Hi Brian, Brian Dickson wrote on 24/05/2018 01:40: > * Are there limitations on the semantics of as-sets, that prevent the > generation of filters that can stop all classes of route-leaks?
IMHO, the answer is maybe. As far as I understand the draft facilitates generation of prefix filters and does not validate the relationships. If everyone in the cone has constructed their policy correctly, leaks won't happen. But as far as I can see nothing will prevent a downstream to include their peer-AS's cone in their own. I think the prevention of leaks is addressed in a different specification. > The "cone" draft allows an AS to assert the "customer-of" relationship > to its transit provider(s). It allows to assert the "Provider-for". The one you are referring to is https://datatracker.ietf.org/doc/draft-azimov-sidrops-aspa-verification Andrei
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
