Routinator, our RPKI validation software, now sees more than 1000 Autonomous System Provider Authorization (ASPA) objects in the wild.

@drscriptt @alexband The short form is that some downstream AS can't necessarily detect that routes have passed through inappropriate ASes from a valley-free perspective without some hints about what that relationship is. BGP is quite happy to make sure the routes are loop free without caring what your business relationship is.

If your point is "where's the incentive to register your relationship", that's a different problem.

@jhaas @alexband I absolutely agree that the information needs to be published for recipients to be able to make a decision / filter received prefixes.

My point was that simply publishing information doesn’t prevent anything.

@jhaas @alexband I absolutely agree that the information needs to be published for recipients to be able to make a decision / filter received prefixes.

My point was that simply publishing information doesn’t prevent anything.

@drscriptt @jhaas I remember launching #RPKI in 2011. It took years of publishing ROAs, learning from mistakes and fixing bad quality ROAs before the operator community got to the point where they felt comfortable dropping invalid routes.

ASPA will be the same, although perhaps a bit quicker because of the huge installed base of (ASPA capable) validators: https://rov-measurements.nlnetlabs.net/stats/

@alexband @drscriptt I have fears of subtle bugs in the validation algorithm, but expect that like OV ASPA will be deployed in soft mode for a while. The industry showed how to handle the incremental deployment well.

Shorter term, CPU churn from ASPA updates in RPKI-RTR will be... fun.

@jhaas @drscriptt Meanwhile, as more #RPKI invalid #BGP routes are dropped, we are working on making the invisible visible again with Rotonda. https://ripe91.ripe.net/programme/meeting-plan/sessions/15/CLRNRY/

@drscriptt @jhaas I remember launching #RPKI in 2011. It took years of publishing ROAs, learning from mistakes and fixing bad quality ROAs before the operator community got to the point where they felt comfortable dropping invalid routes.

ASPA will be the same, although perhaps a bit quicker because of the huge installed base of (ASPA capable) validators: https://rov-measurements.nlnetlabs.net/stats/

@jhaas @alexband I absolutely agree that the information needs to be published for recipients to be able to make a decision / filter received prefixes.

My point was that simply publishing information doesn’t prevent anything.

@drscriptt @jhaas @alexband what would stopping a leak look like to you?

We’ve already seen a number of route leaks stopped or majorly suppressed by ROA validation, and ROA validation is far less capable in this regard than ASPA.

@drscriptt @jhaas @alexband what would stopping a leak look like to you?

We’ve already seen a number of route leaks stopped or majorly suppressed by ROA validation, and ROA validation is far less capable in this regard than ASPA.