IETF Logo Mail Archive

[Sidrops] Re: Local AS in ASPA validation (draft-ietf-sidrops-aspa-verification-19)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Fri, 28 February 2025 04:06 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@mail2.ietf.org
Delivered-To: sidrops@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 81F1B35A65C; Thu, 27 Feb 2025 20:06:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 1.91
X-Spam-Level: *
X-Spam-Status: No, score=1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.551, GB_SUMOF=5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGwP8tMr9OCG; Thu, 27 Feb 2025 20:06:08 -0800 (PST)
Received: from BY5PR09CU001.outbound.protection.outlook.com (mail-westusazon11011050.outbound.protection.outlook.com [52.101.86.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D0F5935A640; Thu, 27 Feb 2025 20:06:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=D935aOWOfG2MoCjysexIZwuGX3CQyjbdsoR9oNcLkDFlUYnvb70EVptzsEYWovirefXmBMZQS9fN61EMjY2XXMWBfxbtDFvv/eZvu4SfV0SEwXFCDz3rJxosGYf+HEXL0P+veTH8GmkmIyj0Z7oueZveWSuckTDFytO3ejr6Yb0UW7dC8sn7cEwPz7z0JaB3ni7XCe388AnEW1nBUfTxcVsnmGJAFADw1NRrTIDWXeM42K1CYCQIAzIQJB1YQxTQjF/0BdHEAHQXiCpqsfKvy1nnO8Rq1RUPGrc+VlnzKKRqLR9JgNvw7wBIBYJVOaDsmY1tnDy1QNPvTuEt+uCOuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ihvxe7BttLInNSgUlOnGVYsZDqpKGEo63/15G/7Qbcw=; b=YljYxNr3kgrXMrFJV6frCi+J/sg43xPeAkq+zWaKkl6qhQtUzg9vQJnYHJ9sXCXZkvdo+yF+omiB+4/5LjlLnmFeW6+H+bFSMfqwKX4fIPr0DiemLRQ4LpMWNEuhsQVrWsD79ap99MwA544joQQ2JtNHgf1IMyzVHp4+lhoCkrF4xyIzKLqvV302Bju0kUFA6IESelasP7IBzVoP6BF8hBA0RNiZhURwxDKyLUkX0btyCGKqb8FdlGDTf989JXXO9+lTJexIWRTjqEj8zFttEav0EH1vke6eoBP00fMVD0Sl1hBUuo5jwktZLGtyZ+mUl01y5HFKLDNdTfnpit3z0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ihvxe7BttLInNSgUlOnGVYsZDqpKGEo63/15G/7Qbcw=; b=HtcBIDvK4OR/D2mRoS6yFJjhvw1Nqanfo+9/o6jR3fRXYmMO5A/Kbdq3Y9WTMLN1dMNazYEmhsu2rtonLkPQPMFc2h7pEj9A+CNcJfZHvlkcwjgk+eFTXPt/PjWOxEIYmN/F7K8d89TPAqnyJBYCGUEUh6yfnU1nsBihhC5hlpm7AMfZkI6Qk+vhv4UVqgsZUgxB0rIonGDcR9T+5Bm2SvfwrsTEfy4RZ3RenO3gsu4rYCgVWxS0mMPdBFDWRWM2VqXOpV6kXut9PAA2S6va9o3rMsGNA1evzvByNdYqe2vQlGYD/Iq9IjgZindkDpu5jDYq0+xnTwvtrChs+18Y5A==
Received: from DS0PR09MB10598.namprd09.prod.outlook.com (2603:10b6:8:169::7) by MW4PR09MB9801.namprd09.prod.outlook.com (2603:10b6:303:1f3::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.23; Fri, 28 Feb 2025 04:06:01 +0000
Received: from DS0PR09MB10598.namprd09.prod.outlook.com ([fe80::843d:aa72:17f6:c549]) by DS0PR09MB10598.namprd09.prod.outlook.com ([fe80::843d:aa72:17f6:c549%4]) with mapi id 15.20.8489.021; Fri, 28 Feb 2025 04:06:01 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Maria Matejka <maria.matejka@nic.cz>
