Re: [Sidrops] ASPA verification algorithm error
Ben Maddison <benm@workonline.africa> Mon, 15 February 2021 06:49 UTC
Return-Path: <benm@workonline.africa>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5992A3A0BFF for <sidrops@ietfa.amsl.com>; Sun, 14 Feb 2021 22:49:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7hVryaR8ywp for <sidrops@ietfa.amsl.com>; Sun, 14 Feb 2021 22:49:04 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2060.outbound.protection.outlook.com [40.107.20.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CA033A0C7E for <sidrops@ietf.org>; Sun, 14 Feb 2021 22:49:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RaHY6v6j3/MVIV44jC1mw75EW2ZosM6cVbgdaKwDQf6QURwJPQJ24d4AouifHAHzU/K/X2yIY5CRqkaxQRKxx6IUxsr09zxzz64/kF5aLQEm3q2wnxP5HRw1U/7QMAHVnNNoPAnSclVd6+wkN7SihVsGFCnCKQjSiuZt8dtm3kyZwHwi7MvFeglceM+7g4AV9O27qGO+2r29m2rORGmbM7kHSi7laMSxLlZc5gQDajCeoqGmhhGhn3fv/dOD08s+l5yWoQ+dqy7lPAvXxSC1b33tLb1QmDtkaclUp/BjnpCjaF9eOn1sAuTGRaUv8mgMaalT+4PGdOPJESy1jMfKNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J6b2S0fzQlpNDkH16+BOOtjlWmJbXtXIphSDHUyywbE=; b=mQ/+aAW9qZNkPhbSHrl94FHATnJqan+xrXyWl3vpZHmNu/FD63g6+v8T2iPHFf59cyEr8uA4OKxAPxrbJgkCEtGZwj/IT/ojW9NaWbHBEnbpUQgNuI/zfUKhymrt7ET5gdEer2ZcG7c+dqyT8VC9brS/mPdXYdr0awkbmG8HtIR640Eeb1zl/Tqv6v4PXkz5rS/9/W8pbel+fcyiXeU9tQtPOsOwYBmdLjgTlQjIJy0vM7BgQAsoA8y3j7ra/MDaEPhiRI8Dg1p7Ih3ZNi47VWFEFxSBF4fZiTF/UYUXTI80sOO8YtUl+NOvKKJ9l8PXh/uAHDYfXEJKpcoLv9zd7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J6b2S0fzQlpNDkH16+BOOtjlWmJbXtXIphSDHUyywbE=; b=FIvkeEVBJDrS0GT8nWlxSiVDnhC36QZq441rHhzjS+t5HMHy4pB7oqgUjn4PPS+JoodwjWySWbaqkrlndJzkUpz+t5CLnnmsFzmxasIPIFxWrwvxvlzIAtnFretr8mpRDCD7dQzk4a7WxS+bGp+Yzh3kfbmmQmeyKXEUjmuDYkI=
Authentication-Results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=workonline.africa;
Received: from DB8P190MB0746.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:12a::24) by DB6P190MB0343.EURP190.PROD.OUTLOOK.COM (2603:10a6:6:33::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.24; Mon, 15 Feb 2021 06:49:00 +0000
Received: from DB8P190MB0746.EURP190.PROD.OUTLOOK.COM ([fe80::a8b1:5eb6:5886:96c2]) by DB8P190MB0746.EURP190.PROD.OUTLOOK.COM ([fe80::a8b1:5eb6:5886:96c2%3]) with mapi id 15.20.3825.034; Mon, 15 Feb 2021 06:49:00 +0000
Date: Mon, 15 Feb 2021 08:48:52 +0200
From: Ben Maddison <benm@workonline.africa>
To: "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>
Cc: Alexander Azimov <a.e.azimov@gmail.com>, "Jakob Heitz (jheitz)" <jheitz@cisco.com>, "sidrops@ietf.org" <sidrops@ietf.org>, Lukas Tribus <lukas@ltri.eu>
Message-ID: <20210215064852.atvwzzfdtazo5yya@benm-laptop>
References: <BYAPR11MB320714401DE9AFBF5D24C832C0A09@BYAPR11MB3207.namprd11.prod.outlook.com> <CACC_My906OxmEphW=DOrGhwSagZKf--hd5oLR9uF=24kuA24ag@mail.gmail.com> <BYAPR11MB3207BD021F246199C7E4CCD6C08C9@BYAPR11MB3207.namprd11.prod.outlook.com> <CACC_My8Kg33v=2kXgDZb+11QHSPwJtiFSmuXm_w=LuoEP2crBA@mail.gmail.com> <BYAPR11MB320745F7CD054ABBAD1647FBC08C9@BYAPR11MB3207.namprd11.prod.outlook.com> <20210212081003.bm52czsjoevwtnw3@benm-laptop> <CAEGSd=B7KSaAbm-zLE_FUvFHnFaUUF9Sp-1rJ6e94E_LDVpw=Q@mail.gmail.com> <DM6PR11MB3211D016C73756ADB6E979EBC08B9@DM6PR11MB3211.namprd11.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="awkouhy5w5mlepjt"
Content-Disposition: inline
In-Reply-To: <DM6PR11MB3211D016C73756ADB6E979EBC08B9@DM6PR11MB3211.namprd11.prod.outlook.com>
X-Originating-IP: [165.0.73.66]
X-ClientProxiedBy: CTXP275CA0038.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:1::26) To DB8P190MB0746.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:12a::24)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (165.0.73.66) by CTXP275CA0038.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:1::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25 via Frontend Transport; Mon, 15 Feb 2021 06:48:59 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5b552d52-2791-4d67-4d43-08d8d17dc660
