Update to accommodate Jeff Haas's comment #40
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,7 +11,7 @@ | |
| <?rfc subcompact="no" ?> | ||
|
|
||
| <rfc category="std" | ||
| docName="draft-ietf-sidrops-aspa-verification-26" | ||
| submissionType="IETF" | ||
| consensus="true" | ||
| ipr="trust200902"> | ||
|
|
@@ -234,7 +234,7 @@ | |
|
|
||
| <section title="Principles" anchor="principles"> | ||
| <t> | ||
| Let the sequence COMPRESSED_AS_PATH = {AS(N), AS(N-1),..., AS(2), AS(1)} represent the AS_PATH after collapsing consecutive duplicate ASNs, where AS(1) is the origin AS, AS(N) is the most recently added AS (and a neighbor of the receiving/verifying AS), and no two consecutive ASNs are equal. | ||
| AS(N+1) represents the local (receiving/verifying) AS; it does not explicitly appear in the description of the AS_PATH verification procedures. | ||
| </t> | ||
| <t> | ||
|
|
@@ -477,6 +477,17 @@ authorized(AS x, AS y) = / Else, "Provider+" if the U-SPAS entry | |
| The AS operator MUST notify its customer ASes and advise them to update ASPA records to include both the globally configured ASN and the legacy ASN in their SPAS. | ||
| </t> | ||
| </section> | ||
| <section title="Partitioned AS" anchor="AS-part"> | ||
| <t> | ||
| In rare scenarios where an AS becomes internally partitioned, for example, due to a physical link failure, operators may temporarily onboard a pre-designated emergency transit provider to bridge the isolated segments. | ||
| To achieve this, the AS must override standard eBGP loop detection to accept its own routes via the emergency provider and it may propagate the routes (with loops) to its downstream customers. | ||
|
Collaborator
There was a problem hiding this comment. Is there an assumption that there is a specific provider between two parts of the same network? I have seen such a scenario before in the wild, and to my understanding, there may be multiple ASs in the middle. If loop detection is turned off or relaxed, they just accept their own routes from other sources. But the ASPA will also work in this case, no actions are needed except for registering providers, including emergency ones, and this was already stated in the document. I can work on the wording of this section, but do we really need it if there is no specific processing and second thoughts?
Contributor
There was a problem hiding this comment. There can definitely be more than one provider involved.
Contributor
Author
There was a problem hiding this comment. @mitradir @jhaas-pfrc
Collaborator
There was a problem hiding this comment. It may be still be a regular provider, or a backup provider, or ASA ASB ASC ASA, where ASB and ASC are both providers of ASA, it doesn't change the situation. And doesn't require any additional guidance in terms of ASPA registration process.
Contributor
There was a problem hiding this comment. The sole necessary guidance is "if you're going to use loops as a feature, ASPA can break it if you don't have the necessary objects registered". |
||
| This operational workaround results in an AS_PATH containing a non-consecutive AS loop as seen by the customers (where the partitioned AS's ASN appears twice, separated by the upstream providers). | ||
| The AS_PATH verification procedures (<xref target="verif"/>) work fine for such routes. | ||
| To ensure these routes remain globally reachable and are not flagged as ASPA-Invalid, operators must plan for these contingencies in advance. | ||
| Any backup or emergency upstream provider AS intended for partition recovery must be explicitly included in the customer AS's ASPA registration. | ||
| Pre-registering these emergency providers in the ASPA record ensures that the resulting paths pass verification even when emergency topology-bridging is active. | ||
| </t> | ||
| </section> | ||
|
|
||
| <section title="Logging" anchor="logging"> | ||
| <t> | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with the first change of the sentence, but the last part of the phrase looks like an overkill for me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps:
Let the sequence COMPRESSED_AS_PATH = {AS(N), AS(N-1),..., AS(2), AS(1)} represent the AS_PATH after removing consecutive duplicate ASNs, where AS(1) is the origin AS, AS(N) is the most recently added AS, and a neighbor of the receiving/verifying AS.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good for me