Thread-Topic: [Sidrops] Local AS in ASPA validation (draft-ietf-sidrops-aspa-verification-19)
Thread-Index: AQHbQLsk2fepIpMUmkq07HyZfPhN9rLeF4dAgAB9BICAZK/L4IABGLqwgA5lLICACeGCYA==
Date: Fri, 28 Feb 2025 04:06:01 +0000
Message-ID: <DS0PR09MB105986776C2B59695412F4B8684CC2@DS0PR09MB10598.namprd09.prod.outlook.com>
References: <172745256625.95078.9833623853831709563@dt-datatracker-7bbd96684-zjf54> <Z0b6p5p1BdI7ZA92@livanecnik.jmq.cz> <SA1PR09MB814294477F77432FF2C16BD4843C2@SA1PR09MB8142.namprd09.prod.outlook.com> <Z1dxSTLLKi9iktxR@livanecnik.jmq.cz> <DS0PR09MB10598E09B9F76F3DB2528C7B184FC2@DS0PR09MB10598.namprd09.prod.outlook.com> <DS0PR09MB1059882B91685BA5BEABF487A84FC2@DS0PR09MB10598.namprd09.prod.outlook.com> <Z7jmbdJOjsrHDOBO@struhadlo.private.jmq.cz>
In-Reply-To: <Z7jmbdJOjsrHDOBO@struhadlo.private.jmq.cz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR09MB10598:EE_|MW4PR09MB9801:EE_
x-ms-office365-filtering-correlation-id: 162adf0e-0343-4d5f-6211-08dd57ad3687
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|38070700018|13003099007|8096899003;
x-microsoft-antispam-message-info: FSu3cFsZDV01Z8Ii/09fJWCq5EXvbSIua0lAeoHq9mxppzHeTudBRgyfuI9hs0j1l74In7V1ClDnZIwAXxfLYkYI4lfkiW/8gvDpbvyBQN4wnHus0GcD3Z6+8jQsSfco03dO4KWUb93ZptJk9+EYO4tLTs3tk6esHGd3t5xePIcM4pfk32le8Aaoe8EGVKtAWPxb8SrpYCsWcOi9wvi/z7Jb1YE7nzNISdsZ8zMToimUF8JQnkVFGdC2gkLb3Gs7n3BuxM2ncajDo4iKUnDFdToFQlQo5tv1JcUexzFSq4YTjh6ZSYI5WF5V1IAu6zPfHVrK+tge2XnzuPTgDN32TTsY5wJ4ocUlATiSnLvZNRj6fGht2lXJhJcQZv3xTMHV4lCasFRZ7PNUAldn3B6jts3E9oQ/kUqsl4naOIML2hDE88fULQuveZCRsWUwhZ2d6aYM/jbNZgmwUaOyGqrUM9wZfAjvdGfAnrleFr8bXF05WoMAtu+xpBZYcV2QO5DuSikdwAVYW1HoWSJCIIPaFttLzCEU//Xtsf60XoR+KC+0KS6A0RoUV5ugvhC/oTz0VJZyCJkMKFJLOZUBSngzJnItMGaMPxOoVaav6JnyTqbY93hgRDJM45sh47Pn9b26Y26wPRLbpFbyZXwfL0Ylbl744hmF3m869Gu57vujMsqmfo5bp3w7pmrUqBFCzphuqFWax3AdFzQHvvFo8CXSnWQIfojaMaBEoZGoB5Df+wpLElu4T9otWS6TDTlM5nbf2tlVBwMwcMoMLG6j6zk9k1At+JqKkcXEidpgcHyuDmBs9cPQrt88KFaWQFKo5GVF6eGItSwJrUktNhHQWqRNj+r4MWP2KdyYE3BeC4qQh2WyzUevw5FiJ3dRyxYLxliS3kJV7E3SxLXygHmqZSItaYSAbM5k/PmaK887G69THcvo1saqtohfcAw8yuWMO+kJZEdOUqYcPwUddF/JRIX1h01xfRQd3IYvHB/HmZq1TmMJDsOjXQGOxNYXNNQwMqfzz23U+TBqEqhLt5scXhOOvv2A6p21GXtsyRB4/FeCAtyqjwoFQ4ttk4PEqDpfSgjfT4dzw9z439wta1/Epw9LXzHC8O28nN5ML8xtj1F6FW3VEe6S66OIuLtVL4gOaew6glV7IIZlBqqOWl/uk7byIrN0PP5jZTmJp2Qa0EKm9AXnDznnMywMGBn15/TlDzRAxVj/Y0ASl3DdFi3aZUYNuG7bwk6/ZK6xPcXtmcnYgtvdo3H3o5e9wVVap44XVojsCdnJRJMaYp6v2ozNAGnbmF8UmIc8G0xGSCeL798bFIhzFqsX7dDjRWapzmSvy3BWHJEhqL58LHt5WQBFDVcMeBQIub97XtiDOZm42zFreqixCPHDfTKCzb2HBGO/A+9NTHD9QCILaygcn4Y69QMMOmeJtrQPuw1+kjETmCK2MMR4D9mrRGvpuy9YEJhlpaHk
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR09MB10598.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(38070700018)(13003099007)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: hY1I3vMfcaRr1IzFiqYH9WopN/l59zoo4e6nvCZmpzGaIBR2UfvdqqMHdHyOtEJS2uEk7dPVyb1G/O5YSIiN0t2wykhqs6VSYHhxnS2dYcBIu2Cl2YIPGsYpV9nMOuGBEr8dyPqNp25Ri34GhQWSAPrmc4PwM/82yTAI9lJJWnibpnN2z6xjl2rb5rsJEmcrxvU4txKRF64GBfe9/cpq59ZPtI+xwu1j9H/HJmMfMEbggp4+lyY0bPGKeIuQnek93Mdw9KFVvt6i69XzKQKzB/pHXzrbelGMZKvA9jiaQialUtt+U+aP8BIaxLlhXqyTay0LWr1zB2mtCCvdLCJ7hW10D8sQVTntWSQL0v6CX5LPBz0JVtzlUePZDe0H7IGj235Y0Ylpc5+g6gt37lrKShHGpXenTdgKCJnfWPLjzevtSNOUQuamBLq/E4cNHpwlKXcH6bwN/3R5Pk6lAeTWXA0By7SZDT8BgkGJ77zCcs/e028vhYDIDK6Qkf8zHpMPQSQ78JhBzQrPpafZ+N/MfOG4r9UmZ6o3OvendxQExRXEKA5kMs0RRx7R2DgcPcA8s6Ncc3zW/IFGZ7MdeORfb8xW4ALHhguMP0rP0PWFo5MH3KCTGQQKI+CybmsPl0sflplORD+CPy2Etba0xHN7pNwFxBBwcWFyDrTyvfCbxIjL8fIopsa79h/aovwmPt5V7Dq8/Ryw8+xLOP9ZjC/X5Y8+fRs/USy5x/71QU66Mka8KiPMuAEqllAz4FlzGRgiZY3QaIMGE6DRvLoWghNJMbUbQzr3vxPB3SBN49t0fsRoN9ovXmWoXu/oI+Oe1WbgPfbEmjA1II/r/tBXPFq9Tz7DqifLNKGvd1i6/VZgXc6rzyjJIrl/ChgucHOhrgnyz+ECwmnKyddxVgc2thDdJ3oJ04uh1abywbst5NS3DA9DELi0O0LbKtuCYIrnNkHZInFwBVsOVv5ou8JdS7prYmmTy8KpaZG0ljlTRhSElQOUqonoHpbS01dsF7chJ8e5G3gFUfIzFP1ff1+lrvhG1FGG0tR35JCaOxSYqelDDaPref12JasJYPLwDTM5xpLmqOmGOKvCyfjiVFTm+hMY+aPO1j5HYr4P/Yiiai49nToU1MG1vtU09lFK6hH46X3EfXSh/NsXFmUxKCxLJ3FVasOnA2sYsdm/VZeRx1SAIhIlVgCSDr7UzGGKIEyyNsoKeG/NXxTGqWpl295tQM74gwIqqqj3ta8kbSztdSf+1M4yub2GsSI2W32o7jb1vmpg35bQoCheaxhQcdt8SA+Uoesw4VDRjZjBsIjrk22bXGr9vNdo42JO9cjHB3/wotuRMf/ozbQHVYg8LaTNlFvqOkysSdlEDoWQrdNFBNDeuM0BIgEUEx8ZH607vWmMmafW1fLxoyHVH0OUcmKHj2S9ijGQbiaIzEGyA1wSDFhhkh5QMsqk0Q7iDn5j6xNgeOIvnhx+JhjTq9blSpSFtMBeVYotD6JwwNAe9v1dV06cNq9PYaPiSErip4r/wdS0OkE8OQfKv3w43ElRa4ZIOh9ye2BU0ehn6U5/0a8G0TmhTgA=
Content-Type: multipart/alternative; boundary="_000_DS0PR09MB105986776C2B59695412F4B8684CC2DS0PR09MB10598na_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR09MB10598.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 162adf0e-0343-4d5f-6211-08dd57ad3687
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2025 04:06:01.2104 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR09MB9801
Message-ID-Hash: 33NAHI67G5KYBQVK42LH55UXHHG7SB6I
X-Message-ID-Hash: 33NAHI67G5KYBQVK42LH55UXHHG7SB6I
X-MailFrom: kotikalapudi.sriram@nist.gov
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>, "a.e.azimov@gmail.com" <a.e.azimov@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Sidrops] Re: Local AS in ASPA validation (draft-ietf-sidrops-aspa-verification-19)
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/j6s9waQkgsvue5IjL-0CDMugJ1Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

