[Sidrops] ASPA: Is this really a leak?

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Tue, 15 December 2020 06:45 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16D713A0AFA for <sidrops@ietfa.amsl.com>; Mon, 14 Dec 2020 22:45:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.7
X-Spam-Level:
X-Spam-Status: No, score=-7.7 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=mFbayc9b; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=vvwXmxcF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3gH9n8ccXoX for <sidrops@ietfa.amsl.com>; Mon, 14 Dec 2020 22:45:47 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC7CD3A0AF3 for <sidrops@ietf.org>; Mon, 14 Dec 2020 22:45:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=26703; q=dns/txt; s=iport; t=1608014746; x=1609224346; h=from:to:subject:date:message-id:mime-version; bh=sORvTqp0j0p5qfZtTJ7mROVIhzsCxFhRP87bJxU7z6o=; b=mFbayc9bgcE9EFOV4r01IX2xsSuCNy/p/BcyuXzPkrWEgLAwEhzR4yFg LQ5k6RIqD3gn2MhaWxO83Jx/eTG5mg8APl1Jh4hdFR2c58CjyeGqoJA7S vtSQCIDE/WtHX34YdW5wXhTqtUtxkLupXCg/eH2Y6CBNx40n9p8UGMHoW w=;
X-Files: image001.jpg : 11173
X-IPAS-Result: =?us-ascii?q?A0AoBQDrWdhfkIMNJK1igQmCci8jBih8Wy8uiAcDjVaUH?= =?us-ascii?q?IRxglMDVAQHAQEBCgECAQEjCgIEAQGESgKCAQIlOBMCAwEBAQMCAwEBAQEFA?= =?us-ascii?q?QEBAgEGBBQBAQEBAQGGOAELhXQBCQEMEwgBEgEBJQsIEQElAQEBCh4FEAEMA?= =?us-ascii?q?gwmAQQSAQYCBhSCOUsBglUDLgEOoT8CgTyIaXSBNIMEAQEFgTMBAwIGAYNbG?= =?us-ascii?q?IIJBwMGgTiCdYUyhSAbgUE/gRFDgxOCXQEBAgEWgUgrgx2CLIISAm8oHTQCF?= =?us-ascii?q?jmBB3CPX4pNgVKKWoNRhGIDXogiCoJ0h0QCgV1KkX6NY5RZAZIWgW6JGYF0l?= =?us-ascii?q?hoCBAIEBQIOAQEFgS4/IYFZcBWDJFAXAg2Je4QyDgmDToUUhUR0NwIGCgEBA?= =?us-ascii?q?wl8hxgsgT5cAQE?=
IronPort-PHdr: =?us-ascii?q?9a23=3AriVAHhz3fUJ0ipvXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5ZRWFt/RgkFGPWp/UuLpIiOvT5qbnX2FIoZOMq2sLf5EEUR?= =?us-ascii?q?gZwd4XkAotDI/gawX7IffmYjZ8EJFEU1lorHC2LUYTH9zxNBXep3So5msUHR?= =?us-ascii?q?PyfQN+OuXyHNvUiMK6n+C/8pHeeUNGnj24NLhzNx6x6w7Ws5ob?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.78,420,1599523200"; d="jpg'145?scan'145,208,217,145";a="634170176"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Dec 2020 06:45:45 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 0BF6jjgm008496 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <sidrops@ietf.org>; Tue, 15 Dec 2020 06:45:45 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 15 Dec 2020 00:45:45 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 15 Dec 2020 00:45:44 -0600
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 15 Dec 2020 01:45:44 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GZst7OplACjAuimSpVyZKB2Wd5ZljsQfE1iBgloj8Yv2xkH+hXUEMGdOzC3ZMPJrWjBBm4SMy+Y0R/AUyBOLCwc/lbG1sZOCuvP4rtpORYy7wcxglH7E//CQe5HwYJqbvnES1j/0ec7N2vtE9X5DIqgWNj93NaGG4OI9+8b4uios/pkjCr5OL5wAbuEm15Nuv6RnzQjBbnLYWT8Sn+Z2v4CtDYmPohOI/qGodeQ/VbV81Mimb7U4vOSboU09guj/O6gbxZvBbCtps+lwfOrEBkShTomnUCwHriJZtX3DsQK5L5/SJ8obh8RV1D8T3s2aPsqoKFCp99YAXLr2QfqEuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=10BDRT0qd/UkvPccvokthOXJJbdOVSZ4dD01GJr5CYQ=; b=YNDjSBkddy13/Z1mYuhs55Y2SahO7HyzV12XO7dhAJW5Lt0gNg/rHW/vWgZ2Y9A7yBQEtxV5XOZjJMiDOwuVdFBT5pveEwlDYrRt2dWOTFgTlWh5vdUkOu56KlbBjEObfkfcL/ACHPL0E3ZqKITFgzzkGVZfPZpiZS3Mb008BiPEmG220xl/tPciqifRtv90xb+H1VlOqz5VEngWN0o6eQKLwDwRQFMSabg3BagPj4VNunrqabii5kD1ADwiyCPanETveJfYAVyNzqWPJLNVIjVL3UZ4hkpiIhc35WChQTQwME2UwWF3B3aT8etoRXgj+bnS1/aAkJlWaqwBoIWFBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=10BDRT0qd/UkvPccvokthOXJJbdOVSZ4dD01GJr5CYQ=; b=vvwXmxcFUNrveSj9jtTg2OZuh8yyrVpoQJCDiq6mCX2fPx1fB+Y1NfjA1DU41A3B3RRY4BR8ogxCVCxCb8kFV9nj4krSdJp8yekR2ly9qZrtYoN0aiCiR/fWcOaRVY46xNVheT7SMYxQblm7FwOIzHdmnOA8WvIwnPfh6QIo0P8=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by SJ0PR11MB5135.namprd11.prod.outlook.com (2603:10b6:a03:2db::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.13; Tue, 15 Dec 2020 06:45:43 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::2581:444d:50af:1701]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::2581:444d:50af:1701%4]) with mapi id 15.20.3654.025; Tue, 15 Dec 2020 06:45:43 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: ASPA: Is this really a leak?
Thread-Index: AdbSrCwFetkGBNO+QeG28ivY3Q354w==
Date: Tue, 15 Dec 2020 06:45:43 +0000
Message-ID: <BYAPR11MB3207E12FA868D4ECCF064161C0C60@BYAPR11MB3207.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:45ca:9d3c:5636:a4db]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 90019e4d-4171-4f6e-ce27-08d8a0c50b80
x-ms-traffictypediagnostic: SJ0PR11MB5135:
x-microsoft-antispam-prvs: <SJ0PR11MB5135C67FE479AC7120C202C3C0C60@SJ0PR11MB5135.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +JSDTdNudJi0BRKc6Qw5Z/AJ2ETWajmFx7mDskl9zzwOb1jibGln+9AB4pZCNgsYt5yZDpfjQb5pVxVbOOmO37LVID1UvqBaynrBYgwsq42JhYv4FQr0fWJEsJJOSTrUkLLuD0LZRMKzEihYtQKnt8kw4tg+6RAUzn1DxVa4yFEoq3qAm7zQPH9NtOwUK2jsZvMwyoVnoFJNtG1wWLKNDMIsE2Wux5auFL8V+JVm16WiTFczD+p/CNEc+spSUh6ksSQQHQrg7MfW0JnPhQjDon354nfxer1qloHsbCotBwL2jmeikbmt5QwdEl1Ce8ERrDyko7FHYx1KNf25xpKsAcOa4dNHfX819OdxWpLpxnK4Qnbb4X8kBviZp9n1ZDXuJoq5HiwdzZjuSyIkmMXFNA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(376002)(39860400002)(366004)(346002)(136003)(83380400001)(66574015)(478600001)(52536014)(71200400001)(99936003)(7696005)(66446008)(86362001)(316002)(9686003)(76116006)(186003)(66556008)(66616009)(64756008)(6916009)(6506007)(166002)(55016002)(2906002)(5660300002)(966005)(33656002)(8676002)(66476007)(8936002)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?oFAo3Z5PbAexrX0977mkN+KbLilnB6I9GaujFLlIHWi2h83Hwho2loW4Z8YB?= =?us-ascii?Q?MiESG+JQX9oapoN2O11WFDEKCBMiqzfVpU/PnEFVSRKfV1+NEhY8sznaYtki?= =?us-ascii?Q?XIkyLol16Ud9/LGoNvrqIRcaei1Zx7r12KUZuM+ugdqqdjC2dTovIlnRUnDF?= =?us-ascii?Q?o//6IjDDLJRwR8HH2EzzZ8nZ5sC75v1gtKyaulBSSfYQrVbCL3eBFYyGI6/H?= =?us-ascii?Q?ktj8PSSCwJH53Fa/xvxcLo3SnU6S+9tXk0XenTawB9H5MTQYfpJ8jWzieHve?= =?us-ascii?Q?zzRRapbWVJBvuccISRI/5fZi9OqCQEiPljM+juGzOuPjVSM71jl2Lm75tpUY?= =?us-ascii?Q?GD5amTbbX9BOhcbOFsI4hQ6y6v6qtkBYgaZllNWldxRmFCgsDaMorryfFKEs?= =?us-ascii?Q?yWpro0pHim3dBaaGyr0mwkQc+2UIPNqbXYBwZW58/cno2d+ZDtDMDMfF3S/T?= =?us-ascii?Q?P92enN22cXIUih014ZLdR5y3htZuXBp9SqonfvhA5WHMHmUZpWwSaB9vslJD?= =?us-ascii?Q?uI4n4CV/wRQXG6SkRwkuS7C/qY3HbDZ8xL4R8U0BxFZ+XvIL58If338fV/WW?= =?us-ascii?Q?R6n85Qp6ogbD3tVBDFYHhao/iYZM+gwGl3YDlFn8m8RteH4kwKbikcxxysR5?= =?us-ascii?Q?HxT6wQ2z3NXy3cLETDG6/VDYFBxu4UukMT/OpRwm6NL4zkIQbEQv7sr3pCuz?= =?us-ascii?Q?kWLtiFP19lMSnf/i3xvrlUAgtvkD/eeY/AS6zYWhEciS4z4GSHrswgs2JyZb?= =?us-ascii?Q?URN5KTE/afCO61ZqRWnq9biTQi+VRhcRmz7Wxtm8pOiNpYfNzptq/5siTV/O?= =?us-ascii?Q?RXzg+zj9DoAOxwka0iPMvR5MA/RPS6a75/V6qsB86zkcH2NWeh3+5M38nIY7?= =?us-ascii?Q?3CFkMfbHQ2rymVyXYPH9W3tfNCmOPpqN1jvmeI+l5NxXSzbWL7JYWd2kG3TU?= =?us-ascii?Q?NdF1y/ID7nQ6yPySaNJpRg+ZpofH3beqmvkFVGBvThKxCLO5M5BZ6VRLOOao?= =?us-ascii?Q?n8AqGqL1fROxdZAgZQ98VzS/JZ5ceKwWmouk9vBFLeKWBGE=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/related; boundary="_004_BYAPR11MB3207E12FA868D4ECCF064161C0C60BYAPR11MB3207namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 90019e4d-4171-4f6e-ce27-08d8a0c50b80
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2020 06:45:43.3997 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b53pQM6IG1Djn9aKm1oUQ5AnEjR7MLsH50xOOjxJ+tajQZ340B9ccQ+Va5QweqxhESKbyHVu5PAblfbNt1oYGw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5135
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/-7seoBsUn0J_Ru0Ly__F-x_15Ro>
Subject: [Sidrops] ASPA: Is this really a leak?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 06:45:49 -0000

