Re: [sidr] Signed vs unsgned and bgp best path decision
Robert Raszuk <robert@raszuk.net> Fri, 23 March 2012 10:59 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74A2021F8542 for <sidr@ietfa.amsl.com>; Fri, 23 Mar 2012 03:59:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.523
X-Spam-Level:
X-Spam-Status: No, score=-2.523 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljYnBjXM7YPh for <sidr@ietfa.amsl.com>; Fri, 23 Mar 2012 03:59:37 -0700 (PDT)
Received: from mail1310.opentransfer.com (mail1310.opentransfer.com [76.162.254.103]) by ietfa.amsl.com (Postfix) with ESMTP id A076521F8541 for <sidr@ietf.org>; Fri, 23 Mar 2012 03:59:37 -0700 (PDT)
Received: (qmail 5450 invoked by uid 399); 23 Mar 2012 10:59:36 -0000
Received: from unknown (HELO ?192.168.1.57?) (pbs:robert@raszuk.net@83.9.122.1) by mail1310.opentransfer.com with ESMTPM; 23 Mar 2012 10:59:36 -0000
X-Originating-IP: 83.9.122.1
Message-ID: <4F6C579A.5080702@raszuk.net>
Date: Fri, 23 Mar 2012 11:59:38 +0100
From: Robert Raszuk <robert@raszuk.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: Christopher Morrow <morrowc.lists@gmail.com>
References: <19249.1332451876@x37.NIC.DTAG.DE> <4F6BB594.5040202@raszuk.net> <CAL9jLaZBWFWxCVBDLMnGn+SypnObRzsLH8hCGHB=8tStCkQg4g@mail.gmail.com> <4F6C50C9.8070702@raszuk.net> <CAL9jLaa6TgSv4nx0Y1MkuERDY2_T=4mQACv4+k8oQL0Z8aGg-w@mail.gmail.com>
In-Reply-To: <CAL9jLaa6TgSv4nx0Y1MkuERDY2_T=4mQACv4+k8oQL0Z8aGg-w@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Signed vs unsgned and bgp best path decision
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert@raszuk.net
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2012 10:59:38 -0000
>> When compared to what is today I don't think folks are mandated by any RFC >> to make a choice between two attributes which carry the same metric to >> decide which one should win on a per AS basis. > > they are not, and in the future the 'mandate' is I believe a 'SHOULD', > not a 'MUST' so not really a 'mandate', but a 'suggestion', eh? > > It seems that the intent of the effort here is really just to provide > an informational blob to the operators which they can use as they see > fit... much like other optional transitive attributes today. Ok that sounds very reasonable indeed. However number of folks have stated that bgpsec protocol proposal calls for replacing AS-PATH and AS4_PATH attributes with BGPSEC_Path_Sig attribute. In particular this text from /draft-ietf-sidr-bgpsec-protocol-02 sort of suggests that: The other option is that the BGPSEC speaker discards anything in the AS_PATH attribute and reconstructs the AS_PATH from the data in the BGPSEC_Path_Signatures attribute. I believe that there are no interoperability problems if the choice between these two options is left up to the BGPSEC speaker. Also it says in the same section 5: One option the BGPSEC speaker checks the AS_PATH attribute against the information in the BGPSEC_Path_Signatures attribute and returns "Not Good" if the two do not match. That means that if AS_PATH for example contains AS_SET that someone doing BGP multipath (across non identical paths) has correctly inserted into AS_PATH or as mentioned before did replace-as the update will be dropped as BGPSEC just can not handle those .... Meta question: Can optional attribute result in such drastic actions (nothing to do with operator's choice of local behavior) against mandatory attribute(s) ? Best, R.
- [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Sriram, Kotikalapudi
- Re: [sidr] route leaks message to IDR George, Wes
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Sriram, Kotikalapudi
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- [sidr] Signed vs unsgned and bgp best path decisi… Robert Raszuk
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] Signed vs unsgned and bgp best path de… Ruediger Volk
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow
- Re: [sidr] Signed vs unsgned and bgp best path de… Jakob Heitz
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow