Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?
Nick Hilliard <nick@foobar.org> Thu, 21 July 2022 11:26 UTC
Return-Path: <nick@foobar.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E80C6C13C53A; Thu, 21 Jul 2022 04:26:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T3VgiU81r7Vt; Thu, 21 Jul 2022 04:26:42 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10537C157B33; Thu, 21 Jul 2022 04:26:40 -0700 (PDT)
Received: from crumpet.local (unknown [89.101.70.74]) by mail.netability.ie (Postfix) with ESMTPSA id 31B659CF12; Thu, 21 Jul 2022 12:26:37 +0100 (IST)
To: Job Snijders <job@fastly.com>
Cc: GROW WG <grow@ietf.org>, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram=40nist.gov@dmarc.ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
References: <SA1PR09MB8142D357A98BFAAF206C387C848F9@SA1PR09MB8142.namprd09.prod.outlook.com> <66814cfa-8425-8063-9193-272bc8b28291@foobar.org> <CAMFGGcDRhaLVi9ESK3+C-pB7rdts2-WTKXFhMSCjuvFFGQ=Cqw@mail.gmail.com>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <185958bf-ddfd-8e69-a086-a29290ec13e7@foobar.org>
Date: Thu, 21 Jul 2022 12:26:35 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:52.0) Gecko/20100101 PostboxApp/7.0.56
MIME-Version: 1.0
In-Reply-To: <CAMFGGcDRhaLVi9ESK3+C-pB7rdts2-WTKXFhMSCjuvFFGQ=Cqw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/HWB_eTmTvzhBzxQ73v0dVt49kjk>
Subject: Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2022 11:26:45 -0000
Job Snijders wrote on 21/07/2022 10:37: > In the spirit of RFC6472, any route with an AS_SET in it should not be > considered valid (by ASPA-based validation). An AS_SET inside an AS_SEQUENCE only makes sense from the point of view of the organisation issuing the route wanting to do weird EBGP loop detection. This is their problem though. No-one wants to see the inside of other peoples' sausage factories. Apart from the deprecation in rfc 6472, there's also rfc6907, which has a complex set of rules for handling routes with an origin which is an AS_SET. This complexity is already not good, and of dubious practical use. Replicating something similar to this in ASPA seems like a bad idea overall. The current approach in -09 of marking the route as Unverifiable seems reasonable. 5.3 states that "Unverifiable" SHOULD be treated as semantically equivalent to "Invalid". So yeah, why not just mark as "Invalid" and be done with it? Nick
- [Sidrops] Any credence to AS_SET in the *middle* … Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Nick Hilliard
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Nick Hilliard
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Alexander Azimov
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Ben Maddison
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush