[Sidrops] ASPA verification questions
Claudio Jeker <cjeker@diehard.n-r-g.com> Wed, 14 December 2022 14:47 UTC
Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9699CC1522A7 for <sidrops@ietfa.amsl.com>; Wed, 14 Dec 2022 06:47:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.895
X-Spam-Level:
X-Spam-Status: No, score=-6.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAmEgoXdeBdS for <sidrops@ietfa.amsl.com>; Wed, 14 Dec 2022 06:47:14 -0800 (PST)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8777FC1522AB for <sidrops@ietf.org>; Wed, 14 Dec 2022 06:47:13 -0800 (PST)
Received: (qmail 95523 invoked by uid 1000); 14 Dec 2022 14:47:09 -0000
Date: Wed, 14 Dec 2022 15:47:09 +0100
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: sidrops@ietf.org
Message-ID: <Y5nh7YrUMjxOy1xA@diehard.n-r-g.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/aeJ6Ep9ZpXb8UcwBRJh3pWoUdi4>
Subject: [Sidrops] ASPA verification questions
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2022 14:47:18 -0000
Hi all, I'm working on ASPA verification in OpenBGPD and while I have the basic validation algorithm working I have a question that is not covered by draft-ietf-sidrops-aspa-verification-11: What should happen with ebgp peers that have no role assigned? The draft implements two algorithms (5.2 and 5.3) which are applied for different session types based on roles. The draft does not mention what should be set for ebgp sessions that have no role configured. OpenBGPD will return "unknown" for all aspa validation calls for such peers. So all their prefixes/paths are marked as ASAP "unknown". Only exception is an empty ASPATH. Empty ASPATHs from ebgp peers are always considered "invalid" (following section 5). -- :wq Claudio
- [Sidrops] ASPA verification questions Claudio Jeker
- Re: [Sidrops] ASPA verification questions Job Snijders
- Re: [Sidrops] ASPA verification questions Ben Maddison
- Re: [Sidrops] ASPA verification questions Randy Bush
- Re: [Sidrops] ASPA verification questions Wanghaibo (Rainsword)
- Re: [Sidrops] ASPA verification questions Claudio Jeker
- Re: [Sidrops] ASPA verification questions Zhuangshunwan
- Re: [Sidrops] ASPA verification questions Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] ASPA verification questions Claudio Jeker