Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath

Jeffrey Haas <> Wed, 28 March 2012 21:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 93FE821F860E; Wed, 28 Mar 2012 14:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.165
X-Spam-Status: No, score=-102.165 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oRM0dyBtXTVB; Wed, 28 Mar 2012 14:23:35 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 2DD9B21F860B; Wed, 28 Mar 2012 14:23:35 -0700 (PDT)
Received: by (Postfix, from userid 1001) id F04221703F4; Wed, 28 Mar 2012 17:23:34 -0400 (EDT)
Date: Wed, 28 Mar 2012 17:23:34 -0400
From: Jeffrey Haas <>
To: Christopher Morrow <>
Message-ID: <20120328212334.GF16814@slice>
References: <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: " List" <>, Paul Jakma <>, sidr wg list <>
Subject: Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Mar 2012 21:23:35 -0000

On Wed, Mar 28, 2012 at 12:45:22PM -0400, Christopher Morrow wrote:
> ah yes, was thinking of local-as. the 'replace-as' seems like
> loop-creation, joy.

For the list, as I mentioned in SIDR, the use of local-AS where the router
has more than one local AS will generate AS_SETs in some implementations.
In particular, implementations with gated lineages may do this.

This is because in pretending to be another AS it's still necessary to throw
the global and local ASes in the path to prevent loops in cases where the
local AS on one router may not be configured consistently (global) AS-wide.
In those implementations, a single AS is simply added prior to the global AS
in the path as a sequence or all local ASes as a set.

In another implementation, the local ASes are added as a sequence.

Adding the additional AS to the path would still require an additional
signature step in BGPSEC.  Clearly this doesn't work for AS-sets.

-- Jeff