Re: [PDB Tech] allow empty IP field or not?

2016-12-28 Thread Eric Loos 
Hi Matt,

I agree, so that is why I don’t believe that keeping a field empty to signal 
other intent, i.e. ‘I am not ready to peer’ or ‘I do not want to peer’ is not a 
valid use case and therefore an empty field does not fit with a database meant 
for  valid data. So on what side of the fence are you? Allow empty yes or no 
and what do you see as implications?
> On 28 Dec 2016, at 19:30, Matt Griswold  wrote:
> 
> * Eric Loos  [161228 19:08 +0100]:
>> I doubt we want people to just blindly have a script configure a
>> session just because someone, somewhere has added an IP address on an
>> exchange, there should be another step, right?
> 
> We shouldn't care what they do with it and it's well beyond scope of a
> database. We care that the data is valid and thus, hopefully, useful.

___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-28 Thread Matt Griswold 
* Eric Loos  [161228 19:08 +0100]:
> I doubt we want people to just blindly have a script configure a
> session just because someone, somewhere has added an IP address on an
> exchange, there should be another step, right?

We shouldn't care what they do with it and it's well beyond scope of a
database. We care that the data is valid and thus, hopefully, useful.
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-28 Thread Eric Loos 
Hi Martin,

I think we agree so let me try again :-)  PDB should be definitive so the field 
IMO should not be empty, The information should be valid and as correct as 
possible and indeed people should be able to automate against it. That being 
said, I doubt we want people to just blindly have a script configure a session 
just because someone, somewhere has added an IP address on an exchange, there 
should be another step, right? I have the feeling that people are trying to 
work around this by keeping the field empty, rather than having some kind of 
workflow automation allowing people to signal in an automated way that it is 
okay to peer on a particular IP address. For instance people that have a 
passive BGP session open to the entire IX subnet could just have an automated 
workflow auto-responder saying OK.
Today this automation is of course not there and not on the roadmap, but a 
necessary first step is that the information is correct.
I believe the resolution to what we do is a vote on PDB product-com, since the 
tea-leaves are indeed whatever someone chooses to read into it ;-) I am fine 
either way, but when there is no consensus there should be a resolution process.
> On 28 Dec 2016, at 19:01, Martin J. Levy  wrote:
> 
> Eric,
> 
>> So let’s close the discussion? :-) Empty field not allowed?
> 
> I'm not in favor of an empty field; but I can read the tea leaves so (for 
> arguments sake) let's just allow it!
> 
> I'm pretty sure that will cause issues down the road; but maybe there's a 
> mitigation process we can devise.
> 
>> Furthermore, people that just blindly configure based on an address popping 
>> up in peeringdb should at least have consulted with their peer, I hope. What 
>> we then need is not a reference database which is what PDB is today, but a 
>> workflow component which would allow both peers to acknowledge that both are 
>> happy to peer on certain IXP’s between certain IP pairs.
> 
> Which is where I gave to solidly disagree with you! Let me explain.
> 
> Either PeeringDB is definitive or it's not. If we state "it's not" then you 
> will see a mass-defection from both its use along with its support.
> 
> I can't accept the "it's not" option. It's the job of all associated with 
> PeeringDB to build the most comprehensive database that can (and should) be 
> relied upon fully. Period. 
> 
> Martin
> 
> PS: I'll kick off a new thread about my "mitigation process". 
> 

___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-28 Thread Kristian Larsson 



On 2016-12-28 15:13, Arnold Nipper wrote:

On 28.12.2016 01:03, Joe Provo wrote:

On Wed, Dec 28, 2016 at 12:55:22AM +0100, Arnold Nipper wrote:

Same is for privacy. If a network doesn't want to disclose its IP there
may be reasons for it. Otherwise it wouldn't do so.


The "reason" is weird or useless at best IME.


A little late to the game here, but I have to +1 this. Privacy shouldn't 
be a reason to not publish the IP a member has at an IX.




I can't say why some networks do that. But I'm sure some do it by
purpose. Make it mandatory would at least annoy them.

Otoh we also have the plan that IP information should come from the IXP
and not from networks.


I like this suggestion but it certainly means you can't overload the 
field, right!? Either a network is a member of an IXP or they are not. 
If they are, the IXP will provide IP information about the member and 
peeringdb can be populated with this. What if the IXP assigned v6 but 
the member is not using it? I still think the assigned v6 address should 
be in peeringdb and either we rely on YAF to signify presence / 
configured or we suggest to other members that they shouldn't blindly 
configure peering sessions. A simple ping / ARP / ND check before 
configuring a peer seems simple enough.


