From: Peter Hessler Subject: minor clarity for ASPA role in bgpd.conf To: tech@openbsd.org Date: Thu, 4 Dec 2025 21:46:13 +0100 I started playing with RPKI ASPA on a test ASN, and was confused about what role I needed to mark my upstreams as. Originally, I marked them as "role provider", thinking I needed to describe their relationship to me. However, that resulted in the entire internet becoming invalid. The setting expects the other way around, my relationship to them. I'm open to wordsmithing, but I do think that this needs to be clarified. OK? Index: usr.sbin/bgpd/bgpd.conf.5 =================================================================== RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.conf.5,v diff -u -p -u -p -r1.251 bgpd.conf.5 --- usr.sbin/bgpd/bgpd.conf.5 7 Jul 2025 20:56:48 -0000 1.251 +++ usr.sbin/bgpd/bgpd.conf.5 4 Dec 2025 20:40:09 -0000 @@ -1545,7 +1545,7 @@ Bind the neighbor to the specified RIB. Set the local role for this eBGP session. Setting a role is required for ASPA verification, the open policy role capability and Only-To-Customer (OTC) attribute of RFC 9234. -The role can be one of +The role is your relationship to this neighbor and can be one of .Ar none , .Ar provider , .Ar customer , -- Murphy's Law is recursive. Washing your car to make it rain doesn't work.