Hans Bakker - 2025-10-22 11:00:39
Hi everyone, I'm Hans Bakker from the RIPE NCC. This chat panel is meant for discussion ONLY. If you have questions for the speaker and you want the session chair to read them out, please write them in the Q&A window, also stating your affiliation. Otherwise, you can ask questions using the microphone icon.
Hans Bakker - 2025-10-22 11:01:00
Please note that all chat transcripts will be archived and made available to the public at https://ripe91.ripe.net/. The RIPE Code of Conduct: https://www.ripe.net/publications/docs/ripe-766/.
Geoff Huston - 2025-10-22 11:33:52
What with ASPA happens if you are my provider in IPv4 and I am your provider in IPv6? (Yes, its a corner case!)
Sebastian Becker - 2025-10-22 11:34:27
Can you put that to Q&A?
Shane Kerr - 2025-10-22 11:49:40
I find the comments at the microphone confusing. "Here are a bunch of cases where ASPA will totally fail and make the world broken in new and exciting ways. Thanks for doing this!" ๐
Geoff Huston - 2025-10-22 11:51:44
I too am confused SHane - ASPA is a wierd mix of topology and p[olicy and the assumption that ASes have a consistent routing policy for all their presixes in all contests is a very tenuous one. It would've been better for SIDR to have thrown this out and worked on seperrate objects for inter-AS TOPOLOGY AND INTER-AS policy, but thjat is water that has passed under the bridge and well into the ocean, so the ASPA stuff is just flawed and we can't fix it. sigh
Geoff Huston - 2025-10-22 11:52:25
And yes, thanks for doing this!
Marcus Gerdon - 2025-10-22 11:53:47
I dont get how lateral peers are not providers. As soon as there is an asn behind the direct peer, those downstream asn's perspective sees a provider/client relationship. So imho "not provider" for peering works only between stub asn, doesnt it?
Dirk Meyer - 2025-10-22 11:57:44
IRR should list providers with policy any
Tim Bruijnzeels - 2025-10-22 12:01:38
As I understand it the ASPA designers decided to allow lateral peers that are "Not Provider" because: 1) adding all those peers as providers would not scale 2) that way those lateral peers would be allowed to act as your provider, so they could leak and it would be okay by ASPA
Geoff Huston - 2025-10-22 12:05:02
My point was that the ASPA is a camel. If you want a mechanism that allows you to check parts of an AS Path against "known" AS peerings then you need some form of topology object where an AS says: Here are ALL my eBGP neighbours". If you want some kind of up/down policy indicator to detect route leaks then you need to do precisely that. But ASPAs are not exactly that either. So its not that good in confirming the "correctness" of AS Path segments and not that good at detecting all form of policy-based leaks. Im sure if must be good for something but for the life of me I just can't figure out what that might be!
Geoff Huston - 2025-10-22 12:07:10
But its nice work to put ASPA in the RIPE RPKI UI - nicely done. I'm just not sure where, ultimately, it is a clear value proposition. I suspect this is why this work has been a draft for years and years and years!
Marcus Gerdon - 2025-10-22 12:07:29
Thx for the replies. Trying to wrap my head around I'm only getting more confused right now. Guess I need to look up more details first. ๐คจ
Marcus Gerdon - 2025-10-22 12:23:40
Yeah, customers running an asn SHOULD know how to select their paths... ๐
Hans Bakker - 2025-10-22 12:28:55
This session has now ended. Remember to vote for your favourite presentations by Monday, 27 October! Log in to your RIPE NCC Access account on the RIPE 91 website and visit the session pages. If you are logged in, you will see an icon next to a presentation to rate it.
Hans Bakker - 2025-10-22 12:29:08
The next sessions is RIPE NCC Services and it will start at 14:00. More info on the RIPE 91 meeting plan: https://ripe91.ripe.net/programme/meeting-plan/