Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath

"Susan Hares" <> Thu, 29 March 2012 09:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9150221F886E; Thu, 29 Mar 2012 02:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.465
X-Spam-Status: No, score=0.465 tagged_above=-999 required=5 tests=[AWL=0.960, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5OJuqv-Djm7x; Thu, 29 Mar 2012 02:29:34 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id A919C21F8970; Thu, 29 Mar 2012 02:29:32 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=;
Received: from SKH2012HPLT (unverified []) by (SurgeMail 5.2a) with ESMTP id 3214306-1945496 for multiple; Thu, 29 Mar 2012 04:29:28 -0500
From: "Susan Hares" <>
To: "'Jeffrey Haas'" <>, "'Jakob Heitz'" <>
References: <> <> <> <> <> <> <> <> <20120328211728.GD16814@slice>
In-Reply-To: <20120328211728.GD16814@slice>
Date: Thu, 29 Mar 2012 05:29:26 -0400
Message-ID: <00d001cd0d8e$70649710$512dc530$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHUVGlAkFUTNdWUzptD3/gnNKFqTQDFVHs7Af0Ug1QCqr2q1AI0RKHPAlc5mOoCBoopmAGbNBMlAbvhU4qV97x08A==
Content-Language: en-us
Cc:, 'Paul Jakma' <>, 'sidr wg list' <>
Subject: Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Mar 2012 09:29:34 -0000

Jeff and Jakob:

Several people shared the qualm that "AS-SETS" would be necessary.  

However, Sandy has always posited that aggregation creates a point of
change/risk. So, are we just trying to reduce this risk by providing lists
of certificates for paths? 

Or is would an AS-Sets originated at a point in the network - have the
security information to consider the existing certificates and generate a
valid certificate.


-----Original Message-----
From: [] On Behalf Of
Jeffrey Haas
Sent: Wednesday, March 28, 2012 5:17 PM
To: Jakob Heitz
Cc: List; Tony Li; Paul Jakma; Robert Raszuk; sidr wg list
Subject: Re: [Idr] [sidr] AS_SET depreciation (RFC6472) and BGP multipath

On Wed, Mar 28, 2012 at 10:56:52AM -0400, Jakob Heitz wrote:
> The issue is SIDR can not aggregate multiple paths.
> Solutions I can think of:
> 1. Aggregate the signatures of the paths being aggregated.

What are the semantics you're trying to preserve SIDR-wise?  We're hitting
the realm where Russ White would point out that BGP path validation can't
prove how forwarding works.

Presume we managed to pass along two distinct paths for the same multi-path
route in BGP.  What do you do if one doesn't validate?  What do you do if
they do, but you think this is a form of a "route leak" for one path?

As a receiver of the route that is making use of multipath, you can't
selectively choose which sub-paths to take.  (It's not like we're gettng
something like MPLS entropy labels.)

> 2. Don't aggregate, but send both paths. 

That doesn't cover the actual forwarding semantics.

> Should SIDR work on path aggregation?
> Are there other possibilities?

The biggest problem here is "SIDR secures BGP".  The issue hasn't been clear
in BGP for years, although I'm perhaps of the cynical opinion that it's been
a well understood problem space for a while now.  The protocol doesn't
reflect what is done operationally.  The safe thing operationally when
aggregating unsafe paths is to generate sets, but some people have never
liked sets.  And as I mentioned elsewhere, it doesn't matter as long as you
take care in where you redistribute such unsafe multipath.

There was a reason I wasn't terribly supportive of the deprecating AS_SETs
I-D.  However, I also knew it was a losing battle. :-)

-- Jeff
Idr mailing list