IETF Logo Mail Archive

Re: [Sidrops] Which 8210-bis error code should be used?

"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Fri, 19 May 2023 16:03 UTC

Return-Path: <oliver.borchert@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD4F9C14CF13; Fri, 19 May 2023 09:03:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IamrHLP9p6T; Fri, 19 May 2023 09:03:32 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on20717.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d05::717]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71745C14CEFD; Fri, 19 May 2023 09:03:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CQ2HyEftiPZ7RDKXldn/q0506h94Gd51PM3mbuJ/Yjlo7vxAfF4QCDhiwiBoxxMCMOyXpnMHWANAh8ZC9P4SguodbX+bBYmpQKbSy3t/0DC8gtrdQ3zwBzLZGq5w+uQzi7o5GxwBLt0CXbQa1u+pb+Yq8ywvhncU6MlOX1eowj/iUPQIGSHNPdaBJp6qAozWLFTCog7oEHlmMxTu0eVkDqtDwDHhhpjNMIWoSJCare938KrI9CbftebfzqD6mHFQ3/o6Jd6H6AekACUwI6MRWJVX/TdeZlHir3F/poR3wZmhceHDMZ0VXpjdFfx8o601UQlV5QpkB16lim51w351mA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=haZhNIXyNrJ/ON55Jll/cs10DHHuNxmyGB4/ouStCfI=; b=XoTCZ57/+sg2GcNoe7GTMLzcCHml7lsKARbMBeF5Gf4e0BjGz7VKvcYp+50SrP+wce0FLwjuCh8DVCwuNtO/0fmgzP7yRBsoYKZS28MyKGuOlrJ3pspxexpIWtqWRi/vlkK0IhcONVF/iCQ2lzUspn4LDa4Od3nOhF+XcMupuqOlwLDIkhKTrI6yW0+M1uHeCMR085yulMcT6mVQGeZSinDsHycHZVd845+zbGZ63rfdCwi5rmJpmrr3e+wRKTkdjbka34lsKYChvcCAZxnY86GdzxvpWq+EMpvCooSMGvpbtm0E/mXDEaLIpFbd/ujKEnYCVY0pcI+dc00Hcs+OZg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=haZhNIXyNrJ/ON55Jll/cs10DHHuNxmyGB4/ouStCfI=; b=ku1vAEU7Y3GnEFXTc9RGfZVY5ahL9LaS/ZUUzZbkZ6SvJmxYwR+5wh4ky53pkTd14bIKC0dPP7vLmTYkTyw6D0tQjzIYAEs5C8kge3XsnPwke9f8o3zVICD/CeX3I8bfxWIhcUW8lNU9YisxgGTX2F4h3WnFNFNuY2eqXkeDeZlkyf7ZOnd8lN1kiIN0KJMEPc4wEFZz37shX0VYgbdAZkourwN7wbc5t0H0+aqDI0Zfk7YryPDSfIqRpiWWPTkYQKunXljcjq5vNfxFa0EbHX9Yq3cIkByPllLN889Mw4bhjINAv/j+vZGFqGDAHEN7pQ2OqX18y+nh+38LqZs03g==
Received: from BLAPR09MB6322.namprd09.prod.outlook.com (2603:10b6:208:2af::22) by DM8PR09MB7334.namprd09.prod.outlook.com (2603:10b6:5:2e4::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.21; Fri, 19 May 2023 16:03:26 +0000
Received: from BLAPR09MB6322.namprd09.prod.outlook.com ([fe80::4cfd:5a22:71b0:3149]) by BLAPR09MB6322.namprd09.prod.outlook.com ([fe80::4cfd:5a22:71b0:3149%7]) with mapi id 15.20.6411.021; Fri, 19 May 2023 16:03:26 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>, Claudio Jeker <cjeker@diehard.n-r-g.com>
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-8210bis@ietf.org" <draft-ietf-sidrops-8210bis@ietf.org>, "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
Thread-Topic: Re: [Sidrops] Which 8210-bis error code should be used?
Thread-Index: AdmKAKBhW6fOSNqTTbW/q5IBmucBQAAad7iX
Date: Fri, 19 May 2023 16:03:18 +0000
Message-ID: <BLAPR09MB6322F3020435B6AB5200C5B3987C9@BLAPR09MB6322.namprd09.prod.outlook.com>
References: <SA1PR09MB8142523FA03AC4EA6E0E014E847C9@SA1PR09MB8142.namprd09.prod.outlook.com>
In-Reply-To: <SA1PR09MB8142523FA03AC4EA6E0E014E847C9@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BLAPR09MB6322:EE_|DM8PR09MB7334:EE_
x-ms-office365-filtering-correlation-id: 30d1551b-ea36-4ecb-72f9-08db58829493
