IETF Logo Mail Archive

Re: [Sidrops] [GROW] IXP Route Server question

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Thu, 10 March 2022 03:31 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B8FB3A1004; Wed, 9 Mar 2022 19:31:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Level:
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIlNIrJAzMLD; Wed, 9 Mar 2022 19:31:30 -0800 (PST)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on20702.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d04::702]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 661FC3A1122; Wed, 9 Mar 2022 19:31:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=itEbvyaSiutz4JqXbBFLj2dr98xG+LJaPgT329wemyj0LBxcH3eMWngynfaIxDRxx/hMtKk8ZremFERhVnlSNVJq3V5mdYUWQSjG9gan6WZandVjvjZcTeoxmykAG22sUnmXCqgPHNtARaJ9cueEjBcsBGM9F3uy2Y+ttzxZnqaFX85/mh0vxhKWBkeTBPQqV8lRMJuRdKeZMt5UYXIUm0wVQ63OPtZxP0TrGhdlU3k3fG8iYvOrJVsujYI92sVLeEMOJHbh/wADlSn4VZfqDlaeBigXEPfC7erPA278Vk9D5QDOjC5ZI3DPrZ+oU7WWIaEJMzkM+srLNHHXzSY4YA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zyAdPQlGcJ0iwc10fgBbyjxd6FpcQPMREB2ITi9M2T4=; b=n991VGmNyJMPIUs48vsluE3UQWS2YSGDdpk3oXweX+A1Li+NvZ019WEDHP2QIIa7IQQS1mJYL2zxH0SkOC2nyZAoNkUl3Oma+1OM8H/Y1QH+63NlIBB8soWVusvQ1M2eNvrAGg+GXyz47K4m02VK4rW9bvOkMpndcbsfJikIuguHB25iIpRkUJ6wUYeJyHn9rXofxX90mfUsrW8M8hbPuC04A5f/VmFlKN9HBKFoa7zm8OEJ7Ksmpth9hViLYTnElO2Any/ZOhL9VuWsBk9dUiXETSTjLdC556XLh50fAVtOZd/5ZwHDyW6ozsleeVQanhvQFjUtFjVpeAzGhU1DMg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zyAdPQlGcJ0iwc10fgBbyjxd6FpcQPMREB2ITi9M2T4=; b=JhuK4Phx7iu7S3TGu5zqs+YLfmBA1hC5vK0snvavKsg341o7+tr1giHRMsf6LAK+F9xKU88ikZrUnwRQUPdgQCw5gLNh5s26MBwKIsmSsFR4u9Ngx46pqxmug/9onccAMyZif6BWihjYFCSam5qExjrJghwNUxwv86NrjaOx/ew=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB7519.namprd09.prod.outlook.com (2603:10b6:806:174::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Thu, 10 Mar 2022 03:31:25 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::c99c:1af3:8454:5d6a]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::c99c:1af3:8454:5d6a%6]) with mapi id 15.20.5038.029; Thu, 10 Mar 2022 03:31:25 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Nick Hilliard <nick@foobar.org>
CC: "grow@ietf.org" <grow@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [GROW] IXP Route Server question
Thread-Index: AdgzI9AepbPeSUXIRROpCLpxuIKvkgAD5f2AAD5dAsA=
Date: Thu, 10 Mar 2022 03:31:25 +0000
Message-ID: <SA1PR09MB81421BCBA7FB59615A7638A5840B9@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB8142093BE50A27A7EED132D884099@SA1PR09MB8142.namprd09.prod.outlook.com> <0db7749f-66fd-5def-a8bb-3ee316cf2ca1@foobar.org>
In-Reply-To: <0db7749f-66fd-5def-a8bb-3ee316cf2ca1@foobar.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d179d794-9f89-4dc6-6995-08da024674c5
x-ms-traffictypediagnostic: SA1PR09MB7519:EE_
x-microsoft-antispam-prvs: <SA1PR09MB7519781B4070DD254935F729840B9@SA1PR09MB7519.namprd09.