WG CHair Hat Off
Yes, I agree that there are some potential issues in correct
interpretation if there are combinations of ROAs where there is
implicit negation associated with the ROA. This should be basic 3
dimensional set work (prefix, AS, yes/no) and I think that the result
is always deterministic for any collection of ROAs, but that does not
make it always trivial to construct a desired origination policy. But
as ROAs are only a positive assertion then this is probably a moot
point.
Geoff
On 19/11/2008, at 3:45 AM, [EMAIL PROTECTED] wrote:
Thanks.
"ROA as only a positive assertion" as you have stated is good.
If we do modify ROA format to include "ASx and only ASx" to advertise
a route object for a prefix, it appears correctly acceptable that
I as the owner of 10.0.0.0/8 can still issue these two ROAs:
ROA#1: Prefix = 10.0.0.0/8; origin = AS1 and only AS1; maxlength = 12
ROA#2: Prefix = 10.1.0.0/16; origin = AS2 and only AS2; maxlength = 24
ROA users have to be careful in their implementation
not to "disregard" the second ROA based on the first.
If they go with "ROA as only a positive assertion"
then there should be no problem in the implementation.
Sriram
Quoting "Geoff Huston" <[EMAIL PROTECTED]>:
WG Chair Hat _off_
On 18/11/2008, at 10:39 AM, [EMAIL PROTECTED] wrote:
Geoff Huston wrote:
"I give my authority for AS1 and only AS1 to advertise a route
object for 10.1.0.0/16"
Does the ROA format already permit this
It is my understanding that the ROA, as defined today, does NOT
permit this - i.e. the presence of a ROA does not in and of itself
do the negation of the ROA. i.e. a ROA does not explicitly state
"and everything else is invalid"
or would it require a modification?
I believe it requires a modification - either a modification to the
ROA to say "and invalidate all others" or via a BOA to state "and
invalidate all others"
If you allow this, what about a subprefix,say, 10.1.0.0/24?
I assume that you are talking about a ROA for 10.0.0.0/8 with a
maximum length=8. Again I would say that the ROA as it stands does
not invalidate other route objects.
Would that be precluded from having a ROA with a different AS?
Again my interpretation is that a ROA is a positive assertion and
not a negative assertion about all other possible route objects. If
you want to extend this then the choices are either to extend the
semantics of the ROA, either implicitly or explicitly, or introduce
a new object, other the AS0 concept, or the explicit negation
concept of the BOA draft. The BOA concept makes this negations
explicit.
Geoff
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
