Re: [Idr] [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 03 October 2019 22:13 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 919D312002F; Thu, 3 Oct 2019 15:13:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ly4bpJQh; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=zJ8gE2MA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08Jk5icTfp4T; Thu, 3 Oct 2019 15:13:09 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD7BB12001E; Thu, 3 Oct 2019 15:13:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2159; q=dns/txt; s=iport; t=1570140788; x=1571350388; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DXWlIQ4RjeYpNbGoBzzlzd8IriFpfFEwtYThSAIofFM=; b=ly4bpJQhiI63dSsN8qHYJq3HG4aBTovDzmCVKVPhIlK/LGMfGVD86fHZ BMUo2w7Ff7Ko57urPVP1EFIVT56S/LxtDHQ41qKGEpMHghe+hCrBWWIi7 cNxeHtYGCwzYqUELj/6w+LxwlBmI2IqCAzjxMeZavDUXNW4FEBranzG0J Y=;
IronPort-PHdr: 9a23:7qnSRBPEI387jBTELdgl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEuKQ/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBj5LPPrcz4SF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AeAAAmcZZd/5xdJa1mGQEBAQEBAQEBAQEBAQwBAQEBAQGBVgEBAQEBAQsBgUpQA21WIAQLKgqHXwOKRoJcl3iBQoEQA1QJAQEBDAEBGAsKAgEBhEACgkUjNwYOAgMJAQEEAQEBAgEFBG2FLQyFSwEBAQMBAQEQKAYBASwLAQQHBAIBCA4DBAEBAR4QJwsdCAIEAQ0FCBqDAYFqAw4PAQIMpAgCgTiIYYIngn0BAQWFChiCFwMGgTQBjA0YgUA/gRFGgkw+gQQBgVwBAYFJGoM9giaNNAOgBQqCI5UzmUAtjX6ZMQIEAgQFAg4BAQWBaCOBWHAVO4JsUBAUgU84gzuFFIU/dIEpjn8BgSIBAQ
X-IronPort-AV: E=Sophos;i="5.67,253,1566864000"; d="scan'208";a="627929848"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Oct 2019 22:13:07 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x93MD7uq001969 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 3 Oct 2019 22:13:07 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 17:13:06 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 17:13:06 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 3 Oct 2019 17:13:06 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VpHv17NErnYEVfGfyOUgNI1bivwPJO8ovqTj/gYegfWwxvLwXVYHRg8RPWgrYEpjXxW/onDw2s0S/vu9sAXRbrzPuZoDDp+yPdunLUSAiliIY3lPGy3kIOJAh913k3B3yeNw2mWPnJeJAt7Xl3CfBbw1iw8gCJgLj8LtXMTuLPgLq7LzwWP9cp161YKuFfMs0YsOHuV2y9xjddujTYXhnWDrEwb4MEBSmfbUbi/1vZNjwOLW4XjSQcCqcm/PhCUf8dP0QIrppjokcYMeKCuukkKHe3k3bZ2iPv9vjP1g7CB3Xaq5AoasVOf/i0ND4yeKuHdt2E3LagOFS2BVlLGX1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dBjkPzYZK9ov42xkddN1+x5/yk6YAPJFPJnGg0uqdkg=; b=Z9ObhYEavYRc+HDal3hdgjPqHIycLShswglaNJPfx9vIfV+42Fsa+f+ZnaXMvIG1UlhrfKYuxvrhalCAeYDfzmQsW6sSQ82fchlYbblXluPN1IFoa4q3QmCURxy0sFirxwMhqKaGGrjvzw4piKgTjcPlAJbK6gopvf+Q2qdwZmgepvOZAXnIBl7rtLY6YDAKDIYOSVDelUve6wBcT5gTJCDxhCMzC7YcBquk1bJTuokwsRZ3c8E2vM/Yb8W5vGeMGVphk60exLFqcd4boXWtWQEjUeJ2gM/wtGI0Rrx7qPBLHwZfYeWJZL9WplAkNEqA0OwefvxmATDKcOzePEjE2A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dBjkPzYZK9ov42xkddN1+x5/yk6YAPJFPJnGg0uqdkg=; b=zJ8gE2MAf/hi4h7OJ+7+l22yrIdft0BJLftvuTuMOtyxddQwHv9ubm1+UxgCSPxEn3w1QykOWtkAEL4zqw28IjwAD8ippVDA6iQPHBYy0hAvCAD30DZvemyMZeyZeaLVfDYnEtw5I45ZAcxgjt+dNtUxzmgqwIYwExiH5hmE7Ys=
Received: from BYAPR11MB3751.namprd11.prod.outlook.com (20.178.238.144) by BYAPR11MB2695.namprd11.prod.outlook.com (52.135.224.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Thu, 3 Oct 2019 22:13:05 +0000
Received: from BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12]) by BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12%3]) with mapi id 15.20.2305.023; Thu, 3 Oct 2019 22:13:05 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>, Rob Foehl <rwf@loonybin.net>
CC: IDR <idr@ietf.org>, GROW WG <grow@ietf.org>, Warren Kumari <warren@kumari.net>, "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested
Thread-Index: AQHVeihOHxp7+6Kg+EWENmFroMOYpqdJd/MA
Date: Thu, 03 Oct 2019 22:13:04 +0000
Message-ID: <BYAPR11MB37516DBEEE3BE2DE9787E11FC09F0@BYAPR11MB3751.namprd11.prod.outlook.com>
References: <DM6PR09MB3019D019788E916525EDC3DC84D40@DM6PR09MB3019.namprd09.prod.outlook.com> <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <D49ED265-0C25-4FE0-BB02-4F176DA4BE5E@puck.nether.net> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> <BL0PR0901MB45639533E8F999FD6553191184860@BL0PR0901MB4563.namprd09.prod.outlook.com> <CAHw9_iJr=NaEWjMqmZjeWEwGmKfSNoAM58spsY+BSEa9ze3qYQ@mail.gmail.com> <B8F727FE-1155-4FB4-9A29-1740DF048C97@pfrc.org> <alpine.LFD.2.21.1909262319330.23402@bugs.loonybin.net> <20191003202515.GE28365@pfrc.org>
In-Reply-To: <20191003202515.GE28365@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com;
x-originating-ip: [128.107.241.170]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c84ea107-18aa-47fe-6f29-08d7484edd24
x-ms-traffictypediagnostic: BYAPR11MB2695:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BYAPR11MB2695A426442DC6B357BB9DB4C09F0@BYAPR11MB2695.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01792087B6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(39860400002)(346002)(396003)(136003)(376002)(13464003)(189003)(199004)(66556008)(64756008)(66946007)(66476007)(5660300002)(76116006)(8676002)(6116002)(3846002)(81156014)(55016002)(81166006)(33656002)(8936002)(86362001)(102836004)(66446008)(99286004)(6506007)(6306002)(53546011)(26005)(186003)(14454004)(9686003)(7696005)(76176011)(6246003)(4326008)(11346002)(446003)(66574012)(486006)(229853002)(2906002)(6436002)(66066001)(74316002)(52536014)(305945005)(54906003)(316002)(25786009)(110136005)(256004)(478600001)(966005)(71200400001)(71190400001)(476003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2695; H:BYAPR11MB3751.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OyJD0tj2KGVjrq0kB6BwXR3+16RtGPE0VVJZ/h/cioXBQHVrjTOVWoRqT3mCuH9pVFVPZ5RWMGL+RDjXz2wZF+TnUs/k1m1wPFxyvWPbizTvwGnwyjkEka33cCxKZFTplAiWBhq6yGC1wMwLOAhPpZcmWY8yIie68QOgGYcCeRdiOqX5om4U3PS7+A9tSAj86GbysACeiWImegda+oVKZ+49UtKY3tJY1NVY6E+KtCNcnwEkVPjaXCtESa3BOOatwfFyzBUy8vxJjnu6uXHfBbjF7e1HVoQ6YQYBkfPi07OeH/+XjxY3mczCV73qs6Nf8VPOJy3QNI/s69Akk4/zjpGBBrxD/WeZNMKviLU5k38Pbvaru5RiTRkecACNEjeXYDOGJtKekWSdozMzu9/p9bAiJ1s8ym/Hc5EppZmGqEy4iarc8NjlLAWSaZqp2LC/wa+BTEGoVIDPXSBIAi0L1g==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c84ea107-18aa-47fe-6f29-08d7484edd24
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2019 22:13:04.9586 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5AbcOR9uic/EdZgEGP+0i62SE8ylxjv6tOs6TIqt5B4j3wSvFm59AjGLGej1IK7Y0QagSiYrhXt/mMZJAtdWfQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2695
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/X6NF7DJ3TmAvXpRxDfrDqWV3CNw>
Subject: Re: [Idr] [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 22:13:12 -0000

