Re: [Sidrops] New Version Notification for draft-ymbk-8210bis-00.txt

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Sun, 15 November 2020 21:05 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AF463A09BC for <sidrops@ietfa.amsl.com>; Sun, 15 Nov 2020 13:05:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=FrJnmS/r; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=GTgedzB5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5A7E-CxG6lVG for <sidrops@ietfa.amsl.com>; Sun, 15 Nov 2020 13:05:14 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB2CC3A09A4 for <sidrops@ietf.org>; Sun, 15 Nov 2020 13:05:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20942; q=dns/txt; s=iport; t=1605474313; x=1606683913; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=zQvo4mmDHOcxCTtcSmhdjN1PSSFwfFVUFG34SnjbC0g=; b=FrJnmS/rWp3Jj0Jgc6MC4kzQAvL1jOqr4nlGDaeF985B+M87I4qYpmc2 C8KtgHivjWUVLD04N1mIP0IWnh9g8tfbSN5MpNbQSXjd9RfWu09c8aUei WYLgkjfwA2Dyf0DkVx1pjMQ4bcgT90S1ijbJCgm1oC1yw/xFF36OsSTTI 4=;
X-IPAS-Result: =?us-ascii?q?A0D3CACqlbFffYENJK1iHgEBCxIMgzIvUXtZLy6EPINJA?= =?us-ascii?q?41XlBSEb4JTA1QLAQEBDQEBGAEKCgIEAQGEBkQCF4IFAiU4EwIDAQEBAwIDA?= =?us-ascii?q?QEBAQUBAQECAQYEFAEBhjwMhXIBAQEBAgEBARARChMBASwEBQIBBAsCAQYCD?= =?us-ascii?q?gMEAQEoAwICAiULFAkIAgQBDQUIGoMFgX5XAw4gAQ6QaZBqAoE8iGh2gTKDB?= =?us-ascii?q?AEBBYUCGIIQAwaBOIJzg3aCRIQTG4FBP4ERQ4JPPoJdAQGBYRUWCYJhM4Isi?= =?us-ascii?q?3mEeoJ1hx6MDpEeCoJtlRKGJYMZnmCTUoIAmhiEOwIEAgQFAg4BAQWBayGBW?= =?us-ascii?q?XAVO4JpUBcCDY4fDBeDToUUhUR0NwIGAQkBAQMJfIxsWwUBAQ?=
IronPort-PHdr: =?us-ascii?q?9a23=3A8cD3nRwCppFCRzfXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5ZRWDt/pohV7NG47c7qEMh+nXtvXmXmoNqdaEvWsZeZNBHx?= =?us-ascii?q?kClY0NngMmDcLEbC+zLPPjYyEgWsgXUlhj8iK0NEFUHID1YFiB6nG35CQZTx?= =?us-ascii?q?P4Mwc9L+/pG4nU2sKw0e36+5DabwhSwjSnZrYnJxStpgKXvc4T0oY=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.77,481,1596499200"; d="scan'208,217";a="609248596"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Nov 2020 21:05:13 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 0AFL5CbT004443 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 15 Nov 2020 21:05:12 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 15 Nov 2020 15:05:12 -0600
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 15 Nov 2020 15:05:12 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Sun, 15 Nov 2020 15:05:12 