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5EPrEqCh80Cs+r7Nez1iStk4kKe7wdmV+1M6smaht56T9PrLpF9jLY2b7ltl0MTD3qleMAdF4uIblG0LY93iA2hS0akuP14aEL+Qgk6lqSvrsitAYVnm8DFW83ODNiY3I58QlTtkB3xRBAUSNwiJR36/ZWxfZDxLgu/bjknQ1yumQ0XcJ1WrE5AtTHeYFgv60YkVX8NT2YfGLBy7ZttG7AlvbOEwgijp4s+cc/kL1sda6bx1HBI8q3HfiMj7X1VobkxAsTSBnJfXyQ2q9RfJV3T3u2SYuZ49JDtlSdtFp5cNMueNtz/bLwjA7UDHQPBipqd1IS/xoeXPOedGJ0O3Pgm3Afgbl/bsdsejRiYcKWtId3vvvr1fJZ7A7AMNzCdRVI8UewxPwx9voPinPR/vwqY6IzoZUHH3RGJ5O2gvjwH/Vt5IW/5QnZ685r5BHVkX5M9EQzvbKPoB9PW0deAv5aP0xx1UCiRg+U7465dQFsCu99dOD8CRTSM5AEQv3oZU/sIVxDq01U4LV0psbjOzpWTfYfE77ff2KZ6P6ln5g46+FLjS+SI57Iuia+5UJRja5z54GdQY9fye01a11KFJjOx5QKr9hRXYIEMMZ6IwLbT69r90ZeGAvgV4ndPRKxQB
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR09MB6322.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(451199021)(91956017)(107886003)(6666004)(55016003)(498600001)(7696005)(71200400001)(54906003)(9686003)(6506007)(186003)(26005)(110136005)(2906002)(53546011)(83380400001)(52536014)(8676002)(8936002)(5660300002)(33656002)(122000001)(82960400001)(38100700002)(4326008)(64756008)(66556008)(66446008)(66946007)(86362001)(66476007)(76116006)(38070700005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VjkKauen6+QMsvQblT6hyUic/lWyQH9+XZ7gA2gJZBohJKgihJjIfBwMg+uumH3tLdfLB1RE8Jsfe8guPiTAdc9No5apC6dVY/wuylMzULKUgK0jlIC3TkvHhABGqBlRZb81FhZLQYroaUDZ9sLFlFYMdh7aMlgI5oB67tBd09GTCUJfWJErPGg74Fn9pe70z5aiPwsLTwIqS532GR4pGWfZ7KbcSiF7iOwMmq2qB2LBSeoQxP/txjWyqyw7niLt6sUvwk7r19+rFh1+aqjbin+yVZ6Fm3tHzUG0tVBlBq/Wl23OdEhynDilg78JCq58NIHLEYyaaKNvRqidDzyhDbkTPKH3NYTmNSgi5vCkgtRZVojhRvn+I5uSwed5TDdbn3Z27AnGYaIOq548Sa82sHuls/AAC6CZmVnP03VaeNuLX2IvRkx04NJpFx4cdb5uo1cWA1br8mBX1IzBnJpLiIeWNDyk2O4sHNOFg6vJRoFKA9k5n0YBw51i3PtU86QBDEsSa4N4D1ywKR49iCeGT61IWs04TI7IVQ4ihJPBLXjwB6t41AZmDf9DFNFd7ulHk10ydDqCwkUVLpEFSX4qslV9kZwSrRBB1l+KS4x7n7QuPSKl/cOgpQ+N/4zwwlE7U15PzBUIKI4qvlkSkXTSJihULDmZdmaS5tkEqb0N0K4dL3BXf2jjSeCToMbGevIZuj+x2knR4OIq4SnxDZGoKVjNk6gKiLvQdcX7Tag0sxZFuO8/MW70NWTXIPzcMCtuGXQi/JBOnYVjo+1JB7PEkic+JQoWW1rJWLnMiNt+2DEzbpcuL1lW1P4RNeoIHe5vJnU5MUN+3H+/uRAPQqfxJesJ10cxKzZQFkWdlaLHjv5qejTfnIN97uTzMgOynVImuxsS7wx15/OdkYf2jnjdoK68hXZRcjquHUZP/8Np8ldXbhRpVyN9QYHOTr/yqglplXgzIDEMOp7Pdb+3rfk7LtV1HRJ3AO9Gk0C5N+vztx1ArKKJx48HY5x5Yk9ayyK9QsajCr6OAbZDdiyBPNiYwEl0wMG8gVtzh7eHQ/yzkIpyG50hwLPGQ+hpdYNjMHzu3BENz8VUy/0kxFkhZwwHqPs3/4iDBRgd4zTkxiMhe/TMufG0q0VS5bLJjkOgvram8koN7XQtYw9gFmI4uVkWA8P47Wg8pqWOU2OJx/OnZHpLdeyLaTs2hngo3tk1lMDRcflKQ/cjHEdcFTmJVeIvLBUg2/KvmVrxxxOB7BOpHy72mBoEAMTh99PTp8EAm8hFCzjy7Bdzpg61PKyn/84TVsYYtASbX8LTS61zkrPN8Jev1qZq2xZN9rLrQ7uSBoRhjc1ZhyNZsuGmOMVqwC32kDxbmAsqB+IGDg22ceRRMgQ2og2LY7BuWZJOMPszVjAy9fJ9ulryAl46q3Yz6yXxnJ1+nJlVZIiaUfbT9w8DxjFhw3+DynzZVRWgBtn9HUgvJndgav94eU30ru63nfFAwknM+Yr8rcRynBEubtiYIgreTvXNYyu4GidTvnVq7uXzCL78RMT5cxXFyRIqGBpVkmDURiRoOv2lcbJySSWQLm8=
Content-Type: multipart/alternative; boundary="_000_BLAPR09MB6322F3020435B6AB5200C5B3987C9BLAPR09MB6322namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BLAPR09MB6322.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 30d1551b-ea36-4ecb-72f9-08db58829493
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2023 16:03:26.4441 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR09MB7334
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/x5E4HHrvJruj6ykPcOO3F1fmsYs>
Subject: Re: [Sidrops] Which 8210-bis error code should be used?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2023 16:03:35 -0000

