IETF Logo Mail Archive

Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)

Claudio Jeker <cjeker@diehard.n-r-g.com> Wed, 22 March 2023 18:09 UTC

Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7338C15C293 for <sidrops@ietfa.amsl.com>; Wed, 22 Mar 2023 11:09:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.895
X-Spam-Level:
X-Spam-Status: No, score=-6.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQyk3NxqTLnm for <sidrops@ietfa.amsl.com>; Wed, 22 Mar 2023 11:09:08 -0700 (PDT)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8E7CC14CEE3 for <sidrops@ietf.org>; Wed, 22 Mar 2023 11:09:06 -0700 (PDT)
Received: (qmail 61715 invoked by uid 1000); 22 Mar 2023 18:09:03 -0000
Date: Wed, 22 Mar 2023 19:09:03 +0100
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>
Cc: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram=40nist.gov@dmarc.ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>
Message-ID: <ZBtEPwZtWhXE0Z/D@diehard.n-r-g.com>
References: <SA1PR09MB814243FD29C35FBE4B21153884B49@SA1PR09MB8142.namprd09.prod.outlook.com> <20230318194144.fx32pl7y6dzomo4j@iolcus>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20230318194144.fx32pl7y6dzomo4j@iolcus>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/jS45qUbNGenBOTSvkzTDiuqjRCs>
Subject: Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2023 18:09:10 -0000

On Sat, Mar 18, 2023 at 09:41:44PM +0200, Ben Maddison wrote:
> Hi all,
> 
> On 03/08, Sriram, Kotikalapudi (Fed) wrote:
> > Hi all,
> > 
> [..]
> > 
> > Version 12 is significantly updated. So, please take a fresh look at
> > it for your response to this WGLC. 
> 
> Thanks to everyone involved for all the hard work getting -12 out.
> It is a substantial improvement over previous versions.
> 
> However, I think that a number of fairly fundamental issues remain
> (which go beyond just individual wording suggestions).
> 
> I'm happy to provide patches for any/all of these, once the WG has made
> a call on the principles.
> 
> 1.  None of the ASPA drafts (verification, profile and 8210-bis)
>     describe the transformation between the set of ASPA signed-objects
>     for a given CAS and the resulting VAP objects transmitted in the
>     payload of the 8210-bis "ASPA PDU".
> 
>     The mapping between the set of ASPA objects issued by a given CAS,
>     and the resulting VAPs is not trivial (as is the case for ROA/VRP),
>     and needs to be specified somewhere.

It is trivial. The VAP is equal to the ASPA object / profile. 
Plus draft-ietf-sidrops-aspa-verification-12 is very clear that objects
need to be merged:
    In case a CAS has multiple ASPAs, then the SPAS is the union of the
    Provider ASes listed in all ASPAs of the CAS.

The problem is that 8210-bis jumped the gun, invented its own
representation and now people think they need to invent new things because
of this.  I see no point in that. RTR is optional.

>     I'm unsure which of the three drafts is the best fit?
>     My feeling is that it should probably go in 8210-bis, but that might
>     be tricky given that it is already in the editor queue.

Maybe it is time to hit the breaks, unqueue it and fix it. 8210-bis has
some additional issues. The version negotiation is a mess.
 
> 2.  The above issue manifests in the context of this document in the
>     form of confusion about whether the data that the verification
>     considers is the ASPA object or the VAP.
>     For example in section 3, the structure of the ASPA is described as
>     being:
> 
>       { CAS, [PAS1, ... ], afiLimit }
> 
>     This is incorrect - in the ASPA profile, the afiLimit is a field on
>     *each* ProviderAS.
>     
>     The structure that should be described here is the VAP:
> 
>       { AFI, CAS, [ PAS1, ... ] }
> 
>     Similarly, section 5 talks about the content of the ASPA issued by 
>     ASi, when it should talk about the contents of the VAP.
> 
>     The document needs to be explicit in this distinction and consistent
>     in its terminology throughout.

See my mail to this list. I complain exactly about the same issue.

But I do not agree on your VAP structure.  CAS is the primary key.
 
> 3.  I still find the special-casing of IXP route-servers and other
>     specific business arrangements unhelpful and confusing. 
> 
>     My suggestion is that we have a section dealing with what
>     constitutes a BGP transit provider, in which we make it clear that
>     this includes IXP route-servers, siblings, geographical partial
>     transit, etc, etc. The remainder of the document can then simply
>     deal with whether one AS has authorised another as transit or not.

IXP route-servers are not providers and must not be included.
The only exception are non-transparent RS (the few that are still around)
because these RS act like providers.
 
Adding transparent RS to ASPA objects is just plain wrong and only blows
up the object which makes ASPA checks more (computationally) costly.

> 4.  I still find the algorithms as set out in sections 5 and 6
>     unintuitive and unnecessarily complex.
> 
>     I would like to suggest again that the WG re-considers the
>     "triple-wise" version previously proposed by Jakob and myself
>     some time ago [1].
> 
>     The algorithms are fundamentally equivalent, but the formulation in
>     terms of authorisation by left and right neighbors of each transit
>     in the AS_PATH is in keeping with operators' intuitive understanding of
>     the problem space, and is therefore far easier (in my experience) to
>     explain.
> 
>     To be clear - I can live with the current formulation if that's what
>     the WG decides. I just find it clunky.
> 
> 5.  In section 8, paragraph 1, the MUST is problematic.
> 
>     It will result in vendors implementing filters auto-magically and
>     preventing operators from using ASPA verification state in their own
>     filters.
> 
>     This is what happened in some implementations of ROV, and led to RFC
>     8481. Let's not make that mistake again.

I agree that the MUST is very strong there. I guess it was a reaction to
how ROA invalids were (mis)handled for a long time.
 
-- 
:wq Claudio

v2.23.0 | Report a Bug | By Email