Re: [Sidrops] Making ASPA AFI-Agnostic - coordination
Alexander Azimov <a.e.azimov@gmail.com> Fri, 09 June 2023 16:17 UTC
Return-Path: <a.e.azimov@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C05ADC1524B2 for <sidrops@ietfa.amsl.com>; Fri, 9 Jun 2023 09:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O_uQbXDqoU6L for <sidrops@ietfa.amsl.com>; Fri, 9 Jun 2023 09:17:34 -0700 (PDT)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F161DC151B32 for <sidrops@ietf.org>; Fri, 9 Jun 2023 09:17:33 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-1b0314f057cso8079925ad.1 for <sidrops@ietf.org>; Fri, 09 Jun 2023 09:17:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686327453; x=1688919453; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KJzMdMdbaHg4RTvY3nAkRBEM1EYfox+yYiNEIG8qmmI=; b=GL0HaXVgKZmO4jBPJyyRaNs13JDE3oB+jA3SRMGI4Ok9hdjIywhMfLpvtaotzZoLpY lJiWN2qX0oTo4MrnBSLc81kA8GGAEzJaeN4tA00q/bTSzvL0DAXTiYGLpfpz5d5M/Act NxSMdVUfQYxhmmsjsdkNANm2ww+qH4Hh5GPGWerjSNdgVkhiSJjzYzUhLwt1ixtz3eFm 9ipBnrfjh1OeJunX4pRmYR/sjG6nMVnfO5DW8MCgLdv74UhBXlon34smE28g4sVFZ9+v oOHu7mUTjf/hIMXiNKdgrIa6+wXaoqK9QZx4XKCOdbOPVTIprnbqIPfeiB7ygTQUbUY9 wMJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686327453; x=1688919453; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KJzMdMdbaHg4RTvY3nAkRBEM1EYfox+yYiNEIG8qmmI=; b=g4BZAVaN+6SYLg4r/nBxC+g3ZC+OTnndJ3v+WNz7/rG/SaLgmZ19DUsCnEn/cPFaHc mfdmOa0hR8K65Yl6NZiP1Zgjq4OGBDRkhdZ2IfYtKfJxyNtrp8ov8lO9fSO7exON/Uic Wx0TT/VqI8RKK8k1WSj6yubClc1+jNIk2tU1ng2ymMHdZ92Djnx7IyVqyt07Izkhiz/h 963wg16UDaCy1uWkpHxQXIBiX/OcrHfqCUN7/YTzwBRn9QyU4vXh3XBzmjmYuSem88at 5I08hwzv5HnpsHS3FB04MxFhD3gyl1PSQdTyc/A0GmuvweGMUmrUqVpv5wRQGl8NXc4Z eTIw==
X-Gm-Message-State: AC+VfDyPJGo9IKOyKkG4yMc9JQUi9PC+VG0BcBuYPxeGbjx8m5WUguyL Se0r5NVYfSdkbIa1EnsVC11RoUmaCpaa1WkqBI0=
X-Google-Smtp-Source: ACHHUZ4pho6TC0R96QwfSBosZRDIZKpNG27DlJ0VgY3mplkFwSaG4AeT4feQt3poXgh/cvE9U6lZHCGYqqQhWdvjIlc=
X-Received: by 2002:a17:902:e548:b0:1b1:d51c:f3f6 with SMTP id n8-20020a170902e54800b001b1d51cf3f6mr1764485plf.57.1686327453216; Fri, 09 Jun 2023 09:17:33 -0700 (PDT)
MIME-Version: 1.0
References: <ZH+hdvAwuZ7nN3vK@snel> <4dbb0ef4-91fc-6bbd-d979-2d0b736295ac@tu-dresden.de> <ZIBJUycE10HjIfAP@diehard.n-r-g.com> <BLAPR09MB63226569F3349669ABBEA60D9853A@BLAPR09MB6322.namprd09.prod.outlook.com> <62C121A4-DD89-477A-98EC-4356420F4888@vigilsec.com> <BLAPR09MB63223FFA678A45B6530265B49853A@BLAPR09MB6322.namprd09.prod.outlook.com> <AEE28B86-CACA-4280-99C4-505EC4A16963@vigilsec.com> <20230607184927.56a48b58@glaurung.nlnetlabs.nl> <098E4295-F418-41AF-B84F-0F826EA5C477@vigilsec.com> <20230608181210.1f5e5fc4@glaurung.nlnetlabs.nl> <ZIIbxAe9UXVzsFY3@snel> <CAEGSd=Dky1BbxNpsBnf60rbVi8rsK0m3J2n=Sq6rVQ0zmQHUZA@mail.gmail.com>
In-Reply-To: <CAEGSd=Dky1BbxNpsBnf60rbVi8rsK0m3J2n=Sq6rVQ0zmQHUZA@mail.gmail.com>
From: Alexander Azimov <a.e.azimov@gmail.com>
Date: Fri, 09 Jun 2023 19:17:21 +0300
Message-ID: <CAEGSd=CoZ1OqvsoEiqa-Cvg1a0Pqr0rpOWAfzipu-jONYdZF=A@mail.gmail.com>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
Cc: Martin Hoffmann <martin@nlnetlabs.nl>, Russ Housley <housley@vigilsec.com>, "sidrops@ietf.org" <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d2f4f705fdb4b47d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/bH3hMEZrggIgfCE6Wnx_ZAKj5bU>
Subject: Re: [Sidrops] Making ASPA AFI-Agnostic - coordination
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 16:17:37 -0000
The second measurement was done in a different direction. I've measured the number of c2p pairs that are visible only in v4 while both customer and provider support v4 and v6. This time numbers are even higher. The number of 'missing' pairs is 12418 from 53968 (23%). It affects 8481 unique ASNs. The overall number of affected ASNs from the two measurements is 10364. Relatively high numbers. For me it raises several questions: 1. The main point to remove the AFI flag is possible simplification at the router side: it will have a single cache of processed/invalid paths instead of two hashmaps for v4 and v6. I wonder if anybody has measured the memory requirement for such a cache? Keeping in mind, that it should be cached with limited ttl. Or may be we just don't need cache since it have linear complexity? 2. What is the trend for the above numbers? Is there a trend in the diff reduction during the last years? 3. Is it possible to model these relaxed rules to see the effect in number of leaks? During next week I'll try to cover point 2. I wonder if anybody from vendors made implementation evaluations for point 1. And I'd love to see double check of the above data. пт, 9 июн. 2023 г. в 18:16, Alexander Azimov <a.e.azimov@gmail.com>: > Gentlmen, > > Thank you for your patience. > > I believe we are at an important point when the number of prototypes > related to ASPA objects is not high and we can still change the object > structure. > But it should not be done in rush. We are already facing compatibility > issues with the RTR protocol, let's not make the same mistake twice. > > I've made several measurements to find out if it is safe to drop AFI flag > in ASPA object. > The idea behind lays in the assumption that IPv4 and IPv6 connectivity is > merging with the growing adoption of IPv6. > > With that in mind, the set of IPv6 c2p pairs should be included in the set > of IPv4 pairs. > So, I measured the difference: the number of c2p pairs, where the customer > supports both v4 and v6 but the selected pair is not visible in v4. > > I've got 4149 c2p pairs that are visible only IPv6 from overall 43470 such > pairs (9.5%). > This affects 3516 unique ASNs from overall 24286 ASNs with dual stack > (11%). > > The biggest input comes from HE operations, which acts as a provider for > 1242 ASNs only in v6 while running open peering policy in v4. > > > чт, 8 июн. 2023 г. в 21:20, Job Snijders <job=40fastly.com@dmarc.ietf.org > >: > >> On Thu, Jun 08, 2023 at 06:12:10PM +0200, Martin Hoffmann wrote: >> > Russ Housley wrote: >> > > >> > > In CMS, the version number indicates which alternatives are possible >> > > in some CHOICEs. The point is to ensure that the ASN,1 decode >> > > operation will work if you recognize the version number. >> > >> > But, crucially, the overall structure remains the same. The new version >> > of the draft changes the structure of the ProviderASSet which I think >> > warrants to treat this as an entirely new definition and use a new >> > content type OID. >> >> Another relevant question is whether we want to have a 'grace period' in >> which both formats are valid. I myself would prefer to make this is a >> 'hard cut', simply a breaking change to avoid the complications of >> supporting both profiles in my RP implementation. >> >> As far as I know there is only one ASPA verifying deployment (YYCIX), >> and the few already-existing ASPA objects can probably easily be updated >> through a software update. >> >> If the group accepts it as a 'breaking change' and commits to work to >> migrate the tiny ASPA ecosystem in the span of a few weeks, I see less >> of a need to get a new content-type OID. Technically if 'breaking >> change' is the choosen path forward, there wouldn't even be a need to >> bump the version of contained in the eContent. >> >> However, bumping the version contained in the eContent is be a novelty >> in the RPKI ecosystem, so keep things as-is (profile-15) might have some >> value as a learning experience for this community. >> >> In this situation I suspect there aren't objectively right or wrong >> choices, but in the interest of time we should converge and agree rather >> sooner than later on one of the options. >> >> For previous ASPA profile changes no new OID were requested. >> >> Kind regards, >> >> Job >> >> _______________________________________________ >> Sidrops mailing list >> Sidrops@ietf.org >> https://www.ietf.org/mailman/listinfo/sidrops >> > > > -- > Best regards, > Alexander Azimov > -- Best regards, Alexander Azimov
- [Sidrops] WGLC = draft-ietf-sidrops-aspa-verifica… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Chris Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… gengnan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amir Herzberg
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amir Herzberg
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Borchert, Oliver (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Zhuangshunwan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amreesh Phokeer
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Aftab Siddiqui
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Di Ma
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… gengnan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… 戴志滨
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Russ Housley
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- [Sidrops] Fw: WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- [Sidrops] Making ASPA AFI-Agnostic - coordination… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Tim Bruijnzeels
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Di Ma
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Matthias Waehlisch
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Claudio Jeker
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Ties de Kock
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Borchert, Oliver (Fed)
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Borchert, Oliver (Fed)
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov