Re: [Sidrops] [GROW] ASPA and Route Server (was RE: IXP Route Server question)
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 23 March 2022 20:29 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id E28013A07A0;
Wed, 23 Mar 2022 13:29:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.112
X-Spam-Level:
X-Spam-Status: No, score=-7.112 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FROM_GOV_DKIM_AU=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id p1U0obkXIRtv; Wed, 23 Mar 2022 13:29:09 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com
(mail-dm3gcc02on2071b.outbound.protection.outlook.com
[IPv6:2a01:111:f400:7d04::71b])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C309B3A0C83;
Wed, 23 Mar 2022 13:29:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Ou/d4tO935BUcbFUCyEmenPkYuPP3Lp36/8URw2ZPYEekyNqT8hxQ44NcJNWXhjK7nhEOI8tXdr7tIxusA5v8z+0gX/pdfgTbFecI7gcGmK7g2UUBQFbZs/1kPUbbhu8Dp+TOaoB+/nRYz8ToPNn6Y+0S9vKZbfouFOmGHeutSxqqtZbR8F8NWXy6xexRTEu8pLiM273g7YEo078x/izO/rXwc1sg9dCgcGJgJTOTZDHtPxVlUBQF6ee1X2CPwu27CfJ/NMWTIjaSHnXL/GosAu3WovzRW4HD4NRxAttdKX51QLDndklDZDwRVtEQ0TG6iaPMhTD6LjxHHC6vjhmsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=RCBpTNe5SUZrPCDawh8hZoHINNjgaP0B1XGg5xM5O/w=;
b=a2IvbLmpyy/9AURc6PIEdE7l8av1qr5NSOahOU0/UCym6Cx4Ch36uSa0cFNF/WE3E35CV/u+1kUMhkgWm/7w9o76nyamneYan7ZkS/5NwtMUnXU89q/TqZYLDPeeg4i1GFqVmJqvcRHiAVkuGt0IJgzVatOUvpZ2Shw2+WuBJnGgooyLxm/mUVqP4kz6gh1l8dK58IQDSvRrf7DE33kO2NqowFu10tM/hv/jaCRcfgCXfUDr04eGc2GCWlhALHTX8Gq8kuapErN1OX8C/6rX2jmruO/HBC0SDlj8gwxzQRw4T9f2bplO8jtI2zS6Ti0UHs2S/baJJc2oEo6WDITjZQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov;
dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=RCBpTNe5SUZrPCDawh8hZoHINNjgaP0B1XGg5xM5O/w=;
b=viEBqSxrivoEgpc/AmdjKtcPaU0HAWAn7l+Si0D3HyzLuGye0th61msoRWPXYilI7liF43UEx0zl+nM6uW+cOPLfKSnFENrJNfcqJEtth1xH09377PUdWLnnZbyLkyCeOnC4xlHDo8SFAjBwNHNmIEt/QArMxzMUxQKdKzEhFp8=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8)
by SJ0PR09MB6976.namprd09.prod.outlook.com (2603:10b6:a03:26a::23)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14; Wed, 23 Mar
2022 20:29:04 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com
([fe80::c99c:1af3:8454:5d6a]) by SA1PR09MB8142.namprd09.prod.outlook.com
([fe80::c99c:1af3:8454:5d6a%6]) with mapi id 15.20.5102.017; Wed, 23 Mar 2022
20:29:04 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Jeffrey Haas <jhaas@pfrc.org>
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "grow@ietf.org" <grow@ietf.org>,
Nick Hilliard <nick@foobar.org>, Zhuangshunwan <zhuangshunwan@huawei.com>,
"Jakob Heitz (jheitz)" <jheitz@cisco.com>
Thread-Topic: [GROW] [Sidrops] ASPA and Route Server (was RE: IXP Route Server
question)
Thread-Index: AQHYPULXMMKnMnklKEmxZqImduurxazNZA5Q
Date: Wed, 23 Mar 2022 20:29:04 +0000
Message-ID: <SA1PR09MB8142882E9BA0D766113BF24384189@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <BY3PR09MB81315D53064951F865F2A23884109@BY3PR09MB8131.namprd09.prod.outlook.com>
<SA1PR09MB814268C7DB52D8758817217984159@SA1PR09MB8142.namprd09.prod.outlook.com>
<CABNhwV30Guy28qBR_eA==CUy2Xj24OfPwxV0n2gFF7wVrgBMpg@mail.gmail.com>
<BYAPR11MB3207DE083AD888F3C963E347C0169@BYAPR11MB3207.namprd11.prod.outlook.com>
<a07986fb2d7147c0abb36229237d8982@huawei.com>
<B1660213-CEB8-48C1-B44E-DC3D43510031@pfrc.org>
In-Reply-To: <B1660213-CEB8-48C1-B44E-DC3D43510031@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 54aa47be-d402-4364-991a-08da0d0bc623
x-ms-traffictypediagnostic: SJ0PR09MB6976:EE_
x-microsoft-antispam-prvs: <SJ0PR09MB69768124AF3B3D04FB84E7E284189@SJ0PR09MB6976.namprd09.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tUl7nUrMeY9qSZTt3U87b028MUahTnRFnlK0evSDZ1I7QaCvThXcyF7ircNECAxZDimFs/Ld+WDgD1V6E/79jt8k9yj4dF+AmG06Ce1ef7cpnsB7sUXqfXB4hXSxcYgMSovUs3hrgfHyyYUxq2jHVLGNSGtTBe4PimpsdpBvb2bipRsFpFeBarvZgtEqKVA6x7Qg6Bd8FKRraBJvI6297+BiGxj2PdjxNMrhCqytFmWQSvg1YEZy6TxyjjSUEkz67YLQvilyr+BKgX2xIf7WFtAqQ/kZCnqgnIjn1ifXRJaxEUtFHYC//XRRUkOWRa5hS040KCBtRGzDoulNY9HTZKSqAl+sKBTpwAQbhxhTt6DLqtLIDn5hdu+QIUGFATflr/dCGnXnaGfrxUh3R2Kc1YXPwt6nBV/g0E8Jm4mq4nUOSyz66dhXT6aloe0uXzn26muRTxJt6OIFC5PZpxHCWPMvXxeYwnuXZh5ti0K+pzI/6deWOq24kjdHYA1kk7mwnGFSbosBuw/zTv13ZPKfJdeNRtGlMQY6Ngrp+/UzZVBcULwBeIpiNFbfeqbpzWhydnXL42bboBzsm9ngO1hXMdgmsiu9CMh9PG2Zc+ewKlwvwXs8bGn+tB8xDmdvBfa4NiTXay5Krm3bUucybAWYTAyZUEwasEY5Ww5BWZdsiGX0iL3Hrj4nCOf48JOpboUHQy4Hvv7BerWSAHuTQBAvMA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE;
SFS:(13230001)(4636009)(366004)(122000001)(82960400001)(186003)(26005)(53546011)(38100700002)(9686003)(83380400001)(66574015)(5660300002)(8936002)(52536014)(2906002)(86362001)(55016003)(508600001)(33656002)(71200400001)(6506007)(7696005)(66476007)(66446008)(38070700005)(76116006)(64756008)(4326008)(8676002)(66556008)(66946007)(316002)(54906003)(6916009);
DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?4MuPbDP6nHeqfrAXC5diNRKN7N33Ext32guVfDA1Sq7C7qKznLjF4tUcTr?=
=?iso-8859-1?Q?m1MzXo3+aVEmMAZqKrLtPoL4i/aIE/8ssrL7azyj6oPUQ8hblfvBaNp/41?=
=?iso-8859-1?Q?679yAzgwOHKAVYUsxgBhW0vkNZwtS2ePL4j6JiX6fiYK0LZuC5vQGvn5v/?=
=?iso-8859-1?Q?tEonnFpf86uUE5MJmXX4o1GR5DZWzmarZCtnrM4m+/L93xZSxq27QEumZ9?=
=?iso-8859-1?Q?Xq+qPn659PFf7oa0bKqaiK7ZvVPT06z+OxVy5czGcGDuzbyG0WG9wUHDY/?=
=?iso-8859-1?Q?i1PpuV8P71d3whCH1dHpfbU8g8RoVUX4xTDDbEQ8cZdpUsvPB7MXgFMJrb?=
=?iso-8859-1?Q?kil64dWZbHEPnog7YwDFLq4BbDQoVhIhFOQNaglpq/WGP3yp6HWgk07qJI?=
=?iso-8859-1?Q?WAoQkunBctJ1FNjpH3UlRfw64LBt4uf+Q2KQd9m1gTJI5xkExx9dZYDH+c?=
=?iso-8859-1?Q?2pYWcr4OklkXe5GNkwFPmZgrHqZ8mRmHI9aPatT1cPhcNAgCmj0lY/FoAs?=
=?iso-8859-1?Q?emTKeyj7DjBwXjbuYjowA3XDYUBbZt2jbEORWwkmj8TY6t7Qv/w4Yp+2Tb?=
=?iso-8859-1?Q?AmZSZgeXWy8NOjx4+j6d9scxqIVieW8NuRF94nItgNuHVLLkvmBqgiY+lF?=
=?iso-8859-1?Q?nYpa5fdzplwq2xI/LJEf/K1DxxsNnr6J03iNzWwS/tG8S7TNIXcHyfGC6d?=
=?iso-8859-1?Q?RwIinXPQlcO/KKPQ/tYoGQWLBHTMPdGIyULKEWil5lNj2GBzk7ufS3Kd+Y?=
=?iso-8859-1?Q?NvOjXtIUE27rrTlMldWaSDTjg2sJdN1OB3b8QcEBGCOm0zDyeWZaox+JFo?=
=?iso-8859-1?Q?9LAbQqsbsGE4HGwTnCBt48QM0RDrMMOhGomCC4e0CMdmWYQHBtylG2l4fk?=
=?iso-8859-1?Q?k1D5PUKh4+1D8lfWr0xY69DxF7Z4B++60manTgNHxqiTqSmYUBvx7E1k4h?=
=?iso-8859-1?Q?qUMEHKlWOxyDZvpv+Lh1zePb1SPr6h2OsKg1bWnr5oqeUzi9womPqbzpAH?=
=?iso-8859-1?Q?eYZUF6bONKKUFPwDx6AT0r/exnBfayPusvm5+ydxvn/quy+EV4VJWScSSp?=
=?iso-8859-1?Q?KPoePC7FFF8+ybbwMhKGYv9/+1uTI6Z2vHJf2GXbafkl+9BN7zWNretryY?=
=?iso-8859-1?Q?NSOon4zr600LA263cKL14sWl4ycka7wbf2GadaRTKYd6ar1NFtOqau6zgL?=
=?iso-8859-1?Q?c18eA3WXKKGYloesvlCpxk2ecE06bGCMC6px09DLpNgEos8hQsht+au55t?=
=?iso-8859-1?Q?H6P4NBAtlILQASMlNu2f/Owg8FGMMoEiuOwNQU0eA73+xjcZwKGcUKcajq?=
=?iso-8859-1?Q?UtKtpWqpRB4ppKEP/Rip7QASTL16JCqTQ5A9ZLpfH6nHJiATneBOrJsJgi?=
=?iso-8859-1?Q?ckfWGguWbV7XrWewAxJ+fijA3X3RoYLzARH9WtrmgrzD7ZwfU2YLmMQwjl?=
=?iso-8859-1?Q?x5vmJJgsHVz2g8ighM+QhSSbNKsM9sHSXSe7+cIqjzozzA+FpNcXlCKwKa?=
=?iso-8859-1?Q?E=3D?=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 54aa47be-d402-4364-991a-08da0d0bc623
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 20:29:04.5432 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR09MB6976
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/rzqJgYdpUYEu95IRreKTdIDi1tk>
Subject: Re: [Sidrops] [GROW] ASPA and Route Server (was RE: IXP Route
Server question)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>,
<mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>,
<mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 20:29:14 -0000
Hi Jeff, Thank you. We are now in sync with you. The design focuses only on transparent RS (i.e., the RS ASN does not appear in the AS path in BGP). We are assuming that non-transparent RS is rare/abnormal. It turns out that the solution that works for transparent RS also works for non-transparent RS with no extra effort. Just an observation, not saying that the non-transparent RS case has any importance. I have a talk in SIDROPS on Friday where the WG discussions will be summarized and a solution presented: "ASPA Verification Procedures: Enhancements and RS Considerations". Sriram From: Jeffrey Haas <jhaas@pfrc.org> Sent: Monday, March 21, 2022 12:43 PM To: Zhuangshunwan <zhuangshunwan@huawei.com> Cc: Jakob Heitz (jheitz) <jheitz@cisco.com>om>; Gyan Mishra <hayabusagsm@gmail.com>om>; Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>ov>; Ben Maddison <benm@workonline.africa>ca>; sidrops@ietf.org; grow@ietf.org Subject: Re: [GROW] [Sidrops] ASPA and Route Server (was RE: IXP Route Server question) Two comments here: If the BGP Speaker is inserting itself into the AS_PATH, it's not really a Route Server in the traditional sense. A normal BGP Speaker can happily pass along routes via eBGP peering with the nexthop unchanged with all devices that it shares a common nexthop subnet with. My recommendation is to not to try to consider these devices a Route Server. For ASPA purposes, just add the BGP connections to the inputs. If providers are unhappy with having a IXP router's AS in the ASPA data and thus lose the desired ASPA filtering properties, the IXP should install a real route server. -- Jeff
- [Sidrops] ASPA and Route Server (was RE: [GROW] I… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] ASPA and Route Server (was RE: [GRO… Zhuangshunwan
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] ASPA and Route Server (was RE: [GRO… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Gyan Mishra
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Zhuangshunwan
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Gyan Mishra
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Jeffrey Haas
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Zhuangshunwan
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Jakob Heitz (jheitz)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] [GROW] ASPA and Route Server (was R… Zhuangshunwan