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jO4DPXUFYZt7YIYBW7nsPWos62bY+rgR0jgRr9cZOtrNdpy7bI6+qnVjx0EXdLpTVCco/xmVyINvRqqXxOopkwpeNozvW/Qq9VJizCDQxki3lp+oNpHK64Zd00jWmT8VkYr50GZD4Zq6tZSZbryKDqB9okMnmQ1XBUUs44nHtZqf/LVIaJzD6HB+RJvU3vhP1vGhg6+MMXow8iqwjUGOenjGJUI9E+FUATShSAfFq6VRPlatTO4pV5iXqfThbhB5O3ilUFrFrOuoZqiFxKdKitQiNRh5/X08ozO5TBdzdLid031g/oZb3ZE6hX2RzUaizEt7LfYUqZD+ZXuiM0ChFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zQvo4mmDHOcxCTtcSmhdjN1PSSFwfFVUFG34SnjbC0g=; b=LtYqaRLwM1OLX363KvVkFT9cZPn56bYfv1dahkO89lOpt1djd4ijqg/lH9aE1rzZ2h6JNbodEkRLdtIzs+jVkYfyWo0Oumq5f5MT2aR7gtD5W/CW1GXOWnW+XIHBnT+rO/6SGyDGgxXsFeD9lAOydwvuEG9NMqU1uVLph75KjdNP3n/bOAyfvm89erEMC/vWGowN076iIp7F0JQKBuls8YPlvr60Eh1BRIytQ6HPCKgRo1o19bem1iF12ApfqnkrBrylXyGd9Ml94EfAkuwRLssQYluaJF/7ZhBKDQ+XcI5f2xYnvLSi/xo4HrBMKxuqrlXMRD4rmvNqmS0t1qU/MA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zQvo4mmDHOcxCTtcSmhdjN1PSSFwfFVUFG34SnjbC0g=; b=GTgedzB5dv7gSxTWnBTqyTsPnHueJ7oKBE8ZRdwPsLUUQ3ckpYSMGJSxHZdY2dynHxIYKBi4EL37g834p4TkRmXn7QqvdKN5IxkZxcBBgH6utAemzimauVQIEDzxxfnhUbS6WfunOM9YrGcJqUf9JsNlf/zUPQSA6uD98ycNQYY=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB3832.namprd11.prod.outlook.com (2603:10b6:a03:ff::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.25; Sun, 15 Nov 2020 21:05:09 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::f9c7:5d2b:4417:bb33]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::f9c7:5d2b:4417:bb33%3]) with mapi id 15.20.3541.025; Sun, 15 Nov 2020 21:05:09 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Alexander Azimov <a.e.azimov@gmail.com>, Randy Bush <randy@psg.com>
CC: SIDR Operations WG <sidrops@ietf.org>, Martin Hoffmann <martin@opennetlabs.com>
Thread-Topic: [Sidrops] New Version Notification for draft-ymbk-8210bis-00.txt
Thread-Index: AQHV7NDV3OdNqxpn3E2YzOPpNEuebKg7hE6AgAW4JICAElO8gIF3upnA
Date: Sun, 15 Nov 2020 21:05:09 +0000
Message-ID: <BYAPR11MB3207F821FF385403F3874360C0E40@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <158274065310.22955.10729466847169070546.idtracker@ietfa.amsl.com> <m28skpusek.wl-randy@psg.com> <20200306130129.59c888c1@glaurung.nlnetlabs.nl> <m2a74ogai8.wl-randy@psg.com> <CAEGSd=CdsLNRWKw_Pb7E328jso0gCqAbg8rWRwG+cOWpXjZGfA@mail.gmail.com>
In-Reply-To: <CAEGSd=CdsLNRWKw_Pb7E328jso0gCqAbg8rWRwG+cOWpXjZGfA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:9928:c1e8:ef98:bcb6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c06bcb72-8346-4dcd-88a2-08d889aa22da
x-ms-traffictypediagnostic: BYAPR11MB3832:
x-microsoft-antispam-prvs: <BYAPR11MB3832811F4527F469D4CAB08AC0E40@BYAPR11MB3832.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wQU9lxxyWmlJGr2r7yKjZDnheovlWksyQPRenIdLUi3PUOWrm9l9FtRg038vRH6QI5Q9CsO4gC1FThLZeoRV/X3eYM21MSMzEu9FPUblERMvSyV0JC2sSKKeLqE0oZMavUDCxPDWrIG9+xD0Mfp/zUn9WbecdnehvaI2WJMXPpCBNEcWpjko0xTpIrchmQmN9un13Y9nk85gbxHh4F1YlQ8ee04RPjrxG1MbcLTXSoo0Qz2Cefa2A8CJEiD6qYyPzMIxQu9wqhLMv9lY4PPhIrgYQZ2Ayj/QYcKgNKZQIqsMwx94ZrwISjetZuGEHf8k2gxPmA5A53f1fPi7NI7UGfEmUwPTFuE9sBseiPS17bbbI8nyGGsfqRmcsoyUKk9v7q/IxJSvcVD27gMJE69cNQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(346002)(376002)(396003)(136003)(166002)(52536014)(71200400001)(83380400001)(54906003)(110136005)(5660300002)(316002)(66946007)(4326008)(66446008)(66556008)(8676002)(76116006)(64756008)(66476007)(15650500001)(8936002)(966005)(2906002)(86362001)(55016002)(186003)(33656002)(6506007)(478600001)(9686003)(53546011)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?bmFyOFBoVFVmbTR2R2VQUU9MNTY0L1BHRElvU2FFdWljV2ZUZTNITHQ2Tng3?= =?utf-8?B?SlBYK3NtbXlSMXYrd0JDVTRQZjMzTzFpZVd3UFhYMTJIKzJyNkFEOWM5eHRL?= =?utf-8?B?djk3THRBcENtM0tyT3ArRFdocXljaDVGNysrYVNOeVJpbVRWdHlMQVE1UVNT?= =?utf-8?B?NzJUT3EzN1p1K1RuNm1WTzYzd0JlT1EyNzBDNC9XdUFwRk5NUUVWU2Vzc1Zj?= =?utf-8?B?TFF5WmMrQ1BXclRtM2VBNkUxcURNNmVGVEdlcE9xUjhqRytrOUZPV0wzdVpG?= =?utf-8?B?Rjkvcm1hMW5scUhKVUkvdUV6SXFrNVo4b0tYNzdTSGxNVlNQSG1COHhyV0I2?= =?utf-8?B?OTc2aGZiU2Y2ZnBtRC92NjRsRzJRaGg3b3hnQzV6OGRSRUdhd1MzQU1DeENQ?= =?utf-8?B?VElVQm5TMFY0MVYzSklhRUxpZ3lUNUhNb3ZWNHFnMTZiemVPT1N5QlBpQXFp?= =?utf-8?B?enNWa0lkYm80TTJFcWZkdC9YVVRxc05EZ09ZTHF4S2ZlNzVHOVhlUHIrZ2dh?= =?utf-8?B?bXBUNDdIeGJPRjlkQzN2MndkQlcrNjRTU25kbVBNY2dFaTI1Vk1PWnFYMCt1?= =?utf-8?B?UkROS1JHOHVXM3pXaURROWRZaVYwMDBleDNWZWFzOFBmbFNyeU5EaS9vMURv?= =?utf-8?B?aytMUW9Mc21IbEt3cHpuMldBN1cwUThzMmJoZU5ING5reWh1MXh2dDhEY1BU?= =?utf-8?B?aVlSQmdRZm1zZHFPNEhFd21YODQ5Ykx3QTlONVF6U2hmZU5KVmtRVkcwMWE3?= =?utf-8?B?a2ZaaU52d21Mbm1KemI2Y0VaTjY4THFHOGF3dGZCcVlGeG1NdWVjb2FlWjJV?= =?utf-8?B?NUhjMkZpK3V1aWRQelU1Z2Q0dUhTY0czNkV5VTRBc2k2dERCcTdseXNGdGNT?= =?utf-8?B?VlpRdGoxcWVTTW14MDk3Q2llcW9sWGNXVkVGUWVocC9QQmlNNUFKcFFqWXlI?= =?utf-8?B?UTlXczhWY1hHVnp2ci9rTG9FYWthOFFmQTVXNHZGVHRKeW9Kelg5dzFzMFNs?= =?utf-8?B?ZGJhdExpN29DYUpEb2s0Si84eHlPaVpYd1VjQTJuVlppTzkwdTJUWElhZXN1?= =?utf-8?B?Mi9rVUFkQ0pXbm5nbnJwWDNoK0JRV0lCdlBsa3dvRnREU2Y2RHBEeXBDUU9P?= =?utf-8?B?S1RzQ0dYdkJLNmRqeCtEMUJpS3pYM2doQk0zeTRRLzkwcGdOdDVTMTlDS1ZF?= =?utf-8?B?NGI3emVtT3NuMElyRWdBM1JuOUJDTWFxUlB5QS9iMUxZN2d1TWg0NFZxRmJB?= =?utf-8?B?Vm1uS2pqSkV1S2ZnOERYeFdsekdsZGNQRnkvbXhiMTk3b1YzUT09?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB3207F821FF385403F3874360C0E40BYAPR11MB3207namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c06bcb72-8346-4dcd-88a2-08d889aa22da
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2020 21:05:09.4438 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: w4/7OWPiQefqI01xa5kyp6uBJaIAYrr4+Zm6EYfJPxAL0rSlz/DzSTN/BV8B3adZbY9owfgoJgOGYWS3lNKZbw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3832
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/pC4AMZCPf_Hvqu72td_W5bcMhfk>
Subject: Re: [Sidrops] New Version Notification for draft-ymbk-8210bis-00.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2020 21:05:16 -0000

