Re: adjust bgpd aspa-set format

Fri, 20 Jan 2023 07:06:54 -0800 

On Fri, Jan 20, 2023 at 03:38:45PM +0100, Claudio Jeker wrote:
> This diff removes the extra "allow" from the aspa-set provider-set element
> spec. The allow is not needed and confuses more than it helps.
> 
> This change adjusts the parser, printconf, rpki-client and the regress
> tests. Job and I decided that the filters will use avs (ASPA validation
> state) as keyword, so adjust that as well.
> 
> Also try to document the aspa-set in bgpd.conf.5

ok

> Index: usr.sbin/bgpd/bgpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v
> retrieving revision 1.228
> diff -u -p -r1.228 bgpd.conf.5
> --- usr.sbin/bgpd/bgpd.conf.5 4 Jan 2023 14:33:30 -0000       1.228
> +++ usr.sbin/bgpd/bgpd.conf.5 20 Jan 2023 14:30:27 -0000
> @@ -426,12 +426,16 @@ may be defined, against which
>  will validate the origin of each prefix.
>  The
>  .Ic roa-set
> -is merged with the tables received via
> +and

I would use "and the"

> +.Ic aspa-set
> +are merged with the corresponding tables received via
>  .Ic rtr
>  sessions.
>  .Pp
>  A set definition can span multiple lines, and an optional comma is allowed
>  between elements.
> +The same set can be defined more than once, in this case the definitions are
> +merged into one common set.
>  .Pp
>  .Bl -tag -width Ds -compact
>  .It Xo
> @@ -443,6 +447,30 @@ An
>  stores AS numbers, and can be used with the AS specific parameter in
>  .Sx FILTER
>  rules.
> +.Pp
> +.It Xo
> +.Ic aspa-set
> +.Ic { Ic customer-as Ar as-number
> +.Op Ic expires Ar seconds
> +.Ic provider-as Ic { Ar as-number
> +.Op Ic inet Ns | Ns Ic inet6
> +.Ic ... Ic } ... Ic }
> +.Xc
> +The
> +.Ic aspa-set
> +holds a collection of
> +.Em Validated ASPA Payloads Pq VAPs .
> +Each as AS_PATH received from an eBGP peer is checked against the
> +.Ic aspa-set ,
> +and the ASAP Validation State (AVS) is set.

ASPA

> +.Ic expires
> +can be set to the seconds since Epoch until when this VAP is valid.
> +.Bd -literal -offset indent
> +roa-set {
> +     customer-as 64511 provider-as { 64496 65496 }
> +     customer-as 64496 provider-as { 65496 64544 }
> +}
> +.Ed
>  .Pp
>  .It Xo
>  .Ic origin-set Ar name

Reply via email to