IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-bar-sav-02.txt

"liumingxing (E)" <liumingxing7@huawei.com> Thu, 30 November 2023 09:36 UTC

Return-Path: <liumingxing7@huawei.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE1B2C151551; Thu, 30 Nov 2023 01:36:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9xs-fGN8PTC; Thu, 30 Nov 2023 01:36:39 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C9A4C151083; Thu, 30 Nov 2023 01:36:39 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.216]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4SgrYp3lDBz6H7r7; Thu, 30 Nov 2023 17:31:58 +0800 (CST)
Received: from lhrpeml100006.china.huawei.com (unknown [7.191.160.224]) by mail.maildlp.com (Postfix) with ESMTPS id 5E770140447; Thu, 30 Nov 2023 17:36:36 +0800 (CST)
Received: from kwepemm600011.china.huawei.com (7.193.23.229) by lhrpeml100006.china.huawei.com (7.191.160.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 Nov 2023 09:36:35 +0000
Received: from kwepemi500002.china.huawei.com (7.221.188.171) by kwepemm600011.china.huawei.com (7.193.23.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 30 Nov 2023 17:36:33 +0800
Received: from kwepemi500002.china.huawei.com ([7.221.188.171]) by kwepemi500002.china.huawei.com ([7.221.188.171]) with mapi id 15.01.2507.035; Thu, 30 Nov 2023 17:36:33 +0800
From: "liumingxing (E)" <liumingxing7@huawei.com>
To: "sidrops@ietf.org" <sidrops@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Thread-Topic: [Sidrops] I-D Action: draft-ietf-sidrops-bar-sav-02.txt
Thread-Index: AQHZ5cDuvZs7EjOBWUCYFVM6WHd3K7CTChww
Date: Thu, 30 Nov 2023 09:36:33 +0000
Message-ID: <e9e0805ba532448cb820fbd90697a788@huawei.com>
References: <169455443753.38576.10921844125292744062@ietfa.amsl.com>
In-Reply-To: <169455443753.38576.10921844125292744062@ietfa.amsl.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.112.40.65]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/zKKH7ip55x-VgpSQMfoqsh8vC2Y>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-bar-sav-02.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2023 09:36:42 -0000

BGP route aggregation will lose the origin AS information of the prefix. The as-set is configured by the operator and may not be generated. As a result, An AS may receive such a prefix which is advertised by the provider AS and contains the sub-prefix that has been allocated to the customer AS. So, only BGP update and ASPA cannot generate a complete allowlist on the customer interface. Only when all customer ASes register all prefix in RKPI, BAR-SAV is accurate. Therefore, the deployment of BAR-SAV should be a process that starts at the edge of the Internet. 

I suggest that section 5 should add the analysis of BGP route aggregation and section 6.5 should add some related guidelines.

-----Original Message-----
From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Wednesday, September 13, 2023 5:34 AM
To: i-d-announce@ietf.org
Cc: sidrops@ietf.org
Subject: [Sidrops] I-D Action: draft-ietf-sidrops-bar-sav-02.txt

Internet-Draft draft-ietf-sidrops-bar-sav-02.txt is now available. It is a work item of the SIDR Operations (SIDROPS) WG of the IETF.

   Title:   Source Address Validation Using BGP UPDATEs, ASPA, and ROA (BAR-SAV)
   Authors: Kotikalapudi Sriram
            Igor Lubashev
            Doug Montgomery
   Name:    draft-ietf-sidrops-bar-sav-02.txt
   Pages:   15
   Dates:   2023-09-12

Abstract:

   Designing an efficient source address validation (SAV) filter
   requires minimizing false positives (i.e., avoiding blocking
   legitimate traffic) while maintaining directionality (see RFC8704).
   This document advances the technology for SAV filter design through a
   method that makes use of BGP UPDATE messages, Autonomous System
   Provider Authorization (ASPA), and Route Origin Authorization (ROA).
   The proposed method's name is abbreviated as BAR-SAV.  BAR-SAV can be
   used by network operators to derive more robust SAV filters and thus
   improve network resilience.  This document updates RFC8704.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-bar-sav/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-sidrops-bar-sav-02.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-sidrops-bar-sav-02

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email