IDR meeting at IETF 106 (version 1) Session I: Monday, 18:10-19:10, 11/18/2019 Room: Collyer 0. Agenda bashing and Chair's slides (12 mins) Start Time: 18:10 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-note-well Presenter: John - Note Well - John talks about FlowSpec extensions. Lot of flowspec related draft continue to come in every meeting.Flowspec components types are pairs. Parsers cannot skip unknown components types. Not good for extensibility. - One way for extension is define new SAFI, but it is one-shot and cannot be extended later. Propose not to define new component types in existing flowspec AFI/SAFI. Should move forward with solution like Flowspecv2 draft or something similar, which uses TLVs for components. ?(Akamai): Makes sense to Fix TLV oversight, which method doesn't matter. Jeff Haas: PCEP picked rformat. Flowspec v2 also try to define firewall rule ordering. Flowspecs v2 should be taken further (rediscuss as it has been long enough). Igor Gashinsky(Verizon Media): Cannot extend flowspecs as it will make router failover. Let's fix it. John: Looks like consensus in room. Position of chair going forward is that you can discuss extension drafts but we want to prioritize groups time on getting TLV thing done, so that we can rollout extension drafts. Sue: As coauthor of flowspecV2, we should fix TLV problems. Suggestions are open on this. Will send out proposals on mailimg list. 1. BGP Flowspec for L2VPN and Tunnels [Donald Eastlake] (10 mins) https://tools.ietf.org/html/draft-ietf-idr-flowspec-l2vpn/ https://tools.ietf.org/html/draft-ietf-idr-flowspec-nvo3/ Start Time: 18:20 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessb-bgp-flowspec-for-l2vpn-and-tunnels Presenter: Donald Discussion: Sue: Purpose is to see if its ready for early code points, Implementation and feedback on the same. Jeff: Good idea to have a new pair of AFI/SAFI, using existing AFI/SAFI will break rules. Donald: New SAFI needs to be specified. Jeff: Existing AFI/SAFI usage will not work. John: as a WG member, fine with using existing SAFI. Sue: Quick experimentation going into this draft... Give code points even if we are fixing v2. John: Flowspec over new AFI/SAFI is fine, No impairment moving with this draft. Jeff: Combination of AFI/SAFI is important, SAFI registry 241 is reserved for private use and can be used. 2. BGP YANG Model for Service Provider Networks [Mahesh Jethanandani] (10 mins) https://tools.ietf.org/html/draft-ietf-idr-bgp-model/ Start Time: 18:32 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessb-bgp-yang-model Presenter: Mahesh Discussion: Jeff: Do we differentiate internal and External confederations Randy: You could have internal-conferations and external-confederations. Jeff: We have two options in the model, please take a look and see which one makes sense. Stephane: Here we are talking about operational state or configuration state? Jeff: This is for operational state. Rudiger Volk: A router support YANG models should support 4-byte ASes. Ruediger: Are we expecting Yang modelling is going to happen on Routers not with 4byte AS Acee: I don't think you're gonna find somebody implementing the yang model that doesn't support 4-byte AS. How many implementations are on Yang Model Jeff: For 4-Byte AS its supporting RFC 4398 Sue: Acee is this a work for you? Keychain model... Acee: We have everything you need... key rollover exists... CLI version have been there since long, not yang model. Donald: Is key rollover RFC 4808? Acee: Need to check on this. Jeff: If model supported by Acee yang model support then this will be supported by inheritance Stephane: TCP AO? Acee: IPsec is not for TCP. Acee: For IPsec - need to define. Jeff: BGP Confed is supported by some implementations Acee: We looked into TCP OA model while doing yang model. Sue: Implementations exists... can these things get standard. Put together description, separate draft... Acee: For IGP model, draw a line and no more feature after that. Features needs to come in augmentation. Part of base model but lack ref. Haibo Wang: How to support multiple BGP instances? Sue: Excellent question, but think it will not be covered in this model. Jeff: NMDA model will give some info being looked for. Alvaro: Will you document these feature somewhere? Sue: Some documentation is needed. Break doc into multiple docs. Alvaro: Document these features. Some info can be put into draft. Acee: Some info can be put in description in yang model, does not apply for everything. John: In interest of time, we need to cut short here. We can continue later. 3. BGP Extensions for IDs Allocation [Huaimo Chen] (5 mins) https://tools.ietf.org/html/draft-wu-idr-bgp-segment-allocation-ext/ Start Time : 18:49 Slides : https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessb-bgp-extensions-for-ids-allocation Presenter: Huaimo Discussion: - Request for adoption - No questions asked/discussed. 4. BGP Flow Specification for SRv6 [Huaimo Chen] (5 mins) https://tools.ietf.org/html/draft-li-idr-flowspec-srv6/ Start Time : 18:52 Slides : https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessb-bgp-flow-specification-for-srv6 Presenter: Huaimo Discussion: Sue: Does Flowspec for SRv6 need to harmonize with regular IPv6? Huaimo: We extend this to multiple domains inside SRH. Sue: How is SRv6 working coming? Acee: Is there a requirement or framework for this? Draft for every encap. Sue: Additional request for flowspec comes... Original def of Flowspec was a targeted audience/request... How is it in deployment? Talk about implementation Acee: Header doc is done... Keyur: Suggest to use flowspecv2 and single SAFI to support different TLVs. Avoid SAFI explosion Jeff: Flowspecs filter getting used for 2 big cases - ddos(firewall) and traffic engineering purpose. 5. SR Path Ingress Protection [Huaimo Chen] (5 mins) https://tools.ietf.org/html/draft-chen-idr-sr-ingress-protection/ Start Time : 18:58 Slides : https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessb-sr-path-ingress-protection Presenter: Huaimo Discussion: Sue: Where are spring policies being used for? Call for operators input on the new features. Andrew: Liquid telecom is using SR policies. Like using SR policy to route traffic. A simpler way maybe to send separate paths to the nodes and use community. Sue: Request for similar comments. 6. Revised BGP Maximum Prefix Limits [Job Snijders] (10 mins) https://tools.ietf.org/html/draft-sa-idr-maxprefix/ Start Time : 19:02 Slides : https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessb-revised-bgp-maximum-prefix-limits Presenter: Job Snijders Discussion: John: Make your points on mailing list and discuss. Session Ends here : 19:15 Thanks. [3 minutes for switching] ---------------------------------------------------------------------------------------------------------------------- Session II: Thursday, 17:40-18:40, 11/21/2019 Room: Olivia 0. Agenda bashing (2 mins) Start time: 17:40 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-note-well https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-auto-discovery-design-team-chairs Presenter: John Discussion: John talks about auto discovery. John: We did not have clear conclusion last time we discussed. Drafts are very close in semantics. Acee: All drafts have copied mine (joke). John: This is time to get design team to get together and come up with one unified design by next IETF. Design team to be put together in 2weeks. Randy: Conclude by next IETF? Its unrealistic goal to conclude by next IETF. John: Point is well taken. John: Design team is not long term. Susan: There will be open meetings on webex, anyone can participate. 1. BGP Provisioned IPsec Tunnel Configuration [Jun Hu] (10 mins) https://tools.ietf.org/html/draft-hujun-idr-bgp-ipsec/ https://tools.ietf.org/html/draft-hujun-idr-bgp-ipsec-transport-mode/ Start time: 17:46 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-bgp-provisioned-ipsec-tunnel-configuration Presenter: Hu Jun Discussion: Stephen: With these two drafts is chair planning to obsolete 6566? Sue: I think they are different, I need to check on how much is overlap. I will need opinion John: Does anyone have reason why we should not obsolete 6566 Linda: How do we extend BGP updates? We are going through untrusted domain here. Hu: This is just a control plane protocol, there are mechanism like outbound-filters which can be used. Linda: Is this info encrypted. You propose sub-tlv¡¯s which can be encoded in nexthop? Hu: That is already included in draft. Jeff: Everything in tunnel attribute has security concern. Jeff: For SRv6 will may go through internet, the security consideration may change a little bit. Sue: I need more info to take decision on this draft. Sue: Do you feel this draft address all security end points? This will help take a call on working group adoption. Hu: mailing list has answer. Jeff: Work is worth to be working on but taking care of security is challenging 2. SDWAN WAN Ports Property Advertisement in BGP UPDATE [Linda Dunbar] (10 mins) https://tools.ietf.org/html/draft-dunbar-idr-sdwan-port-safi/ Start time: 18:01 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-sdwan-wan-ports-property-advertisement-in-bgp-update Presenter: Linda Dunbar Discussion: John£ºDoes it mean you want to ship it or make it for demo? This looks like standard track. Acee: Think this is a standard track. John: To demonstrate how BGP is used? Do you want to try this as demo or ship? Linda: Its for shipping. John: Do you think its worth solution Linda: Yes John: FCFS cannot ask as standard, is it correct? Linda: Other content can be merged together. Acee: Read the document¡­ thought standard is correct. 3. Deprecation of AS_SET and AS_CONFED_SET in BGP [Sriram Kotikalapudi] (10 mins) https://tools.ietf.org/html/draft-ietf-idr-deprecate-as-set-confed-set/ Start time: 18:12 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-deprecation-of-as-set-and-as-confed-set-in-bgp Presenter: Sriram, Jeff Haas Discussion: Sue: There is some desire to see RFC 4276¡­ This might not be problem you are thinking. Idea is to document what is existing and not to do new feature. Jeff: No new code is needed to do correct thing here¡­ implementation take care of this. Policy can be added to match and drop prefix. RPKI filtering is becoming more common. Warren: It is a huge job to put RFC 4271 into full standard. Jared: Thanks for finding AS¡¯s. We want to clear or drop these there should be some soft knob to allow to drop. God: Removing RFC is a huge job Sue: This needs to happen soon or later Igor: This is good and needs to be done. Can you give people a knob as a workaround? ¨C Default way to doing aggregation. Knob will be very helpful Ruediger: Should consider to clear up the 2 byte ASes. Ruediger: Deprecating some artifacts we should also consider cleanup 2 Byte AS, as far as possible. 4. Advertising Segment Routing Policies in BGP [Ketan Talaulikar] (5 mins) https://tools.ietf.org/html/draft-ietf-idr-segment-routing-te-policy/ Start time: 18:29 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-advertising-segment-routing-policies-in-bgp Presenter: Ketan Discussion: No questions, time running short 5. Application Specific Attributes Advertisement with BGP Link-State [Ketan Talaulikar] (5 mins) https://tools.ietf.org/html/draft-ietf-idr-bgp-ls-app-specific-attr/ Start time: 18:30 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-advertising-segment-routing-policies-in-bgp Presenter: Ketan Discussion: Susan: Does this document should be a stand-alone document? Acee: Think so, the IGP drafts move faster. There are 2 docs in queue for review. 6. BGP Flexible Color-Based Tunnel Selection [Yimin Shen] (10 mins) https://tools.ietf.org/html/draft-shen-idr-flexible-color-tunnel-selection/ Start time:18:32 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-bgp-flexible-color-based-tunnel-selection Presenter: Yimin Shen Discussion: Sue: Have you shown this to spring folks? It¡¯s worth discussing. Yimin: we have not Sue: Can you compare it with the use of Tunnel Encap attribute for color in Jun¡¯s draft other than the IPsec part? Yimin: Tunnel encap path attribute applies to prefix tunnels are built upon¡­ John: Please take this offline. 7. Destination-IP-Origin-AS Filter for BGP Flow Specification [Haibo Wang] (5 mins) https://tools.ietf.org/html/draft-wang-idr-flowspec-dip-origin-as-filter/ Start time: 18:41 Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-destination-ip-origin-as-filter-for-bgp-flow-specification Presenter: Wang Haibo Discussion: Jeff: Review comments on mailing list stand .pay attention¡­ Flowspec operates as firewall rules, here crosses the boundary between firewall and RIB. Acee: I agree to Jeff. Have concern about putting all BGP attributes to FIB. Jeff: AS number and other BGP attributes are never in FIB. It is not a good idea. Aijun Wang: Maybe just consider the AS number for flexible traffic steering. Jie: You need to advertise only one rule from the server, how it is installed in device is implementation specific. Can be expanded to several rules, or just one. 8. Color Operation with BGP Label Unicast [Louis Chan] (5 mins if time permits) https://tools.ietf.org/html/draft-chan-idr-bgp-lu2/ Start time: NA (Follow on mailing list) Slides: https://datatracker.ietf.org/meeting/106/materials/slides-106-idr-sessa-color-operation-with-bgp-lu John: To be followed on mailing list, time is up... cannot be accommodated. End Time: 18:46 Session ends here @ 18:46 Thanks.