Hi Jakob,
>To be clear, I'm talking about BGP devices that do not insert their ASN into
>the AS path.
Even if you assume that all route servers are transparent, what would you like
to propose to solve the following problem?
AS1 (RS Client) -----> AS2 (RS) -----> AS3 (RS Client) ---p2p (lateral peer)
---> AS4 (validating AS)
The arrows indicate the direction of the flow of the Update. Let us say that
the RS is transparent.
AS4 is the receiving/validating AS. The AS path is {AS3 AS1}. Do you agree this
is a route leak as seen at AS4? The question is how will AS4 detect it? What
ASPAs should be in place?
Suppose the RS-clients (i.e., AS1 and AS3) have ASPAs each attesting the RS's
AS (i.e., AS2) as a provider. That is all that it takes for AS4 to be able to
detect the leak.
Is there another way? Do we assume that AS1 and AS3 have some other ISP
provider(s) for which they have ASPA attestation?
In this solution, AS4 does not have to know anything about the presence of an
RS, etc.
This solution works fine even if the RS happens to be non-transparent.
In an earlier related thread,
https://mailarchive.ietf.org/arch/browse/sidrops/?gbt=1&index=I2a05YrOEYrRRdEg1ZHOOln6BCw
Nick Hillard and Rob Mosher left the door slightly open for a possibility that
there might be a rare RS out there that is non-transparent.
Sriram
_______________________________________________
GROW mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/grow
