[sidr] bgpsec and confeds [was: Minutes of 6/6/12 meeting uploaded]
Randy Bush <randy@psg.com> Sat, 16 June 2012 04:50 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30F8521F8470 for <sidr@ietfa.amsl.com>; Fri, 15 Jun 2012 21:50:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.572
X-Spam-Level:
X-Spam-Status: No, score=-2.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzB3ho4SDOl0 for <sidr@ietfa.amsl.com>; Fri, 15 Jun 2012 21:50:34 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id 3572921F8467 for <sidr@ietf.org>; Fri, 15 Jun 2012 21:50:34 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <randy@psg.com>) id 1Sfky1-000Kt3-Kq for sidr@ietf.org; Sat, 16 Jun 2012 04:50:33 +0000
Date: Sat, 16 Jun 2012 13:50:31 +0900
Message-ID: <m2fw9vq2qw.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: sidr wg list <sidr@ietf.org>
In-Reply-To: <4FDBF181.7060809@ops-netman.net>
References: <4FDBF181.7060809@ops-netman.net>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Subject: [sidr] bgpsec and confeds [was: Minutes of 6/6/12 meeting uploaded]
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jun 2012 04:50:35 -0000
bgpsec and confederations allow me to try to state clearly for the list When an update enters the first AS in a confederation, all last internal ASBRs within the entry AS of the confederation, i.e the first signers within the confederation, set a flag in the signature block that says "I am the first signature within the confederation." The update wanders around normally in the confederation and every sending internal confederation ASBR signs it with their internal AS. A confederation's exit router looks backwards in the AS sequence until it finds the first, i.e. most recent, instance of that flag. If it finds no flag, the update is treated as originated within the confederation. It strips the signature block containing the flag and all subsequent signature blocks. All signs of the internals of the confederation have now been removed. It then forward signs to the next AS, using the identity of the public confederation AS. While the update is traversing the confederation, if it should hit a peering where the peer is is not bgpsec capable, it strips all bgpsec gloop and reconstructs a classic AS_path. this is believed to handle the loop disease (e.g. the cisco "neighbor allowas-in" command). what if anything should be done if you find the confed flag when you are not inside a confed is a topic for discussion. does anyone see a flaw in the above? please please review so we can put it to bed. randy
- [sidr] Minutes of 6/6/12 meeting uploaded Chris Morrow
- [sidr] bgpsec and confeds [was: Minutes of 6/6/12… Randy Bush
- [sidr] Confeds and clusters Jakob Heitz
- Re: [sidr] bgpsec and confeds [was: Minutes of 6/… Sriram, Kotikalapudi
- Re: [sidr] bgpsec and confeds [was: Minutes of 6/… Matt Lepinski
- Re: [sidr] Confeds and clusters George, Wes
- Re: [sidr] Minutes of 6/6/12 meeting uploaded Stephen Kent
- Re: [sidr] Minutes of 6/6/12 meeting uploaded Randy Bush
- Re: [sidr] Confeds and clusters Randy Bush
- Re: [sidr] Minutes of 6/6/12 meeting uploaded Stephen Kent
- Re: [sidr] Confeds and clusters John G. Scudder