IETF Logo Mail Archive

Re: [sidr] Request for WG Last Call for draft-ietf-sidr-bogons-02.txt and draft-ietf-sidr-roa-validation-01.txt

Sandra Murphy <sandy@sparta.com> Wed, 26 November 2008 16:39 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: sidr-archive@megatron.ietf.org
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EA8628C127; Wed, 26 Nov 2008 08:39:01 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 386503A6B68 for <sidr@core3.amsl.com>; Wed, 26 Nov 2008 08:39:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iaDcok8hP5pk for <sidr@core3.amsl.com>; Wed, 26 Nov 2008 08:38:59 -0800 (PST)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id 149B93A6B67 for <sidr@ietf.org>; Wed, 26 Nov 2008 08:38:58 -0800 (PST)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id mAQGcoB7012447; Wed, 26 Nov 2008 10:38:50 -0600
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id mAQGcoTC001416; Wed, 26 Nov 2008 10:38:50 -0600
Received: from SANDYM-LT.columbia.ads.sparta.com ([192.168.1.103]) by nemo.columbia.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 26 Nov 2008 11:38:49 -0500
Date: Wed, 26 Nov 2008 11:38:48 -0500
From: Sandra Murphy <sandy@sparta.com>
To: Andy Newton <andy@arin.net>
In-Reply-To: <C5521DCD.5484%andy@arin.net>
Message-ID: <Pine.WNT.4.64.0811261127160.1144@SANDYM-LT.columbia.ads.sparta.com>
References: <C5521DCD.5484%andy@arin.net>
X-X-Sender: sandy@nemo.columbia.sparta.com
MIME-Version: 1.0
X-OriginalArrivalTime: 26 Nov 2008 16:38:49.0996 (UTC) FILETIME=[75D7ECC0:01C94FE5]
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Request for WG Last Call for draft-ietf-sidr-bogons-02.txt and draft-ietf-sidr-roa-validation-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org

I've seen use cases developed into an i-d in other working groups, but 
that involves a lot of effort to ensure the list is complete and 
consistent.  I mention two, Geoff has added four more.  It would take time 
to be complete - do we want to take the time?

One aspect of the use cases is new operational practices that may arise 
from different approaches.  (For example: if I'm worried that my customers 
may be impacted if they do not sign ROAs, perhaps I automatically do it 
for all customers as part of allocation.  But then we'd have to look 
carefully about moving out-sourced-CA services from me to my customer at 
some point.  This is NOT NOT NOT a definite suggestion, just an example of 
my belief that operational practices will be induced by any solution.)

--Sandy

On Tue, 25 Nov 2008, Andy Newton wrote:

> Perhaps these should be considered for informative text in an I-D.
>
> -andy
>
>
> On 11/25/08 8:39 PM, "Geoff Huston" <gih@apnic.net> wrote:
>
>> Sure. So here's some use cases of BOAs:
>>
>> 1. I have been allocated 203.10.61.0/24. I do not use it today in any
>> public routing context. It should not appear in BGP at all. I do not
>> give my authorization to any AS to originate a route for this prefix,
>> or any more specific of this prefix. If I generate a BOA for
>> 203.10.61.0/24 then my intention of saying that any use of this prefix
>> in the public Internet is unauthorized is clear.
>>
>> 2. I have been allocated AS 131074 as an AS number. I do not use it
>> today in any public routing context. It should not appear in BGP at
>> all either as an origination AS nor as a transit AS in any AS path. If
>> I generate a BOA for AS131074 then my intention of saying that any use
>> of this AS number in the public Internet is unauthorized is clear.
>>
>> 3. I have been allocated 203.10.60.0/22. I wish to ensure that any
>> more specific advertisement of this prefix is unauthorized. If I
>> generate a BOA for 203.10.60.0/23 AND 203.10.62.0/23 then my intention
>> is clear.
>>
>> And a non-use case of BOAs:
>>
>> 4. I am a wholesale ISP, and while I allocate address space to my
>> clients from my aggregate address block (10.0.0.0/8) I also permit my
>> clients to use their more specific prefix at local exchanges. My AS
>> number is 131072 and I have generated a ROA for 10.0.0.0/8 ,
>> maxlength=8  origin AS 131072. I do not have a problem with more
>> specifics of 10.0.0.0/8 being used in routing contexts, as part of my
>> wholesale stance. I would prefer that my ROA did not cause my
>> customer's more specifics to be treated as unauthorized routes,
>> irrespective of whether they are ready to use a ROA today or not.
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email