Re: [GROW] draft-ss-grow-rpki-as-cones-00
Job Snijders <job@ntt.net> Wed, 23 May 2018 17:07 UTC
Return-Path: <job@instituut.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 866AF1274D2 for <grow@ietfa.amsl.com>; Wed, 23 May 2018 10:07:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.671
X-Spam-Level:
X-Spam-Status: No, score=-1.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9H1p5-RMVwCi for <grow@ietfa.amsl.com>; Wed, 23 May 2018 10:07:33 -0700 (PDT)
Received: from mail-wm0-f49.google.com (mail-wm0-f49.google.com [74.125.82.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0B6B12741D for <grow@ietf.org>; Wed, 23 May 2018 10:07:32 -0700 (PDT)
Received: by mail-wm0-f49.google.com with SMTP id n10-v6so11183598wmc.1 for <grow@ietf.org>; Wed, 23 May 2018 10:07:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=yZIqK8m7QI+22TvyZb26Fa1WgKsyy8ckMrequfQlxcE=; b=ApwDch61qM8x3mnu30CRLeXQRF4GUVAVovpigCXq33ECPcHcxPDWUa+30VwHaN3U33 jkm/0r7QVJfxWD8ROpaPiYrtpUjqBy6BYLDaNWaNHzyYFSHmSl1Zxh8myZWLZCODxgCr JTAsNRE7AuT43ZHn2oJQInYXph8POo3XOuROUXuzzgKNAwDJev4Zv4fm+4t09o0+3qjA HWw0rOUJGA65nZigS2EqfUG4b7lgWkTY/3UAtzRMP60XI7ZFz80EKW9pTmKh+Q1gF1fr oSpM7tT100QAVmHwgZA3h7c3ah8if/rl65t+DP0Fan6Smo/Wk1pKJ1oFEVMpXNg0p9Q1 YGxA==
X-Gm-Message-State: ALKqPweT4fRi5OZFdH0/tOISVMNZXeE9A8C7SkK5s8peLwDmSIyIDm4m HamBYPsrGWlX6Z9uWSZUL2/8QRFV91/BFg==
X-Google-Smtp-Source: AB8JxZqDg/n6eqKLgZ+Ax9X8d4h8TNXornasqbYQc0OgaUc5mpe0Y18/RViF6UPdk1xxUhElLCukRA==
X-Received: by 2002:a50:b485:: with SMTP id w5-v6mr8344517edd.100.1527095250653; Wed, 23 May 2018 10:07:30 -0700 (PDT)
Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id v17-v6sm10567014edl.47.2018.05.23.10.07.29 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 23 May 2018 10:07:29 -0700 (PDT)
Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id fff99e51; Wed, 23 May 2018 17:07:28 +0000 (UTC)
Date: Wed, 23 May 2018 17:07:28 +0000
From: Job Snijders <job@ntt.net>
To: Randy Bush <randy@psg.com>
Cc: Massimiliano Stucchi <max@stucchi.ch>, "grow@ietf.org" <grow@ietf.org>
Message-ID: <20180523170728.GW73966@vurt.meerval.net>
References: <8c2da168-af67-9463-adbc-d6a0b778f24d@stucchi.ch> <m2tvr0eq0f.wl-randy@psg.com> <20180523134849.GV56139@hanna.meerval.net> <m2h8mybei6.wl-randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <m2h8mybei6.wl-randy@psg.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.9.5 (2018-04-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/kQL-PvQHF2eEWCN2IkczVvxiiuw>
Subject: Re: [GROW] draft-ss-grow-rpki-as-cones-00
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 17:07:35 -0000
On Wed, May 23, 2018 at 08:03:45AM -0700, Randy Bush wrote: > >>> me and Job Snijders have recently submitted > >>> draft-ss-grow-rpki-as-cones-00, which discusses AS-Cones, an > >>> attempt to bring as-sets into RPKI to facilitate route filtering. > >> > >> in irr, an as-set may reference an as-set. could you explain the > >> authority model you have for this when as-sets are signed? > > > My initial thinking for RPKI AS Cones, is that a given Cone in an > > ASN's namespace can only be defined by the owner of the ASN in who's > > namespace the Cone is defined. > > namespace? In the IRR world we have the concept of hierarchical naming of AS-SETs: an example is "AS15562:AS-SNIJDERS" [1] - under the "AS15562" hierarchy only the owner (or delegated folks) can add/change/remove AS-SETS. I call this a namespace, should a different term be used? > isn't this the irr authorisation model? The IRR AS-SET feature is working pretty well (since it is better than nothing), but there are some downsides. For instance "AS15562:AS-SNIJDERS" can exist in multiple IRR databases, and we don't know which of those was actually created by the owner of AS15562. I hope this can be addressed in AS Cones. Another problem is that there no longer is a way (or perhaps there never was) to autodetect what AS-SET should be used by which organisation to generate a filter. RPSL is broken, fundamentally flawed. Perhaps this can be addressed - not by introducing a new language - but just having a handy naming convention. Think of it as "AS15562:AS-2914", so AS 2914 knows it should use AS15562:AS-2914 if it exists, and if it doesn't exist use AS15562:AS-DEFAULT. > and how did that work out for us? I consider it a feature that anyone can add anything to an AS-SET they created, this puts the workload on transit providers and doesn't require stub networks to do anything. The "member-of:" feature is barely used and seems to pose too much work. Clock is ticking... multiple RIRs are struggling with their IRRs (or lack thereof). If IETF does not pony up a solution that is good enough for operational purposes, we may end up with RIRs investing in legacy technology and a continuation of the duplication/discovery/ownership issue. There is an opportunity here and now, let's work on it? Kind regards, Job [1]: https://apps.db.ripe.net/db-web-ui/#/query?searchtext=AS15562:AS-SNIJDERS#resultsSection
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Andrei Robachevsky
- [GROW] draft-ss-grow-rpki-as-cones-00 Massimiliano Stucchi
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Gert Doering
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Randy Bush
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Randy Bush
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Brian Dickson
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Jared Mauch
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Randy Bush
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Nick Hilliard
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Brian Dickson