IETF Logo Mail Archive

Re: [Sidrops] Clarification of draft-ietf-sidrops-aspa-verification-03

Alexander Azimov <a.e.azimov@gmail.com> Sat, 01 February 2020 20:17 UTC

Return-Path: <a.e.azimov@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3631201AA for <sidrops@ietfa.amsl.com>; Sat, 1 Feb 2020 12:17:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PlG9qtt8Dn_H for <sidrops@ietfa.amsl.com>; Sat, 1 Feb 2020 12:17:18 -0800 (PST)
Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DFA9120154 for <sidrops@ietf.org>; Sat, 1 Feb 2020 12:17:18 -0800 (PST)
Received: by mail-oi1-x236.google.com with SMTP id i1so10875147oie.8 for <sidrops@ietf.org>; Sat, 01 Feb 2020 12:17:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pzekU9svsca6lfGpW2c6KAqcewWMI20I67kAWeWVr88=; b=U75n1rB+50/B/uV/JzdaXPZ3S/o4xFps/iDNzybfTIeply2Tp2ughy86oIm6jOwl9w cA9pZBi5Y5yF4Dmc013Vh/ezRvhS3AmJm7YP6/xv4lZxVeRJXzoGlQTk4kB+Cl70QmZN 2ZWuIrEOQkBiJdBfJep+K3uRYRtCx4jpbPJPj9VOz7Ru27t9hQgC7Adm+GdjHSpH1ody HaKMuaNVfSjEhBHSIZilkMaNUFuCTSgUuxPdovc/XLUZEdGh3IBudFKhxA6rxmhdwypy VBdnmb3i4ky68uNMEZc48Ix3VVX4l9KRoxYyilUlkGAC+gOs2Zf12oJW9oxRdQSrLgJk BQfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pzekU9svsca6lfGpW2c6KAqcewWMI20I67kAWeWVr88=; b=KSqVBG2F5EWzeYnWjmi2qGpTYK4EGC4Q2tGIjWzr8RzrAQNlJ8BuUy6eC9yQKDc5k/ 67fUd/zN7pvvHV9rhKS2nyPCkfhp+zKm18vXyFXCZoxi3/+fzbOXkzoMbwlnHatdoj6G ndkwV1wgENNxSFAPbLeoeE64qYm1ycvZ6cFaSe1kLh7AjGor+9whQ/Ku/UEwAdKdX+JP XHx0w53nntAxqOtFDs72XUNx8fPLU/dlnrooq+CPiDcDyx7nwZrhxXJumDix7tcIeikl uIbD4Ezh1Ow7x8FI6J1EVfG5rOEP1pjPAp120rselUIkyJwk8HrkcdjDuKNAn60aBtZP HNSw==
X-Gm-Message-State: APjAAAXye/0lTlrD6btAEZAq/l2wXXrsJmlvVe+jbt1XEh1B3yKki0pe sNzWGb/0Nm94YammFCPCbtunL3pVN8hfDV1wiyc=
X-Google-Smtp-Source: APXvYqzvF4iFEJGGO19O3OhXi2Qn99+PrJZi8dtlDc7rGZKmBBbsjssbkcAu6kEWc1nhpqYH01DvzdLvFa6KBdWURpg=
X-Received: by 2002:a05:6808:319:: with SMTP id i25mr10318937oie.128.1580588237825; Sat, 01 Feb 2020 12:17:17 -0800 (PST)
MIME-Version: 1.0
References: <20200109114608.GA24582@corley.shackle.nl> <CAEGSd=D5jZzxqWCdzxwYf4G2869r059+oB7yoioWomneAXaUCw@mail.gmail.com> <20200121080553.GA18351@corley.shackle.nl>
In-Reply-To: <20200121080553.GA18351@corley.shackle.nl>
From: Alexander Azimov <a.e.azimov@gmail.com>
Date: Sat, 01 Feb 2020 23:17:06 +0300
Message-ID: <CAEGSd=ALSvsR-iYWjW5KsHhFU8=GaNncmqwT-_ZY8XUVrR-0Dw@mail.gmail.com>
To: Luuk Hendriks <luuk@nlnetlabs.nl>
Cc: SIDR Operations WG <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000073a9e6059d896011"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/UseKiV2GUfC5dRnobJnnKoHM8oA>
Subject: Re: [Sidrops] Clarification of draft-ietf-sidrops-aspa-verification-03
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Feb 2020 20:17:21 -0000

Hi Luuk,

Thank you for another good question.
Your understanding is correct: with the ASPA technique, you can detect only
mistakes when the route is received from a provider or RS.

It is explicitly stated in the security considerations (Sec. 8):

   While the ASPA is capable to detect both mistake and malicious
   activity for routes received from customers, RS-clients or peers, it
   provides only detection of mistakes for routes that are received from
   upstream providers and RS(s).


While this is limiting your opportunity to detect malicious activity, the
only attack scenario is when a provider sends malformed routes to its
customer. At the same time, IMO the opportunity to detect even mistake
leaks coming from providers is great. I recently modeled the work of ASPA
algorithms on top of BMP data in Yandex - it worked and already showed
valuable results.

вт, 21 янв. 2020 г. в 11:05, Luuk Hendriks <luuk@nlnetlabs.nl>:

> Hi Alexander, all,
>
> On Tue 14 Jan 2020, 18:04, Alexander Azimov wrote:
> > In the terms of the draft AS0->AS1->AS2 is an upstream path, while
> AS3->AS4
> > is a downstream path.
> > The invalid state of (AS2, AS3) pair triggers the change of the
> > 'direction', but the following downstream path verification procedure is
> > not applicable to (AS3, AS2) since it can be a peering link, that's why
> I++
> > is used.
>
> Thanks for clarifying, it seems that we did interpret those parts of the
> draft
> correctly then. But we are still wondering whether skipping the check
> after the
> direction change is introducing a problem. (Again, this might be us not
> having
> much operational experience with actual routing, so please bear with me..)
>
>
> What if a bad actor, AS9, inserts itself in the path like this:
>
>                              +-----+
>                     +--------> AS2 +--------+
>                     |        +--+--+        |
>                  +-----+        |        +--v--+
>         +------->+ AS1 |        | +----->| AS3 +--------+
>         |        +-----+        | |      +--^--+        |
>      +-----+                  +-v-+-+                +--v--+
>      | AS0 |                  | AS9 |                | AS4 |
>      +-----+                  +-----+                +-----+
>                                                         |
>                                                      +--v--+
>                                                      | AS5 |
>                                                      +-----+
>
> No valid (AS2, AS9) ASPA is found, so we assume it is a peering link (the
> I++). Direction is changed, so continuing, (AS3, AS9) and (AS4, AS3) are
> checked. Now, if and only if any of these yield Invalid, the final result
> will
> be Invalid. Otherwise, the result will be Valid or Unknown, even though
> there is
> a malicious AS in the path. In other words, is the draft in its current
> revision
> beneficial without (close to) 100% adoption?
> Or, is this situation not considered a problem in reality due to the longer
> AS_PATH and thus a lower preference anyway?
>
>
> Thanks,
>  luuk
>


-- 
Best regards,
Alexander Azimov

v2.23.0 | Report a Bug | By Email