Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS

Re: [Sidrops] [GROW] Any credence to AS_SET in the middle between AS_SEQUENCEs?

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Thu, 21 July 2022 12:48 UTC

From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Nick Hilliard <nick@foobar.org>, Job Snijders <job@fastly.com>
CC: GROW WG <grow@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?
Thread-Index: AQHYm6b3nHaOc2w6EUSXBKZiVD7GSq2IgsKAgAAQ6QCAAB5/gIAADoEX
Date: Thu, 21 Jul 2022 12:46:59 +0000
Message-ID: <SA1PR09MB814208AAECEB913FA60589BC84919@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB8142D357A98BFAAF206C387C848F9@SA1PR09MB8142.namprd09.prod.outlook.com> <66814cfa-8425-8063-9193-272bc8b28291@foobar.org> <CAMFGGcDRhaLVi9ESK3+C-pB7rdts2-WTKXFhMSCjuvFFGQ=Cqw@mail.gmail.com> <185958bf-ddfd-8e69-a086-a29290ec13e7@foobar.org>
In-Reply-To: <185958bf-ddfd-8e69-a086-a29290ec13e7@foobar.org>
Accept-Language: en-US
Content-Language: en-US
suggested_attachment_session_id: 68c49f23-18bd-9e01-4974-ad4914ab5cb6
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8e663afe-ac02-4114-2a6c-08da6b171a34
x-ms-traffictypediagnostic: SA1PR09MB7389:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: R75reo2u3ywao/gogoDxzjGyAZmCs3jO+J7gd+6l/up2FTZMVafx/TrZrkZgPotisYIbORcpqz7ju7YNvhK/TjOeah/fedwvUPhSvkLHTnhuP8z7Ij2tUJCP4YbxcpinlKLxdF9h1RDx47s3/fR/fJT4b+Pc3LpUVAJ98cls+hLvlOXJe1lhLg6SJpaUwecZ3QPpk/Nu41hsZnKQCHqzDOQiQUp+wSz+/C+M/hMLetcYQG0arUYnpA7QNYx+c3BhvZefPftG/MFy3fupV7G7JTg4pm9rx4AybFdAmLSWWHLycAisgDF1/tmfEBNMw4O8Buxom/e/+9o1TdJQZPLsd9RA+cJdFdhvnddXpmBDBwaqQXvcVdzQKrPo4sQ6WeBKHCamZcnZ6BHMPvpUb0gMAZt9NIqhJsF3GOAD19pEUe+45IuOVkRiOxfhIKbn8MLAlURsNbPyyoGbDFfMRfbr4Dhx89eg6FfmZBSTz8DhIEGGx/wR+Jd784Ykzo2peqzoqiGD/BrRaP/cD+RVoFJxf346mEHqXtqq3OWGL5ifrMcnbeCQyszZx64NfuRLJiYwBXsloWmRqHnH89CRqFdEvobvCX0vXFlmozVxbJgxZGSDDWmofZWFaCh+Fm4b6zYLyaKhTdtvJiMq0/azDhBsQPtwL8cJktGyNm/yKacESB0cHNn08ObGMSJC3EF6eG/aTfVQWUr0kkbcmgo5vB0J+UBFkxWfFGK0uVOUjGLFDAcpJG+ld+ngPGfcaPs+h1TiSwb1PwbHFvnZcoPvapKkFCK1ZerkdAPifNp2+IV/GotiXSBLEZ6V1T2grf0PIwf6
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(38070700005)(86362001)(83380400001)(38100700002)(4326008)(54906003)(122000001)(82960400001)(64756008)(66446008)(66556008)(66946007)(66476007)(91956017)(8676002)(55016003)(2906002)(8936002)(52536014)(9686003)(5660300002)(6506007)(26005)(7696005)(186003)(110136005)(498600001)(76116006)(71200400001)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: i5GiIkhwaNoq17uV69iZz41T4xOLwgKDJx76tT9C6i1j2tCKrkR193mKiX+GMr04AOvuhQ1Q/bxKepseprXpcbovAS7tbJp/2MT7SR0Fwe2jLP+pnv+1HDp42Hq6wT4kWZrCckdlCb6816UPM6rq4wMwZaYIhVCSC7f4YYMibazFhtUZUqhQxvp0T7+G+tiSJtQKbNyyO+LLmLgh4F5lSfGHp/yo25nqv1DzrnKhSdWjk/NIhhliY9cy1LYWaYz5+aLePkqX+0PaNZnj7h2pJLTlkFN7ToJhwIdomeBWVOo5CaQPL0WJ0TVnVva6MDlIb/olfWe2f2b7DDVqGihtR9aZvmMrug+2GMTLr4XEfzaaiZ4RThBT3JEwosbrQTrgyZMsWIpIAtlVyAlz6Q15OPOkP8EvL9zN/RwfW1aK+K/A8sm2EjG70bd3zqaxxkTaEqj1G7pXDStxlZi/NWmSS3WB0mCYdzFw89/s1g7a5kJNtS1Ee2sDJalxbLg5RhtWSyMrUZPKQ/BFn+C0rFxg7bESzCfibnA11zhWT+9rH40P3JcigM0Rn1fbgy8p02oMarM3P1nRWrbb6wphO4gvDaapts8ybsoq58qCVE3M05Y6zkfm8wdF6fwXfWdGvs8WxhliSG4NxxR+sVoqbdWoyP94GHz1n3VglFclzlXVkbYY1KwqhU0qn+K1PiQbyy9mbAOpRoZJcmXuMiA8vEQh7LTYJGOU6M0KaFwN+zjA5RrhgP0KEAcxW5GlscJI89bo7jX/++BSBAszcUzcHVtH/KkAf+JLGTptNQxt/D3QsotVyY1wYjuleOMpMXErDMNC021FML4EEeUMv1+n4Uv0ltncymthS3Q2asddWmXZPI5el4SxO1QEVLrqX8XQk+265RNMwvQ3OUtE9Ep1SzxDLm0VDUnEhBlPGd0bVfPEzDXVy0osUoZ0wANGpUDusL1D24B6cASkopz1CFtd9IfFV6z7JwnF3K5nLv6gtpMF0MtZeH0yMxILmrlFuQ4kcs/ZRsRPkY6drG+n2gMcGZA7CVIUIkqyZHv/K/5pWXAnFw/3V4pMzoaAgZxWCpFpx2nVJViBc5ke2lmJMDeWUFQGG4B7fHW3vioErKJXrgnbZdwZpZ+KsKaSvE0pC7Y5Xbtb4Fuvm6IG1HjhKo+W/yo009d6kMBd0qjSyGXaeobT+6snKbjgA60A9sVptulcF1Nk2FgIvFwZwswtrlglPL9U4qtKJecfaoad1W/rSqyXZJdPZuIxoOlPxpfWHNo5wMbXTOWWAX2yHfpN7/WbI2tBN58o3HD/gkk1t2Ow8mzmP+T84jmwxpwe4HcAiTuzBp25lX9N4vdHCDYBPjGT67N8Nn8hMMjPxS2RvUR0juTLzLJJN5x6aGp238jbdyIWDx5/fN/yByAMdfjzGx/OOdGVmaearDzwhmLUuI0bACVSn22q0LrXUm5qjoQfgwpwAVvjgxq/bS5d/MqMaEm0Dqb+LG1Tp2w2xWNw5tw6zUlFncM0bST4drTAhN3/VNdhjFhX52tmlR17/z0eIagtfg8D4Uzlri472MjHDQj6IRFVcpQ=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e663afe-ac02-4114-2a6c-08da6b171a34
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jul 2022 12:46:59.4080 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB7389
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/YgdgeXxFhb88e_eMv6L76Rzrn00>
Subject: Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2022 12:48:25 -0000

