IETF Logo Mail Archive

Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath

"Murphy, Sandra" <Sandra.Murphy@sparta.com> Wed, 28 March 2012 17:00 UTC

Return-Path: <Sandra.Murphy@sparta.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A35CF21E82A8; Wed, 28 Mar 2012 10:00:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.469
X-Spam-Level:
X-Spam-Status: No, score=-102.469 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sApDSMrkhgw; Wed, 28 Mar 2012 10:00:59 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id F258621E8254; Wed, 28 Mar 2012 10:00:58 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q2SH0tC1028116; Wed, 28 Mar 2012 12:00:55 -0500
Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q2SH0jrM018452; Wed, 28 Mar 2012 12:00:45 -0500
Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Wed, 28 Mar 2012 13:00:44 -0400
From: "Murphy, Sandra" <Sandra.Murphy@sparta.com>
To: "robert@raszuk.net" <robert@raszuk.net>, Christopher Morrow <morrowc.lists@gmail.com>
Thread-Topic: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
Thread-Index: AQHNDP4G0vO63JE6pUGZF6souGb62JaAKQqAgAACWYCAAAGNAP//vzar
Date: Wed, 28 Mar 2012 17:00:43 +0000
Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60F6CB73F@Hermes.columbia.ads.sparta.com>
References: <4F72166F.6080503@raszuk.net> <42776E13-8FFC-485F-8EC2-C93D047C3F6D@tony.li> <4F7229A0.1070109@raszuk.net> <7309FCBCAE981B43ABBE69B31C8D21391B3E908892@EUSAACMS0701.eamcs.ericsson.se> <alpine.LFD.2.02.1203281401410.2692@jamaica.dcs.gla.ac.uk> <7309FCBCAE981B43ABBE69B31C8D21391B3EBFD895@EUSAACMS0701.eamcs.ericsson.se> <FBFDBAE5-9BF8-4708-9240-B775CAF46D56@raszuk.net> <7309FCBCAE981B43ABBE69B31C8D21391B3EBFD924@EUSAACMS0701.eamcs.ericsson.se> <alpine.LFD.2.02.1203281618090.2692@jamaica.dcs.gla.ac.uk> <CAL9jLaYqMwXVNKsHuBf_r8h==CGoee+D9k89Q4AZqT49jOQK1A@mail.gmail.com> <4F733C79.8080600@raszuk.net> <CAL9jLabVcWMtpu8usUS5w_BVPCG8ihvDcVjWbhnj_u6H-cdZkw@mail.gmail.com>, <4F733FBE.1020902@raszuk.net>
In-Reply-To: <4F733FBE.1020902@raszuk.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.185.63.137]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "idr@ietf.org List" <idr@ietf.org>, Paul Jakma <paul@jakma.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 17:00:59 -0000

Replacing ASs in the AS_PATH sounds like a behavior you would want the security protections to prohibit.  It would enable attacks.

Can you explain how you would distinguish legitimate uses of this feature?

--Sandy

________________________________________
From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Robert Raszuk [robert@raszuk.net]
Sent: Wednesday, March 28, 2012 12:43 PM
To: Christopher Morrow
Cc: idr@ietf.org List; Paul Jakma; sidr wg list
Subject: Re: [sidr] [Idr]  AS_SET depreciation (RFC6472) and BGP multipath

>> Are we going to freeze any AS_PATH modifications by operator's policy too ?
>> I mentioned replace-as which all major vendors support. There can be more
>> knobs like this coming in the future.
>
> replace as i think is dealt with .... sign again and pcount=0 and move along.

replace-as allows to replace any arbitrary match of list of ASes in the
AS_PATH by your own AS. Does not need to be the last one.

I don't think SIDR has a solution to deal with such policy.

Best regards,
R.
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email