<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="en-NL" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">I support the idea as well.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Kind Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;color:black">Stavros Konstantaras
</span><span style="font-size:10.5pt;color:#ED7D31">|</span><span style="font-size:10.5pt;color:black">
</span><span lang="EN-US" style="font-size:10.5pt;color:black">Sr. </span><span style="font-size:10.5pt;color:black">Network</span><span lang="EN-US" style="font-size:10.5pt;color:black"> Engineer</span><span lang="EN-US" style="font-size:10.5pt;color:#ED7D31">
</span><span style="font-size:10.5pt;color:#ED7D31">|</span><span style="font-size:10.5pt;color:black"> AMS-IX<br>
Frederiksplein 42, 1017 XN Amsterdam, The Netherlands<br>
M +31 (0) 6</span><span lang="EN-US" style="font-size:10.5pt;color:black">20 89 51 04</span><span style="font-size:10.5pt;color:black"><br>
</span><a href="http://ams-ix.net" title="http://ams-ix.net/"><span style="font-size:10.5pt">ams-ix.net</span></a><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">db-wg <db-wg-bounces@ripe.net> on behalf of Emil Palm via db-wg <db-wg@ripe.net><br>
<b>Reply to: </b>Emil Palm <emil@netnod.se><br>
<b>Date: </b>Wednesday, 16 November 2022 at 13:07<br>
<b>To: </b>"db-wg@ripe.net" <db-wg@ripe.net><br>
<b>Subject: </b>Re: [db-wg] proposal: disallow creation of new non-hierarchically named AS-SET objects<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal">Solution proposal<br>
=================<br>
I think the solution is to - GOING FORWARD - disallow creation of new<br>
AS-SET objects which follow the 'short' naming style.<o:p></o:p></p>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I support this solution <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Mon, 14 Nov 2022 at 18:41, Job Snijders via db-wg <<a href="mailto:db-wg@ripe.net">db-wg@ripe.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal">Dear DB-WG,<br>
<br>
Speaking in individual capacity.<br>
<br>
In RFC 2622 section 5 specifies the naming convention for AS-SET<br>
objects. <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc2622%23section-5.1&data=05%7C01%7Cstavros.konstantaras%40ams-ix.net%7C0ae0271e70bf4ade6ae408dac7cb331e%7C09d28fc155624961a4848ce4932094ae%7C0%7C0%7C638041972795837229%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BJKdbzxhekJUUBiprtS6%2B00dLK%2BsuSxv%2FxaCnWUFFpc%3D&reserved=0" target="_blank">
https://www.rfc-editor.org/rfc/rfc2622#section-5.1</a><br>
There basically are two styles:<br>
<br>
* "short" (example: AS-SNIJDERS)<br>
* "hierarchical" (example: AS15562:AS-SNIJDERS)<br>
<br>
Problem statement<br>
=================<br>
In recent weeks a number of hypergiant cloud providers have faced the<br>
thorny effects of adversarial AS-SET object naming collisions between<br>
IRR databases.<br>
<br>
An example of this phenomenon is the existence of AS-AMAZON in both RADB<br>
and RIPE. According to <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.peeringdb.com%2Fnet%2F1418&data=05%7C01%7Cstavros.konstantaras%40ams-ix.net%7C0ae0271e70bf4ade6ae408dac7cb331e%7C09d28fc155624961a4848ce4932094ae%7C0%7C0%7C638041972795837229%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TslaSp8LfMPD%2Ba1z2Aauez8LLnpqc6tEQGPl1r%2B%2FrMM%3D&reserved=0" target="_blank">
https://www.peeringdb.com/net/1418</a> the RADB copy<br>
of the object is the the correct one and populated with a number of<br>
members entries. The RIPE one is empty, and not under control of Amazon.<br>
<br>
The existence of the AS-AMAZON object in the RIPE database might cause<br>
some operators to inadvertently apply empty prefix-filters to EBGP<br>
sessions which in turn causes various problems.<br>
<br>
It seems Amazon has no recourse to get the AS-AMAZON object removed from<br>
the RIPE database; because the existence of that object in the RIPE<br>
database does not violate any policies (as far as I know). But perhaps,<br>
going forward, this community can do a little bit more to help prevent<br>
similar situations from happening to others.<br>
<br>
Solution proposal<br>
=================<br>
I think the solution is to - GOING FORWARD - disallow creation of new<br>
AS-SET objects which follow the 'short' naming style.<br>
<br>
The advantage of hierarchical naming is that the existing authorization<br>
rules as applied by the RIPE Whois Server database engine do a decent<br>
job of protecting/separating namespaces. 'Grandfathering' existing<br>
short-named objects ensures that implementation of this solution<br>
proposal causes minimal (if any) disruption to existing workflows.<br>
<br>
The RIPE database engine blocking creation of short-named AS-SETs might<br>
help nudge the industry towards making hierarchical naming the norm.<br>
<br>
Related work<br>
============<br>
Related work throughout the registry industry: IRRd version 4 forces new<br>
AS-SET objects to be structured hierarchically:<br>
<a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Firrdnet%2Firrd%2Fissues%2F408&data=05%7C01%7Cstavros.konstantaras%40ams-ix.net%7C0ae0271e70bf4ade6ae408dac7cb331e%7C09d28fc155624961a4848ce4932094ae%7C0%7C0%7C638041972795837229%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qoot5BPK95InIXGeQH9Hhp0ZcPM4I8dD95cpEE%2F9%2Bac%3D&reserved=0" target="_blank">https://github.com/irrdnet/irrd/issues/408</a><br>
<br>
Kind regards,<br>
<br>
Job<br>
<br>
-- <br>
<br>
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit:
<a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ripe.net%2Fmailman%2Flistinfo%2Fdb-wg&data=05%7C01%7Cstavros.konstantaras%40ams-ix.net%7C0ae0271e70bf4ade6ae408dac7cb331e%7C09d28fc155624961a4848ce4932094ae%7C0%7C0%7C638041972795837229%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OCpNwUO8IhZ%2BGoO%2FO%2FIVQ5Z0Nk5imw%2Bh8NG9rW4jljU%3D&reserved=0" target="_blank">
https://mailman.ripe.net/</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</body>
</html>