Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)
Job Snijders <job@fastly.com> Thu, 23 March 2023 14:04 UTC
Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEF38C1524B3 for <sidrops@ietfa.amsl.com>; Thu, 23 Mar 2023 07:04:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3F3EK60JIYC for <sidrops@ietfa.amsl.com>; Thu, 23 Mar 2023 07:04:02 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F004AC1522D7 for <sidrops@ietf.org>; Thu, 23 Mar 2023 07:04:02 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id w9so87096798edc.3 for <sidrops@ietf.org>; Thu, 23 Mar 2023 07:04:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1679580240; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=rtRdK1cf7NkG18Ht128+dftdmdG9q5lOnHcZCBITnVg=; b=E6a5Xh6BBM2/PU1HW9u3yFAGxCtWrJMzX/idWOqoHzAQT4WYG9lhNM1IZlBSbKj5vf mbao622IStvHRFJ3NadQ6MF1l3gPg2d3ox+xPJ4F8ZWbUTVyq354s2uAJ1bP9IP0cYK2 l+2Wk9cUdPwyGlo7hE4EffzouyrGFczlkqcaY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679580240; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rtRdK1cf7NkG18Ht128+dftdmdG9q5lOnHcZCBITnVg=; b=QdUCSb/RusZFOC+K5990/IGjsFI3+tyix9TWba1yHFDSuz2R0K3NV2LPxqa08JItIf 3eDCud0eYAWCMSZ88yT8m/56qBpbRy4VgVBoZWpbAlKJX4Lj6NvLaUTG6Ktr48Hf4JKX SUE5GjrZWS+kwzWhpz93lt2DFqrKReSLBisFcEr45oT7UA9hCQMtVkNp+eL1LjW7J6Gt bh91jxjpHkW3opAOA8VlKx+rlpKgfUI3rht9XO5Svtjnl97sALDIg6DLx8NLyuttGp3M tZq6TEy5SuAQw8JSnJJNvsX+EPtv08XcTMCAFplEcHPUiq/RUQLKG5Uh+YlhL8ZBO8WA w8Ag==
X-Gm-Message-State: AO0yUKXPQek5Cgr6Su6J3DU6xMYeCLexcBTQZzNaDyvLuQOPCb7geR2v e3ajysGvo8BKFDa068iShKcveg==
X-Google-Smtp-Source: AK7set8v7R2PFiEYidfuVAg6yFSU5xkrIG9g4gRE+C9vFlIhG4QREaoBEKlYqZ0M0h8jk2HMtSfWVg==
X-Received: by 2002:a17:906:15d5:b0:8b1:7e23:5041 with SMTP id l21-20020a17090615d500b008b17e235041mr10908547ejd.39.1679580240557; Thu, 23 Mar 2023 07:04:00 -0700 (PDT)
Received: from snel ([2a10:3781:276:1:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id tm8-20020a170907c38800b0093c82edfd48sm1225350ejc.80.2023.03.23.07.03.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Mar 2023 07:03:59 -0700 (PDT)
Date: Thu, 23 Mar 2023 15:03:56 +0100
From: Job Snijders <job@fastly.com>
To: Amreesh Phokeer <phokeer=40isoc.org@dmarc.ietf.org>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>, Aftab Siddiqui <Siddiqui@isoc.org>, Max Stucchi <stucchi@isoc.org>, Hanna Kreitem <Kreitem@isoc.org>
Message-ID: <ZBxcTHebGjhJGpzh@snel>
References: <SJ0PR06MB7677230255CC9134CAF94E98D6879@SJ0PR06MB7677.namprd06.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <SJ0PR06MB7677230255CC9134CAF94E98D6879@SJ0PR06MB7677.namprd06.prod.outlook.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/4zQLBjeR-M5CR8v59cpPKonM2FQ>
Subject: Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2023 14:04:07 -0000
Hi folks, Thanks for your time and message. On Thu, Mar 23, 2023 at 01:22:32PM +0000, Amreesh Phokeer wrote: > Thank you to all those involved in this draft. We have reviewed the > document and here are our comments: > > 1. Section 4: “An AS SHOULD NOT have more than one ASPA” > * It should be clarified that one ASPA per AFI is tolerated Why? > * How do you do “make before break” in case an AS is changing > provider or in the case of a resource transfer? I feel I'm perhaps missing some context behind this question. Isn't it standard make before break? Add the new provider, set up BGP configurations accordingly, decommission BGP with the old provider, and then update the ASPA? > 2. VAP: it is unclear whether how the VAP will be merged but > grouped by AFI in the case of multiple ASPAs? Ok, I suppose some 'merging' examples can be added in a non-normative Appendix. Something along the lines of "given ASPA 1 and ASPA 2, the VAP outcome is ABC". Thank for the suggestion. > 3. Validation of the ASPA payload > * A Customer ASID cannot be 0, should it be mentioned in the > document or rather in the profile document? I'm not entirely sure its worth mentioning: the CustomerASID is constrained through the RFC 3779 delegation of authorizations: it seems unlikely a RIR will delegate the ability to sign for AS 0 to any LIR. Secondly, 'AS 0' cannot appear as value in BGP AS_PATHs, so such an ASPA would never match any BGP updates. > * To make it clear “AS 0 ASPA MUST only have AS 0 as Provider > AS”, it doesn’t clearly mention that “normal” ASPA (non AS 0 > ASPA) MUST NOT have AS 0 in the Provider AS. > * In the absence of point ‘b’ what if AS 0 is added as Provider > AS in the ‘normal’ ASPA? I'm a bit unclear on what is meant with the above two points, can you further clarify? > 4. ROV vs ASPA validation states, keep the states consistent (Unknown/notfound) > * ROV States [valid, invalid, notfound] vs ASPA states [valid, invalid, unknown] Why? Route Origin Validation and ASPA verification are two different algorithms with different inputs and different outputs. To me it doesn't seem to increase consistency. Thanks for the feedback so far! Kind regards, Job
- [Sidrops] WGLC = draft-ietf-sidrops-aspa-verifica… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Chris Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… gengnan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amir Herzberg
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amir Herzberg
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Borchert, Oliver (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Zhuangshunwan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amreesh Phokeer
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Aftab Siddiqui
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Di Ma
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… gengnan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… 戴志滨
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Russ Housley
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- [Sidrops] Fw: WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- [Sidrops] Making ASPA AFI-Agnostic - coordination… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Tim Bruijnzeels
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Di Ma
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Matthias Waehlisch
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Claudio Jeker
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Ties de Kock
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Borchert, Oliver (Fed)
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Borchert, Oliver (Fed)
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov