Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?
Job Snijders <job@fastly.com> Tue, 26 July 2022 21:47 UTC
Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 930AFC183561 for <sidrops@ietfa.amsl.com>; Tue, 26 Jul 2022 14:47:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZW7dnURt1Ny for <sidrops@ietfa.amsl.com>; Tue, 26 Jul 2022 14:47:38 -0700 (PDT)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2890EC18357F for <sidrops@ietf.org>; Tue, 26 Jul 2022 14:47:38 -0700 (PDT)
Received: by mail-ed1-x52a.google.com with SMTP id z22so19218830edd.6 for <sidrops@ietf.org>; Tue, 26 Jul 2022 14:47:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=L0w3MBARQx5MxFXf13DhWQLEjKChZG29HzclywIoEJs=; b=sI1TZA9QjxK2Qpcop2wctX+feuoYxAspVBGhrl3epdJWPfZvKy/B6PrEGnASFWd3Je O3eFohHADetqlcqFTbW86RC4mcZWWtH4I4NpRk5wYz8EXSn5lg59LBu0jqmkk8i0vIjG sDEHUJVV9gAh5awcD7zc6xosM3Lw1TDHRIfEc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=L0w3MBARQx5MxFXf13DhWQLEjKChZG29HzclywIoEJs=; b=cT5ZeFneK8kgJLepeRm6qNT0cTwG1bOcFxFIj5vY6bcL5ziMLym1YEWn29yrFBOcDF J2JQdSXtlSkH16IHHqGTbrSnlHJDQSneFQyvGDUD781nw+IecY3WCF9S4d+hNbnrdAAx 9zGsA9FAKfNla6tUcdiSrDRx7xOWnzOx1+obEFGPAlYXQlygg1JFBKixiVmkNW4OZ3w3 AZhhQiWlywjkqbGD7srjdHa82mr87bbzuQ9lGWePMeXWjXyPH6h3yEFcm00ZAInkNyNG NG86/O9Vsj7+abQnxFCuSZGUfR4Nlx6JY8Im7CVsCQyZomrF1Nc2P3mSMJoZG5ZhzQeK 4x7Q==
X-Gm-Message-State: AJIora9Oc2lXmW/wx45FdLKxGgzgfAFWKkbDyJVbunETuLKutdu2nZG1 e+EXCwi96lf5LwTQ/OaCxX8Rtw==
X-Google-Smtp-Source: AGRyM1tt6pQ6e6K/0a0tIxowx9F4pN9a0ywc+KCVlj3nTG7J1R6YdMi/HUxnbtAT0Jo1zc7+VrG6Wg==
X-Received: by 2002:a05:6402:358a:b0:43b:ce8f:df00 with SMTP id y10-20020a056402358a00b0043bce8fdf00mr20278119edc.219.1658872055988; Tue, 26 Jul 2022 14:47:35 -0700 (PDT)
Received: from snel ([2a10:3781:276:2:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id ja12-20020a170907988c00b0072ee0976aa2sm6799019ejc.222.2022.07.26.14.47.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 14:47:35 -0700 (PDT)
Date: Tue, 26 Jul 2022 23:47:33 +0200
From: Job Snijders <job@fastly.com>
To: Alexander Azimov <a.e.azimov@gmail.com>
Cc: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>, Randy Bush <randy@psg.com>, Jeffrey Haas <jhaas@pfrc.org>, Nick Hilliard <nick@foobar.org>, "sidrops@ietf.org" <sidrops@ietf.org>, GROW WG <grow@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>
Message-ID: <YuBg9RqurR3PfJJl@snel>
References: <SA1PR09MB8142D357A98BFAAF206C387C848F9@SA1PR09MB8142.namprd09.prod.outlook.com> <66814cfa-8425-8063-9193-272bc8b28291@foobar.org> <1F8421AA-8514-41FB-A047-EEDAF975B934@pfrc.org> <SA1PR09MB81421D152AC2DA200EDE1D9784919@SA1PR09MB8142.namprd09.prod.outlook.com> <E19A89F1-B892-4D41-99A3-5C551C7FB640@pfrc.org> <SA1PR09MB8142B461A3FCF715071F7EBD84919@SA1PR09MB8142.namprd09.prod.outlook.com> <F02D928E-1600-42C4-B8D0-9A544849A22D@pfrc.org> <m24jzagyi8.wl-randy@psg.com> <SA1PR09MB81422706D5E43E581A75E5B384929@SA1PR09MB8142.namprd09.prod.outlook.com> <CAEGSd=AYgEqhcsFvoxppkBQYXOVcEiJ7qe2MrL4-qDCQcKDJZw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAEGSd=AYgEqhcsFvoxppkBQYXOVcEiJ7qe2MrL4-qDCQcKDJZw@mail.gmail.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/b8MCkMm50W22mv9MkMpRh_B8q_g>
Subject: Re: [Sidrops] [GROW] Any credence to AS_SET in the *middle* between AS_SEQUENCEs?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2022 21:47:41 -0000
Dear Alexander, others, On Tue, Jul 26, 2022 at 04:14:36PM +0300, Alexander Azimov wrote: > The current version of the draft follows the wording from > draft-ietf-idr-deprecate-as-set-confed-set > > BGP speakers conforming to this document (i.e., conformant BGP > speakers) MUST NOT locally generate BGP UPDATE messages containing > AS_SET or AS_CONFED_SET. Conformant BGP speakers SHOULD NOT send BGP > UPDATE messages containing AS_SET or AS_CONFED_SET. Upon receipt of > such messages, conformant BGP speakers SHOULD use the "Treat-as- > withdraw" error handling behavior as per [RFC7606 > <https://datatracker.ietf.org/doc/html/rfc7606>]. > > > As you can see, it uses 'SHOULD'. And this was the reason to have an > additional 'Unverifiable' state, because the 'Invalid' routes MUST be > rejected. Ultimately it is up to network operators whether they deploy routing policy that reject ASPA-Invalid routes. What's important here is to mark routes that contain an AS_SET in the AS_PATH as 'Invalid' when performing ASPA verification. > If the WG agrees to change normalative language from 'SHOULD' to > 'MUST', the ASPA document will follow. I don't see that dependency; however there seems to be good consensus to remove the "Unverifiable" state from the Internet-Draft and instead mark routes as "Invalid" if an AS_SET is encountered anywhere in the AS_PATH. Kind regards, Job
- [Sidrops] Any credence to AS_SET in the *middle* … Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Nick Hilliard
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Nick Hilliard
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Jeffrey Haas
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Alexander Azimov
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Ben Maddison
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Job Snijders
- Re: [Sidrops] [GROW] Any credence to AS_SET in th… Randy Bush