IETF Logo Mail Archive

Re: [Sidrops] Format of ASPA RTR PDU

Claudio Jeker <cjeker@diehard.n-r-g.com> Tue, 19 December 2023 10:05 UTC

Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D2FEC14F60B for <sidrops@ietfa.amsl.com>; Tue, 19 Dec 2023 02:05:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.905
X-Spam-Level:
X-Spam-Status: No, score=-6.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9-1OWSLef77 for <sidrops@ietfa.amsl.com>; Tue, 19 Dec 2023 02:05:44 -0800 (PST)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A0B6C14F60A for <sidrops@ietf.org>; Tue, 19 Dec 2023 02:05:42 -0800 (PST)
Received: (qmail 65249 invoked by uid 1000); 19 Dec 2023 10:05:39 -0000
Date: Tue, 19 Dec 2023 11:05:39 +0100
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: gengnan <gengnan=40huawei.com@dmarc.ietf.org>
Cc: sidrops <sidrops@ietf.org>
Message-ID: <ZYFq8we3BMBji6jb@diehard.n-r-g.com>
References: <63ecbc8e-afe9-468a-9f84-91ed436ac4ce@nic.cz> <20231206111246.077a9d46@glaurung.nlnetlabs.nl> <CAL9jLaZxbmP86BrS6GTzLuZArmdVfq5UGF0_2GzpZFnEcAcyEA@mail.gmail.com> <20231215102600.259f9a49@glaurung.nlnetlabs.nl> <CAL9jLaaJED6tsQMX5C0HuABcJ4zQ8ECD0G0DAHBy6aqUSSyJyQ@mail.gmail.com> <m2il4zbecl.wl-randy@psg.com> <5DCA686A-8BA9-43FF-9675-4C6804C8208D@nlnetlabs.nl> <8F3E272D-9358-4A63-B156-8C768D46CC7D@nlnetlabs.nl> <C6809556-2957-4E50-93FF-E392B69EE19C@vigilsec.com> <43e9a8461d05470190ee7d3a7bb46cf4@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <43e9a8461d05470190ee7d3a7bb46cf4@huawei.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/TV0Gzys0J7M3PNwWZrAKWshGpSU>
Subject: Re: [Sidrops] Format of ASPA RTR PDU
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2023 10:05:48 -0000

On Tue, Dec 19, 2023 at 03:07:25AM +0000, gengnan wrote:
> Whether there is an interim meeting or not, it would be good to have an
> issue list to help people keep track of critical issues (not only
> encoding, but also parsing, ...) and avoid going through emails in the
> future.
> 

Critical Issues for draft-ietf-sidrops-8210bis:

- Section 5.12. ASPA PDU
   Adjust PDU format and text to reflect draft-ietf-sidrops-aspa-profile

- Section  7. Protocol Version Negotiation
   While implementing this in stayrtr and openbgpd I realized that the
   currently proposed version negotiation is brittle and prone to unwanted
   downgrades.

I added the last suggested text for Section 5.12. below.
-- 
:wq Claudio

5.12. ASPA PDU

0          8          16         24        31
.-------------------------------------------.
| Protocol |   PDU    |          |          |
| Version  |   Type   |   Flags  |   zero   |
|    2     |    11    |          |          |
+-------------------------------------------+
|                                           |
|                 Length                    |
|                                           |
+-------------------------------------------+
|                                           |
|    Customer Autonomous System Number      |
|                                           |
+-------------------------------------------+
|                                           |
~    Provider Autonomous System Numbers     ~
|                                           |
~-------------------------------------------~

The ASPA PDU supports [I-D.ietf-sidrops-aspa-profile]. An ASPA PDU
represents one single customer AS and its provider ASes. Receipt of an
ASPA PDU announcement (announce/withdraw flag == 1) when the router
already has an ASPA PDU with the same Customer Autonomous System Number
replaces the previous one. The cache MUST deliver the complete data of an
ASPA record in a single ASPA PDU.

The router MUST see at most one ASPA from a cache for a particular
Customer Autonomous System Number active at any time. As a number of
conditions in the global RPKI may present multiple valid ASPA RPKI records
for a single customer to a particular RP cache, this places a burden on
the cache to form the union of multiple ASPA records it has received from
the global RPKI into one ASPA PDU.

The Flags field is as described in Section 5.

For the ASPA PDU, the announce/withdraw Flag is set to 1 to indicate
either the announcement of a new ASPA record or a replacement for a
previously announced record with the same Customer Autonomous System
Number. Such a PDU contains the Customer Autonomous System Number and
MUST contain one or more Provider Autonomous System Numbers. The number
of Provider Autonomous System Numbers is calculated according to the
Length of the PDU which must be equal or larger than 16.

If the announce/withdraw flag is set to 0, it indicates removal of the
entire ASPA record for that Customer AS. A withdraw only contains the
Customer Autonomous System Number therefor Length MUST be 12 and no
Provider Autonomous System Numbers are to be included.

v2.23.0 | Report a Bug | By Email