Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath

Jeffrey Haas <> Wed, 28 March 2012 21:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 44A7421F843E; Wed, 28 Mar 2012 14:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.163
X-Spam-Status: No, score=-102.163 tagged_above=-999 required=5 tests=[AWL=0.102, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UoED3lGA5iGT; Wed, 28 Mar 2012 14:17:42 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 24B8221E8132; Wed, 28 Mar 2012 14:17:29 -0700 (PDT)
Received: by (Postfix, from userid 1001) id E2C80170421; Wed, 28 Mar 2012 17:17:28 -0400 (EDT)
Date: Wed, 28 Mar 2012 17:17:28 -0400
From: Jeffrey Haas <>
To: Jakob Heitz <>
Message-ID: <20120328211728.GD16814@slice>
References: <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: " List" <>, Paul Jakma <>, sidr wg list <>
Subject: Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Mar 2012 21:17:43 -0000

On Wed, Mar 28, 2012 at 10:56:52AM -0400, Jakob Heitz wrote:
> The issue is SIDR can not aggregate multiple paths.
> Solutions I can think of:
> 1. Aggregate the signatures of the paths being aggregated.

What are the semantics you're trying to preserve SIDR-wise?  We're hitting
the realm where Russ White would point out that BGP path validation can't
prove how forwarding works.

Presume we managed to pass along two distinct paths for the same multi-path
route in BGP.  What do you do if one doesn't validate?  What do you do if
they do, but you think this is a form of a "route leak" for one path?

As a receiver of the route that is making use of multipath, you can't
selectively choose which sub-paths to take.  (It's not like we're gettng
something like MPLS entropy labels.)

> 2. Don't aggregate, but send both paths. 

That doesn't cover the actual forwarding semantics.

> Should SIDR work on path aggregation?
> Are there other possibilities?

The biggest problem here is "SIDR secures BGP".  The issue hasn't been clear
in BGP for years, although I'm perhaps of the cynical opinion that it's been
a well understood problem space for a while now.  The protocol doesn't
reflect what is done operationally.  The safe thing operationally when
aggregating unsafe paths is to generate sets, but some people have never
liked sets.  And as I mentioned elsewhere, it doesn't matter as long as you
take care in where you redistribute such unsafe multipath.

There was a reason I wasn't terribly supportive of the deprecating AS_SETs
I-D.  However, I also knew it was a losing battle. :-)

-- Jeff