communities, the Global Administrator values
specified in Section 2 (0, 65535, 4294967295) could be used if there is
a future need for them. The purpose of recommending that these values
are not to be used is not because there is harm in doing so, but to
leave the door open for future things (should they ever arise). From
this perspective a blanket reservation based on the ASN registry
wouldn't make sense for me.
WFM, but please get your chairs to chase down why the message didn't
make it to the archive.
Post by Job Snijders
Post by Robert Sparks
The security consideration section start out with a sentence that
strongly implies the reader might learn something about the security
considerations for this document by reading RFC1997. That document's
security considerations section says only that "Security issues are
not discussed in this memo."
The reference to RFC 1997 was meant to leverage 20 years of experience
with implementing and operating networks which use RFC 1997 communities.
Well, sure, but where is that 20 years of experience written down for
the next implementer or operator?
The existing pointer essentially has the semantic of "if you need to
know you already know"...
Post by Job Snijders
I agree that the security section of RFC 1997 is somewhat sparse, but
the principle still applies: RFC 1997 and Large Communities have similar
security implications, even if they are not properly documented in RFC
1997.
So, I _think_ your intent was to document them here.
Post by Job Snijders
Post by Robert Sparks
I suggest simply deleting this first sentence.
I still think that's the right thing to do.
Post by Job Snijders
Post by Robert Sparks
Please also consider if
there are other BGP documents with substantive security considerations
sections that you can point to instead.
A reference to RFC 7454 is included, I am not aware of other specific
resources that can be pointed at.
Kind regards,
Job
Jakob Heitz (jheitz)
2016-12-12 20:32:27 UTC
Permalink
Post by Robert Sparks
Post by Job Snijders
Jakob Heitz responded to the suggestion to extend the reserved Global
Administrator values, but for some reason I can't find that email in the
-------------
Date: Mon, 05 Dec 2016 03:16:52 +0100
Subject: Re: [Idr] New Version Notification for draft-ietf-idr-large-community-11.txt
No new text is required to cover this: 23456 is not an ASN.
Besides, if anyone were to put it into a large community, no harm
would be done other than what would happen if any other unassigned
ASN were used.
About reserving values, we don't reserve values because the values
are unusable, but because we may want to use them for other purposes
later. There is no need to reserve another value. 3 is more than
enough.
Thanks,
Jakob.
--------------
WFM, but please get your chairs to chase down why the message didn't
make it to the archive.
It shows up in the other archive:
https://www.ietf.org/mail-archive/web/idr/current/msg17255.html


Thanks,
Jakob.
Robert Sparks
2016-12-14 14:20:10 UTC
Permalink
Post by Jakob Heitz (jheitz)
Post by Robert Sparks
Post by Job Snijders
Jakob Heitz responded to the suggestion to extend the reserved Global
Administrator values, but for some reason I can't find that email in the
-------------
Date: Mon, 05 Dec 2016 03:16:52 +0100
Subject: Re: [Idr] New Version Notification for draft-ietf-idr-large-community-11.txt
No new text is required to cover this: 23456 is not an ASN.
Besides, if anyone were to put it into a large community, no harm
would be done other than what would happen if any other unassigned
ASN were used.
About reserving values, we don't reserve values because the values
are unusable, but because we may want to use them for other purposes
later. There is no need to reserve another value. 3 is more than
enough.
Thanks,
Jakob.
--------------
WFM, but please get your chairs to chase down why the message didn't
make it to the archive.
https://www.ietf.org/mail-archive/web/idr/current/msg17255.html
There was an issue (for about 200 messages) in the indexing in the
mailarchive tool that has been repaired.
This particular message is at
<https://mailarchive.ietf.org/arch/msg/idr/tg_gVjNwrFWklo4dTRUHo7Rkqos>

Thanks again for spotting the issue.
Post by Jakob Heitz (jheitz)
Thanks,
Jakob.
Jakob Heitz (jheitz)
2016-12-12 19:57:19 UTC
Permalink
A little more context regarding reserved communities:

The RFC 1997 reserved community values 65535:* will be
presented to the routing policy when received, just like
any other community values. The routing policy can match
on them and set or delete them, just like any other
community values.

The only difference is that the router takes the
action prescribed by an assigned reserved community value,
in most cases. I.e., it is not even required that the
routing software take the prescribed action. The routing
policy could do it just as well.

This carries over to large communities.

Thanks,
Jakob.
-----Original Message-----
Sent: Monday, December 12, 2016 11:12 AM
Subject: Re: [Idr] Genart LC review: draft-ietf-idr-large-community-11
Dear Robert,
Post by Robert Sparks
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed by
the IESG for the IETF Chair. Please treat these comments just like
any other last call comments.
Thank you for taking the time to review this document!
Post by Robert Sparks
Document: draft-ietf-idr-large-community-11
Reviewer: Robert Sparks
Review Date: 12 Dec 2016
IETF LC End Date: 16 Dec 2016
IESG Telechat date: 5 Jan 2017
Summary: Ready with nits
First a question (I don't know if this should lead to a change in the
document). You say the use of reserved ASNs is NOT RECOMMENDED and
later that the attribute MUST NOT be considered malformed if it has a
reserved ASN in it. Is it clear what a recipient is supposed to do if
one of these reserved ANSs shows up here? If so (for my own education)
could you point me to where that's described?
If two ASNs agree to exchange Large Communities with each other where
the mutually agreed upon Global Administrator value happens to be a
reserved ASN, that is something for those two networks to decide. The
key point here is that implementations must not impose any restrictions
on the uint32 value in the Global Administrator field. It is entirely at
the operator's discretion what to do with any Large Community, this
applies to reserved and non-reserved values.
The document recommends people to use their globally unique ASN, but
this will not be enforced through implementations.
The security section refers to "Network administrators should note the
recommendations in Section 11 of BGP Operations and Security [RFC7454]."
There is some wisdom there to be gleaned.
Post by Robert Sparks
Section 11.3 in the references is only referenced by the implementation
status section which you instruct the rfc-editor to delete. Do you intend
for the reference to also be deleted? If so, save yourself a round-trip with
the RFC-editor and add instructions now. If not, you'll need to find a way
to work a reference in that won't be deleted.
Yes, the intention is that the reference to RFC7942 is to be deleted
before publication.
This is my mistake: I mistook the hyperlink in
https://tools.ietf.org/html/rfc7942#section-2.1 to be a reference, but
its just an automagically converted hyperlink. We'll remove the
reference in the next version.
Post by Robert Sparks
David Farmer makes a suggestion at
https://mailarchive.ietf.org/arch/msg/idr/wHOtQfblIiTPqqXsgcGHZOfMQ_s that
looks reasonable to me. Please consider it.
I do not believe there is consensus at this moment to make a blanket
recommendation based on the contents of the registry (whatever they
may be in the future), but rather work with the precise and concise
approach which is currently described.
Jakob Heitz responded to the suggestion to extend the reserved Global
Administrator values, but for some reason I can't find that email in the
-------------
Date: Mon, 05 Dec 2016 03:16:52 +0100
Subject: Re: [Idr] New Version Notification for draft-ietf-idr-large-community-11.txt
No new text is required to cover this: 23456 is not an ASN.
Besides, if anyone were to put it into a large community, no harm
would be done other than what would happen if any other unassigned
ASN were used.
About reserving values, we don't reserve values because the values
are unusable, but because we may want to use them for other purposes
later. There is no need to reserve another value. 3 is more than
enough.
Thanks,
Jakob.
--------------
In addition to the above, although the document does not define any
Special-Use BGP Large Communities, the Global Administrator values
specified in Section 2 (0, 65535, 4294967295) could be used if there is
a future need for them. The purpose of recommending that these values
are not to be used is not because there is harm in doing so, but to
leave the door open for future things (should they ever arise). From
this perspective a blanket reservation based on the ASN registry
wouldn't make sense for me.
Post by Robert Sparks
The security consideration section start out with a sentence that
strongly implies the reader might learn something about the security
considerations for this document by reading RFC1997. That document's
security considerations section says only that "Security issues are
not discussed in this memo."
The reference to RFC 1997 was meant to leverage 20 years of experience
with implementing and operating networks which use RFC 1997 communities.
I agree that the security section of RFC 1997 is somewhat sparse, but
the principle still applies: RFC 1997 and Large Communities have similar
security implications, even if they are not properly documented in RFC
1997.
Post by Robert Sparks
I suggest simply deleting this first sentence. Please also consider if
there are other BGP documents with substantive security considerations
sections that you can point to instead.
A reference to RFC 7454 is included, I am not aware of other specific
resources that can be pointed at.
Kind regards,
Job
Loading...