Information for ASPA creation
Hello all! I am currently working on a better ASPA UI in Krill. The goal is to provide a bit more confidence when creating an ASPA record that what was entered is correct, and, more importantly, does not accidentally break things once networks start validating and rejecting routes based on ASPA records. The last iteration of that UI can be found here: https://github.com/NLnetLabs/krill-ui/pull/58 I believe ARIN supports creating ASPA records, but from what I could gather from screenshot I don't think they provide any "hints". I know the RIPE NCC does not (currently) do this because there are a lot of asterisks; this topic was also discussed during the last RIPE Routing WG in Romania (https://ripe91.ripe.net/programme/meeting-plan/sessions/30/transcript/). But just because ARIN and the RIPE NCC don't do it, doesn't mean I cannot give it a shot anyway :-) Currently I do two things: 1. Show the likely AS name when you enter an AS number, to prevent simple typos (8283 instead of 8382, etc.); 2. Show which AS numbers appear "to the left" in RIPE RIS (without making a claim that they are missing per se, just that they were observed) along with their names. Don't press the button and nothing happens. The button also only appears when you have typed something in the providers field to prevent just copy pasting whatever it shows as "to the left" in RIS (and consequentially forgetting your DDoS providers, or upstreams that RIS didn't see, etc.) But as I am not an operator (apart from AS211321), I want your input as well. What is the kind of information you would want (or not want) to see before clicking the "Create ASPA" button? Cordially, Koen van Hove PS: This does not affect the CLI and API for Krill at all, it's only the web interface.
I don't think they provide any "hints"
I'd strongly discourage providing any upstream provider "hints" in the ASPA UI. "Intent" and "observable state" of BGP relationships must not be confused. The "hint" feature merely opens the door for operators to accidentally allow the route leaks ASPA is meant to prevent. People should understand their business relationships well enough to not need a hint from the UI.
Show the likely AS name when you enter an AS number, to prevent simple typos (8283 instead of 8382, etc.)
This, on the other hand, would be helpful in all ASPA UI's (not just yours); otherwise, we'll definitely have the typos you refer to that break routing. Thanks, -- Bryton Herdes Principal Network Engineer AS13335 - Cloudflare On Tue, Mar 3, 2026 at 10:31 AM Koen van Hove via NANOG < nanog@lists.nanog.org> wrote:
Hello all!
I am currently working on a better ASPA UI in Krill. The goal is to provide a bit more confidence when creating an ASPA record that what was entered is correct, and, more importantly, does not accidentally break things once networks start validating and rejecting routes based on ASPA records. The last iteration of that UI can be found here: https://github.com/NLnetLabs/krill-ui/pull/58
I believe ARIN supports creating ASPA records, but from what I could gather from screenshot I don't think they provide any "hints". I know the RIPE NCC does not (currently) do this because there are a lot of asterisks; this topic was also discussed during the last RIPE Routing WG in Romania (https://ripe91.ripe.net/programme/meeting-plan/sessions/30/transcript/).
But just because ARIN and the RIPE NCC don't do it, doesn't mean I cannot give it a shot anyway :-)
Currently I do two things:
1. Show the likely AS name when you enter an AS number, to prevent simple typos (8283 instead of 8382, etc.); 2. Show which AS numbers appear "to the left" in RIPE RIS (without making a claim that they are missing per se, just that they were observed) along with their names.
Don't press the button and nothing happens. The button also only appears when you have typed something in the providers field to prevent just copy pasting whatever it shows as "to the left" in RIS (and consequentially forgetting your DDoS providers, or upstreams that RIS didn't see, etc.)
But as I am not an operator (apart from AS211321), I want your input as well. What is the kind of information you would want (or not want) to see before clicking the "Create ASPA" button?
Cordially, Koen van Hove
PS: This does not affect the CLI and API for Krill at all, it's only the web interface.
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GEQLUMRL...
participants (2)
-
Bryton Herdes -
Koen van Hove