►
From YouTube: IETF108 SIDROPS 20200727 1300
Description
SIDROPS session at IETF108
2020/07/27 1300
A
B
C
A
Relatively
full
agenda
today,
I
think-
or
I
hope
that
the
presenters
are
all.
A
B
A
A
All
right,
I
can't
keep
track
of
the
the
presentation
and
the
chat
so
whatever
happens,
I
guess
somebody
should
speak
up.
One
of
the
chairs,
ideally.
A
A
A
C
A
A
Hey
chris,
if
you
share
an
application,
instead
of
your
whole
screen.
C
C
This
is
jeff
john
you'll
need
to
click
on
the
share
microphone
icon,
that
is
at
the
top
of
the
screen.
It's
the
microphone
that
has
the
little
hand
or
the
one
that
has
the
little
play
icon.
A
Okay,
let's
try
see
if
maybe
d
ma
wants
to
give
this
a
whirl
while
we
work
on
john's
connectivity,
ideally.
A
A
A
C
B
B
Okay,
so
shall
I
get
started,
please:
okay,
hi
folks,
today,
I'm
going
to
brief
a
draft
rpk
validated
cache
update
insulin
over
https,
which
can
be
called
rush
rush
for
short
during
ietf
singapore
meeting
last
year.
I
shared
this
idea
as
well
as
my
personal
implementation
practice
to
this
working
group,
and
also
my
intention
to
seek
is
civilization
and
the
version
there
there.
The
draft
was
therefore
submitted
in
last
december.
B
B
Yes,
here
is
my
considerations
as
for
the
way
of
formating
data,
we
prefer
to
facilitate
the
data
path
for
both
visualization
and
application
other
than
router
origin
validation,
as
well
as
to
take
advantage
of
slum
to
have
some
local
version
of
rpk
data,
and
then
we
choose
https
as
a
transport
at
the
end
of
the
day,
because
https
is
widely
supported,
it
is
with
security
enhancement
over
integrity,
protection
and
its
political.
Then
unit
independent,
well.
B
B
B
So
if
you
are
already
familiar
with
ifc
8416,
you
would
find
it
easy
to
do
a
cache
update
by
using
some
filters
and
slim
assertions
which
are
responsible
for
deleting
and
adding
rpki
vanity
cache
items
respectively.
So
that's
the
reason
why
we
use
json
to
format
a
cache
data
alignment
with
a
file.
B
Moving
along
to
this
slide,
I
would
like
to
reiterate
why
we
employ
https
as
a
transport
rtr
is
over
there.
We
know
why
bother
to
do
this,
I'm
justified
what
is
all
about
our
motivation.
B
Rtr
is
designed
exclusively
for
providing
rpk
cache
for
routers,
so
its
video
is
bound
to
its
transport,
which
is
which
is
difficult
to
add
extension
to
support
these
vanity
cache
synchronization
management
well
like
the
dns
pdu,
is
bound
to
the
dns
transport.
So
it's
hard
to
do
some
extension
to
add
to
dns
okay.
Well,
I
see
something
like
similarity
and
second,
the
binary
data
unit
cannot
be
passed
by
application
which,
by
the
way,
don't
support
rtr
generally,
I
mean
maybe
in
the
in
the
coming
future.
We
we.
B
We
would
like
to
use
the
vanity
cache
for
the
of
their
applications.
B
Https
is
widely
deployed
and
the
data
format
independent,
as
I
mentioned,
and
our
rpi
advantage.
Cache
server
just
needs
one
api
to
do
both
synchronization
and
local
control,
since
the
json
is
employed
by
a
slump
file
which,
by
the
way,
is
specified
in
rfc
8416
to
override
the
global
rpk
data.
Okay,
so
I
mean,
if
you,
if
we
use
rush,
we
can
use
one
just
one
api
to
do
both
synchronization
and
local
control.
B
We
make
a
separate
section
of
rush
use
cases
in
this
version
of
version.
1
help
people
to
figure
out
in
which
circumstances
russia
can
be
employed
to
transfer
rpk
value
into
cash,
and
we
also
have
got
three
cassie
so
far
and
we
look
forward
to
seeing
more
as
we
pursue
is
standardization
if
this
working
group
would
adopt
it
is
the
case,
why
would
be
the
cash
distribution?
B
The
rush
can
be
used
to
distribute
rpk,
even
the
cash
within
a
single
yes
or
network,
and
a
small
site
or
the
enterprise
network
may
also
use
rush
by
synchronizing
with
a
third-party
rpk
cache
provider
over
external
networks,
as
I
mentioned
at
the
very
beginning
of
this
speech,
use
case
two,
we
can
use
rush
to
do
local
control
networks.
B
B
Last
one
is
about
the
es0
information
so
not
a
long
ago.
Well,
I
guess,
as
far
as
I
know,
in
the
ripe
community
or
some
discussions
on
how
to
use
salem
file
to
deliver.
Yes,
their
information
has
been
discussed
and
the
the
ir
needs
to
publish
assertions
with
origin
as0
for
all
the
unlocated
and
unsigned
address
space
for
which
is
for
which
it
is
a
current
administrator.
B
So
rush
is
able
to
deliver
such
assertions
to
rp
cavalry
line
parties
if
so,
called
es000
file
would
be
generated
by
ir,
such
as
epidemic
or
ripe.
Well,
I
see
the
proposal
has
been
withdrawn
by
the
order
in
the
right
community.
B
B
B
Rush
merely
focus
on
standardized
transport
and
the
data
format
of
the
rpk
cache
data.
So
all
we
need
to
do
is
to
make
a
registration
of
the
application.
Slash,
json,
solar
media
type
from
hyena
and
rush
has
nothing
to
do
with
synchronization.
Under
the
rush
and
system.
B
B
Where
the
push
or
pull
we
used
for
cache
synchronization
or
how
to
do
resin
correlation
and
access
control,
well,
which,
by
the
way,
is
kind
of
kind
of
different.
From
what
I
mentioned
in
last
itf
meeting
held
in
singapore,
when
I
shared
the
detail,
the
with
our
implementation
of
rush,
so
next
slide.
B
B
B
Okay,
that's
all
about
what
I'm
going
to
talk
about
rush
so
far
and
I
hope
it
could
be
adopted
as
a
working
group
item.
So
thank
you.
Any
questions.
E
C
E
A
A
D
It
seems
to
dance
around
the
meat
of
the
issue
and
specifically
in
the
case
of
rar,
our
member,
that's
crossing
trust
boundaries,
and
I
do
not
believe
that
that
should
be
done
without
object
security.
So
I
think
the
es0
origination
thing
is
is
a
bit
of
a
red
herring.
It
is
not
a
great
use
face.
A
I
think
we're
out
of
time
for
for
these
slides.
I
think,
if
there's
real
questions
here,
we
should
provide
them
on
the
list.
We
can
certainly
have
an
interim
if
we
run
out
of
time
here
or
need
in
the
next
bit
in
three
or
four
weeks.
We
can
have
an
intermediate
to
discuss
this
or
other
topics,
so
why
don't
we
try.
A
A
A
H
Yes,
yes,
wonderful,
okay,
I
had
some.
My
internet
went
down
this
morning.
So
had
some
problems.
Okay,
so
today
I'm
talking
about
giving
an
update
about
the
signaling
bgb,
seg
validation
state
next
slide.
Please.
H
So
during
last
presentation
we
basically
proposed
to
combine
rpk
origin
validation
and
b2b
seg
path,
validation
into
the
same
attribute,
as
was
discussed
during
the
adoption
call,
but
then,
when
we
presented
it
on
iitf
106
in
singapore,
we
had
some
interesting
discussions
and
heard
some
concerns
regarding
backwatch
compatibility
and
other
issues
and
were
asked
to
basically
undo
this
step.
H
So
what
we
did,
we
basically
removed
the
proposed
modifications
to
rfc
8097
and
we
therefore,
we
removed
all
the
origin
validation
state
so
that
at
the
current
in
the
current
state,
it's
basically
just
bgb
sec,
origin
validation.
H
H
We
have,
it
looks
pretty
much
the
same
like
the
origin,
validation,
rfc,
90
1897
attribute,
except
that
here
the
validation
state
as
a
b2b
sec,
validation,
state,
and
so
the
only
thing
there.
What
we
need
to
have
done
is
we
would
need
the
the
ti
added.
The
b2b,
exec
path,
validation,
state
community
by
ayana
into
the
registry.
Next
slide,
please,
so
the
validation
states
are
unverified
for
zero.
H
H
What
we
basically
added
into
the
draft
is
that
the
router
is
only
or
if
the
router
did
not
perform
the
bgp
seg
path,
validation
on
its
own
then-
and
it
sends
this
attribute
to
its
peer.
Then
it
must
set
the
validation
state
to
unverified.
H
So
what
this
means
is
basically,
then,
if,
for
example,
a
particular
router
receives
a
validation
state
via
this
attribute,
let's
say
it's
valid
and
it
does
not
perform
its
own
validation
state.
Then
it
must,
if
it
forwards
this
update,
then
it
must
add
the
validation
state
unverified
rather
than
the
receive
validation
state
valid,
and
with
this
we
basically
make
sure
that
the
attribute
stays
non-transitive
next
slide.
H
Please,
regarding
the
peer
signaling,
we
have
wording
in
there.
That
says
basically
that
each
implementation
must
provide
configuration
switches
for
that
to
enable
or
disable
the
receiving
of
these
attribute
on
a
per
peer
basis
that
should
be
by
default,
enabled
on
ibgp
sessions
and
disabled
on
ebgp
sessions.
Next
slide,
please
error
handling.
We
decided
to
one
actually.
That
was,
I
think,
since
all
the
time
in
there
that,
if
I
receive
more
than
one
of
these
attributes,
then
the
complete
attribute
has
to
be
discarded.
H
I
think
it
is
next
slide.
D
Of
two
minds
whether
things
should
be
enabled
by
default
on
ibgp
sessions,
because
we
noticed
with
the
hp
origin
validation,
extended
communities
that
exist
today,
that
some
implementations
made
assumptions
about
whether
that
community
would
be
present
or
not.
Ben
madison
may
be
able
to
highlight
the
exact
details
of
what
the
problematic
situation
was,
but
yeah.
I
would
be
worried
about
enabling
things
by
default
across
all
http
implementations,.
H
That's
fine,
we
can
we
can.
We
can
certainly
think
of
having
this
by
default,
all
disabled
and
then
having
the
operator.
The
the
more
the
more
important
part
for
us
is
that
the
operator
should
should
have
the
capability
of
configuring,
the
enabling
or
disabling
of
the
attribute
on
the
purple
basis
that
that
is
the
most
important
part.
For
me,
we
just
were
thinking
because
it
makes
extremely
good
sense
to
have
it
on
ibgp
sessions
on.
H
D
I
Can
you
hear
me
yep
yep
super,
I
think
when
you
oliver
say
attribute
discard
you
mean
a
specific
community
and
you
don't
mean
to
drop
all
the
communities
extended.
No.
I
Right
so
attribute
discard.
Typically,
if
I
recall
correctly
drops
the
entire
attribute,
you
want
to
have
some
text
that
specifically
references
in
context
of
this
specific
extended
community
and
not
the
others.
That's
the
only
feedback
I
have.
Thank
you.
Okay,
thank
you.
So.
F
F
Ben
here,
can
you
hear
me?
Okay,
yes,
yep,
so
just
to
follow
up
on
the
point.
Job
was
making
the
particular
issue
that
we
came
across
when
we
were
rolling
out.
Origin
validation
was
that
the
receiving
side
in
one
implementation
makes
assumptions
about
what
the
absence
of
an
extended
community
means,
and
in
that
case
it
was
treating
anything
that
it
received
from
an
ibgp
peer
without
an
8097
community
as
valid,
which
is
obviously
which.
H
H
So
so,
for
example,
you
could
have
an
implementation
that
allows
you
to
specify
default
validation,
states,
whatever
this
validation
state
is,
and
it
allows
it
to
the
operator.
H
F
H
Yeah,
I
definitely
will
go
back
to
that
and
think
about
how
we
can
add
that.
H
I
don't
I
don't
know
yet,
and
I
wanna
maybe
have
this
discussion
a
little
bit
further
offline
with
my
co-authors
and
everyone
who
wants
to
join.
If,
if
that
should
be
unverified,
I
mean
normally,
I
mean
we
don't
need
to
make
a
big
deal
out
of
it.
You
know
but
yeah.
So
at
least
there
has
to
be
a
must,
not
assume
any
validation,
state
whatsoever.
H
G
Okay,
thanks.
Can
you
hear
me?
Yes?
Oh
thank
you,
okay,
so
this
talk
is
about
as
hijack
detection
and
mitigation
on
next
slide.
Please.
G
So
recently,
like
in
june
and
july,
there
was
an
anop
thread
discussing
as
hijacking
real
incidents
happening
in
the
internet,
and
there
were
questions
about
what
operators
can
potentially
do
to
prevent
hijacking
if
they
have
a
responsibility
to
do
so.
That
motivated
us
to
think
about
possible
prevention
mechanisms
for
as
hijacking
as
hijacking
the
definition
is
as
hijacking
occurs
when
one
as
uses
another
ass
number
as
the
origin
asn
in
a
bgp
announcement,
it
could
be
accidental
or
it
could
be
malicious.
G
The
prefix
in
the
announcement
may
sometimes
belong
to
the
hijacker.
The
hijacker
in
that
in
this
case,
is
an
as
and
it
the
prefix
could
be
one
that
normally
originates
from
the
hijackers
as
but
more
often
or
most
most
likely.
The
hijack
hijacker
is
actually
hijacking
this
as
and
also
hijacking
a
third
party
prefix
next
slide.
Please.
G
So
rpki
route,
origin
validation,
is
not
sufficient
to
mitigate
as
hijacking.
This
slide
demonstrates
that
as1,
who
is
concerned
about
hijacking
of
his
as
number,
has
created
all
the
rovers
that
that
are
necessary
for
the
prefixes
that
that
it
originates
and
three
is
doing
validation.
Two
is
it
passes?
G
The
update
passes
through
two
to
go
to
three
three
is
doing
rpki
origin
validation
of
four
is
a
hijacker
is
hijacker
in
this
case
and
he's
hijacking
as1
and
announcing
a
queue,
prefix
queue,
which
is
a
third
craft
party
prefix,
and
it
doesn't
have
a
rover.
So
three
basically
determines
that
q
hat
q
is
not
found
according
to
rpki
ov,
and
therefore
q
could
accept
a
three
could
accept
the
prefix
queue
and
propagate
it.
G
So,
as
hijacking
is
successful
in
spite
of
rpki
origin
validation
next
slide,
so
we
propose
a
a
method
in
which
we
propose
to
create
a
new
rpki
object,
called
reap
and
reap
is
used
for
as
hijack
detection
and
mitigation
reap
stands
for,
rovas
exists
for
all
prefixes
rpki
object.
It's
an
rpki
object
that
is
digitally
signed
by
nas,
the,
as
is
asserting
that
the
rows
exist
for
all
prefixes
that
are
originated
by
it.
G
G
So
this
slide
demonstrates
the
reap
concept
and
also
it.
It
asserts
that
the
benefit
of
reap
accrues
right
away
for
the
for
the
ass
that
are
that
have
adopted
it.
G
So
so
the
fourth
for
the
in
this
picture.
Let
let's
talk
yeah,
let's
talk
through
this
example.
As1
basically
has
created
robots
for
all
prefixes
that
originate
either.
The
prefix
owners
have
created
it
or
as1
owns
some
of
those
prefixes
all
rovers
exist.
It
creates
a
deep
object
in
rpki.
As3
is
validating,
two
is
not
participating
in
reap,
so
we
are
considering
a
partial
deployment
scenario.
G
Four
is
hijacking
as1
and
announces
a
third
party.
Prefix
q
are
two
three
and
three
basically
looks
at
the
first.
Does
the
rpk
iov
determines
that
q
is
not
found,
but
when
it
looks
at
the
origin
s
with
in
the
route
for
q,
it
sees
a
s1
and
it
says
oh
as1
has
reap.
Therefore,
it
changes
the
not
found
to
invalid
validation
and
that's
how
it
detects
the
as
hijack
next
slide.
Please.
G
So
the
idea
in
the
previous
slide
was
that
reap
is
robust
to
a
robust,
impartial
deployment
scenarios,
the
ais
that
wants
as
hijack
prevention
and
the
as
that
is
doing
reap
they
both
benefit
immediately,
even
though
no
other
ass
are
participating.
G
Here,
we
are
talking
about
other
mechanisms
that
do
as
hijack
detection
prevention,
bgp
set.
Does
it
because
it
requires
path,
signatures
and
that
prevents
as
hijacks.
But
adoption
is
a
question
mark
when
aspa
was.
It
was
designed
for
route
detection
and
mitigation,
but
it
has.
It
also:
has
the
side
benefit
that
that
it
can
also
prevent
as
hijacks?
However,
in
partial
deployment,
it
is
not
robust
like
repeats.
So,
as
we
show
in
this,
two
in
the
middle
is
not
doing
aspa,
one
is
doing
it.
G
Three
is
doing
it.
Four
can
do
a
cut
and
paste
attack
and
be
successful
either
with
a
third-party
prefix
like
queue
or
or
it
could
even
be
successful
with
a
prefix.
A
sub
prefix
of
as1
originated
by
as1
like
the
slash
23..
