I support Jeff's proposal for matching the "first AS after AS_SET" with the
[AS4_]AGGREGATOR attribute. If I understand correctly, the suggestion is to
follow the below algorithm for deriving origin_as:
1. origin_as = rightmost AS in the final AS_SEQUENCE of the AS_PATH attribute
2. If the UPDATE carries [AS4_]AGGREGATOR and AS_SET attributes
if (first AS after AS_SET == AS encoded in [AS4_]AGGREGATOR), then
origin_as = first AS after AS_SET
else
origin_as = NONE
Sriram, a quick question on your enumeration tree: the right hand side in the
tree
starts with "No AS_SET", but later you have nodes that say "Matches the first AS
after AS_SET"... What does that mean? Also, IMO, the attack vector you mention
in the slides are more related to path validation than origin validation.
- Pradosh
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
