Re: [sidr] pCNT & (AS_PATH) prepending: Is it in scope?

[Stephen Kent <kent@bbn.com>]

At 3:16 PM -0400 8/1/11, Jakob Heitz wrote:
>It is easy enough to tell, but should we?
>It is also easy to protect other bgp attributes that affect path selection.

maybe, or maybe not. The AS path info can be protected using the RPKI,
because each ISP gets a cert that enumerates all AS#'s associated 
with that ISP.
So, when a router signs an AS path entry, the authorization of the 
router to represent can be verified using the RPKI data.  Other 
attributes may not
correspond to data that we can verify, based on the RPKI.

>However, the real question is:
>Do we want to invalidate an update if someone changes such an attribute?

in the case of As path, sinec we know that ISPs make use of AS path to
distinguish between different routes for the same prefix, it makes sense to
reject (or at least penalize locally) a route if the path sig data is invalid.

>Remember, if we send a route to an AS, even if it is less preferred
>than another route, then that route will be used if the preferred route
>becomes infeasible.

More precisely, the route MAY become the preferred route if the previous
preferred route becomes ...

>Therefore, there is not as much value in
>protecting attributes as there is in protecting the path.

I don't agree.  because the AS path length if a very important attribute
in pat selection, it merits protection.

>I thought there was a statement some time ago that we only protect
>the path, not the attributes.

that have been a lot of statements on this list over time :-).

>A prepend is not a change in path. It is more like an attribute.

Prepedning is a way that ISP use BGP to effect traffic engineering,
at a distance.  A route, technically, is a set of prefixes (NLRI) plus
an AS path.  I believe we are trying to protect routes. Biut I agree that
we ought to be more precise in the way we say this.

Steve