IETF Logo Mail Archive

Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?

Nick Hilliard <nick@foobar.org> Thu, 21 July 2022 08:37 UTC

Return-Path: <nick@foobar.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F55C157B4C; Thu, 21 Jul 2022 01:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmSppVppqvt0; Thu, 21 Jul 2022 01:37:03 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C220CC14CF06; Thu, 21 Jul 2022 01:37:01 -0700 (PDT)
Received: from crumpet.local (unknown [89.101.70.74]) by mail.netability.ie (Postfix) with ESMTPSA id C596A9CEB8; Thu, 21 Jul 2022 09:36:56 +0100 (IST)
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram=40nist.gov@dmarc.ietf.org>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>, GROW WG <grow@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>
References: <SA1PR09MB8142D357A98BFAAF206C387C848F9@SA1PR09MB8142.namprd09.prod.outlook.com>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <66814cfa-8425-8063-9193-272bc8b28291@foobar.org>
Date: Thu, 21 Jul 2022 09:36:55 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:52.0) Gecko/20100101 PostboxApp/7.0.56
MIME-Version: 1.0
In-Reply-To: <SA1PR09MB8142D357A98BFAAF206C387C848F9@SA1PR09MB8142.namprd09.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Mox9NLS8hlr42kLfQDqEVsO8GpA>
Subject: Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2022 08:37:06 -0000

Sriram, Kotikalapudi (Fed) wrote on 19/07/2022 22:24:
> Question: Operationally, is an AS_SET ever used in the*middle*
> between AS_SEQUENCEs? Or, should one simply give zero credence to
> it?

tl;dr: epsilon levels of credence.

in the context of EBGP connectivity, on the internet, having an AS_SET 
in the middle of a sequence means that whoever is responsible for 
leaking that is exposing far more about their internal sausage factory 
than I ever want to know.  There could possibly be valid reasons, but 
it's far more likely that this is the outcome of temporary or simply 
poor quality routing policies.

ASPA somewhat assumes a naive/simplistic routing policy.  Having AS_SET 
support of this style means that it's entertaining a far greater level 
of complexity than ASPA's target network might operate. There are echoes 
of the DNS camel here.

Nick

v2.23.0 | Report a Bug | By Email