AS_SET can be used to reduce the AS-PATH length or to hide the actual path
but still prevent as-path loops.
AS_SET can be used to prevent distribution of a route to the ASNs in the set
without overgrowing the as-path length.
This makes the Pilosov-Kapela BGP hijack easier to do.
I support deprecation, but realize that it will never be removed :(

Regards,
Jakob.

-----Original Message-----
From: GROW <grow-bounces@ietf.org> On Behalf Of Jeffrey Haas
Sent: Thursday, October 3, 2019 1:25 PM
To: Rob Foehl <rwf@loonybin.net>
Cc: IDR <idr@ietf.org>; GROW WG <grow@ietf.org>; Warren Kumari <warren@kumari.net>; sidrops@ietf.org
Subject: Re: [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested

On Wed, Oct 02, 2019 at 07:45:15PM -0400, Rob Foehl wrote:
> >It'd be interesting to find out what code these folk are running. Hopefully not one of my bugs. :-)
> 
> I've never had an interaction with AS_SET that could be described as
> anything other than broken -- like, ever, from any vendor.  I'd
> prefer to see them disappear entirely, but if that doesn't happen,

As Jared noted, this was more of a common thing back-in-the-day.

For properly operating proxy aggregation, you'd generally hope that all
contributing networks were properly behind the aggregating party.  However,
as the Internet has gotten more meshy, those topological considerations
don't apply anywhere near as much.

As this torches and pitch-forks campaign against as-set continues, operators
will have to figure out whether they're really happy with the two impacts:
- No proxy aggregation, ever?
- Lie about the AS_PATH when you do it.

Today you can at least infer that proxy aggregation is happening.

The second point has entertaining impact vs. RPKI, so that's the likely
forcing function.

> at least having a "no-as-sets-under-any-circumstances" policy knob
> would be helpful...

It's a fine policy knob, and I'm more supportive of that in general.

-- Jeff

_______________________________________________
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow