From nobody Thu Mar 11 07:15:37 2021 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA1C73A109D for ; Thu, 11 Mar 2021 07:15:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.918 X-Spam-Level: X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lClytcQkZmWP for ; Thu, 11 Mar 2021 07:15:33 -0800 (PST) Received: from out20-14.mail.aliyun.com (out20-14.mail.aliyun.com [115.124.20.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ECE63A1094 for ; Thu, 11 Mar 2021 07:15:30 -0800 (PST) X-Alimail-AntiSpam: AC=CONTINUE; BC=0.100022|-1; CH=green; DM=|CONTINUE|false|; DS=CONTINUE|ham_system_inform|0.735849-0.00268867-0.261462; FP=0|0|0|0|0|-1|-1|-1; HT=ay29a033018047192; MF=madi@rpstir.net; NM=1; PH=DS; RN=2; RT=2; SR=0; TI=SMTPD_---.JjYkZM7_1615475720; Received: from 192.168.3.3(mailfrom:madi@rpstir.net fp:SMTPD_---.JjYkZM7_1615475720) by smtp.aliyun-inc.com(10.147.41.178); Thu, 11 Mar 2021 23:15:20 +0800 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) From: Di Ma In-Reply-To: Date: Thu, 11 Mar 2021 23:15:19 +0800 Cc: "sidrops@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <278925A4-91B9-4B8F-B4CC-6F72B77462B3@rpstir.net> References: To: George Michaelson X-Mailer: Apple Mail (2.3654.60.0.2.21) Archived-At: Subject: Re: [Sidrops] draft-sidrops-rpkimaxlen X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Mar 2021 15:15:37 -0000 Interesting. AS0 ROA is yet another thing we can take into consideration. Di > 2021=E5=B9=B43=E6=9C=8811=E6=97=A5 23:07=EF=BC=8CGeorge Michaelson = =E5=86=99=E9=81=93=EF=BC=9A >=20 > Is there a role for use of AS0 ROA, to "punch out" the elements > between /len and /maxlen, that are not "wanted" in routing? >=20 > Is there a role for short-life AS0 ROA, to mark the "emergency use" > more specifics, So they can come live on the time for the AS0 to die > out or be repudiated, but not have to be announced until needed? >=20 > (C/F Randy: George: stop inventing things we don't need) also (C/F > this may not actually be a new thought bubble)\ >=20 > -G >=20 > On Thu, Mar 11, 2021 at 5:34 PM Di Ma wrote: >>=20 >> Jakob, >>=20 >>> 2021=E5=B9=B43=E6=9C=8810=E6=97=A5 21:07=EF=BC=8CJakob Heitz = (jheitz) =E5=86=99=E9=81=93=EF=BC=9A= >>>=20 >>> I agree that a hijack is made easier when a ROA exists without a = corresponding BGP advertisement. >>>=20 >>> Implementing DDOS and RTBH as indicated in the draft is difficult = without the ROAs for the required BGP announcements. As indicated in the = draft, creating and distributing the ROAs required for RTBH and DDOS = scrubbers is time consuming. >>>=20 >>> Note that these ROAs are not required throughout the entire BGP = space, the world. >>> These ROAs are only needed near the AS requiring these services, = thus distributing them >>> around the entire world, just for some local RTBH implementation is = disruptive to the >>> rest of the world. >>>=20 >>> To help with these "limited distribution ROAs" that are required = quickly, and in >>> a smaller space than the entire BGP space, I propose to invent a new = BGP address >>> family to publish them. Using BGP to publish a ROA enables fast = distribution >>> and allows to limit the distribution to only those ASes that need = it. >>=20 >> As I am maintaining RPSTIR the RP Software, I have been working on a = feedback mechanism to enable RP to learn from BGP announcements to = establish local/neighbor view. In the context of RPKI, I see those ASes = sharing the same one RP are local. >>=20 >> I think your proposed "limited distribution ROAs=E2=80=9D is going = to help create local/neighbor view. >>=20 >> Granted, we may have the ROA validation by RP not the router itself = and should work on the interface between them. >>=20 >>>=20 >>> Anybody want to help me write a draft? >>=20 >> Count me in if you think an RP implementor can help. >>=20 >> Di >> _______________________________________________ >> Sidrops mailing list >> Sidrops@ietf.org >> https://www.ietf.org/mailman/listinfo/sidrops >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops