 RPKI Autonomous Systems Cones: A Profile To Define Sets of Autonomous
              Systems Numbers To Facilitate BGP Filtering


   This document describes a way to define groups of Autonomous System
   numbers in RPKI [RFC6480].  We call them AS-Cones.  AS-Cones provide
   a mechanism to be used by operators for filtering BGP-4 [RFC4271]

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Format of AS-Cone objects . . . . . . . . . . . . . . . . . .   3
     2.1.  Policy definition object  . . . . . . . . . . . . . . . .   3
       2.1.1.  Naming convention for Policy definition objects . . .   3
       2.1.2.  ASN.1 format of a Policy Definition object  . . . . .   3
       2.1.3.  Naming convention for neighbour relationships . . . .   4
     2.2.  AS-Cone definition object . . . . . . . . . . . . . . . .   4
       2.2.1.  Naming convention for AS-Cone objects . . . . . . . .   4
       2.2.2.  ASN.1 format of an AS-Cone  . . . . . . . . . . . . .   5
   3.  Validating an AS-Cone . . . . . . . . . . . . . . . . . . . .   5
   4.  Recommendations for use of AS-Cones at Internet Exchange
       points  . . . . . . . . . . . . . . . . . . . . . . . . . . .   6
   5.  Publication of AS-Cones as IRR objects  . . . . . . . . . . .   7
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   8.  Contributors  . . . . . . . . . . . . . . . . . . . . . . . .   7
   9.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   7
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   7
     10.2.  Informative References . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   The main goal of the Resource Public Key Infrastructure (RPKI) system
   [RFC6480] is to support improved security for the global routing
   system.  This is achieved through the use of information stored in a
   distributed repository system comprised of signed objects.  A
   commonly used object type is the Route Object Authorisation (ROAs),
   which describe the prefixes originated by ASNs.

   There is however no way for an operator to assert the routes for its
   customer networks, making it difficult to use the information carried
   by RPKI to create meaningful BGP-4 filters without relying on RPSL
   [RFC2622] as-sets.

   This memo introduces a new attestation object, called an AS-Cone.  An
   AS-Cone is a digitally signed object with the goal to enable
   operators to define a set of customers that can be found as "right
   adjacencies", or transit customer networks, facilitating the
   construction of prefix filters for a given ASN, thus making routing
   more secure.

2.  Format of AS-Cone objects

   AS-Cones are composed of two types of distinct objects:

   o  Policy definitions; and

   o  The AS-Cones themselves.

   These objects are stored in ASN.1 format and are digitally signed
   according to the same rules and conventions applied for RPKI ROA
   Objects ([RFC6482]).

2.1.  Policy definition object

   A policy definition contains a list the upstream and peering
   relationships for a given Autonomous System that need an AS-Cone to
   be used for filtering.  For each relationship, an AS-Cone is
   referenced to indicate which BGP networks will be announced to the
   other end of the relationship.

   The default behaviour for a neighbour, if the relationship is not
   explicitly described in the policy, is to only accept the networks
   originated by the ASN.  This means that a stub ASN does not have to
   set up any AS-Cone nor any description or policy.

   Only one AS-Cone can be supplied for a given relationship.  If more
   than one AS-Cone needs to be announced in the relationship, then it
   is mandatory to create a third AS-Cone that includes those two.

2.1.1.  Naming convention for Policy definition objects

   A Policy object is referenced using the Autonomous System number it
   refers to, preceded by the string "AS".

2.1.2.  ASN.1 format of a Policy Definition object

   Neighbours ::= SEQUENCE OF Neighbour

   Neighbour ::= SEQUENCE
       ASN INTEGER (1..4294967296),
       ASCone  VisibleString

   Version ::= INTEGER
   LastModified ::= GeneralizedTime
   Created ::= GeneralizedTime

                ASN.1 format of a Policy definition object

2.1.3.  Naming convention for neighbour relationships

   When referring to a neighbour relationship contained in a Policy
   definition object the following convention should be used:


   Where X is the number of the AS holder and Y is the number of the ASN
   intended to use the AS-Cone object to generate a filter.

2.2.  AS-Cone definition object

   An AS-Cone contains a list of the downstream customers and AS-Cones
   of a given ASN.  The list is used to create filter lists by the
   networks providing transit or a peering relationship with the ASN.

   An AS-Cone can reference another AS-Cone if a customer of the
   operator also has defined an AS-Cone to be announced upstream.

2.2.1.  Naming convention for AS-Cone objects

   AS-Cones MUST have a unique name for the ASN they belong to.  Names
   are composed of ASCII strings up to 255 characters long and cannot
   contain spaces.

   In order for AS-Cones to be unique in the global routing system,
   their string name is preceded by the AS number of the ASN they are
   part of, followed by ":".  For example, AS-Cone "EuropeanCustomers"
   for ASN 65530 is represented as "AS65530:EuropeanCustomers" when
   referenced from a third party.

2.2.2.  ASN.1 format of an AS-Cone

   Entities ::= SEQUENCE OF Entity

   Entity CHOICE
       ASN INTEGER (1..4294967296),
       OtherASCone VisibleString

   Version ::= INTEGER
   LastModified ::= GeneralizedTime
   Created ::= GeneralizedTime

                        ASN.1 format of an AS-Cone

3.  Validating an AS-Cone

   The goal of AS-Cones is to be able to recursively define all the
   originating ASNs that define the customer base of a given ASN,
   including all the transit relationships.  This means that through AS-
   Cones, it is possible to create a graph of all the neighbour
   relationships for the customers of a given ASN.

   In order to validate a full AS-Cone, we have to assume that a network
   operator already runs an RPKI validator software.  The software
   provides access to a validated cache containing all the Policy
   definitions and AS-Cone objects.  Validation occurs following the
   description in: [RFC6488].

   In order to validate a full AS-Cone, an operator should perform the
   following steps:

   1.  For Every downstream ASN, the operator takes its policy
       definition file and collects a list of ASNs for the cone by
       looking at the following data, in exact order:

       1.  A policy for the specific relationship, in the form of
           ASX:ASY, where ASX is the downstream ASN, and ASY is the ASN
           of the operator validating the AS-Cone;

       2.  If there is no specific definition for the relationship, the
           ASX:Default policy;

       If none of the two objects above exists, then the operator should
       only consider the ASN of its downstream to be added to the list.

   2.  These objects can either point to:

       1.  An AS-Cone; or

       2.  An ASN

   3.  If the definition points to an AS-Cone, the operator looks for
       the object referenced, which should be contained in the validated

   4.  If the validated cache does not contain the referenced object,
       then the validation moves on to the next downstream network;

   5.  If the validated cache contains the referenced object, the
       validation process evaluates every entry in the AS-Cone.  For
       each entry:

       1.  If there is a reference to an ASN, then the operator adds the
           ASN to the list for the given AS-Cone;

       2.  If there is a reference to another AS-Cone, the validating
           process should recursively process all the entries in that
           AS-Cone first, with the same principles contained in this

       Since the goal is to build a list of ASNs announcing routes in
       the AS-Cone, then if an ASN or an AS-Cone are referenced more
       than once in the process, their contents should only be added
       once to the list.  This is intended to avoid endless loops, and
       in order to avoid cross-reference of AS-Cones

   6.  When all the AS-Cones referenced in the policies have been
       recursively iterated, and all the originating ASNs have been
       taken into account, the operator can then build a full prefix-
       list with all the prefixes originated in its AS-Cone.  This can
       be done by querying the RPKI validator software for all the
       networks originated by every ASN referenced in the AS-Cone.

4.  Recommendations for use of AS-Cones at Internet Exchange points

   When an operator is a member of an internet exchange point, it is
   recommended for it to create at least a Default policy.

   In case of a peering session with a route server, the operator could
   publish a policy pointing to the ASN of the route server.  A route

   server operator, then, could build strict prefix filtering rules for
   all the participants, and offer it as a service to its members.

5.  Publication of AS-Cones as IRR objects

   AS-Cones are very similar to AS-Set RPSL Objects, so they could also
   be published in IRR Databases as AS-Set objects.  Every ASN contained
   in an AS-Cone, and all the AS-Cones referenced should be considered
   as member: attributes.  The naming convention for AS-Cones (ASX:AS-
   Cone) should be maintained, in order to keep consistency between the
   two databases.

