IETF Logo Mail Archive

Re: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03

"George, Wes" <wesley.george@twcable.com> Thu, 19 March 2015 12:58 UTC

Return-Path: <wesley.george@twcable.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4A231A89AE for <sidr@ietfa.amsl.com>; Thu, 19 Mar 2015 05:58:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.225
X-Spam-Level:
X-Spam-Status: No, score=0.225 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PLAq54ynEGKW for <sidr@ietfa.amsl.com>; Thu, 19 Mar 2015 05:58:47 -0700 (PDT)
Received: from cdcipgw02.twcable.com (cdcipgw02.twcable.com [165.237.91.111]) by ietfa.amsl.com (Postfix) with ESMTP id 5C2261A00B1 for <sidr@ietf.org>; Thu, 19 Mar 2015 05:58:46 -0700 (PDT)
X-SENDER-IP: 10.136.163.12
X-SENDER-REPUTATION: None
X-IronPort-AV: E=Sophos;i="5.11,429,1422939600"; d="scan'208";a="229069440"
Received: from unknown (HELO PRVPEXHUB03.corp.twcable.com) ([10.136.163.12]) by cdcipgw02.twcable.com with ESMTP/TLS/RC4-MD5; 19 Mar 2015 08:46:55 -0400
Received: from PRVPEXVS10.corp.twcable.com ([10.136.163.41]) by PRVPEXHUB03.corp.twcable.com ([10.136.163.12]) with mapi; Thu, 19 Mar 2015 08:58:45 -0400
From: "George, Wes" <wesley.george@twcable.com>
To: David Mandelberg <david@mandelberg.org>, "sidr@ietf.org" <sidr@ietf.org>
Date: Thu, 19 Mar 2015 08:58:43 -0400
Thread-Topic: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03
Thread-Index: AdBiRG6sn2w8o6AHRJOaYGSk9gRqiA==
Message-ID: <D1303D2E.4A290%wesley.george@twcable.com>
References: <A5144FF9-FD2A-4284-A8FE-E0CB89F1E00F@tislabs.com> <9D70CAEF-22F9-44FC-A429-9CBEBA9EAE6C@tislabs.com> <D12DE2D7.49276%wesley.george@twcable.com> <d41965db5354db75ff2fe74ca2c2103b@mail.mandelberg.org>
In-Reply-To: <d41965db5354db75ff2fe74ca2c2103b@mail.mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/LvHnTwqX8F5Dpbo9JhL55PQyTII>
Subject: Re: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 12:58:49 -0000

On 3/18/15, 11:10 PM, "David Mandelberg" <david@mandelberg.org> wrote:

>Are you suggesting comparison of all the data from each single cache as
>an atomic entity, or comparison of individual IPvX and Router Key PDUs?
>
>If the former, then I think that would work fine as long as a majority
>(or maybe even a plurality) of the caches has the exact same data. But
>what does the router do if this is not the case? If the caches all
>download from the RPKI at different times, then I would expect it to be
>common for no two caches to have the same data.
>
>If the latter, then the semantics depend heavily on exactly how the
>comparison is done. Lets say a CA simultaneously issues one ROA for {AS
>65536, 10.0.0.0/8} and another for {AS 65537, 10.0.0.0/8}. Some of the
>caches see the publication point before both ROAs are issued; some see
>the pub point after both ROAs are issued and published. Can you
>guarantee that the voting mechanism will always result in either both
>ROA payloads, or neither, being used? (If a router ends up using one but
>not the other, then a previously unknown route becomes invalid.)

WG] well, that is mainly why I brought up the concern. Voting comparisons
like this can be hard to do with this amount of data, so if it was our
intent to allow multiple full views, we need better guidance on how we
think it's most likely to actually work. I'm not sure we'd see enough
consistency between caches to benefit from atomic comparisons, so it may
be a matter of taking age and other things into account. Building or
adapting a voting algorithm seems like a lot of effort for what may well
be a corner case, but if we're going to allow retention of multiple
caches' data, we have to address the issue of how to handle disagreement
between caches. Unless perhaps this part of section 10 is just
poorly-worded and the intent was only ever to allow retention of other
cache's data to keep a quasi-complete view during a failover/resync, i.e.
As one entry is pulled from the new cache, its corresponding entries
[SHOULD/MUST] be purged from the other one(s), etc.


This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.

v2.23.0 | Report a Bug | By Email