Hi Alexander, I think that SHOULD is strong enough to justify the behaviour as part of aspa validation.
Certainly the side effect wrt AS_SETs should be called out in operational considerations. Cheers, Ben ________________________________ From: GROW <[email protected]> on behalf of Alexander Azimov <[email protected]> Sent: Tuesday, July 26, 2022 9:14:36 AM To: Sriram, Kotikalapudi (Fed) <[email protected]> Cc: [email protected] <[email protected]>; [email protected] <[email protected]>; GROW WG <[email protected]> Subject: Re: [GROW] [Sidrops] Any credence to AS_SET in the *middle* between AS_SEQUENCEs? Hi all, The current version of the draft follows the wording from draft-ietf-idr-deprecate-as-set-confed-set BGP speakers conforming to this document (i.e., conformant BGP speakers) MUST NOT locally generate BGP UPDATE messages containing AS_SET or AS_CONFED_SET. Conformant BGP speakers SHOULD NOT send BGP UPDATE messages containing AS_SET or AS_CONFED_SET. Upon receipt of such messages, conformant BGP speakers SHOULD use the "Treat-as- withdraw" error handling behavior as per [RFC7606<https://datatracker.ietf.org/doc/html/rfc7606>]. As you can see, it uses 'SHOULD'. And this was the reason to have an additional 'Unverifiable' state, because the 'Invalid' routes MUST be rejected. If the WG agrees to change normalative language from 'SHOULD' to 'MUST', the ASPA document will follow. вс, 24 июл. 2022 г. в 11:53, Sriram, Kotikalapudi (Fed) <[email protected]<mailto:[email protected]>>: I think we can conclude that the outcome of the discussions in this thread is to make the following change in ASPA-based AS path verification: If an AS_PATH has one or more AS_SETs in any position, mark it as Invalid. At least four (perhaps all five) of us who participated in the discussion support this change. Thanks. Sriram -- Best regards, Alexander Azimov
_______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