One more race condition is more-specifics vs. less specifics.
A less-specific ROA will invalidate a more specific prefix that would be not-found if the ROA were to not exist.
Invalids are increasingly being dropped, whereas not-founds are not dropped and will not be dropped in the foreseeable future.
So this matters.
More-specific ROAs should be updated before less-specific.

Regards,
Jakob.

From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Alexander Azimov
Sent: Saturday, March 21, 2020 12:14 PM
To: Randy Bush <randy@psg.com>
Cc: SIDR Operations WG <sidrops@ietf.org>rg>; Martin Hoffmann <martin@opennetlabs.com>
Subject: Re: [Sidrops] New Version Notification for draft-ymbk-8210bis-00.txt

The separated records for v4 and v6 ASPA were inspired by the previous research that showed a significant difference in the peering relations in v4 and v6 respectively.
I did this research a couple of years ago, it will be interesting to check if the situation has significantly changed.

I'd like to get the WG attention on the introduced update of ROA processing.
The current version of the RTR protocol related to ROAs is vulnerable to possible race conditions: if the prefix has multiple ROA records or it covering prefixes with different origin asn the state of the partial update may lead to invalidating of really valid prefixes. Here is fresh statistics:
·  16153 IPv4 prefixes with equal (5486) or more specific (11872) conflicts;
·  2250 IPv6 prefixes with equal (1202) or more specific (1164) conflicts.

The current proposal addresses this issue for ASPA and ROAs in a different way:

  *   For ASPA a single PDU per customer AS is neveling the issue;
  *   For ROAs the draft introduces ordering of the updates + suggests sending updates with the same prefix back to back.
The way ROAs will be processed decreases the chances that valid prefixes will be marked as invalid, but they are not zero. My thinking is, that since RTR protocol is negotiating its version at the start of the session there is no need to keep full backward compatibility with the way ROAs were processed previously. Instead, we can change ROA RTR PDUs is the same fashion as it is introduced for ASPA: a single PDU for a selected prefix that replaces previous records.

вт, 10 мар. 2020 г. в 06:22, Randy Bush <randy@psg..com<mailto:randy@psg.com>>:
> As a separate note, ASPA in its current form includes the address
> family, ie., it has different ASPA objects for v4 and v6. This is
> missing from the proposed ASPA RTR payload PDU, but luckily there is
> enough zero space to include it.

i believe this is addressed in the draft out today; though not exactly
in the way you suggest.  thanks again for pointing this out.

randy

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org<mailto:Sidrops@ietf.org>
https://www.ietf.org/mailman/listinfo/sidrops


--
Best regards,
Alexander Azimov