Re: [sidr] [Idr] No BGPSEC intradomain ?

Christopher Morrow <morrowc.lists@gmail.com> Tue, 10 April 2012 20:56 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 768EC21F860D; Tue, 10 Apr 2012 13:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.524
X-Spam-Level:
X-Spam-Status: No, score=-103.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QgA6Y97dBAc6; Tue, 10 Apr 2012 13:56:54 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9902B21F85AF; Tue, 10 Apr 2012 13:56:54 -0700 (PDT)
Received: by obbtb4 with SMTP id tb4so291481obb.31 for <multiple recipients>; Tue, 10 Apr 2012 13:56:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=fElM47FuFncv6UBiXHR3Dj4MgwXLI0iRMX2mQKu3mmk=; b=ixWH8J8mQXxc5Q72zIElcdkLTLuRNmllZ02BDN7oworjjoMfkAMAXGKu4ACvaHkgWe 1gEwWVV9gmVnFp5vVMrnKqswTY+49dyRRVuaN2Khxwn0svGDoS05hfVeOaSJmBFtTkz0 YkZwBXW8U2rTRb6JKxXEKZKyOggrg2N4OotoksXf4wNpu4kjiVM4vj4IBZHLsaB63vJA ejkD61q2njEMf3oh7/DPkmYyRNIkEmrGUsolCurPkSADCwy66DLRs71oQWWjHTelzumx PuPQhQXAaXy8C2RwUAL9pKq7wd5ZDN1CqGEBFX1j8kRkeGUEv7SgKltJwOk8LxWJjI2F gXAg==
MIME-Version: 1.0
Received: by 10.182.54.114 with SMTP id i18mr18335719obp.49.1334091414230; Tue, 10 Apr 2012 13:56:54 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.182.153.34 with HTTP; Tue, 10 Apr 2012 13:56:54 -0700 (PDT)
In-Reply-To: <4F8472A5.5000700@raszuk.net>
References: <D7A0423E5E193F40BE6E94126930C4930B96182E71@MBCLUSTER.xchange.nist.gov> <4F828D6D.10907@raszuk.net> <D7A0423E5E193F40BE6E94126930C4930B96C507DA@MBCLUSTER.xchange.nist.gov> <4F830E75.70606@raszuk.net> <24B20D14B2CD29478C8D5D6E9CBB29F60F6F1533@Hermes.columbia.ads.sparta.com> <4F832F5E.9030903@raszuk.net> <0BD03B75-CA3A-4CBA-BBF4-E2100AFA64E4@kumari.net> <4F846121.2050408@raszuk.net> <CAL9jLaYF-MW1cJ2n28BiV1mi+tpPS2ECKB2UxhFMQ=NXxbihCg@mail.gmail.com> <D7CF4F8F-AF93-43F2-BC0D-26E072307B4F@kumari.net> <4F8472A5.5000700@raszuk.net>
Date: Tue, 10 Apr 2012 16:56:54 -0400
X-Google-Sender-Auth: j6ngf-_FLcXWGSJxXO0unxwQWi4
Message-ID: <CAL9jLaYFqPLeedxycM_OmACJ+fa1_4AuY4hY_-6pueWs2w4prQ@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: robert@raszuk.net
Content-Type: text/plain; charset=ISO-8859-1
Cc: "idr@ietf.org List" <idr@ietf.org>, sidr@ietf.org
Subject: Re: [sidr] [Idr] No BGPSEC intradomain ?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2012 20:56:55 -0000

On Tue, Apr 10, 2012 at 1:49 PM, Robert Raszuk <robert@raszuk.net> wrote:
> In my view we should do all BGP processing based on "legacy" attributes and
> BGPSEC should be a hint to the local operator on how to treat the update.

i think that's the point of the current spec though... inbound updates
(on BGPSEC capable bgp sessions) which include BGPSEC information get
validated by the local router and 'colored' by route-map/policy as the
operator sees fit.
  route-map in-cust permit 10
    match bgpsec valid
    add community 2914:valid

this is the functionality you are asking for, yes?