IETF Logo Mail Archive

Re: [Sidrops] Format of ASPA RTR PDU

Claudio Jeker <cjeker@diehard.n-r-g.com> Wed, 29 November 2023 10:03 UTC

Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5A0C14CE2E for <sidrops@ietfa.amsl.com>; Wed, 29 Nov 2023 02:03:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.203
X-Spam-Level:
X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eF8KjMEM8o3r for <sidrops@ietfa.amsl.com>; Wed, 29 Nov 2023 02:03:00 -0800 (PST)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D60E3C14CF1A for <sidrops@ietf.org>; Wed, 29 Nov 2023 02:02:58 -0800 (PST)
Received: (qmail 52447 invoked by uid 1000); 29 Nov 2023 10:02:55 -0000
Date: Wed, 29 Nov 2023 11:02:54 +0100
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: Maria Matejka <maria.matejka@nic.cz>
Cc: Martin Hoffmann <martin@nlnetlabs.nl>, sidrops <sidrops@ietf.org>, Kateřina Kubecová <katerina.kubecova@nic.cz>, Ondrej Zajicek <santiago@crfreenet.org>
Message-ID: <ZWcMTveXz9Iv3u5W@diehard.n-r-g.com>
References: <0d8fcb69-54e1-4ba3-b5c9-29f93b3271eb@nic.cz> <ZUpWsu5xtPSJwUN2@diehard.n-r-g.com> <20231108103704.45af35c2@glaurung.nlnetlabs.nl> <ZUtYi01nYNExFAOY@diehard.n-r-g.com> <63ecbc8e-afe9-468a-9f84-91ed436ac4ce@nic.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <63ecbc8e-afe9-468a-9f84-91ed436ac4ce@nic.cz>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/1Fc9kpg3UCIWYV62lUa9p-gpTns>
Subject: Re: [Sidrops] Format of ASPA RTR PDU
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 10:03:02 -0000

On Tue, Nov 28, 2023 at 08:02:46PM +0100, Maria Matejka wrote:
> Dear WG,
> 
> > > > On Tue, Nov 07, 2023 at 04:00:49PM +0100, Maria Matejka wrote:
> > > > > While trying to implement ASPA in RTR, we got confused by § 5.12,
> > > > > ASPA PDU, as of draft-ietf-sidrops-8210bis-11. Bytes 2 and 3 are
> > > > > set to zero and bytes 10 and 11 are encoding Provider AS Count
> > > > > which can be inferred from the overall PDU length easily. Is there
> > > > > any good reason to have this redundant information inside the PDU?
> > > > > We are suggesting to move the Flags and AFI Flags to bytes 2 and 3
> > > > > and to drop Provider AS Count completely. The Customer ASN would
> > > > > then start at byte 8 and Provider ASNs would start at byte 12.
> 
> returning to the ASPA RTR PDU format, I'm wishing to update the 5.12 section
> as follows → we shall drop the AFI Flags (making them zero) and Provider AS
> Count (can be inferred from Length easily) and move the Flags to the byte 2.

This is more or less what Martin Hoffmann suggested and I think this makes
sense since it removes some possible encoding inconsistencies.
 
> Regarding all other parts of ASPA implementation in BIRD, it is basically
> prepared for merge and release, so we'd like to resolve this issue rather
> sooner than later, to avoid releasing breaking code changes.
> 
> Please see the updated parts below.
> 
> > 
> >       5.12.
> >       <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-8210bis-11#section-5.12>ASPA
> >       PDU
> >       <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-8210bis-11#name-aspa-pdu>
> > 
> > 
> > 0          8          16         24        31
> > .-------------------------------------------.
> > | Protocol |   PDU    |          |          |
> > | Version  |   Type   |   Flags  |   zero   |
> > |    2     |    11    |          |          |
> > +-------------------------------------------+
> > |                                           |
> > |                 Length                    |
> > |                                           |
> > +-------------------------------------------+
> > |                                           |
> > |    Customer Autonomous System Number      |
> > |                                           |
> > +-------------------------------------------+
> > |                                           |
> > ~    Provider Autonomous System Numbers     ~
> > |                                           |
> > ~-------------------------------------------~
> > 
> > (… 4 paragraphs skipped …)
> > 
> > If the announce/withdraw flag is set to 0, it indicates removal of the
> > entire ASPA record for that Customer AS. Here, the customer AS of the
> > ASPA record MUST be provided. The Provider AS Numbers list MUST be null
> > and ignored by the router.

Last sentence should be reworded, since a null list is not a thing.
Also I hate when there is a MUST but then there is a "but if someone fucks
up just ignore it". That is not a MUST.

So I would propose:
If the announce/withdraw flag is set to 0, it indicates removal of the
entire ASPA record for that Customer AS. A withdraw only contains the
Customer Autonomous System Number therefor Length MUST be 12 and no
Provider Autonomous System Numbers are to be included.

> > The Customer Autonomous System Number is the 32-bit Autonomous System
> > Number of the customer which authenticated the ASPA RPKI data. There
> > MUST be one and only one ASPA for a Customer Autonomous System Number
> > active in the router at any time. There are zero or more 32-bit Provider
> > Autonomous System Number fields as indicated by the PDU Length; see
> > [I-D.ietf-sidrops-aspa-profile <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-profile-16>].

I dislike this paragraph it is duplication of the previous paragraphs and
adds very little new information and some wrong information.
For example [I-D.ietf-sidrops-aspa-profile] does not allow zero Provider
Autonomous System Numbers in its encoding.

So how about the suggesiton below
-- 
:wq Claudio

5.12. ASPA PDU

0          8          16         24        31
.-------------------------------------------.
| Protocol |   PDU    |          |          |
| Version  |   Type   |   Flags  |   zero   |
|    2     |    11    |          |          |
+-------------------------------------------+
|                                           |
|                 Length                    |
|                                           |
+-------------------------------------------+
|                                           |
|    Customer Autonomous System Number      |
|                                           |
+-------------------------------------------+
|                                           |
~    Provider Autonomous System Numbers     ~
|                                           |
~-------------------------------------------~

The ASPA PDU supports [I-D.ietf-sidrops-aspa-profile]. An ASPA PDU
represents one single customer AS and its provider ASes. Receipt of an
ASPA PDU announcement (announce/withdraw flag == 1) when the router
already has an ASPA PDU with the same Customer Autonomous System Number
replaces the previous one. The cache MUST deliver the complete data of an
ASPA record in a single ASPA PDU.

The router MUST see at most one ASPA from a cache for a particular
Customer Autonomous System Number active at any time. As a number of
conditions in the global RPKI may present multiple valid ASPA RPKI records
for a single customer to a particular RP cache, this places a burden on
the cache to form the union of multiple ASPA records it has received from
the global RPKI into one ASPA PDU.

The Flags field is as described in Section 5.

For the ASPA PDU, the announce/withdraw Flag is set to 1 to indicate
either the announcement of a new ASPA record or a replacement for a
previously announced record with the same Customer Autonomous System
Number. Such a PDU contains the Customer Autonomous System Number and
MUST contain one or more Provider Autonomous System Numbers. The number
of Provider Autonomous System Numbers is calculated according to the
Length of the PDU which must be equal or larger than 16.

If the announce/withdraw flag is set to 0, it indicates removal of the
entire ASPA record for that Customer AS. A withdraw only contains the
Customer Autonomous System Number therefor Length MUST be 12 and no
Provider Autonomous System Numbers are to be included.

v2.23.0 | Report a Bug | By Email