Re: [Sidrops] Format of ASPA RTR PDU
Claudio Jeker <cjeker@diehard.n-r-g.com> Wed, 29 November 2023 10:03 UTC
Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5A0C14CE2E for <sidrops@ietfa.amsl.com>; Wed, 29 Nov 2023 02:03:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.203
X-Spam-Level:
X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eF8KjMEM8o3r for <sidrops@ietfa.amsl.com>; Wed, 29 Nov 2023 02:03:00 -0800 (PST)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D60E3C14CF1A for <sidrops@ietf.org>; Wed, 29 Nov 2023 02:02:58 -0800 (PST)
Received: (qmail 52447 invoked by uid 1000); 29 Nov 2023 10:02:55 -0000
Date: Wed, 29 Nov 2023 11:02:54 +0100
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: Maria Matejka <maria.matejka@nic.cz>
Cc: Martin Hoffmann <martin@nlnetlabs.nl>, sidrops <sidrops@ietf.org>, Kateřina Kubecová <katerina.kubecova@nic.cz>, Ondrej Zajicek <santiago@crfreenet.org>
Message-ID: <ZWcMTveXz9Iv3u5W@diehard.n-r-g.com>
References: <0d8fcb69-54e1-4ba3-b5c9-29f93b3271eb@nic.cz> <ZUpWsu5xtPSJwUN2@diehard.n-r-g.com> <20231108103704.45af35c2@glaurung.nlnetlabs.nl> <ZUtYi01nYNExFAOY@diehard.n-r-g.com> <63ecbc8e-afe9-468a-9f84-91ed436ac4ce@nic.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <63ecbc8e-afe9-468a-9f84-91ed436ac4ce@nic.cz>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/1Fc9kpg3UCIWYV62lUa9p-gpTns>
Subject: Re: [Sidrops] Format of ASPA RTR PDU
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 10:03:02 -0000
On Tue, Nov 28, 2023 at 08:02:46PM +0100, Maria Matejka wrote: > Dear WG, > > > > > On Tue, Nov 07, 2023 at 04:00:49PM +0100, Maria Matejka wrote: > > > > > While trying to implement ASPA in RTR, we got confused by § 5.12, > > > > > ASPA PDU, as of draft-ietf-sidrops-8210bis-11. Bytes 2 and 3 are > > > > > set to zero and bytes 10 and 11 are encoding Provider AS Count > > > > > which can be inferred from the overall PDU length easily. Is there > > > > > any good reason to have this redundant information inside the PDU? > > > > > We are suggesting to move the Flags and AFI Flags to bytes 2 and 3 > > > > > and to drop Provider AS Count completely. The Customer ASN would > > > > > then start at byte 8 and Provider ASNs would start at byte 12. > > returning to the ASPA RTR PDU format, I'm wishing to update the 5.12 section > as follows → we shall drop the AFI Flags (making them zero) and Provider AS > Count (can be inferred from Length easily) and move the Flags to the byte 2. This is more or less what Martin Hoffmann suggested and I think this makes sense since it removes some possible encoding inconsistencies. > Regarding all other parts of ASPA implementation in BIRD, it is basically > prepared for merge and release, so we'd like to resolve this issue rather > sooner than later, to avoid releasing breaking code changes. > > Please see the updated parts below. > > > > > 5.12. > > <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-8210bis-11#section-5.12>ASPA > > PDU > > <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-8210bis-11#name-aspa-pdu> > > > > > > 0 8 16 24 31 > > .-------------------------------------------. > > | Protocol | PDU | | | > > | Version | Type | Flags | zero | > > | 2 | 11 | | | > > +-------------------------------------------+ > > | | > > | Length | > > | | > > +-------------------------------------------+ > > | | > > | Customer Autonomous System Number | > > | | > > +-------------------------------------------+ > > | | > > ~ Provider Autonomous System Numbers ~ > > | | > > ~-------------------------------------------~ > > > > (… 4 paragraphs skipped …) > > > > If the announce/withdraw flag is set to 0, it indicates removal of the > > entire ASPA record for that Customer AS. Here, the customer AS of the > > ASPA record MUST be provided. The Provider AS Numbers list MUST be null > > and ignored by the router. Last sentence should be reworded, since a null list is not a thing. Also I hate when there is a MUST but then there is a "but if someone fucks up just ignore it". That is not a MUST. So I would propose: If the announce/withdraw flag is set to 0, it indicates removal of the entire ASPA record for that Customer AS. A withdraw only contains the Customer Autonomous System Number therefor Length MUST be 12 and no Provider Autonomous System Numbers are to be included. > > The Customer Autonomous System Number is the 32-bit Autonomous System > > Number of the customer which authenticated the ASPA RPKI data. There > > MUST be one and only one ASPA for a Customer Autonomous System Number > > active in the router at any time. There are zero or more 32-bit Provider > > Autonomous System Number fields as indicated by the PDU Length; see > > [I-D.ietf-sidrops-aspa-profile <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-profile-16>]. I dislike this paragraph it is duplication of the previous paragraphs and adds very little new information and some wrong information. For example [I-D.ietf-sidrops-aspa-profile] does not allow zero Provider Autonomous System Numbers in its encoding. So how about the suggesiton below -- :wq Claudio 5.12. ASPA PDU 0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | | Version | Type | Flags | zero | | 2 | 11 | | | +-------------------------------------------+ | | | Length | | | +-------------------------------------------+ | | | Customer Autonomous System Number | | | +-------------------------------------------+ | | ~ Provider Autonomous System Numbers ~ | | ~-------------------------------------------~ The ASPA PDU supports [I-D.ietf-sidrops-aspa-profile]. An ASPA PDU represents one single customer AS and its provider ASes. Receipt of an ASPA PDU announcement (announce/withdraw flag == 1) when the router already has an ASPA PDU with the same Customer Autonomous System Number replaces the previous one. The cache MUST deliver the complete data of an ASPA record in a single ASPA PDU. The router MUST see at most one ASPA from a cache for a particular Customer Autonomous System Number active at any time. As a number of conditions in the global RPKI may present multiple valid ASPA RPKI records for a single customer to a particular RP cache, this places a burden on the cache to form the union of multiple ASPA records it has received from the global RPKI into one ASPA PDU. The Flags field is as described in Section 5. For the ASPA PDU, the announce/withdraw Flag is set to 1 to indicate either the announcement of a new ASPA record or a replacement for a previously announced record with the same Customer Autonomous System Number. Such a PDU contains the Customer Autonomous System Number and MUST contain one or more Provider Autonomous System Numbers. The number of Provider Autonomous System Numbers is calculated according to the Length of the PDU which must be equal or larger than 16. If the announce/withdraw flag is set to 0, it indicates removal of the entire ASPA record for that Customer AS. A withdraw only contains the Customer Autonomous System Number therefor Length MUST be 12 and no Provider Autonomous System Numbers are to be included.
- [Sidrops] Format of ASPA RTR PDU Maria Matejka
- Re: [Sidrops] Format of ASPA RTR PDU Claudio Jeker
- Re: [Sidrops] Format of ASPA RTR PDU Martin Hoffmann
- Re: [Sidrops] Format of ASPA RTR PDU Claudio Jeker
- Re: [Sidrops] Format of ASPA RTR PDU Martin Hoffmann
- Re: [Sidrops] Format of ASPA RTR PDU Borchert, Oliver (Fed)
- Re: [Sidrops] Format of ASPA RTR PDU Claudio Jeker
- Re: [Sidrops] Format of ASPA RTR PDU Borchert, Oliver (Fed)
- Re: [Sidrops] Format of ASPA RTR PDU Maria Matejka
- Re: [Sidrops] Format of ASPA RTR PDU Claudio Jeker
- Re: [Sidrops] Format of ASPA RTR PDU Martin Hoffmann
- Re: [Sidrops] Format of ASPA RTR PDU Christopher Morrow
- Re: [Sidrops] Format of ASPA RTR PDU Job Snijders
- Re: [Sidrops] Format of ASPA RTR PDU Martin Hoffmann
- Re: [Sidrops] Format of ASPA RTR PDU Christopher Morrow
- Re: [Sidrops] Format of ASPA RTR PDU Job Snijders
- Re: [Sidrops] Format of ASPA RTR PDU Tim Bruijnzeels
- Re: [Sidrops] Format of ASPA RTR PDU Martin Hoffmann
- Re: [Sidrops] Format of ASPA RTR PDU Russ Housley
- Re: [Sidrops] Format of ASPA RTR PDU gengnan
- Re: [Sidrops] Format of ASPA RTR PDU Randy Bush
- Re: [Sidrops] Format of ASPA RTR PDU Claudio Jeker
- Re: [Sidrops] Format of ASPA RTR PDU Randy Bush
- Re: [Sidrops] Format of ASPA RTR PDU Job Snijders
- Re: [Sidrops] Format of ASPA RTR PDU Tim Bruijnzeels
- Re: [Sidrops] Format of ASPA RTR PDU Maria Matejka
- Re: [Sidrops] Format of ASPA RTR PDU Randy Bush
- Re: [Sidrops] Format of ASPA RTR PDU Dale W. Carder
- Re: [Sidrops] Format of ASPA RTR PDU Job Snijders
- Re: [Sidrops] Format of ASPA RTR PDU Claudio Jeker
- Re: [Sidrops] Format of ASPA RTR PDU Borchert, Oliver (Fed)
- Re: [Sidrops] version negotiation Randy Bush
- Re: [Sidrops] Format of ASPA RTR PDU Ties de Kock
- Re: [Sidrops] Format of ASPA RTR PDU Job Snijders
- Re: [Sidrops] Format of ASPA RTR PDU Warren Kumari
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Randy Bush
- Re: [Sidrops] Format of ASPA RTR PDU Martin Hoffmann
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Job Snijders
- Re: [Sidrops] version negotiation Randy Bush
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Randy Bush
- Re: [Sidrops] version negotiation Job Snijders
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Claudio Jeker
- Re: [Sidrops] version negotiation Randy Bush
- Re: [Sidrops] version negotiation Job Snijders
- Re: [Sidrops] version negotiation Randy Bush
- Re: [Sidrops] version negotiation Job Snijders
- Re: [Sidrops] version negotiation Job Snijders
- Re: [Sidrops] version negotiation Randy Bush
- Re: [Sidrops] version negotiation Randy Bush