Re: [Sidrops] question on draft-ietf-sidrops-aspa-verification-04

["Guyunan (Yunan Gu, IP Technology Research Dept. NW)" <guyunan@huawei.com>]

Hi Alex,

Thanks for the elaboration, which totally makes sense to me. A suggestion here, the description of how to deal with the P2P relation using ASPA (just as what you described below) can be added to the draft for clarification.

Further, Section 5.2 says:
When route is received from provider or RS it may have both Upstream
   and Downstream paths, where a Downstream follows an Upstream path.

The “downstream” refers to both P2C path and P2P path, right? If so, I suggest to change the usage of “downstream” to “non-upstream” or similar wording to avoid confusion.

Another point to confirm with you about Section 5.2:
Additional caution should be exercised when processing prefixes that
   are received from transparent IXes, as they don't add their ASN in
   the ASPATH.

To my understanding, that in this draft, you assume by default that RS prepends its own ASN to the AS_Path, right?

And a final question about Section 7 Siblings (Complex Relations), regardless of the current description of what sibling relation is, do we think that sibling ASes are ASes that belong to the same operator? So any type of transition is free of charge?


BR,

Yunan

From: Alexander Azimov [mailto:a.e.azimov@gmail.com]
Sent: Sunday, May 3, 2020 2:54 AM
To: Guyunan (Yunan Gu, IP Technology Research Dept. NW) <guyunan@huawei.com>
Cc: rv@nic.dtag.de; SIDR Operations WG <sidrops@ietf.org>
Subject: Re: question on draft-ietf-sidrops-aspa-verification-04

Hi Yunan,

Let say that that AS1 is the originator of the prefix, and has created ASPA records. Since AS2 is a peer it will not be included in the list of providers. The AS2 isn't creating any records + making the leak and AS3 is performing ASPA verification procedure.
The 5.1 says:


   When a route is received from a customer, a literal peer, or by a RS

   at an IX, each pair (AS(I-1), AS(I)) MUST belong to customer-provider

   or sibling relationship


In our case, AS3 needs to check that AS1 -> AS2 belongs to c2p pairs. It will check the existence of ASPA record for AS1 - it is present, then it will check the presence of AS2 in the list - it will not be there, thus making the path invalid.

Let me know if you have further questions.

ср, 29 апр. 2020 г. в 05:21, Guyunan (Yunan Gu, IP Technology Research Dept. NW) <guyunan@huawei.com<mailto:guyunan@huawei.com>>:
Hi Alex and Ruediger,

To continue our discussion at the meeting, let’s use the example you provided yesterday. Both lateral peering between AS1—AS2, and AS2—AS3.

First question, does AS1 or AS2 sign any ASPA object for this pair and how?  I see description for Sibling relation representation in Section 7, but haven’t been able to find any for P2P.

Second question, if yes to the above question, how does AS 3 use any of the ASPA object(s) to detect the leak? And if no, how to detect the leak anyway?

Thanks.

Yunan



[10.1.1.0/24]



[AS 1]

[AS 2,AS 3]





--
Best regards,
Alexander Azimov