On Nov 24, 2008, at 4:50 PM, Geoff Huston wrote:
So if I understand you correctly you are advocating that a ROA has
an explicit semantic intention of "deny everything else"
could you explain the precise semantics of a ROA for 10.0.0.0/8
maxlength = 9, origin AS1 as if would apply to an advertisement of
10.1.1.0/24 origin AS1 without any ROA, and to an advertisement of
10.1.1.0/24 origin AS2 without any ROA?
In an incremental deployment model an attestation as to the
authorized originator of a route accommodates the incremental
deployment model - if there's no ROA do what you want with
it - depref, tag, discard, whatever you want.
but hang on - you are not saying that Danny in your previous
paragraph - you are saying that in a deny everything else, the
presence of a ROA implicitly denies a class of other routes. I'm
very confused about what you are saying here as you seem to me to be
saying two different things at once.
In an incremental deployment model non-existence of a ROA should
mean an operator can do whatever they deem necessary. If it were
me, and there was a ROA for 10.0.0.0/8 origin AS 1, and I implemented
filtering (whatever that means) based on ROAs, and no other ROA
exists for anything equal to or longer than that 10.0.0.0/8 origin
AS 1, AS 1 would be the only AS from which I would accept that prefix
- I wouldn't accept ANY more-specifics from AS 1, and I certainly
wouldn't accept any route equal to or longer than 10.0.0.0/8 from
anyone else.
That'd be my incentive as an operator. A ROA exists, I trust it,
and I trust no one else. Then de-aggregation of that prefix or
route hijacks don't affect me for that prefix. If you don't have
a ROA for your prefix, I can't filter on it, from you or anyone
else. You want me to only accept it from you, see that it and any
associated ROAs exists and that'll be the only place I accept those
prefixes, with the explicit specified origin AS. That's my peers
incentive as an operator.
So, by your interpretation, yes. But that's me, and that's how I'd
configure my routers, and each operator can configure their routing
policy how they like in this regard.
Requiring full enumeration of who not to accept what from is only
going to induce lots of unnecessary overhead, in both policy
specification and policy application, AND certainly, churn, frequency,
and number of objects that need to be maintained in the system.
-danny
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