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: axUBq/yTiufXc5Xo7FoVgMIETEZLGATeTA5oZGrpOEUlkaJ5lXy1dX1aZ7lBuoT/5iATHqQHueUb7bjj88KDK+cQnjk7x/2nuGWL4qIlW3UT9hroYbchcSDSQc+tF3VJdo6CSBbafHMAQgQDI55uLYVykbJk4RcfiqgRi89LH7pYzKi9VMfknbB9l459gKmUZgP5ZyjXE6yKjincBx4oONsuqJce0HN8R01r9dSEhR7aWilREpeHeamAmFOTIzt8Is73Tpy4CEpl6jE5l8ylIEuY45tWsWWtO4n98MgLE92cwTpbX3pCt8+YDgUBZTTpEzQbtDkQwRRuUHOL45MiRfdHwQ8QXEf2H2bS1yVI1dQ8HA+knd3vf4AykjYRHjUeIN5RD2w4nnoH9XLziAzfUHqQ2gJRT5GZuUKYjWg+SbHhVJTu1qqAFemCLBe206rU8xNem1kU073ECto24OEej8FGmywCXvKUTj1Nuk/BbT7CJWWaHzjguokb3yqwKY9TX0x8EF1xBSkv4IXmtq3bckS2J48YPkU2doc/kSNxrcz+B5VESN/zOK0AMbvG6UTBbPwR7AqD1SY2mnns0tTJ+25jWXLg/NjxrRCxMiclVb7iy8a2ga+z+f1RXbaOYx2f6Yj0PbnJgDHrpoSXqCqKBCrKK70tUxLATOfKoJGFfFJGoAa4uRk22JA0f2fWgJAit2ICGip+/J0IdiQm7XQwmw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(9686003)(508600001)(71200400001)(66946007)(6916009)(52536014)(4326008)(6506007)(55016003)(7696005)(186003)(26005)(76116006)(33656002)(83380400001)(54906003)(38100700002)(66446008)(8676002)(64756008)(316002)(66556008)(82960400001)(122000001)(8936002)(2906002)(5660300002)(66476007)(86362001)(38070700005)(53546011); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?UGJabkF3bUFvL1JKZXMrWVEvV3NmRDJXSDN4eFdiUkFzSHUxZHRuQlhXMC9H?= =?utf-8?B?aTJXSlcwMisxN213aWoyeTJpbVViZnlYMFJOTTBkY0wxRlh1Y2RtcjVTWTQv?= =?utf-8?B?Sk8xMGNITUhYZENPMXBPMVoxc2NRR0dVTFZJRFFnNHFVSzluTE5aQ1FISGIv?= =?utf-8?B?c0FmeCtTVHkrRTUxN3E1dmM0Y01yWTdNL0VyUUtJdnZjWGRvOUF4eldEaEpC?= =?utf-8?B?clRySXpTc01JR21uM1pLYzlQQURHbWlNV1RaYk9iQ0ZjSzY3NjJjZmFXQnNh?= =?utf-8?B?endONzFOcTJFL0pUS2tvK1JTSkFRR0xMa0VrOWtlUlJQSWVlRWcvYWxacFBa?= =?utf-8?B?bUJQVy9Ia1hCL1o3UUpWeFpwNHQ1NE1TSnU3dkVDeUlDb00rOEFBeVB6Ui81?= =?utf-8?B?YlE3RjA1YW1UUXB3c2NuMVkvNVBWaFJCTVV3NHJWelgvdVdrZHZ4dXVOUUxY?= =?utf-8?B?ZFprRDQrc0Zjckt4Mi9penJOb3dPME80blpXVGhURW9SL01IN2lFWFBqVzBq?= =?utf-8?B?MDQ3bGpTT3VQYnZ4TURLTysxdE1WK3hTWVVIQ1ZSODI4TTduNnRsaHUrNkJF?= =?utf-8?B?Q0ZHcXQ1Y3JPZXRyTnF2NlJ2eWVsL3dPV1dDMmp5djdKcFk3MDdUWUx5eklR?= =?utf-8?B?T3ljWEo4SXVJMGdWQ3lPN3R3NTkrc2NDKzZZUFpjTEY3Zm1RVXdUMDNsaCsw?= =?utf-8?B?SkRRem12ZVNGVmFibnZtVTVkNmxDdUtXWHFiMkpoSExRUU85RzhmVlNNcE9w?= =?utf-8?B?Ukl4QUhYNm82QXFweXFVZU50ZHF0blRVQWpoV1pQUXVtOUx4dmhlKzV0anY3?= =?utf-8?B?dDR0U0JEcllSNW93SWlFSldpNXVFYzJWNllPV3hKVjYwSjY3TjdiZUNhd2N0?= =?utf-8?B?WlpVK1pYUFI2VVg2M0svVml6ZVhLUjd0Y3RWZjl6dis1ZWxHWVFicElaTzlH?= =?utf-8?B?R2RjR3VpWUNpWTNRZGFzNXBxeHBIb0tOc2tjSGY5MjFaaDhqellweWRndit3?= =?utf-8?B?S0RyazljUGNNRFVhN2hIbnNKM2xtQkpaQ0FMc1RDMUVUOHRIb3FUUzM3dW5i?= =?utf-8?B?TGs3a1ZISHBxU3g0OEIyWHlQSnRUeUdRMVdUdXl3bFA5NjByNUZXQVNPckhj?= =?utf-8?B?UDNvTDNEeVIwMkVCdmlsaGRib2ZsckVpQURWcDYrU3RoZkZDT0Q0U2JNS3hs?= =?utf-8?B?ZmIvRnVoMGhyR084akgxY1JyRHJUZVJlall5VnpSR0tIS214ZGVnSitMelR3?= =?utf-8?B?M1VOcEVRVmh3L3NkMWwzbXl1TkJEV29Sem9TR3VSYkF6WTJ6L3FFVkdCWFZD?= =?utf-8?B?TUhsVU1SNkNTM1V3UlFkNytnYnRScVRSWkZ5cXFEUzYxMWExVmk2VGJTM09I?= =?utf-8?B?S3gwZkROOUN1cjYreVV0RDFVbUpPOXVkc1JSdFhHTE1MQnNzaDhjd1NzWXln?= =?utf-8?B?a2Q2NjVGdVJGU1hrUjRWdXgzZXcxc05DbWdqRUFWS3hOVXlsTERLcjBGeWNO?= =?utf-8?B?cklybjV5TndIZFh2V2JZTDhhVTJoRWMvNmVBWEUvWlVkdTFHbHVidXJuaEtF?= =?utf-8?B?ZlBxcW9WcndyMXhJU1ZzU3VFdm10OWhDS3lXNm1kYnh5QnhpbDhXd0IxMVpG?= =?utf-8?B?bjlPZ2lZK0gzOWNDRVZFeGhZbWd0M3ZucUFPVXVNOGU4K21HY3FySkJRWWxH?= =?utf-8?B?RTh2VmVHNHVKUXc2dmtsY1JIQ0tvUEF6SWsvcTRITEgwaFFEV2RmZlVPTlZs?= =?utf-8?Q?5jrA8zI18gJNMB1MSlMoBhv8OeTUUpxe4svbVxX?=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d179d794-9f89-4dc6-6995-08da024674c5
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2022 03:31:25.5158 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB7519
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/MYZgFlUNk3MCP-e7fP0-1MyaYLA>
Subject: Re: [Sidrops] [GROW] IXP Route Server question
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 03:31:37 -0000

