Re: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs
"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Tue, 21 February 2017 15:13 UTC
Return-Path: <oliver.borchert@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA9221294DC for <sidr@ietfa.amsl.com>; Tue, 21 Feb 2017 07:13:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VkLXZ99B28gb for <sidr@ietfa.amsl.com>; Tue, 21 Feb 2017 07:13:23 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0095.outbound.protection.outlook.com [23.103.201.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41198129C09 for <sidr@ietf.org>; Tue, 21 Feb 2017 07:13:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=j8H/a+hiyame3fPzSAfTfBRYpVtXX8tCihdn3/jfv+k=; b=fHhboQpvvP6VrSTdjAhG/YJ801iSWZ66WpXyjqxZAOBNgOie5nI4lYXY9NImhtAA6F7nhWgWZ7yedSb/8/B8kEDMQ6qZb90kKqkC4liO2um0u50TC1KeRGtWZQIBVW9QOxO/RaB9YR+2Ejm8z/jm3VQJx6Vd/XHaXMOArsDmdSI=
Received: from BL2PR09MB0996.namprd09.prod.outlook.com (10.167.102.15) by BL2PR09MB0994.namprd09.prod.outlook.com (10.167.102.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.919.13; Tue, 21 Feb 2017 15:13:21 +0000
Received: from BL2PR09MB0996.namprd09.prod.outlook.com ([10.167.102.15]) by BL2PR09MB0996.namprd09.prod.outlook.com ([10.167.102.15]) with mapi id 15.01.0919.018; Tue, 21 Feb 2017 15:13:20 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: sidr list <sidr@ietf.org>
Thread-Topic: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs
Thread-Index: AQHSeBA2zrHhXkAXSUqZuVZbpiHo6qFzZh6A
Date: Tue, 21 Feb 2017 15:13:20 +0000
Message-ID: <845A415C-D469-4899-B7B0-0DAF728D667F@nist.gov>
References: <06FD4D79-FBDD-44E0-9CF2-4B7A039A06A9@nist.gov>
In-Reply-To: <06FD4D79-FBDD-44E0-9CF2-4B7A039A06A9@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1f.0.170216
authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.140.59]
x-microsoft-exchange-diagnostics: 1; BL2PR09MB0994; 7:WODT1lwKkhVkfbwxThzGnl7pQUMDc0uOxyz07WVy4nlL7J7vW0lbQMxGB+gGdIVaLfBVWDRgh7LFZqElalzS4rXX1MXpr3whlyFcZqOao5FeH48GoYt+p394HTr0py40CFiD51eQcVzvnIjnSFNwGzBDeLYvPL0M6oy+mA+hJmKpLbJGGdxvGnfTQMcrqGZ4Ng77CVjLxemdLoYGf0grAiMiIeN0t2LB3U4CKWi/b/8hOZqbfKgF1EqZxPXP1a01tZM/92lWm4Y3pMUF5UCvJx3m27iW5LRQY9h3s0W0v3w8FYvTqFFI10mNih9gR0yhtwsHPOCAwK43p+tFgTSm/w==
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39450400003)(39860400002)(39850400002)(39410400002)(39840400002)(40224003)(199003)(189002)(30584003)(6116002)(53936002)(68736007)(8936002)(229853002)(189998001)(6486002)(86362001)(106356001)(105586002)(4001350100001)(106116001)(97736004)(230783001)(38730400002)(99286003)(110136004)(575784001)(2900100001)(83716003)(5890100001)(101416001)(33656002)(2950100002)(122556002)(6506006)(8676002)(102836003)(6436002)(6246003)(53946003)(77096006)(3660700001)(81156014)(6512007)(54356999)(83506001)(82746002)(5660300001)(450100001)(7736002)(6916009)(66066001)(50986999)(3280700002)(92566002)(76176999)(2906002)(25786008)(3846002)(305945005)(36756003)(99936001)(81166006)(104396002)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR09MB0994; H:BL2PR09MB0996.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 00de06b7-be77-4db1-8860-08d45a6c2be7
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:BL2PR09MB0994;
x-microsoft-antispam-prvs: <BL2PR09MB0994506A70B5740C58FCD38098510@BL2PR09MB0994.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123558025)(20161123564025)(20161123562025)(20161123555025)(6072148); SRVR:BL2PR09MB0994; BCL:0; PCL:0; RULEID:; SRVR:BL2PR09MB0994;
x-forefront-prvs: 0225B0D5BC
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_003_845A415CD4694899B7B00DAF728D667Fnistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2017 15:13:20.4793 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR09MB0994
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/Q9hvhxRxr504xZjSdQLuwLdVeD0>
Subject: Re: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2017 15:13:27 -0000
Attached is the latest version of the examples. Here we added an IPv6 BGP update to the existing example. Again, for better reading I attached the example as text/pdf in case the formatting within the email gets Messed up. Oliver ----example----example----example---- Topology: AS(64496)----AS(65536)----AS(65537) Prefix Announcements: AS(64496), 192.0.2.0/24, 2001:db8::/32 For this example, the ECDSA algorithm was provided with a static k to make the result deterministic. The k used for all signature operations was taken from RFC 6979, chapter A.2.5 ?Signatures With SHA-256, message 'sample'?. k = A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60 Keys of AS64496: ================ ski: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 private key: x = D8AA4DFBE2478F86E88A7451BF075565709C575AC1C136D081C540254CA440B9 public key: Ux = 7391BABB92A0CB3BE10E59B19EBFFB214E04A91E0CBA1B139A7D38D90F77E55A Uy = A05B8E695678E0FA16904B55D9D4F5C0DFC58895EE50BC4F75D205A25BD36FF5 Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013 -------------------------------------------------------------------- Certificate: Data: Version: 3 (0x2) Serial Number: 38655612 (0x24dd67c) Signature Algorithm: ecdsa-with-SHA256 Issuer: CN=ROUTER-0000FBF0 Validity Not Before: Jan 1 05:00:00 2017 GMT Not After : Jul 1 05:00:00 2018 GMT Subject: CN=ROUTER-0000FBF0 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:73:91:ba:bb:92:a0:cb:3b:e1:0e:59:b1:9e:bf: fb:21:4e:04:a9:1e:0c:ba:1b:13:9a:7d:38:d9:0f: 77:e5:5a:a0:5b:8e:69:56:78:e0:fa:16:90:4b:55: d9:d4:f5:c0:df:c5:88:95:ee:50:bc:4f:75:d2:05: a2:5b:d3:6f:f5 ASN1 OID: prime256v1 X509v3 extensions: X509v3 Key Usage: Digital Signature X509v3 Subject Key Identifier: AB:4D:91:0F:55:CA:E7:1A:21:5E:F3:CA:FE:3A:CC:45:B5:EE:C1:54 X509v3 Extended Key Usage: 1.3.6.1.5.5.7.3.30 sbgp-autonomousSysNum: critical Autonomous System Numbers: 64496 Routing Domain Identifiers: inherit Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:07:b7:b4:6a:5f:a4:f1:cc:68:36:39:03:a4:83: ec:7c:80:02:d2:f6:08:9d:46:b2:ec:2a:7b:e6:92:b3:6f:b1: 02:20:00:91:05:4a:a1:f5:b0:18:9d:27:24:e8:b4:22:fd:d1: 1c:f0:3d:b1:38:24:5d:64:29:35:28:8d:ee:0c:38:29 -----BEGIN CERTIFICATE----- MIIBiDCCAS+gAwIBAgIEAk3WfDAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9ST1VU RVItMDAwMEZCRjAwHhcNMTcwMTAxMDUwMDAwWhcNMTgwNzAxMDUwMDAwWjAaMRgw FgYDVQQDDA9ST1VURVItMDAwMEZCRjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC AARzkbq7kqDLO+EOWbGev/shTgSpHgy6GxOafTjZD3flWqBbjmlWeOD6FpBLVdnU 9cDfxYiV7lC8T3XSBaJb02/1o2MwYTALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFKtN kQ9VyucaIV7zyv46zEW17sFUMBMGA1UdJQQMMAoGCCsGAQUFBwMeMB4GCCsGAQUF BwEIAQH/BA8wDaAHMAUCAwD78KECBQAwCgYIKoZIzj0EAwIDRwAwRAIgB7e0al+k 8cxoNjkDpIPsfIAC0vYInUay7Cp75pKzb7ECIACRBUqh9bAYnSck6LQi/dEc8D2x OCRdZCk1KI3uDDgp -----END CERTIFICATE----- Keys of AS(65636): ================== ski: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC private key: x = 6CB2E931B112F24554BCDCAAFD9553A9519A9AF33C023B60846A21FC95583172 public key: Ux = 28FC5FE9AFCF5F4CAB3F5F85CB212FC1E9D0E0DBEAEE425BD2F0D3175AA0E989 Uy = EA9B603E38F35FB329DF495641F2BA040F1C3AC6138307F257CBA6B8B588F41F Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013 -------------------------------------------------------------------- Certificate: Data: Version: 3 (0x2) Serial Number: 3168189942 (0xbcd6bdf6) Signature Algorithm: ecdsa-with-SHA256 Issuer: CN=ROUTER-0000FFFF Validity Not Before: Jan 1 05:00:00 2017 GMT Not After : Jul 1 05:00:00 2018 GMT Subject: CN=ROUTER-0000FFFF Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:28:fc:5f:e9:af:cf:5f:4c:ab:3f:5f:85:cb:21: 2f:c1:e9:d0:e0:db:ea:ee:42:5b:d2:f0:d3:17:5a: a0:e9:89:ea:9b:60:3e:38:f3:5f:b3:29:df:49:56: 41:f2:ba:04:0f:1c:3a:c6:13:83:07:f2:57:cb:a6: b8:b5:88:f4:1f ASN1 OID: prime256v1 X509v3 extensions: X509v3 Key Usage: Digital Signature X509v3 Subject Key Identifier: 47:F2:3B:F1:AB:2F:8A:9D:26:86:4E:BB:D8:DF:27:11:C7:44:06:EC X509v3 Extended Key Usage: 1.3.6.1.5.5.7.3.30 sbgp-autonomousSysNum: critical Autonomous System Numbers: 65535 Routing Domain Identifiers: inherit Signature Algorithm: ecdsa-with-SHA256 30:45:02:21:00:df:04:c5:17:04:d0:f2:b9:fa:f3:d9:6e:3f: 6f:a1:58:d8:fe:6c:18:e4:37:ca:19:7c:c8:75:40:57:6e:7e: 9d:02:20:12:45:e8:a8:58:6b:00:7b:e6:a9:0e:f2:b6:62:50: 4b:1c:01:6f:3b:41:11:69:88:30:73:9f:d7:02:9e:64:4f -----BEGIN CERTIFICATE----- MIIBijCCATCgAwIBAgIFALzWvfYwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPUk9V VEVSLTAwMDBGRkZGMB4XDTE3MDEwMTA1MDAwMFoXDTE4MDcwMTA1MDAwMFowGjEY MBYGA1UEAwwPUk9VVEVSLTAwMDBGRkZGMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD QgAEKPxf6a/PX0yrP1+FyyEvwenQ4Nvq7kJb0vDTF1qg6Ynqm2A+OPNfsynfSVZB 8roEDxw6xhODB/JXy6a4tYj0H6NjMGEwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRH 8jvxqy+KnSaGTrvY3ycRx0QG7DATBgNVHSUEDDAKBggrBgEFBQcDHjAeBggrBgEF BQcBCAEB/wQPMA2gBzAFAgMA//+hAgUAMAoGCCqGSM49BAMCA0gAMEUCIQDfBMUX BNDyufrz2W4/b6FY2P5sGOQ3yhl8yHVAV25+nQIgEkXoqFhrAHvmqQ7ytmJQSxwB bztBEWmIMHOf1wKeZE8= -----END CERTIFICATE----- BGPSec IPv4 Update from AS(65536) to AS(65537): =============================================== Binary Form of BGPSec Update (TCP-DUMP): FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 00 02 00 00 00 E9 40 01 01 02 80 04 04 00 00 00 00 80 0E 0D 00 01 01 04 C6 33 64 64 00 18 C0 00 02 90 21 00 CA 00 0E 01 00 00 01 00 00 01 00 00 00 FB F0 00 BC 01 47 F2 3B F1 AB 2F 8A 9D 26 86 4E BB D8 DF 27 11 C7 44 06 EC 00 46 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB DB C8 A4 97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE 8D E6 D3 59 5F 41 AB 4D 91 0F 55 CA E7 1A 21 5E F3 CA FE 3A CC 45 B5 EE C1 54 00 47 30 45 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 21 00 C6 17 19 34 07 43 06 3B 8A 5C CD 54 16 39 0B 31 21 1D 3C 52 48 07 95 87 D0 13 13 7B 41 CD 23 E2 Signature From AS(64496) to AS(65536): --------------------------------------- Digest: 21 33 E5 CA A0 26 BE 07 3D 9C 1B 4E FE B9 B9 77 9F 20 F8 F5 DE 29 FA 98 40 00 9F 60 Signature: 30 45 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 21 00 C6 17 19 34 07 43 06 3B 8A 5C CD 54 16 39 0B 31 21 1D 3C 52 48 07 95 87 D0 13 13 7B 41 CD 23 E2 Signature From AS(65536) to AS(65537): -------------------------------------- Digest: 46 4B 57 CE B1 2D 18 B0 FD 1A 1A 35 94 17 3A 4A 09 88 E5 F4 ED ED 2F 3D 83 08 5A A8 Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB DB C8 A4 97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE 8D E6 D3 59 5F 41 The human readable output is produced using bgpsec-io, a bgpsec traffic generator that uses a wireshark like printout. Send Update Message +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +--length: 256 +--type: 2 (UPDATE) +--withdrawn_routes_length: 0 +--total_path_attr_length: 233 +--ORIGIN: INCOMPLETE (4 bytes) | +--Flags: 0x40 (Well-Known, Transitive, Complete) | +--Type Code: ORIGIN (1) | +--Length: 1 byte | +--Origin: INCOMPLETE (1) +--MULTI_EXIT_DISC (7 bytes) | +--Flags: 0x80 (Optional, Complete) | +--Type Code: MULTI_EXIT_DISC (4) | +--Length: 4 bytes | +--data: 00 00 00 00 +--MP_REACH_NLRI (16 bytes) | +--Flags: 0x80 (Optional, Complete) | +--Type Code: MP_REACH_NLRI (14) | +--Length: 13 bytes | +--Address family: IPv4 (1) | +--Subsequent address family identifier: Unicast (1) | +--Next hop network address: (4 bytes) | | +--Next hop: 198.51.100.100 | +--Subnetwork points of attachment: 0 | +--Network layer reachability information: (4 bytes) | +--192.0.2.0/24 | +--MP Reach NLRI prefix length: 24 | +--MP Reach NLRI IPv4 prefix: 192.0.2.0 +--BGPSEC Path Attribute (206 bytes) +--Flags: 0x90 (Optional, Complete, Extended Length) +--Type Code: BGPSEC Path Attribute (33) +--Length: 202 bytes +--Secure Path (14 bytes) | +--Length: 14 bytes | +--Secure Path Segment: (6 bytes) | | +--pCount: 1 | | +--Flags: 0 | | +--AS number: 65536 (1.0) | +--Secure Path Segment: (6 bytes) | +--pCount: 1 | +--Flags: 0 | +--AS number: 64496 (0.64496) +--Signature Block (188 bytes) +--Length: 188 bytes +--Algo ID: 1 +--Signature Segment: (92 bytes) | +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC | +--Length: 70 bytes | +--Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 | 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 | D4 E6 F2 7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB | DB C8 A4 97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE | 8D E6 D3 59 5F 41 +--Signature Segment: (93 bytes) +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 +--Length: 71 bytes +--Signature: 30 45 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 21 00 C6 17 19 34 07 43 06 3B 8A 5C CD 54 16 39 0B 31 21 1D 3C 52 48 07 95 87 D0 13 13 7B 41 CD 23 E2 BGPSec IPv6 Update from AS(65536) to AS(65537): =============================================== Binary Form of BGPSec Update (TCP-DUMP): FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 01 0C 02 00 00 00 F5 40 01 01 02 80 04 04 00 00 00 00 80 0E 1A 00 02 01 10 20 01 00 10 00 00 00 00 00 00 00 00 C6 33 64 64 00 20 20 01 0D B8 90 21 00 C9 00 0E 01 00 00 01 00 00 01 00 00 00 FB F0 00 BB 01 47 F2 3B F1 AB 2F 8A 9D 26 86 4E BB D8 DF 27 11 C7 44 06 EC 00 46 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 20 0A 9A E7 5F 56 CE 42 9C D2 D2 20 38 6B 8D 24 73 E9 5C 8A 50 E5 58 DB 92 B7 88 3D 09 E8 42 4E E7 AB 4D 91 0F 55 CA E7 1A 21 5E F3 CA FE 3A CC 45 B5 EE C1 54 00 46 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 20 6E 26 52 40 CF CA 0E F6 5C 8E A1 AF 6B 65 2A 19 13 D2 FC BD B5 8E E9 53 60 9F 85 F0 D2 69 99 DF Signature From AS(64496) to AS(65536): --------------------------------------- Digest: 8A 0C D3 E9 8E 55 10 45 82 1D 80 46 01 D6 55 FC 52 11 89 DF 4D B0 28 7D 84 AC FC 77 Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 20 6E 26 52 40 CF CA 0E F6 5C 8E A1 AF 6B 65 2A 19 13 D2 FC BD B5 8E E9 53 60 9F 85 F0 D2 69 99 DF Signature From AS(65536) to AS(65537): -------------------------------------- Digest: BA BF F7 95 BF 3C BE 81 79 1F A9 90 06 FC 30 1B 0D BC D5 49 39 5A 0A 71 C2 D5 B2 FA Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 20 0A 9A E7 5F 56 CE 42 9C D2 D2 20 38 6B 8D 24 73 E9 5C 8A 50 E5 58 DB 92 B7 88 3D 09 E8 42 4E E7 The human readable output is produced using bgpsec-io, a bgpsec traffic generator that uses a wireshark like printout. Send Update Message +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +--length: 268 +--type: 2 (UPDATE) +--withdrawn_routes_length: 0 +--total_path_attr_length: 245 +--ORIGIN: INCOMPLETE (4 bytes) | +--Flags: 0x40 (Well-Known, Transitive, Complete) | +--Type Code: ORIGIN (1) | +--Length: 1 byte | +--Origin: INCOMPLETE (1) +--MULTI_EXIT_DISC (7 bytes) | +--Flags: 0x80 (Optional, Complete) | +--Type Code: MULTI_EXIT_DISC (4) | +--Length: 4 bytes | +--data: 00 00 00 00 +--MP_REACH_NLRI (29 bytes) | +--Flags: 0x80 (Optional, Complete) | +--Type Code: MP_REACH_NLRI (14) | +--Length: 26 bytes | +--Address family: IPv6 (2) | +--Subsequent address family identifier: Unicast (1) | +--Next hop network address: (16 bytes) | | +--Next hop: 2001:0010:0000:0000:0000:0000:c633:6464 | +--Subnetwork points of attachment: 0 | +--Network layer reachability information: (5 bytes) | +--2001:db8::/32 | +--MP Reach NLRI prefix length: 32 | +--MP Reach NLRI IPv6 prefix: 2001:db8:: +--BGPSEC Path Attribute (205 bytes) +--Flags: 0x90 (Optional, Complete, Extended Length) +--Type Code: BGPSEC Path Attribute (33) +--Length: 201 bytes +--Secure Path (14 bytes) | +--Length: 14 bytes | +--Secure Path Segment: (6 bytes) | | +--pCount: 1 | | +--Flags: 0 | | +--AS number: 65536 (1.0) | +--Secure Path Segment: (6 bytes) | +--pCount: 1 | +--Flags: 0 | +--AS number: 64496 (0.64496) +--Signature Block (187 bytes) +--Length: 187 bytes +--Algo ID: 1 +--Signature Segment: (92 bytes) | +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC | +--Length: 70 bytes | +--Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 | 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 | D4 E6 F2 7C 02 20 0A 9A E7 5F 56 CE 42 9C D2 D2 | 20 38 6B 8D 24 73 E9 5C 8A 50 E5 58 DB 92 B7 88 | 3D 09 E8 42 4E E7 +--Signature Segment: (92 bytes) +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 +--Length: 70 bytes +--Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 20 6E 26 52 40 CF CA 0E F6 5C 8E A1 AF 6B 65 2A 19 13 D2 FC BD B5 8E E9 53 60 9F 85 F0 D2 69 99 DF ----example----example----example---- ------------------------------------------------------------- Oliver Borchert, Computer Scientist National Institute of Standards and Technology (Phone) 301.975.4856 , (Fax) 301.975.6238
- [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-p… Borchert, Oliver (Fed)
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Randy Bush
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Borchert, Oliver (Fed)
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Borchert, Oliver (Fed)
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Randy Bush
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Sean Turner
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Borchert, Oliver (Fed)
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Borchert, Oliver (Fed)
- Re: [sidr] IPv4 examples for draft-ietf-sidr-bgps… Sean Turner