https://tools.ietf.org/html/draft-ietf-sidrops-aspa-verification-06
finds suspected leaky AS paths.
However, not all routes with suspected leaky AS-PATHs should be automatically dropped,
because some of them may not be unequivocal leaks.
A BGP monitoring service should provide alerts to all suspected leaks.
However, a router should automatically drop only unequivocal leaks.

https://bgpstream.com/event/258771 is listed as a leak.
[cid:image001.jpg@01D6D269.84D10C20]
The as-path is the red line.
The black line is a customer-provider relationship that exists between
37545 and 33765 as can be seen at https://asrank.caida.org/asns?asn=33765.
Therefore, 33756 is an authorized carrier of traffic for 37545 and
ought to not be called out as a leaker.
The route may not have taken the black line because of a temporary
failure of that link. An apparently leaky detour should be allowed
for a temporary failure as long as all the ASes involved are in the
provider cone of either the source AS or the destination AS.
All ASes in the provider cone of an AS are either directly or indirectly
authorized to carry traffic for that AS.

This is just one example. It's easy to find more.

ASPA should add a section that defines an unequivocal leak, such that
a BGP router can optionally drop only unequivocal leaks.

The definition of an unequivocal leak is based on the provider cone.
The provider cone of an AS consists of all the providers of that AS and
all the providers of those providers and so on.

All providers in the provider cone of either the originator or the receiver
of the route are permitted (contracted, actually) to carry the traffic for the
route between these two ASes. Therefore, the AS-path is only invalid if it
contains any ASes not within these provider cones. If valleys exist in the
AS-path, but these valleys are entirely within these provider cones, then
all the ASes in the AS-path are still permitted to carry the traffic and the
route should be declared valid.


Regards,
Jakob.