Re: [Sidrops] WG ADOPTION - draft-madi-sidrops-rush - ENDS 10/12/2020 (Oct 12th)

Job Snijders <job@ntt.net> Wed, 18 November 2020 12:27 UTC

Return-Path: <job@ntt.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D30E3A1840; Wed, 18 Nov 2020 04:27:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KBGv_Q-2Dgoa; Wed, 18 Nov 2020 04:27:47 -0800 (PST)
Received: from mail4.dllstx09.us.to.gin.ntt.net (mail4.dllstx09.us.to.gin.ntt.net [IPv6:2001:418:3ff:5::192:26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E12ED3A183E; Wed, 18 Nov 2020 04:27:46 -0800 (PST)
Received: from bench.sobornost.net (mieli.sobornost.net [45.138.228.4]) by mail4.dllstx09.us.to.gin.ntt.net (Postfix) with ESMTPSA id EDB42EE0157; Wed, 18 Nov 2020 12:27:43 +0000 (UTC)
Received: from localhost (bench.sobornost.net [local]) by bench.sobornost.net (OpenSMTPD) with ESMTPA id 08f753d1; Wed, 18 Nov 2020 12:27:42 +0000 (UTC)
Date: Wed, 18 Nov 2020 12:27:42 +0000
From: Job Snijders <job@ntt.net>
To: Di Ma <madi@rpstir.net>
Cc: SIDROps Chairs <sidrops-chairs@ietf.org>, "sidrops-ads@ietf.org" <sidrops-ads@ietf.org>, Guyunan <guyunan@huawei.com>, SIDR Operations WG <sidrops@ietf.org>, Chris Morrow <morrowc@ops-netman.net>, Melchior Aelmans <melchior@aelmans.eu>, Christopher Morrow <christopher.morrow@gmail.com>
Message-ID: <X7UTPpYJyrW8jZzQ@bench.sobornost.net>
References: <87imbybjne.wl-morrowc@ops-netman.net> <CALxNLBhjU409LB8pU3Dr287hyKDSW8bHbJiLNPjf4yOSnzc2kg@mail.gmail.com> <C01B0098369B2D4391851938DA6700B717C1D699@DGGEML532-MBX.china.huawei.com> <C4FE2995-87D4-4FF5-9F3D-91D5BE44ED33@rpstir.net> <CAL9jLaZAC9soiJKy856dWexjAmh5=brBnnUOrUjeSHLR_CKJTQ@mail.gmail.com> <3B7B607B-C100-4805-94BE-DC2F597A3CD2@rpstir.net> <87a6vgfb3i.wl-morrowc@ops-netman.net> <X7PYnV3pz9QO5NUY@bench.sobornost.net> <D77FB6ED-2288-4E55-8329-27EC52C8BB37@rpstir.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <D77FB6ED-2288-4E55-8329-27EC52C8BB37@rpstir.net>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/tCNqrYnfe0qHciGvc-TIwNHD9nM>
Subject: Re: [Sidrops] WG ADOPTION - draft-madi-sidrops-rush - ENDS 10/12/2020 (Oct 12th)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 12:27:48 -0000

On Wed, Nov 18, 2020 at 02:48:33PM +0800, Di Ma wrote:
> > Furthermore I do not believe that the SLURM format is optimal to
> > distribute Validated RPKI cache data. It is inefficient from a size
> > perspective. The SLURM format makes a lot of sense for describing
> > 'Local RPKI exceptions', but the datastructure seems less suitable
> > as the RPKI grows in size.
> 
> I don’t agree in terms of SIZE.

Hmmm, when analyzing the SIZE difference:

    $ du -sh slurm.json rpki-client.json
    16.3M   rpki-client.json
    20.3M   slurm.json

The size difference can be explained because the non-standard format
uses 'maxLength' as key, and SLURM uses 'maxPrefixLength' (which is more
bytes).

Furthermore, the SLURM format does not have a "ta" (Trust Anchor) key,
so the SLURM format offers *less* detail than the non-standard format.
The SLURM format also does not have the "metadata" key, which contains
valuable metadata about the set of VRPs the JSON object describes.

> The beauty of SLURM file is that it naturally supports incremental
> update.

As far as I can see SLURM does not 'naturally support incremental
updates'. Can you please elaborate on this 'natural' property?

Reading the SLURM RFC it has a section on "atomicity", making it clear
that a partial SLURM file is problematic, and further more it specifies
how to deal with multiple SLURM files, which is not the same as
'naturally supporting incremental updates'.

> > Many operators *already today* are using different formats, so why
> > not either look to standardize the format that actually is in use in
> > the wild, or optimize towards something that is better than what is
> > already used in the wild?
> 
> I am pleased to know those operators have *already today* used some
> other formats that works for their networking condition.
> 
> If they want a standardized format, it is fine and good.  But this
> won’t necessarily stop RUSH from being a WG item.  

I would encourage you to not ignore feedback from operators such as
myself. It seems the authors are ignoring the lessons learned from
existing solutions.

Operators (like myself) have experience with large-scale Route Origin
Validation designs where RPKI Cache Validators and RTR servers are
separate network elements. This experience must not be ignored.

There are 5 (!!!!) validator implementations which support a common
(not-yet-standardized) format used in many real-world deployments. From
this tangible experience we know some of the good and bad sides of the
particular format.

SIDROPS can choose between 3 options: do nothing; or standardize the
existing commonly used format; or improve the existing deployed format.

Investing working group time in a *WORSE* format is not an option.

Kind regards,

Job