Or do you let the member fill in the data and then you get the data from 
the IXP and show a little green "verified by IXP" check mark next to it 
if they match up?




Imho all we need is a common understanding what something means. Does it
really hurt if we allow an empty IP address?  Does it break any automation?


yes. folks have to trap for that case, and it is indeterminate:
intentional? user error? IX error? etc




With PDB 1.0 you had to enter a value even if that was not an IP
address. Since PDB 2.0 we do type checking however do not enforce to set
an IP.

Summarizing the discussion so far I have the impression that

 * IP address must be set (IPv4 OR IPv6)

 * YAF for indicating "will show up soon" would be great as well


I don't know about this. Does it really matter? I know people like to 
mark their intended / future presence on an IX but there are lots of 
habits that people have for no apparent reason. Some send emails to the 
IX mailing list saying "we will soon announce prefix X, please update 
your filters" - does anyone actually care? If you have strict prefix 
filtering (some say you should!), don't you just generate that from RIR 
data!? That is, that email serves no function whatsoever.


What is the raison d'être for the flag?

   kll
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-28 Thread Arnold Nipper 
On 28.12.2016 01:03, Joe Provo wrote:
> On Wed, Dec 28, 2016 at 12:55:22AM +0100, Arnold Nipper wrote:
>> On 25.12.2016 19:26, Joe Provo wrote:
>>> [this time form the correct address...]
>>>
>>> On Sun, Dec 25, 2016 at 03:15:39PM +0100, Sascha Pollok wrote:
 Hi Job, et al,

 Let's please keep it required. Many people rely on PDB information to 
 automate peering configurations. It does not happen often that we need to 
 configure peering sessions that require manual input and when it happens, 
 it is actually annoying. Making IP addresses optional will make more ASes 
 not document them either of lazyness or weird security reasons. If someone 
 thinks not disclosing them gives extra security they do have a problem 
 anyway. It's easy to find out peering LAN IPs if someone wants to do 
 something ugly.

 Please keep them required.
>>>
>>> Yes.
>>>
>>> If the [not uncommon] case of signaling intent-to-be-there is needed,
>>> that should be simply a separate flag not an overloading of the address
>>> field.
>>>
>>
>> Isn't there always an overloading one way or the other? Given we do yaf
>> (yet another flag) which says intent-to-be-there. But what is the
>> meaning of this flag when an address is added? I know the address but
>> I'm not yet ready? Or still the original meaning.
> 
> YAF in the abscensce of an allocation helps planners, espcaeccialy in
> companies where things take too long. Obvs it had no meaning once there 
> are both AFs in place. There would be an argument to be made for one AF 
> and YAF set to indicate one is planning to add the other AF.
>  

I see your point, Joe. But meanwhile we are already at 2 YAF (v4 and
v6). I'm much in favour of KISS as long as possible. I wouldn't find
overloading that bad.

>> Same is for privacy. If a network doesn't want to disclose its IP there
>> may be reasons for it. Otherwise it wouldn't do so.
> 
> The "reason" is weird or useless at best IME.
> 

I can't say why some networks do that. But I'm sure some do it by
purpose. Make it mandatory would at least annoy them.

Otoh we also have the plan that IP information should come from the IXP
and not from networks.

>> Imho all we need is a common understanding what something means. Does it
>> really hurt if we allow an empty IP address?  Does it break any automation?
> 
> yes. folks have to trap for that case, and it is indeterminate:
> intentional? user error? IX error? etc
> 
> 

With PDB 1.0 you had to enter a value even if that was not an IP
address. Since PDB 2.0 we do type checking however do not enforce to set
an IP.

