IETF Logo Mail Archive

Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 10/March/2022

George Michaelson <ggm@algebras.org> Mon, 07 March 2022 01:37 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11BED3A088F for <sidrops@ietfa.amsl.com>; Sun, 6 Mar 2022 17:37:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FZKsnQA-DKmy for <sidrops@ietfa.amsl.com>; Sun, 6 Mar 2022 17:37:28 -0800 (PST)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 910B03A08AE for <sidrops@ietf.org>; Sun, 6 Mar 2022 17:37:27 -0800 (PST)
Received: by mail-lj1-x230.google.com with SMTP id u7so18222239ljk.13 for <sidrops@ietf.org>; Sun, 06 Mar 2022 17:37:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=vF/I1EkwrJhHpQxjDb0TFSI5o+BUkqMfg5HK7T5/xFA=; b=t30OuZZ3mS1QrPX1pVHHp475AkHXDsmc33BDb6XpM8wJDCSRzXUcjllfrXJJIGnN24 tQ0Ay+q0RWMUAnq0CdNz8MYqGYS6bKIHz/X2y3wq+mgHq12kopxz3UwWR7i1+gsvEJwQ kRBBFxGhezDELDNMIr1FxgmNZBVZNci7cYOCfJExbR3jFJRnXtTLAyWshbv9SbDwXIxy k5g7ZjtypYdtrU/57PkAd/tignAfdIGzKCicR7ZfIZ+IK2ad0q0APyb0hoGOoyGAQYZ4 md/UsBhLQEQczysfcz2mWlyNzTgDwjtNHuuYERUV22YdNgGdiMeuB5vFw+zjdjcOIM9Y /rcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=vF/I1EkwrJhHpQxjDb0TFSI5o+BUkqMfg5HK7T5/xFA=; b=FETpVrjFzxcLzEj9jL2uY3rPrDeXFB2J6kguy0MohhMq8O1VROYaVYL9zG2MEsPOiI 5q3018LaK5oGRCEL8PjCWaRIUlbw8eo70ojJkl6oM8nuWd14zLUpBUdJ+5gG4swscgJr iN0aBjMmDGIBxBmEdlqlztWfPixT22FZFB3guQVfl1IL4yela4+SifMjQl+O2WijuPug 3fmYkt9xYQfYuCYc6w2MWZ+BfdL1D95nVQUU2Gxcbsb1ph/m9L4+bhCi5lKyHq9/3wZx o2iICO5llk9UsaoDFbmCY7SPR5fq+vPSG/I78buhdxt/NRq6wet0UOcFtISOuAPDFAe+ 8/Sg==
X-Gm-Message-State: AOAM532wc1plYxGNQDM5bggiByZcrOznaEe0Cf5XuLBPe3mtbo7Cg0Xd bu2lBjMaRPZ6oAUdvuRPr6fLbJBGPSN0BJCeSZelBTkW9Dw=
X-Google-Smtp-Source: ABdhPJzftHK3WX/elORIhxVM+MOeSzwL7UnvsM2uiLif9e+4j96GIO11Le/YnDD8W/3N+3kgMj3xL8BHQxDvhGX1Vy8=
X-Received: by 2002:a2e:8496:0:b0:246:4e82:c7d3 with SMTP id b22-20020a2e8496000000b002464e82c7d3mr5919996ljh.460.1646617044761; Sun, 06 Mar 2022 17:37:24 -0800 (PST)
MIME-Version: 1.0
References: <BYAPR18MB26961DE9F15501CCA12ECCF1C13D9@BYAPR18MB2696.namprd18.prod.outlook.com> <20220307010632.8FFE72EA00F6@minas-ithil.hactrn.net>
In-Reply-To: <20220307010632.8FFE72EA00F6@minas-ithil.hactrn.net>
From: George Michaelson <ggm@algebras.org>
Date: Mon, 07 Mar 2022 11:37:13 +1000
Message-ID: <CAKr6gn2FneMb+dMa6iVZ67zZgR5vnGpuPEu=y3DA8kayuVsmLQ@mail.gmail.com>
To: "sidrops@ietf.org" <sidrops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/FDFzAnEDA4myE8Ml0yDb3nuZZPQ>
Subject: Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 10/March/2022
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2022 01:37:39 -0000

I am not a BGP speaker and I don't forward packets. I no longer have a
role in the Registry RPKI service delivery here at APNIC so in many
respects my comments are superfluous. That noted, I support
publication.

I was asked by one of the authors to comment, otherwise I would have
remained silent given my lack of role in things: On the whole, I think
it is better for the BGP speakers, the RP and CA developers, to be the
voices heard here these days.

I have read this draft, and I think it provides useful information
regarding the distribution of ROA and contents under each TA, as of
last year. It also provides non normative recommendations to single
prefix per ROA. Any quibbles I have to language could be dealt with,
and have no impact on the semantic intent of the document: I would be
amazed if they aren't ironed-out in the publication process anyway.

The analysis shows that many ROA are made by hosted services in two
RIR (RIPE and APNIC) as of 2021 so  we probably need to reflect on
what has to change to stop grouping up the contents, or how to specify
if you want this not to be done as a delegate controlling resources.
This may be OBE anyway, understanding the producer side code
behaviours would be good but doesn't really hinder publication noting
that the document is non normative advice. Thats for other people to
speak to, I no longer occupy the role which has to determine what to
do here.

I think Rob's comment to "premature optimisation" is a good one.
Allowing multiple prefix per ROA was done for good intent, that it
turns out to be counter-productive is a shame, but reality trumps.

I do have some concerns about the impact of unwinding the multiple
prefix per ROA model, but this has to go to scale/time questions not
absolute ones: we can expect the volume of ROA to increase anyway so
this is about changing the rate of update and volume of discrete
objects, and consequence to RRDP delta size, and rsync serial fetch
size/delay which was going to be met anyway in due course.  I think RP
implementations which unpick VRP to then subsequently re-assert
validity possibly need to change to do more of the 'hysteresis'
preserving behaviour in FIB and RIB we see in BGP seeking to limit
change. To me, this goes to the 'all information, not atoms' idea
behind the repository fetch model that we have. It would not be this
document which helped fix or ameliorate that problem so I see no
barrier to publication.

-George

v2.23.0 | Report a Bug | By Email