Hi Maria,

>Looks correct overall.
Great! I think we have converged in this discussion. The only remaining thing perhaps is the following:

>>>In the original definition, the whole summation works because we are indexing from one to N, and we are taking the length of the up and down ramps inclusive of both ends, which is not described anywhere and the “one allowed lateral hop” is well hidden inside the formal definition.

>>[KS:] The draft has this statement in Sec. 6.1: “If there are no hops or just one hop between the apexes of the up-ramp and the down-ramp, then the AS_PATH is valid (valley free).”

>Would you expect an average network engineer, not speaking English daily, to understand this clearly? I have problems parsing the sentence myself.

OK, I have made the following text change in the forthcoming v-21 ( https://github.com/QratorLabs/ASPA/pull/30/commits ):



OLD text (2 paragraphs):



   The AS_PATH may in general have both an up-ramp (on the right

   starting at AS(1)) and a down-ramp (on the left starting at AS(N)).

   The up-ramp starts at AS(1) and each hop AS(i) to AS(i+1) represents

   Customer and Provider peering relationship.  The down-ramp runs

   backward from AS(N) to AS(L).  In the down-ramp, each pair AS(j) to

   AS(j-1) represents Customer and Provider peering relationship.  If

   there are no hops or just one hop between the apexes of the up-ramp

   and the down-ramp, then the AS_PATH is valid (valley free).



   If the sum of lengths of up-ramp and down-ramp is less than N, it is

   invalid: the prefix was leaked or AS_PATH was malformed.



NEW text (2 paragraphs):



   The AS_PATH may in general have both an up-ramp (on the right

   starting at AS(1)) and a down-ramp (on the left starting at AS(N)).

   The up-ramp starts at AS(1) and each hop AS(i) to AS(i+1) represents

   a customer-to-provider peering relationship.  The down-ramp runs

   backward from AS(N) to AS(L).  In the down-ramp, each pair AS(j) to

   AS(j-1) represents a customer-to-provider peering relationship.  If

   the AS_PATH has no up-ramp, it means that K = 1.  If the AS_PATH has

   no down-ramp, it means that L = N.  (Note: The ASPAs are not in

   consideration presently in this description.)  If there are no hops

   or just one hop between the apex AS(K) of the up-ramp and the apex

   AS(L) of the down-ramp, i.e., if L = K or L = K+1, then the AS_PATH

   is valid (valley free).  Otherwise, i.e., if L > K+1, then the

   AS_PATH is invalid (i.e., the prefix was leaked or AS_PATH was

   malformed).



   If one thinks in terms of the lengths of the up-ramp and down-ramp

   (instead of their positions in the AS path as discussed above), then

   it is observed that the up-ramp length is K and the down-ramp length

   is N-L+1 (in terms of number of ASes).  So, it can be alternately

   stated that the AS_PATH is invalid if the sum of the lengths of up-

   ramp and down-ramp is less than N.



Hopefully, this is satisfactory.

Sriram

v2.37.1 | Report a Bug | By Email | System Status