Summarizing the discussion so far I have the impression that

 * IP address must be set (IPv4 OR IPv6)

 * YAF for indicating "will show up soon" would be great as well


Cheers,
Arnold




signature.asc
Description: OpenPGP digital signature
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-27 Thread Joe Provo 
On Wed, Dec 28, 2016 at 12:55:22AM +0100, Arnold Nipper wrote:
> On 25.12.2016 19:26, Joe Provo wrote:
> > [this time form the correct address...]
> > 
> > On Sun, Dec 25, 2016 at 03:15:39PM +0100, Sascha Pollok wrote:
> >> Hi Job, et al,
> >>
> >> Let's please keep it required. Many people rely on PDB information to 
> >> automate peering configurations. It does not happen often that we need to 
> >> configure peering sessions that require manual input and when it happens, 
> >> it is actually annoying. Making IP addresses optional will make more ASes 
> >> not document them either of lazyness or weird security reasons. If someone 
> >> thinks not disclosing them gives extra security they do have a problem 
> >> anyway. It's easy to find out peering LAN IPs if someone wants to do 
> >> something ugly.
> >>
> >> Please keep them required.
> > 
> > Yes.
> > 
> > If the [not uncommon] case of signaling intent-to-be-there is needed,
> > that should be simply a separate flag not an overloading of the address
> > field.
> > 
> 
> Isn't there always an overloading one way or the other? Given we do yaf
> (yet another flag) which says intent-to-be-there. But what is the
> meaning of this flag when an address is added? I know the address but
> I'm not yet ready? Or still the original meaning.

YAF in the abscensce of an allocation helps planners, espcaeccialy in
companies where things take too long. Obvs it had no meaning once there 
are both AFs in place. There would be an argument to be made for one AF 
and YAF set to indicate one is planning to add the other AF.
 
> Same is for privacy. If a network doesn't want to disclose its IP there
> may be reasons for it. Otherwise it wouldn't do so.

The "reason" is weird or useless at best IME.

> Imho all we need is a common understanding what something means. Does it
> really hurt if we allow an empty IP address?  Does it break any automation?

yes. folks have to trap for that case, and it is indeterminate:
intentional? user error? IX error? etc


-- 
Posted from my personal account - see X-Disclaimer header.
Joe Provo / Gweep / Earthling 
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-27 Thread Chris Caputo 
Sometimes folks have the IPv6 flag enabled, but they aren't yet doing IPv6 
at a particular IXP.  If they fill out the IPv6 address, we've seen 
participants with automated session configuration based on PeeringDB try 
to ND for a router that isn't yet configured to handle the ND.  This 
results in broadcasts/multicasts on the fabric which our janitor must then 
chase down to get quashed.  Members then tell the janitor that, hey we saw 
it in PeeringDB, and then the janitor has to explain that in the 
particular case they are not yet doing IPv6...

When this happens with IPv4 it is no big deal since the arpsponge handles 
it, but for IPv6 it is inconvenient.

Chris/SIX
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-27 Thread Tim Kleefass 
Hi,

Die IXP website list the IP address within the customer portal, so you
need to login to the IXP customer portal to see the IP addresses of the
peers.

Before allowing an empty IP address in the peering DB I would add the
option to make an IP address (or the IXP participation) only visible to
"Users" - like in some contact information - that these information only
appear when you are logged in.

Cheers,
Tim

On 27/12/2016 02:36, Patrick Gilmore wrote:
> Wouldn’t the IX website list the IP address anyway?
> 
> Also, how hard is it to crawl the in-addr for the IX block?
> 
> IOW: What good is pulling it from PDB? The IP address is going to be
> trivially findable anyway.
> 
> -- 
> TTFN,
> patrick
> 
>> On Dec 26, 2016, at 1:32 PM, Eric Loos > > wrote:
>>
>> I don’t really see a valid use case for wanting to ‘hide’ a presence
>> at a PUBLIC internet exchange. If you don’t want to peer, that is what
>> the peering policy field is for, to give people a hint that they
>> shouldn’t be bothering you. The prime desire expressed by the users of
>> PDB was to increase the data quality. In that sense, an entity in my
>> view is only *at* an exchange, if it has an IP address there. Perhaps
>> I am not seeing all the use case, so I really would like to hear from
>> the people wanting to keep the field empty for other reasons than
>> signalling prospective peers, I hope security is not a drive since
>> that doesn’t really make sense.
>> It could be that people want to signal their intent to prospective
>> peers that they will be at an exchange, but this is a different use
>> case and might be better served in another way.
>>
>> Kind regards,
>>
>> Eric
>>
>>
>>> On 25 Dec 2016, at 19:26, Joe Provo >> > wrote:
>>>
>>> [this time form the correct address...]
>>>
>>> On Sun, Dec 25, 2016 at 03:15:39PM +0100, Sascha Pollok wrote:
 Hi Job, et al,

 Let's please keep it required. Many people rely on PDB information to
 automate peering configurations. It does not happen often that we
 need to
 configure peering sessions that require manual input and when it
 happens,
 it is actually annoying. Making IP addresses optional will make more
 ASes
 not document them either of lazyness or weird security reasons. If
 someone
 thinks not disclosing them gives extra security they do have a problem
 anyway. It's easy to find out peering LAN IPs if someone wants to do
 something ugly.

 Please keep them required.
>>>
>>> Yes.
>>>
>>> If the [not uncommon] case of signaling intent-to-be-there is needed,
>>> that should be simply a separate flag not an overloading of the address
>>> field.
>>>
>>> Cheers!
>>>
>>> Joe
>>>
>>> -- 
>>> Posted from my personal account - see X-Disclaimer header.
>>> Joe Provo / Gweep / Earthling
>>> ___
>>> Pdb-tech mailing list
>>> Pdb-tech@lists.peeringdb.com 
>>> http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech
>>
>> ___
>> Pdb-tech mailing list
>> Pdb-tech@lists.peeringdb.com 
>> http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech
> 
> 
> 
> ___
> Pdb-tech mailing list
> Pdb-tech@lists.peeringdb.com
> http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech
> 
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-25 Thread Joe Provo 
[this time form the correct address...]

On Sun, Dec 25, 2016 at 03:15:39PM +0100, Sascha Pollok wrote:
> Hi Job, et al,
> 
> Let's please keep it required. Many people rely on PDB information to 
> automate peering configurations. It does not happen often that we need to 
> configure peering sessions that require manual input and when it happens, 
> it is actually annoying. Making IP addresses optional will make more ASes 
> not document them either of lazyness or weird security reasons. If someone 
> thinks not disclosing them gives extra security they do have a problem 
> anyway. It's easy to find out peering LAN IPs if someone wants to do 
> something ugly.
> 
> Please keep them required.

Yes.

If the [not uncommon] case of signaling intent-to-be-there is needed,
that should be simply a separate flag not an overloading of the address
field.

Cheers!
   
Joe 

-- 
Posted from my personal account - see X-Disclaimer header.
Joe Provo / Gweep / Earthling 
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

Re: [PDB Tech] allow empty IP field or not?

2016-12-25 Thread Ren Provo 
It should be required.  Thanks!

Cheers! -rens...@apple.com

*NOTE* peering-...@group.apple.com often responds to pending activations faster 
than I do!  Sent from my iPhone 6 Plus

> On Dec 25, 2016, at 6:39 AM, Job Snijders  wrote:
> 
> Hi all,
> 
> Sometimes people want to disclose their presence at an Internet
> Exchange, but don't want to disclose their IP address.
> 
> Should PeeringDB allow the IPv4 and IPv6 field to be either of the
> following?
> 
>"a valid globally unique IP address"
>"" (empty)
> 
> Or should PDB only accept valid globally unique IP addresses as value
> for the IP Field?
> 
> It appears we've gone back and forth between allowing empty and not
> allowing empty as is visible here: https://www.peeringdb.com/ix/1138
> (currently empty is not allowed).
> 
> An argument against 'empty' is that from an automation perspective the
> 'empty' value is quite useless.
> 
> Based on the outcome of this discussion I'd like to either clean up the
> database, or popularise the use of the 'empty ip field' where
> applicable.
> 
> Kind regards,
> 
> Job
> ___
> Pdb-tech mailing list
> Pdb-tech@lists.peeringdb.com
> http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech

[PDB Tech] allow empty IP field or not?

2016-12-25 Thread Job Snijders 
Hi all,

Sometimes people want to disclose their presence at an Internet
Exchange, but don't want to disclose their IP address.

Should PeeringDB allow the IPv4 and IPv6 field to be either of the
following?

"a valid globally unique IP address"
"" (empty)

Or should PDB only accept valid globally unique IP addresses as value
for the IP Field?

It appears we've gone back and forth between allowing empty and not
allowing empty as is visible here: https://www.peeringdb.com/ix/1138
(currently empty is not allowed).

An argument against 'empty' is that from an automation perspective the
'empty' value is quite useless.

Based on the outcome of this discussion I'd like to either clean up the
database, or popularise the use of the 'empty ip field' where
applicable.

Kind regards,

Job
___
Pdb-tech mailing list
Pdb-tech@lists.peeringdb.com
http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech