Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-validate-02.txt
Roque Gagliano <rogaglia@cisco.com> Wed, 27 July 2011 21:46 UTC
Return-Path: <rogaglia@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31F3911E813C for <sidr@ietfa.amsl.com>; Wed, 27 Jul 2011 14:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wr92Fpyf8ofr for <sidr@ietfa.amsl.com>; Wed, 27 Jul 2011 14:46:20 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 0286711E8082 for <sidr@ietf.org>; Wed, 27 Jul 2011 14:46:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=rogaglia@cisco.com; l=16805; q=dns/txt; s=iport; t=1311803180; x=1313012780; h=subject:mime-version:from:in-reply-to:date:cc:message-id: references:to; bh=tGFhYZN3vDpgp3Sv1XRHd0YvcFuVwD/gzCi5P/Foyig=; b=Badwda9IFCFm0U2ifjG6yv+WkQkkSqs/uahwmA7CVX+9/vHIrTPhBww6 p0oObqKI2t3qA5mZeGxUq7mqTbLRThlL9Ul3P/G0hzElWaoBxRk1q3w/L rdFUN7PwoB+Y0SNlsLZY/uprlbrns3t6uqGoM0r2GGtbQCIvPgNBt1AB1 g=;
X-Files: smime.p7s : 4389
X-IronPort-AV: E=Sophos; i="4.67,278,1309737600"; d="p7s'?scan'208,217"; a="7154183"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by rcdn-iport-8.cisco.com with ESMTP; 27 Jul 2011 21:46:19 +0000
Received: from [10.21.75.101] ([10.21.75.101]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id p6RLkIVT031925; Wed, 27 Jul 2011 21:46:18 GMT
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/signed; boundary="Apple-Mail-25-636012704"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Roque Gagliano <rogaglia@cisco.com>
In-Reply-To: <39DD9BDD-C1A8-43B3-9A69-CA8DB1E3E685@cisco.com>
Date: Wed, 27 Jul 2011 17:46:17 -0400
Message-Id: <AE4B4C50-C4CE-48A2-9AA4-D81F5CA88735@cisco.com>
References: <20110711215154.14120.98609.idtracker@ietfa.amsl.com> <DD9DA398-4853-4F2D-8CA7-A7C58B5E26F3@cisco.com> <39DD9BDD-C1A8-43B3-9A69-CA8DB1E3E685@cisco.com>
To: Pradosh Mohapatra <pmohapat@cisco.com>
X-Mailer: Apple Mail (2.1084)
Cc: "sidr@ietf.org wg" <sidr@ietf.org>
Subject: Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-validate-02.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2011 21:46:21 -0000
Hi Pradosh,
I read the document and I think it is in great shape. I found some nits and have some comments.
Roque
General Comment:
" Depending on the lookup result, we define a property for each route,
called the "validity state". It can assume the values "valid", "not
found", or "invalid"."
You may want to consider calling it "Origin AS validity state" to distinguish it from the validity state in BGPSEC ("valid" and "invalid").
Section 1:
p2: s/verifyable/verifiable
Section 2:
"An AS can originate more than one
prefix set. Thus, multiple prefix sets in the database can contain
the same origin AS(es)."
I believe you also need to mention that in the table there may be "multi-origin prefixes". Geoff report identifies 2400 but you may find more in local/regional environments (http://bgp.potaroo.net/as6447/report.txt).
Section 5:
p5:
I believe you should reference draft-ietf-sidr-origin-validation-signaling-00
Security Consideration:
I think you need to consider what you already mentioned in section 4, if the connectivity to the local-caches is lost, invalid routes will be classified as "not-found", which could have a different set of local policies.
>
>
>
> n Jul 11, 2011, at 7:24 PM, Pradosh Mohapatra wrote:
>
>> FYI... This version addresses comments from Geoff (put a reference to ietf-sidr-origin-ops + some word-smithing). Would appreciate another review.
>>
>> - Pradosh
>>
>>> A URL for this Internet-Draft is:
>>> http://www.ietf.org/internet-drafts/draft-ietf-sidr-pfx-validate-02.txt
>>
>>
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
>
- [sidr] I-D Action: draft-ietf-sidr-pfx-validate-0… internet-drafts
- [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-valid… Pradosh Mohapatra
- Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-v… Randy Bush
- Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-v… Roque Gagliano
- Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-v… Pradosh Mohapatra
- Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-v… Roque Gagliano
- Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-v… Pradosh Mohapatra
- Re: [sidr] Fwd: I-D Action: draft-ietf-sidr-pfx-v… Roque Gagliano