Nick and all,

Thank you. What you all shared/discussed is very useful info.

>Almost all RS's are transparent these days.  Usually IXPs go to lengths to ensure that the RS ASN doesn't appear in the AS path.

Good to know that. Well, that means there can be an occasional RS that is non-transparent. When there is a non-transparent RS, could there be big ISPs (Tier-1, Tier-2) present there as RS-clients?

The ASPA verification draft treats the relationship of RS to RS-client as similar to that of Provider to Customer. Seems reasonable? The AS of an RS client includes the RS's AS in its ASPA as a "Provider".

Sriram  

-----Original Message-----
From: Nick Hilliard <nick@foobar.org> 
Sent: Tuesday, March 8, 2022 4:28 PM
To: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>
Cc: grow@ietf.org; sidrops@ietf.org
Subject: Re: [GROW] IXP Route Server question

Sriram, Kotikalapudi (Fed) wrote on 08/03/2022 19:36:
> This question has relevance to the ASPA method for route leak 
> detection.
> 
> Is it possible that an ISP AS A peers with a customer AS C via a 
> non-transparent IXP AS B?
> IOW, the AS path in routes propagated by the ISP A for customer C's 
> prefixes looks like this:  A B C.
> I.e., can the AS of a non-transparent IXP/RS appear in an AS path in 
> the middle between an ISP and its customer?

Almost all RS's are transparent these days.  Usually IXPs go to lengths to ensure that the RS ASN doesn't appear in the AS path.

Some organisations provide transit over IXPs, but it's a minority thing. 
It would be very peculiar if an organisation provided transit over an IXP via an RS.

Some organisations provide transit to ASNs over a direct physical connection while maintain peering with their customer over an IXP port. 
Usually this happens by accident, but occasionally it can happen by design.

The answer to your question is that it would be technically possible, but it would be so peculiar and stupid that it should be considered a mistake in the situations where it was intentional. In all other situations, it would be a leak.  Generally it would be safe to assume that this sort of configuration was in error.

Nick

v2.8.7 | Report a Bug | By Email