Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
gengnan <gengnan@huawei.com> Fri, 31 March 2023 01:44 UTC
Return-Path: <gengnan@huawei.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31123C14CE5F for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 18:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eR4lEqXAJ5hr for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 18:44:50 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42E64C151701 for <sidrops@ietf.org>; Thu, 30 Mar 2023 18:44:50 -0700 (PDT)
Received: from lhrpeml100003.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4PnjjP57KXz6J77R for <sidrops@ietf.org>; Fri, 31 Mar 2023 09:43:05 +0800 (CST)
Received: from canpemm100009.china.huawei.com (7.192.105.213) by lhrpeml100003.china.huawei.com (7.191.160.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Fri, 31 Mar 2023 02:44:47 +0100
Received: from kwepemm600009.china.huawei.com (7.193.23.164) by canpemm100009.china.huawei.com (7.192.105.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Fri, 31 Mar 2023 09:44:45 +0800
Received: from kwepemm600009.china.huawei.com ([7.193.23.164]) by kwepemm600009.china.huawei.com ([7.193.23.164]) with mapi id 15.01.2507.021; Fri, 31 Mar 2023 09:44:45 +0800
From: gengnan <gengnan@huawei.com>
To: Geoff Huston <gih@apnic.net>, Job Snijders <job=40fastly.com@dmarc.ietf.org>, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
CC: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
Thread-Index: AQHZYuFioqcoXfZ52EmdvoSqLmaoJa8SiS0AgAGUKQA=
Date: Fri, 31 Mar 2023 01:44:45 +0000
Message-ID: <d3f215ff63da40ef98cee6d9a0e68bb0@huawei.com>
References: <ZCVHnAWWUuDJOPRX@feather.sobornost.net> <2A883945-4482-4BF2-8959-5DA6F30CF503@apnic.net>
In-Reply-To: <2A883945-4482-4BF2-8959-5DA6F30CF503@apnic.net>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-Mentions: kotikalapudi.sriram@nist.gov
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.154.89]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/a2YmjlRKILbw20VHtOqdxetqjtU>
Subject: Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2023 01:44:54 -0000
The "RPKI Prefix List" seems helpful to BAR-SAV which needs the full set of source prefixes of an AS. @Sriram, Kotikalapudi (Fed) But, the object needs to be extended to allow the non-announced route prefixes (i.e., hidden prefixes) to be included in the list, so as to cover the DSR scenario. Best, Nan -----Original Message----- From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Geoff Huston Sent: Thursday, March 30, 2023 5:32 PM To: Job Snijders <job=40fastly.com@dmarc.ietf.org> Cc: sidrops@ietf.org Subject: Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?) Hi, I see the Prefix List as completing a “hankshake”. The ROA is a declaration by a prefix holder that does not necessarily have the acknowledgement of the AS holder, and the Prefix List is a declaracter by the AS that does not necessarily have the acknowledgement of the prefix holder(s). But when looked at together then it is possible to infer an agreement between the two parties/roles. thanks Geoff > On 30 Mar 2023, at 5:26 pm, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote: > > Hi folks, > > Following my presentation "ASGroups (or, exploring sunsetting IRR?)" > [1] Geoff commented along the lines of "porting IRR as-sets is the > wrong way to go about it, you should port IRR route-sets!" > > Geoff's proposal is that Autonomous System resource holders should > publish a self-asserted list of IP prefixes the subject ASN MAY > originate. Then remote peers can then use this list to construct > filters for various purposes. > > [ Note: this is not a replacement for RPKI-ROV! Operationally I think > along the the lines of: reject RPKI-ROV invalid routes and > additionally reject routes not listed in the RPKI-PrefixList (in > addition to rejecting ASPA-invalid routes, bogon ASNs, etc, etc) ] > > So, to progress the conversation about "what would it take to sunset > IRR/RPSL; what features or properties does IRR have that are missing > in one form or another in the RPKI?" - we authored the below draft for > your consideration. > > I consider both ASGroups & PrefixList steps in an exploratory study, > and I fully anticipate that by shaking this tree more ideas will fall > into our laps. > > I'm very open to hear from the community what they perceive as > valuable properties of IRR/RPSL, and I am happy to collaborate (read: > I'm happy to do the required ASN.1 work and write running code, even > if its for ideas we abandon down the road). Let me hear your thoughts > on what's beautiful about IRR! > > Kind regards, > > Job / Geoff > > > [1]: > https://datatracker.ietf.org/meeting/116/materials/slides-116-sidrops- > asgroups-thoughts-about-irr-rpki-feature-parity-sunsetting-irr-00 > > > > ----- Forwarded message from internet-drafts@ietf.org ----- > > Date: Thu, 30 Mar 2023 01:01:56 -0700 > From: internet-drafts@ietf.org > To: Geoff Huston <gih@apnic.net>, Job Snijders <job@fastly.com> > Subject: New Version Notification for > draft-spaghetti-sidrops-rpki-prefixlist-00.txt > > > A new version of I-D, draft-spaghetti-sidrops-rpki-prefixlist-00.txt > has been successfully submitted by Job Snijders and posted to the IETF > repository. > > Name: draft-spaghetti-sidrops-rpki-prefixlist > Revision: 00 > Title: A profile for RPKI Signed Lists of Prefixes Document date: > 2023-03-30 > Group: Individual Submission > Pages: 13 > URL: https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.txt > Status: https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rpki-prefixlist/ > Html: https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.html > Htmlized: https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-prefixlist > > > Abstract: > This document defines a "RPKI Prefix List", a Cryptographic Message > Syntax (CMS) protected content type for use with the Resource Public > Key Infrastructure (RPKI) to carry the complete list of prefixes > which an Autonomous System (AS) may originate to all or any of its > routing peers. The validation of a RPKI Prefix List confirms that > the holder of the listed ASN produced the object, and that this list > is a current, accurate and complete description of address prefixes > that may be announced into the routing system originated by this AS. > > > > > The IETF Secretariat > > > > ----- End forwarded message ----- > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops _______________________________________________ Sidrops mailing list Sidrops@ietf.org https://www.ietf.org/mailman/listinfo/sidrops
- [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Geoff Huston
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… gengnan
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Dale W. Carder
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Geoff Huston
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Tim Bruijnzeels
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Tony Tauber
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Tim Bruijnzeels
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Dale W. Carder
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Geoff Huston