IETF Logo Mail Archive

Re: [Sidrops] Which 8210-bis error code should be used?

Yangyang Wang <wangyy@cernet.edu.cn> Wed, 07 June 2023 12:42 UTC

Return-Path: <wangyy@cernet.edu.cn>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 601D9C152F30; Wed, 7 Jun 2023 05:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.888
X-Spam-Level:
X-Spam-Status: No, score=-6.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ha5EU21rzcEZ; Wed, 7 Jun 2023 05:42:11 -0700 (PDT)
Received: from tsinghua.edu.cn (smtp07.tsinghua.edu.cn [101.6.4.31]) by ietfa.amsl.com (Postfix) with ESMTP id 4B633C14CE2F; Wed, 7 Jun 2023 05:42:09 -0700 (PDT)
Received: from LAPTOPL2PP3VPI (unknown [123.112.65.188]) by web4 (Coremail) with SMTP id ywQGZQBHVHsIe4BkHdm3Ag--.16956S2; Wed, 07 Jun 2023 20:41:44 +0800 (CST)
From: Yangyang Wang <wangyy@cernet.edu.cn>
To: "'Hollyman, Michael'" <mhollyman=40verisign.com@dmarc.ietf.org>, sidrops@ietf.org
Cc: draft-ietf-sidrops-aspa-verification@ietf.org
References: <F338C878-E41A-4DB7-A4C6-1CEE0A6F6502@verisign.com>
In-Reply-To: <F338C878-E41A-4DB7-A4C6-1CEE0A6F6502@verisign.com>
Date: Wed, 07 Jun 2023 20:41:44 +0800
Message-ID: <003401d9993d$6b03db90$410b92b0$@cernet.edu.cn>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQH553NZcvMZkD4W3fhnYVADTLqrpa8+nxgg
Content-Language: zh-cn
X-CM-TRANSID: ywQGZQBHVHsIe4BkHdm3Ag--.16956S2
X-Coremail-Antispam: 1UD129KBjvJXoWxuF47Zr1DJw1rXr4kWr17KFg_yoW5GFWkpF W0qF48Krn7Jr4xCas7Zw1aqw4YvrW7Ja47Krn3t34kCFy5Gr9Fgr97Ka15ZFy7Wr1fCr12 vrW2939rXw1qvFJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUkFb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Jr0_Gr1l84ACjcxK6I8E87Iv67AKxVW8Jr0_Cr1UM28EF7xvwV C2z280aVCY1x0267AKxVWxJr0_GcWle2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xv F2IEw4CE5I8CrVC2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r 4UMcvjeVCFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwCY02Avz4vE14v_Xr1l42xK 82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGw C20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1Y6r17MIIYrxkI7VAKI48J MIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r4UMI IF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E 87Iv6xkF7I0E14v26r1j6r4UYxBIdaVFxhVjvjDU0xZFpf9x07bFYLPUUUUU=
X-CM-SenderInfo: 5zdqw5n16fv2xqhwhvlgxou0/
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/ACxjLj2bYHUQq4dyAh7Q8NG-NPs>
Subject: Re: [Sidrops] Which 8210-bis error code should be used?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2023 12:42:16 -0000

Hi all,

A little opposite opinion :)

I support " It is here but don't use it".
It can make the information more accurate for edge cases or some fake link hijacks.
All provider ASNs are listed (just like no afiLimit), and each provider AS is listed only once and is labeled with afiLimit  (just additional attribute information, if like).  Its values MUST be 0000 for ignored (not omitted), 0001 IPv4, 0002 IPv6.  If a customer-provider appears in IPv4 and IPv6 topology, no duplicated PDUs for IPv4 and IPv6, and no need to maintain two tables.
It is here. How to use (or not to use) it depends on uses (implementors, operators, etc). For example,  do not process afiLimit. But if users need this information, they can use them without protocol change.

Yangyang
 

> -----Original Message----
> From: sidrops-bounces@ietf.org [mailto:sidrops-bounces@ietf.org] On
> Behalf Of Hollyman, Michael
> Sent: 2023年6月2日 1:54
> To: sidrops@ietf.org
> Cc: draft-ietf-sidrops-aspa-verification@ietf.org
> Subject: Re: [Sidrops] Which 8210-bis error code should be used?
> 
> I tend to agree with Claudio and Martin here. I think the afiLimit should be
> removed from ASPA, if possible, or it will become just like max-length: "It is
> here but don't use it."  There shouldn't be any inference of intent in ASPA
> when one is published with an AFI and another without.
> 
> It appears to me that the spirit of ASPA is to simply list the provider ASes
> for a CAS. Keeping that simple and by AS, not by AFI, seems to be a logical
> choice.
> 
> Full path control is BGPSec. ASPA is an incremental step forward in
> preventing leaks and some hijacks.  Simplicity of ASPA should be the key in
> order to gain the most acceptance and usage.
> 
> Mike
> 
> On 5/24/23, 03:39, "Sidrops on behalf of Claudio Jeker" <sidrops-
> bounces@ietf.org <mailto:sidrops-bounces@ietf.org> on behalf of
> cjeker@diehard.n-r-g.com > <mailto:cjeker@diehard.n-r-g.com>> wrote:
> 
> 
> > I would love to remove the optional afiLimit from ASPA.
> > I brought this up a few times (well before there was any
> > implementation of any ASPA draft) and every time the answer of some of
> > the authors was no (without any particular reason).
> 
> 
> > As one of the developers of the first RP and only BGP implementation
> > handling ASPA I would enjoy to remove all the code required to handle
> > the afiLimit. We probably control most test deployments (RP and BGP
> > side) and are willing to make this change.
> 
> 
> > --
> > :wq Claudio
> 
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email