I agree with the stonger MUST caluse. But the withdrawal goes beyond AS0. Also, a withdrawal and a change for the same CAS should never happen.
Example1:
Change the ASPA for AFI = IPv4 and withdraw ASPA for AFI = IPv6. Now does this mean the withdrawn ASPA AFI = IPv4 will be replaced with a n AS0 or does it mean the modified ADPA AFI=IPv6 must also be withdrawn because the AFI=IPv4 pair was withdrawn?

Example2: Withdraw any ASPA for AFI=x then also Withdraw the pair ASPA with AFI=y, regardless if AS0 or not.

Oliver

From: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>
Date: Friday, May 19, 2023 at 10:26 AM
To: Claudio Jeker <cjeker@diehard.n-r-g.com>, Borchert, Oliver (Fed) <oliver.borchert@nist.gov>
Cc: sidrops@ietf.org <sidrops@ietf.org>, draft-ietf-sidrops-8210bis@ietf.org <draft-ietf-sidrops-8210bis@ietf.org>
Subject: Re: [Sidrops] Which 8210-bis error code should be used?

Claudio, Oliver, and all:



How does this change in the verification draft (Section 4) sound to you?

This is the change you seem to be saying will fix the issue (eliminate the possibility of implementation error).
We’ll also reference this (or state it) in the main body (not appendix) of the profile draft.



OLD text:


   If, despite the above recommendations, the ASPA(s) of a CAS includes
   SPAS for one AFI but not for the other AFI (not even an AS 0), the
   ASPA SHALL NOT be rejected just for that reason.  However, such an
   ASPA(s) will be presumed to imply that the CAS has no providers
   (equivalent to AS 0 SPAS) for the AFI that they neglected to include.



NEW text:


   If, despite the above recommendations, the ASPA(s) of a CAS includes
   SPAS for one AFI but not for the other AFI (not even an AS 0), a SPAS
   containing only AS 0 MUST be included in the VAP-SPAS for the
   neglected AFI for the CAS.  In this case, later if the ASPA(s) in
   consideration is withdrawn and given no other ASPA changes for the
   CAS, said SPAS containing only AS 0 MUST be removed from the VAP-SPAS
   list, resulting in no entry in the list for the CAS (for both AFIs).

--------

Claudio: You were suggesting the following in your reply to Oliver:

>So you should not error out if an AFI object is missing instead an implicit
>AS 0 entry for the missing AFI should be inserted. How this is done is up
>to the implementation.

Would you say the need for new error code is obviated with the above change in text?

Do you see a need for any other changes in the profile or verification drafts on this issue?

Thank you.

Sriram

v2.23.0 | Report a Bug | By Email