Re: [Sidrops] ASPA duplicates
Randy Bush <randy@psg.com> Mon, 04 May 2020 13:39 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86F373A08AB for <sidrops@ietfa.amsl.com>; Mon, 4 May 2020 06:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4d50XrZ-PksF for <sidrops@ietfa.amsl.com>; Mon, 4 May 2020 06:39:36 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 696A73A08A6 for <sidrops@ietf.org>; Mon, 4 May 2020 06:39:36 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1jVbJm-0004U1-KL; Mon, 04 May 2020 13:39:34 +0000
Date: Mon, 04 May 2020 06:39:34 -0700
Message-ID: <m27dxrrf8p.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Tim Bruijnzeels <tim@nlnetlabs.nl>
Cc: SIDR Operations WG <sidrops@ietf.org>
In-Reply-To: <0BC5FAFC-A5A3-4B67-82C1-C1BE90335C95@nlnetlabs.nl>
References: <87pnbrspdr.wl-morrowc@ops-netman.net> <24232.24434.41224.396200@oz.mt.att.com> <d7858280-d86f-4517-a7df-26fc64d3e7f7@www.fastmail.com> <12F90135-5597-490B-947F-F588C2ED3B48@nlnetlabs.nl> <CAEGSd=CUJ9WEUAtgdbghgbCWd6xW_KLr4_pCoWAAen_j+iW-iA@mail.gmail.com> <0BC5FAFC-A5A3-4B67-82C1-C1BE90335C95@nlnetlabs.nl>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/YaFw9CYoXg1oA0feCkAKmGt_Caw>
Subject: Re: [Sidrops] ASPA duplicates
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 13:39:44 -0000
> This might not be easy for existing RPs - with ROAs the thought has > also been that they are cumulative. Now you would need to keep much > more state, and even check between all configured TAs - which until > now could just be processed in parallel. > > I understand your reasoning, but I think this warrants at least some > normative wording in the document and discussion in the security > section. And most importantly I am curious to learn what RP software > implementers think (nowadays I do the CA side, which is much easier in > this context). from draft-ietf-sidrops-8210bis 11. ROA PDU Race Minimization When a cache is sending ROA PDUs to the router, especially during an initial full load, two undesirable race conditions are possible: Break Before Make: For some prefix P, an AS may announce two (or more) ROAs because they are in the process of changing what provider AS is announcing P. This is is a case of "make before break." If a cache is feeding a router and sends the one not yet in service a significant time before sending the one currently in service, then BGP data could be marked invalid during the interval. To minimize that interval, the cache SHOULD announce all ROAs for the same prefix as close to sequentially as possible. Shorter Prefix First: If an AS has issued a ROA for P0, and another AS (likely their customer) has issued a ROA for P1 which is a sub- prefix of P0, a router which receives the ROA for P0 before that for P1 is likely to mark a BGP prefix P1 invalid. Therefore, the cache SHOULD announce the sub-prefix P1 before the covering prefix P0. randy
- [Sidrops] Updated Interim Meeting WebEx Link Chris Morrow
- [Sidrops] ASPA duplicates Jay Borkenhagen
- Re: [Sidrops] ASPA duplicates Job Snijders
- Re: [Sidrops] ASPA duplicates Tim Bruijnzeels
- Re: [Sidrops] ASPA duplicates Alexander Azimov
- Re: [Sidrops] ASPA duplicates rifqyhakimi
- Re: [Sidrops] ASPA duplicates Tim Bruijnzeels
- Re: [Sidrops] ASPA duplicates Randy Bush
- Re: [Sidrops] ASPA duplicates Tim Bruijnzeels
- Re: [Sidrops] ASPA duplicates Alexander Azimov
- Re: [Sidrops] ASPA duplicates Randy Bush