X-MS-TrafficTypeDiagnostic: DB6P190MB0343:
X-Microsoft-Antispam-PRVS: <DB6P190MB03439BDEAE644B6A7826EC88C0889@DB6P190MB0343.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: nsjxEFWNh7RdHugAV0zjEWPWNu8RkJsBuvuNM7moihUCjSTzqk264Kwqr0OWWbkXQj7yULHCrOe/YbD5jlxOO0BhW7Lnl89hcxvp6kgqmf7PjS9GCSjAci8UDbyS09JvSaRfIFTDAquME/zsnmbRbxnzy5xQ8wgwuain2ZuaIQWVCMP/crBauZxivfj3P7YtAQNaJs0BmyvVBHtx6TTymTov9TlmD8Hgnd8GAmy5LCUhIUVr+1VR2tURV/bG99ndYDbFPNqkXYO6B9Wou5BaShHtnG17qqhjyZFKxyrG+d4Wn1UVXs88/bFzrpNSbjXttL+JlFxTKTcDylEjflaTkkQHCGKWtbUvy8+XoBxij0acclODu6jJ1jMX6gMuJXbpPO5gmII0HTe7kjSyaHe2OLGGXezJYFYHx/CH7tQv+a1gztnFeuuu0u0J1H5Og2qT5w3JUJbgfQaAO2KNYm9ih/tClpN+NRcxozABGtCdOXBOekab54wxJQgJqUu90PheIBK3MIT9T06f8tJOP0JU8qQknpRCTTUUkNB/kJGVncJI7aCxHBu3lmeiNADKJm9UvQcqswLrb38a8HlW/S4qhifAmtSVeJnljgiFOloX0tw=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P190MB0746.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(7916004)(39830400003)(396003)(366004)(136003)(346002)(376002)(26005)(956004)(316002)(186003)(6666004)(21480400003)(16526019)(4326008)(9686003)(6496006)(33716001)(44144004)(1076003)(66476007)(66556008)(83380400001)(2906002)(66946007)(33964004)(52116002)(8936002)(54906003)(5660300002)(86362001)(8676002)(6486002)(478600001)(46492009)(2700100001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: zEKzN2Qk6Ub5gcepW2WHcCN6xDMBuak6M3n6HqXNJv2Z3picUEMc+fp1gdqS2aJEeHfprKdptnnUZOv+1Ic8VPW9qW5Lyt7wy+siSpP4ukR2ev7COYHb/76GlhcgZfHBMiKokbGJWLrd3LUNlfxQHPai1a3yQGGWUdca2ElzjZF7N/Rv7DVsmXsYlzf/hSNE4YLYFs6r2JD6chBQGxa5yHs9dqrfgx0NgokSX+ULIxX0EOq5CsEMdT6SFlFLqmbs/wCLCFThZ519DAp6rt9425XsP3NEnCluDzzN5UQMr0Em0U0cilJ1ryZf9/BgBxAThtrP3Xnu9WskbBijdlyOeI68PQvV1p+6abp66CvTz/vLkh3kM/4EaA3oHIbcc85FOsIPCRzRaDBvKqI8ZFtdWwgoUCNS120gAAqy44BXFiN5MbexOyeCb6o42DUXnwByopMmt+sofFvXXrCreSUYV4YnqtTeQ7OaxDTTipPWN1M7B5Z/QTV0g/ExvjtQy8jSxfgl1kolkqhN9saBfjwGJEWH0quWllhGubdo73rl7ERcpWk6rVLuCjMcJXZ7Vl++v9pKmCwnJC02ms37mzb7pRAm6ck0tP5umo+F9gCaVVQPQtmv18s31AFI6xuwNPn4vIBZmt14QMydgvfeYODdIYN+mowSbT+eoKfdC3nud26l3Od5dzhXlViN8g/3UKSKI1k+r0sGRtqKMCH70buHbWS3PpGwCe0kzfpgIr+0o9ZA53pQgykdeAFcjnGtaufB0KrPZkp6z7C3ctRMjlnesnmXYxmKrtJsoWMMhRZromu9Npn/LGSQtf97N6Kw82D17iejHXnZdk0FjXDk0B/2yKkcm5ixJAbvF+rru3Dw12HA/cLkc01IOzgOYzUGvSvOal+XIbBduHwrAUloLM6EoSZPGvUiN/2B3FNhWa5rkAQmR97AplP+hCoeNDjlQZ+Gvw1AMgIFQwqd5LaCg4/wbRysPjQRqFxHfgxfmTGWm9otqoxxRNyoQbxXUVsrtZhoMHWcL/0SXk7zny702tdfFPUChd6/RyFBfQkZUuOK3CaCfFmtmN261O0xM3+d0ynDxkzXSoZWBhHsL+1RaLtLfl/WxlDVB1dF2VSfrbh2xUcAexNIWG5w1KFvUL+jLWwKEXR4hz/HmlQ26fIwnEgkn+H6peefWDb9xsmpU9Y9mIBR+laak6eis65Jg5F1mS8JWJOS36NPJtsyLzc/7NiIIcQUQ5GbkqWXvaaiadN10pLheMGKqncu8aJA3PNSpd7ubj0EjmLJu43aSZnuPjbSsnf6A/fbelUpaC2x2cBBcKbTHhF1b6kt2FpT5Qk0a/uZ
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: 5b552d52-2791-4d67-4d43-08d8d17dc660
X-MS-Exchange-CrossTenant-AuthSource: DB8P190MB0746.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2021 06:49:00.5079 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: IXGWxU/KMbYXEeeiFVxGzRG18NTIBY50TUpyVRKv8kmD8ocVBiMlNkp9FGKiVrh14qWBz9KypfxIP1u4uHqS/Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0343
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/43IztkGOflNVAEcUIw1JVu-TrKQ>
Subject: Re: [Sidrops] ASPA verification algorithm error
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 06:49:09 -0000
Hi Jakob, On 02/12, Jakob Heitz (jheitz) wrote: > It seems we all agree that the path I illustrated is valid and the algorithm in the draft marks it unknown. > The first priority is to get the correct result. That's not quite what I said! I think the logic you used to arrive at the conclusion is sound. I agree that the path you illustrated should be accepted by the receiver. However, I also gave several reasons why a validation state of Unknown is appropriate here. > > ASPA has to work as well as possible without full participation. > It will never work if full participation is required. > I'm not clear on why you believe the issue at hand impacts the effectiveness of ASPA under partial deployment? > I agree with Ben that it is difficult to reason with the model of ASPA as written in the draft. > Here is an alternative: > > Every transit AS in the path must have at least one neighbor that calls it a provider. > > That's a lot easier to reason about than trying to figure out where upstream turns to downstream > in the presence of bilateral peers, siblings, complex relationships and ASes making no attestations. > You only need to consider one AS at a time and what is to its left and to its right. > > Repeating: > > Consider the as-path (1 2 3 4), where > 1 attests that 2 is its provider > 4 attests that 3 is its provider > 2 and 3 make no attestations. > Then the path is valid. > > Here is a simple and working algorithm: > > > * The received AS-path is prepared: > * Remove duplicate ASNs. > * Prepend own ASN. > * May also prepend Forwarded-to ASN to detect own leak. (optional) > * For every sequence (A, B, C) of consecutive ASes in an AS-path: > * If A attests that B is not a provider and C attests that B is not a provider, > then B leaked the route: B is transiting for free. The segment is invalid. > * If either A or C attests that B is a provider, then the AS-path segment (A, B, C) is valid. > * Else if either A or C make no attestation, then the leak state is unknown. Even if B lists both A and C as providers, it is not necessarily a leak, because either A or C could consider B as a provider for some of their routes, even though they don’t attest to it. > * If all the path segments are valid, then the whole path is valid. > * If any of the path segments is invalid, then the whole path is invalid. The above looks sound to me on first sight. I am going to poke it a little before I fully endorse it though... > * Else, at least one path segment is unknown and one more rule must be applied: for any sequence of ASes (A, B1, ..., Bn, C), if A attests that B1 is not a provider and C attests that Bn is not a provider, then the AS-path is invalid. This is for any number of Bx greater than 1. > The above final step is less clear to me. Could you explain your reasoning in some more detail please? Cheers, Ben
- [Sidrops] ASPA verification algorithm error Jakob Heitz (jheitz)
- Re: [Sidrops] ASPA verification algorithm error Lukas Tribus
- Re: [Sidrops] ASPA verification algorithm error Jakob Heitz (jheitz)
- Re: [Sidrops] ASPA verification algorithm error Lukas Tribus
- Re: [Sidrops] ASPA verification algorithm error Jakob Heitz (jheitz)
- Re: [Sidrops] ASPA verification algorithm error Ben Maddison
- Re: [Sidrops] ASPA verification algorithm error Alexander Azimov
- Re: [Sidrops] ASPA verification algorithm error Jakob Heitz (jheitz)
- Re: [Sidrops] ASPA verification algorithm error Ben Maddison
- Re: [Sidrops] ASPA verification algorithm error Alexander Azimov
- Re: [Sidrops] ASPA verification algorithm error Sriram, Kotikalapudi (Fed)
- [Sidrops] Updated slides on ASPA algorithm design… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Updated slides on ASPA algorithm de… Alexander Azimov
- Re: [Sidrops] Updated slides on ASPA algorithm de… Jakob Heitz (jheitz)