Re: [Sidrops] Reason for Outage report (was: Re: ARIN RPKI Service Impact - 12 August 2020 - manifest issue - resolved)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 27 August 2020 17:30 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEE8E3A111F for <sidrops@ietfa.amsl.com>; Thu, 27 Aug 2020 10:30:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VZP3k4R7; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=u7xQk3AL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pabJVlpr6muM for <sidrops@ietfa.amsl.com>; Thu, 27 Aug 2020 10:30:57 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8076C3A111E for <sidrops@ietf.org>; Thu, 27 Aug 2020 10:30:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=583; q=dns/txt; s=iport; t=1598549457; x=1599759057; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=CYwsJuPE/2EYc4DD1R8HCr7OvR152UYOBEsB6okrAVs=; b=VZP3k4R7FJHnRmvRz5EPuLuIkMdDuwDl0sHYirjhscU21cbAYSO5NhjP a8rtlqLcSJsMtUItHxwFGnGDkCJqFfcTZb7LYwLltoNujRzXdO03NHEcK keWrchyRwUkkfG3agR33Jh3+uTaJ+xSd5bCD9Sw0/9taiHj3bpGaOEoOD M=;
IronPort-PHdr: 9a23:9j9ITR+ij44w1P9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+7ZhCN6fBkllSPXIjH5bRDkeWF+6zjWGlV55GHvThCdZFXTBYKhI0QmBBoG8+KD0D3bZuIJyw3FchPThlpqne8N0UGFMP3fVaUo3Cu43gVABqsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BUAQBm7Udf/40NJK1gHAEBAQEBAQcBARIBAQQEAQFAgTkEAQELAYFRUQeBSC8sh30DjXKYcYJTA1ULAQEBDAEBLQIEAQGETAKCSQIkNwYOAgMBAQsBAQUBAQECAQYEbYVcDIVyAQEBAwESKAYBATcBBAcEAgEIFQEgBQsyJQIEAQ0NGoMEgkwDDiABqDYCgTmIYXSBNIMBAQEFhTgYghAJgTgBgnCKNBuBQT+BVIIfLj5pG4M7g0iCLY96pmIKgmOaToJ1nVCFYIxsn0sCBAIEBQIOAQEFgWokgVdwFYMkUBcCDY4fN4M6ilZ0NwIGCgEBAwl8j3UBAQ
X-IronPort-AV: E=Sophos;i="5.76,360,1592870400"; d="scan'208";a="726998268"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Aug 2020 17:30:56 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 07RHUuDb032270 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 27 Aug 2020 17:30:56 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 27 Aug 2020 12:30:56 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 27 Aug 2020 12:30:55 -0500
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 27 Aug 2020 13:30:55 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OQyAzZyKH50JFVpKwZeTPNjJ/1m+IRZYNiC4eXVLy7gXPVPOHVBJHEtma8MCw8Alo/9V0PZcnvBe1c5M4cPD8O6W+MK2JBPPYuSXQcnHsrrusu1gpA9cuCaf51jfu36+jyGEZFTvqfiqrPRfZUU5c07YNxx1dy9es2zddXOL+RW21dNEhOVi76rw8nPJuUBkXKUFd69me1r/mEpVY+7RYZAHvZzhhaEPYqE5lgjZyjyANHW0+g23b4ca0ULADazfFayNebQwzjwGleC+DCx68rvZu/lneFQkpzpNE8nUkEPsgIdQEvhR3eMN+cKwiXisnypoiaysQrwPmS/qq9ncYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CYwsJuPE/2EYc4DD1R8HCr7OvR152UYOBEsB6okrAVs=; b=kgD26KypaAk8aXrPxU+BgoAzFbFujY5vP9jXH4VL2fWPoCpmNDV4jmqqc/kVySOvKMcFGq9nd6BV9QCW+kqQ7aBCiEnQCqqkkGfDQ0nGTGWCCQyYReH7BfPL/TUzXpUaDdUi7KCn6gNWvwDvNrMdAKHh45XM+KIK+HFBr5BPWlx/Fe7VIOGgWkYGBAZiWnu46dh5hZryUivtm1bj5fw28EueU2vhvrpY2ntipWuF2JEYTxgf94IJfiyArfDzDWb+IiswFdVzwebZgeRDlVzHCk1ka0lLA1wDe3b8ox61stUGdgKVvlBmlpXe8gGKiLVMglVK+PKO0XhqOuZmujKvpg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CYwsJuPE/2EYc4DD1R8HCr7OvR152UYOBEsB6okrAVs=; b=u7xQk3ALnM8O8ebY8YQq5M5APavzIGA7jTRgnnmAjZ49Ixgfd6Rl9HhT70OWTGnYphOYq/b+j0YRfcfRoJCzmj0GAbQAlRAYp4YYDmLRxTyxSdD0HfSBsPyEsXt0mMd4AtUlUAC2jQtFYotqTlCIuJ3OJnbqTdlmlw8lBcrhs1M=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB3638.namprd11.prod.outlook.com (2603:10b6:a03:f8::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.19; Thu, 27 Aug 2020 17:30:54 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e857:a3fb:11ad:faff]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e857:a3fb:11ad:faff%2]) with mapi id 15.20.3305.032; Thu, 27 Aug 2020 17:30:54 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Mikael Abrahamsson <swmike=40swm.pp.se@dmarc.ietf.org>, Martin Hoffmann <martin@opennetlabs.com>
CC: John Curran <jcurran@arin.net>, "sidrops@ietf.org" <sidrops@ietf.org>, Job Snijders <job@ntt.net>
Thread-Topic: [Sidrops] Reason for Outage report (was: Re: ARIN RPKI Service Impact - 12 August 2020 - manifest issue - resolved)
Thread-Index: AQHWe7jpH81/uUT4x0Sz5/cY5XwZRKlKjHaAgAAobQCAAS9KgIAAUfJQ
Date: Thu, 27 Aug 2020 17:30:54 +0000
Message-ID: <BYAPR11MB3207632B2057B4AE6F68DE72C0550@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <DE33EFAE-FBD2-478F-92A9-1FBD81CCC43F@arin.net> <727F6FBD-F73C-4F58-AE2D-0276B2A183A3@arin.net> <20200826160001.GF95612@bench.sobornost.net> <20200826202442.232829fc@grisu.home.partim.org> <alpine.DEB.2.20.2008271422560.11025@uplift.swm.pp.se>
In-Reply-To: <alpine.DEB.2.20.2008271422560.11025@uplift.swm.pp.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:29c8:c183:7a95:c6a8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 51503958-2b03-4091-d048-08d84aaef3a5
x-ms-traffictypediagnostic: BYAPR11MB3638:
x-microsoft-antispam-prvs: <BYAPR11MB3638B3556DF0CCA42EA1BE52C0550@BYAPR11MB3638.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2201;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2HR5iLH2WA2lEZfTuDv41ae5XHBzdw978mym/20LxtqVzGlSnXoXGtn6XbR2C1YCzqiMBhujxvxUl900ClQHo2NAzBqvQ1SEyQmEcs8SDTjZHzqrzHrcnH1j5SHRcvOUI6yajmxYya8piSj0SANlYf+QKs2ralXcHpQqD4/Clzs2GOF8WDqrQsAh++0Y7kPDywFvF+MtPH63QWaAieWlEXfi5VCkTObKbfo+1t3oY2j401jUctEiI0MA06DWc2cMVn4yBaKbBnrvV3rjZab1ufrH45L+29413yeeo51LN+ydaffcypECQdaIBIIbGhLhNDvekx2E70hZKpm9DsoMtg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(39860400002)(366004)(376002)(136003)(396003)(2906002)(86362001)(186003)(54906003)(110136005)(66556008)(66946007)(4326008)(64756008)(66476007)(76116006)(66446008)(6506007)(316002)(83380400001)(8676002)(52536014)(7696005)(33656002)(8936002)(4744005)(478600001)(71200400001)(5660300002)(9686003)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: +4WgStHs1ktmA1JxE+rnISM92noPmcF2QI3eKsVHSBOkVaKicfs17LfCFrgoYqVgjQW3/uxUm0LPdBXwe5QzypYa6MEW8qVXGdGeenfy7+tIsH/F38cvqM8Ce2jC7fEiRjz8Bf0dg4vvvVBTzTNpw8aK+S0bg1INqE6ZDMvj+tVLToOOALHVpmfNSG+8osj3mGJJkSEYslTLLmk9Ia8XULfiFjxb5R9cWcoJ3eIvu50BYRhmgwvu4uZEOdCixbQcw/tqXuHb85loJHVoRxmoxG5Nhxr9FslwLbxw0DbHwdQ5FSTZqe0a7lfIHEG+bcgxw55EzbM3k4PbL89l45Qf6xSDA+nmoIME4CjXE6VGBzRG4rd+EXariZGF/sTfASV1VVvyz5/8WjYUPKfs8jhsQVj8DLUiU6I8C/8S4rC8IXp/8wD9ZOXNkah/v/2jFTCYOL00v6fE3FSe0We4dHXAc48igi+hiQKxkYP8zLf13wMTAltMUZMA2mo3Zhotvr/xgt1JwdSav2DMfzvid7ZzM4/l7CjAf6fhV+CCQWRdw+1kKd//dmobpPmhcLoUcSMRmp8ushFoI+1ObqWPL7mxbWkVRBv9OtioobUkPP4SMVE85xXHojDavJZPeHLQykIvb0haoTYdXKDp76s00U+JWFdExMdsgf4+PQ3CILnClsOId1+HdsduU6xfD2C3KJV8mNkS3nJrcY9FQXRyOR41WQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 51503958-2b03-4091-d048-08d84aaef3a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Aug 2020 17:30:54.3461 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yBJEcF8qUBPG1GOjOZL0dtP/Qh9XIH1qqBm4atG+twjr3ivEswo9qQPABBumEvZd8Hgwmbl+a/FNJ2VWDVcgLQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3638
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/rQfElEwRNIFxA0JAsdRU_oJ3-mM>
Subject: Re: [Sidrops] Reason for Outage report (was: Re: ARIN RPKI Service Impact - 12 August 2020 - manifest issue - resolved)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 17:30:59 -0000

-----Original Message-----
From: Mikael Abrahamsson
Sent: Thursday, August 27, 2020 5:30 AM

> If a ROA is gone, it doesn't cause an outage. It causes lack of protection.

Suppose a provider has a ROA for a large prefix and subdivides it into more specifics.
It allocates these more specifics to other ASes and those ASes publish ROAs for
those more specifics.

If the ROAs for the more specifics are gone, then the less specific ROA
for the larger prefix will invalidate announcements for the more specific prefixes.

That's an outage.

Regards,
Jakob.