Hello Maria!
Correct! The AS_PATH_SET's are being depreciated. In the meantime they
are slipping into the algorithm which they should not be.
The bird code correctly checks for the confed but skips the ckeck for
the non-confed sets.
Below is what I proposed adding:
enum aspa_result aspa_check(rtable *tab, const adata *path, bool
force_upstream)
{
struct lp_state lps;
lp_save(tmp_linpool, &lps);
/* No support for confed paths */
if (as_path_contains_confed(path))
return ASPA_INVALID;
/* No support for as sets */
if (as_path_contains_set(path)) <--- missing in 2.16
return ASPA_INVALID;
/* Check path length */
uint len = as_path_getlen(path);
if (len == 0)
return ASPA_INVALID;
Thanks!
Ralph Covelli
Network Engineer
Hurricane Electric / AS6939
On 1/9/2025 9:35 AM, Maria Matejka via Bird-users wrote:
Hello Ralph,
I talked to Job. It looks like they have no interest in
easing the transition for stragglers who are still announcing
AS_SETs in their AS_PATHs.
All AS_SETs should result in ASPA_INVALID.
I also just learned the Dutch have a saying… “soft doctors
make wounds stink”.
At one point it seems like there was a helper function already
written for this that has been lost in time. It used to be right
next to as_path_contains_confed() in the code.
Maybe its time to bring it back? :-)
Well, maybe as a method for an AS Path in filters, to allow people
reject and log these paths.
Definitely not to be used in the ASPA check. With that, we are on the
same page as Job. Also, there is an upcoming RFC draft banning AS_SETs
altogether, and we are very much looking forward to implementing it.
https://datatracker.ietf.org/doc/draft-ietf-idr-deprecate-as-set-confed-set/
<https://datatracker.ietf.org/doc/draft-ietf-idr-deprecate-as-set-confed-set/>
Thank you for your understanding.
Maria
–
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