G
So
again,
the
point
is
that
aspa
is
capable
of
airs
hijacked
detection,
but
in
a
scenario
when
there
is
partial
deployment
in
this
picture,
there
can
be
other
parts
from
one
two
three,
but
those
other
parts
can
make
may
be
feeding
less
specific
rather
than
the
more
specific.
So
so
partial
deployment
is
something
that
is
an
issue
with
aspa,
at
least
for
as
hijack
detection.
But
reit
is
robust
in
partial
deployment
scenarios
next
slide.
G
A
G
Mind
it's
I'm
done.
The
last
ride
is
only
a
summary
and
it's
not
necessary.
So
john,
can
you
can
go
ahead.
A
I
think
john
john
bailed
out
on
the
presentation.
So,
let's
see.
G
G
G
J
Some
people
are
making
a
major
argument
about.
If
a
ca
fails,
everything
will
be
fine
because
well,
okay,
it
means
essentially
that
route
origin
validation
goes
into
unknown
state.
J
We
have
to
expect
that
the
cas
and
the
related
three
segments
for
the
as
and
the
addresses
actually
are
different
and
if
you
have
a
failure
of
the
address,
ca
kind
of
reap
will
essentially,
if,
if
a
reap.
J
End
as
object
is
in
the,
as
ca
will
essentially
invalidate
all
of
the
as
announcements.
J
And
that's
at
least
something
that
has
to
go
into
the
security
into
the
securities
considerations,
because
it
is
certainly
a
point
of
attack.
G
G
The
thinking
we
had
on
our
mind
was
that
if
one
type
of
rpgi
object
like
rova
is
not
available,
then
potentially
reap
is
not
also
available
and
and
things
and
it
will
remain
in
not
found
state
rather
than
go
to
invalid,
but
certainly
your
point
is
well
taken
and
we
can
include
that
in
the
security
considerations
section.
Thank
you.
A
J
Thank
you
and
let
me
just
add
the
remark
that
I
think
there
has
not
been
a
lot
of
discussion
about
how
the
cas
for
a
s
number
space
and
address
number
address.
Space
should
be
related,
but
I
think
it
makes
a
lot
of
sense
to
cons
to
expect
that
cas,
for
both
spaces
in
many
cases
will
be
different.
E
Only
with
the
biggest
isps
the
schroeder
points
out
a
serious
problem,
but
he
attributes
it
to
ca
failure.
It
is
also
our
p
failure.
Rp
does
not
reliably
fetch
from
row
a
publisher
but
fetches
from
the
publisher
of
whatever
this
object
is,
I
forget
the
name
already
and
disaster
happens.
E
This
is
significantly
common.
If
john
had
managed
to
give
his
presentation-
and
I
believe
the
risk
is
sufficient-
that
I
cannot
in
any
way
support
this
proposal.
A
Okay,
you
don't
support
it
today,
because
there
are
rp
problems
and
potentially
ca
problems
if
the
rp
can
be
significantly
rp
set
can
be
significantly
cleaned
up
so
that
they
understand
this
failure
mode
and
deal
with
it
appropriately.
E
But
essentially,
but
essentially
relying
parties
are
not
overly
reliable
and.
E
I
don't
think
I
don't
think
that
going
down
that
path
is
going
to
be
a
success
path.
I
think.
Yes,
we
have
to
clean
up
relying
parties,
but
I
believe
we're
looking
at
years.
G
So
chris,
thank
you
for
your
response
to
randy's
question.
Only
other
thing
I
want
to
mention
is
that
this
reap
object
is
something
that
is
signed
by
the
as
owner,
and
that
is
same
as
the
aspa
object.
So
whatever
considerations
apply
to
aspa
also
apply
to
reap,
and
we
can
discuss
that
further.
D
D
D
G
Yeah
the
nano
discussion
has
dictated,
I
mean
I
don't
know
if
you
followed
the
nano
discussion.
That
seems
to
say
that
it
is
a
concern
if-
and
it
also
discussed
if
as
operators
have
a
responsibility
to
try
to
prevent
as
hijacks.
A
Okay,
I
think
we
are
over
time
by
a
little
bit.
If
I
think,
if
there's
more
discussion
for
this
or
the
other
topics,
we
should
definitely
have
that
on
the
list
sooner
rather
than
later.
So
we
don't
forget,
and
if
there's
interest
or
or
need
for
an
interim
meeting
to
talk
about
this
or
other
topics
that
would
be
terrific
to
hear
on
the
list
as.