IETF Logo Mail Archive

Re: [sidr] BGPsec draft and extended messages

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 15 March 2017 02:58 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FBD3131874; Tue, 14 Mar 2017 19:58:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vrtlrPsIre60; Tue, 14 Mar 2017 19:58:34 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0127.outbound.protection.outlook.com [23.103.200.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D22C4131873; Tue, 14 Mar 2017 19:58:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SbJlltqYYq1ICWwk5nWX0++2iEeqAtJmOEZSBm1el5k=; b=lwQl6hZL53zLrnoAVThw9F4TMUSRrPkjKz9B/BLahORDL0VC5gwY9nd1NWRapVMf1jOxTPLiRvqw9JcNqpG9DFrFRLrCrsgVuJyQwWn1VfPAxBTILOFXNKPvUg3N19ZJXUCGc85ficMGLrfgZw/EAbBsrwWmHJilM5gS9so/swk=
Received: from DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) by DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.17; Wed, 15 Mar 2017 02:58:31 +0000
Received: from DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) by DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) with mapi id 15.01.0961.021; Wed, 15 Mar 2017 02:58:31 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Randy Bush <randy@psg.com>, Steve KENT <steve.kent@raytheon.com>
CC: sidr wg list <sidr@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>, Alvaro Retana <aretana@cisco.com>, "keyur@arrcus.com" <keyur@arrcus.com>
Thread-Topic: [sidr] BGPsec draft and extended messages
Thread-Index: AdKcN8SBuyxP2TUmTMSCIN0IJlVFkAAEOhsAACVRtkMAChNseAABALyAAAqiPU8=
Date: Wed, 15 Mar 2017 02:58:31 +0000
Message-ID: <DM2PR09MB04468AF74061924F8576067784270@DM2PR09MB0446.namprd09.prod.outlook.com>
References: <CY1PR09MB0444303CC4FC61239C90E6FE84250@CY1PR09MB0444.namprd09.prod.outlook.com>, <m2innbv94e.wl-randy@psg.com>
In-Reply-To: <m2innbv94e.wl-randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.220.93]
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0446; 7:wpBwLRdISn9GvxzOmyO43Dgul/Dn4PEbW7l+2W64azqv5h6OfZh7UI8HACNgTb4THLYMEdlnAV5m+EglJ9ndo+TklePQLGLUk1wFhhWz2UgJ2KHkezD36ra/euokwvwYJSpWhmGEE/e4oP7OFSfLGGL/rsjevTgukMK6lPZQZjNHuKQ07+hmGHCZs5s+R3m44NnYGeQzVgyUMVg5NDwVSoA56qcO4rpRWaf6XuGv5OKo6oPslNtPTmQwR8Tod+JvwBdVKvOLMBfG/q/nCLZMjXgzf+8MrSvZlk+eWdajtitZEjXCC+PTjpvA9B8Htxr5kae/BLMDjXsmX2LuF50Ckg==
x-ms-office365-filtering-correlation-id: 02c1cdce-fd75-4208-5110-08d46b4f2a0c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM2PR09MB0446;
x-microsoft-antispam-prvs: <DM2PR09MB0446FC4953A6EFF4EBE85FC684270@DM2PR09MB0446.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123558025)(20161123564025)(20161123562025)(20161123560025)(6072148); SRVR:DM2PR09MB0446; BCL:0; PCL:0; RULEID:; SRVR:DM2PR09MB0446;
x-forefront-prvs: 02475B2A01
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(39410400002)(39850400002)(39450400003)(39860400002)(39840400002)(54896002)(3846002)(122556002)(76176999)(2420400007)(6606003)(15650500001)(2950100002)(7696004)(2900100001)(236005)(55016002)(5660300001)(6306002)(54906002)(53936002)(77096006)(99286003)(9686003)(8676002)(7736002)(81166006)(25786008)(229853002)(7906003)(86362001)(189998001)(2906002)(38730400002)(10710500007)(6506006)(102836003)(74316002)(6246003)(6116002)(606005)(3280700002)(7110500001)(8936002)(966004)(54356999)(6436002)(3660700001)(33656002)(53336002)(66066001)(4326008)(50986999)(19627405001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0446; H:DM2PR09MB0446.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM2PR09MB04468AF74061924F8576067784270DM2PR09MB0446namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2017 02:58:31.5777 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0446
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/dBSbqCEPe1nOWoNf8a9wVOLrTlE>
Subject: Re: [sidr] BGPsec draft and extended messages
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 02:58:36 -0000

>> I think it makes sense to omit the extended message feature, given the

>> use of ECDSA P-256.


>unfortunately, existing bgp data and simple arithmetic would seem to say otherwise.



We are focusing here on the size of the BGPsec_Path attribute.

As I wrote in the rationale part in my other post (in this thread):



BGPsec update size is subject to “current” maximum BGP update size, noting that “current” maximum size may increase in the future. The maximum size at present is 4096 bytes [RFC4271], and it is expected be extended to a larger size in the future [I-D.ietf-idr-bgp-extended-messages]. Given the use of ECDSA P-256 for the signature algorithm [I-D.ietf-sidr-bgpsec-algs], each AS in an AS path adds approximately 100 bytes of BGPsec data (i.e. Secure_Path Segment and Signature Segment). Hence, the maximum size of 4096 bytes is exceeded only if there are 40 or more distinct ASes in the AS path. (Note: AS prepends are compressed out with the use of pCount as described in Section 3.1.)  Currently, the average and maximum AS path lengths in the Internet are 3.8 and 14, respectively, and have remained in this ball park for many years [Huston].



[Huston] G. Huston, “AS6447 BGP Routing Table Analysis Report,” March 13, 2017.  http://bgp.potaroo.net/as6447/



Extended messages work must/will continue. We are only trying to see if BGPsec draft

can have the extended messages draft as an "Informational" reference rather than "Normative".



Sriram

v2.23.0 | Report a Bug | By Email