Hi Nick,

>Apart from the deprecation in rfc 6472, there's also rfc6907, which has
>a complex set of rules for handling routes with an origin which is an
>AS_SET.  This complexity is already not good, and of dubious practical
>use.  Replicating something similar to this in ASPA seems like a bad
>idea overall.

I am impressed and pleased you looked into rfc6907! Actually, as you know, rfc6811 is what is implemented in routers currently. And rfc6907 only enumerates use cases. I just looked at all the use cases involving AS_SETs in rfc6907 and they are completely consistent with rfc6811 or vice-versa.

I hope my previous post responding to your and Job's comments is helpful. It clarifies the design philosophy with ASPA which follows parallel principles as in RFC 6811 except for the addition of 'Unverifiable' outcome in the ASPA algorithm with potential diagnostic value. 

>The current approach in -09 of marking the route as Unverifiable seems
>reasonable.  5.3 states that "Unverifiable" SHOULD be treated as
>semantically equivalent to "Invalid".

>So yeah, why not just mark as "Invalid" and be done with it?

Like I said in the previous post: Treating an UPDATE with an AS_SET as always 'Invalid' may be reasonable and simplifies the algorithm description except the diagnostic value of the 'Unverifiable' flavor is lost. But if you feel strongly about this, the authors team can discuss this and get back.

Thanks again.

Sriram

[Sidrops] Any credence to AS_SET in the *middle* … Sriram, Kotikalapudi (Fed)
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Nick Hilliard
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Nick Hilliard
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Alexander Azimov
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Ben Maddison
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush