Re: [GROW] [Sidrops] IXP Route Server question

2022-03-09 Thread Sriram, Kotikalapudi (Fed) 
Ben,

>I know of several transit providers that will allow customers to use an IXP as 
>a kind of virtual access circuit (which itself is a poor idea), but I would be 
>*very* surprised if any of them allow RS peerings to be the control plane 
>interconnection (intentionally, at least).

Good. Thanks for that insight. Consistent with what Nick and others observed.

>If the underlying question is "should the ASPA path validation algorithm have 
>a corner case that accommodates this?", that is a very, very firm "no" from me!

No. I didn't have that question or idea in mind.

But see a couple of other new questions I asked in my reply to Nick.

Thank you.

Sriram

___
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow

Re: [GROW] IXP Route Server question

2022-03-09 Thread Sriram, Kotikalapudi (Fed) 
Nick and all,

Thank you. What you all shared/discussed is very useful info.

>Almost all RS's are transparent these days.  Usually IXPs go to lengths to 
>ensure that the RS ASN doesn't appear in the AS path.

Good to know that. Well, that means there can be an occasional RS that is 
non-transparent. When there is a non-transparent RS, could there be big ISPs 
(Tier-1, Tier-2) present there as RS-clients?

The ASPA verification draft treats the relationship of RS to RS-client as 
similar to that of Provider to Customer. Seems reasonable? The AS of an RS 
client includes the RS's AS in its ASPA as a "Provider".

Sriram  

-Original Message-
From: Nick Hilliard  
Sent: Tuesday, March 8, 2022 4:28 PM
To: Sriram, Kotikalapudi (Fed) 
Cc: grow@ietf.org; sidr...@ietf.org
Subject: Re: [GROW] IXP Route Server question

Sriram, Kotikalapudi (Fed) wrote on 08/03/2022 19:36:
> This question has relevance to the ASPA method for route leak 
> detection.
> 
> Is it possible that an ISP AS A peers with a customer AS C via a 
> non-transparent IXP AS B?
> IOW, the AS path in routes propagated by the ISP A for customer C's 
> prefixes looks like this:  A B C.
> I.e., can the AS of a non-transparent IXP/RS appear in an AS path in 
> the middle between an ISP and its customer?

Almost all RS's are transparent these days.  Usually IXPs go to lengths to 
ensure that the RS ASN doesn't appear in the AS path.

Some organisations provide transit over IXPs, but it's a minority thing. 
It would be very peculiar if an organisation provided transit over an IXP via 
an RS.

Some organisations provide transit to ASNs over a direct physical connection 
while maintain peering with their customer over an IXP port. 
Usually this happens by accident, but occasionally it can happen by design.

The answer to your question is that it would be technically possible, but it 
would be so peculiar and stupid that it should be considered a mistake in the 
situations where it was intentional. In all other situations, it would be a 
leak.  Generally it would be safe to assume that this sort of configuration was 
in error.

Nick
___
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow

Re: [GROW] [Sidrops] IXP Route Server question

2022-03-09 Thread Randy Bush 
>> If the underlying question is "should the ASPA path validation
>> algorithm have a corner case that accommodates this?", that is a
>> very, very firm "no" from me!
> 
> aol

opologies, it seems i used an american idiom, and an antique one at
that.  a few folk were brave enough to ask, so ...

tl;dr: precursor of +1

long, and probably somewhat incorrect, answer in the spirit of trying to
keep net cultural history alive.  someone better at net cultural history
than i can probably point you to historical documents.

back in the '80s, there were two large walled gardens of dial-up users,
America Online (AOL) and CompuServe.  when the pressure of the
internet's success started forcing their gates, the first breach was
gateways to the usenet.

aol citizens were over enthusiastic eager beavers known for "meee tooo!"
so the first shorthand for "me too" became "aol."  i am not sure when
"+1" came in, but a decade or so later.  maybe folk had to learn to
count first.

along a similar vein, the precursor to the SWAT attack was having a
truckload of compuserve install cd-roms sent to someone's home.  i am
not sure it was actually done, or was just apocrypha.

randy

___
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow