Re: [Sidrops] first route leak prevented by ASPA
Tim Bruijnzeels <tim@nlnetlabs.nl> Wed, 25 January 2023 13:33 UTC
Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35465C152561 for <sidrops@ietfa.amsl.com>; Wed, 25 Jan 2023 05:33:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvdG_BwYaBYH for <sidrops@ietfa.amsl.com>; Wed, 25 Jan 2023 05:33:42 -0800 (PST)
Received: from dane.soverin.net (dane.soverin.net [185.233.34.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D98FDC14E513 for <sidrops@ietf.org>; Wed, 25 Jan 2023 05:33:41 -0800 (PST)
Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4P24YF6p4Rz10S2; Wed, 25 Jan 2023 13:33:37 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net (Postfix) with ESMTPSA id 4P24YF401bz1g; Wed, 25 Jan 2023 13:33:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1674653617; bh=qE68W4hMfhvEdVZPYMUq9JGKSBqIjbqzbNS++On0O3o=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=PypU/DDj1GMBBNnp+yB6hZEGdpBwK1bhkdLyZK8rSAnTraMLANL7XHfptY3mZmOzO bPA3akfKdZQ9QtL0BEHyjBoPlszQx6M0pTOF1T69xdNseUnLmJX2WRl/DBO5F+IP8p Na3RATFmzp4DtX7X42bShb33gLGuf2EEnkiXLmBPyyQhnnDxT3U/pA+/QaTMB8xRtN DbuISsloAKGTU/+Lc3i9PpAkkLAuB0wCYAPjKKQzPreWTxdj0gaVMf3YWMX9ble20s uf5Qu4NDflBHkW6ywgq8E6AJrkUtoNCKwsnh0LO7X0TboGBOw6GU+6KlM7sH1SXJa2 j67r4nbQDic1g==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
X-Soverin-Authenticated: true
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <Y9EpXo+sncvtZAGz@diehard.n-r-g.com>
Date: Wed, 25 Jan 2023 14:33:37 +0100
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F92A9A9-BF31-44C3-B5A0-D34528C0B9E6@nlnetlabs.nl>
References: <Y9EpXo+sncvtZAGz@diehard.n-r-g.com>
To: Claudio Jeker <cjeker@diehard.n-r-g.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/-mGfZYT7IcVSGB8vPuwkWvENy0c>
Subject: Re: [Sidrops] first route leak prevented by ASPA
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2023 13:33:46 -0000
Hi Claudio,
Great news. Thanks for sharing.
I see you mention:
> On 25 Jan 2023, at 14:06, Claudio Jeker <cjeker@diehard.n-r-g.com> wrote:
>
> combined with a Locally Added Assertion for my upstream AS:
> customer-as 8271 provider-as { 13030, 174 }
How did you add these assertions?
I am thinking (as one of the authors) that an update to the Slurm RFC (8416) is probably needed sooner rather than later. It was on my radar, but did not make it to the top of my todo list just yet.
While I must apologise for the verbosity in the current JSON naming, I think the easiest update would be to take the existing format as is and just add an additional "ASPA Filter" as if it were a new section 3.3.3 and a "ASPA Assertion" as if it were section 3.4.3.
Do people agree that this is now a useful effort? If so then I am happy to pick it up.
Kind regards,
Tim
- [Sidrops] first route leak prevented by ASPA Claudio Jeker
- Re: [Sidrops] first route leak prevented by ASPA Tim Bruijnzeels
- Re: [Sidrops] first route leak prevented by ASPA Claudio Jeker
- Re: [Sidrops] first route leak prevented by ASPA gengnan