Re: [sidr] [rpki] Some test results of ROA issuing for sharing
"Yu Fu" <fuyu@cnnic.cn> Fri, 25 September 2015 00:59 UTC
Return-Path: <fuyu@cnnic.cn>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 375C91B2FB5 for <sidr@ietfa.amsl.com>; Thu, 24 Sep 2015 17:59:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.713
X-Spam-Level:
X-Spam-Status: No, score=-0.713 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SnVTrT5a_SAS for <sidr@ietfa.amsl.com>; Thu, 24 Sep 2015 17:59:43 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id 211A61B2F6A for <sidr@ietf.org>; Thu, 24 Sep 2015 17:59:41 -0700 (PDT)
Received: from LIUXD (unknown [218.241.103.57]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0AJETl0nARWk7XjAA--.36655S3; Fri, 25 Sep 2015 08:59:32 +0800 (CST)
From: Yu Fu <fuyu@cnnic.cn>
To: 'Rob Austein' <sra@hactrn.net>
References: <000001d0f664$612dd320$23897960$@cn> <20150924035853.33CE01BAACCB@minas-ithil.hactrn.net>
In-Reply-To: <20150924035853.33CE01BAACCB@minas-ithil.hactrn.net>
Date: Fri, 25 Sep 2015 08:59:41 +0800
Message-ID: <001501d0f72d$75e3d980$61ab8c80$@cn>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdD2fWILTiRQc4YETgaUAeC38HRGMwAJbFRQ
Content-Language: zh-cn
X-CM-TRANSID: AQAAf0AJETl0nARWk7XjAA--.36655S3
X-Coremail-Antispam: 1UD129KBjvdXoWrKrWDuFykCrWfJrW3Jw43Jrb_yoWktwc_ur y2qasrG34Ykw1UJa15WF4fJrWrtayxGF18WFs5Wr43K3s3Aa1YkrZakr9F9a1fAayDK393 uw18Jw15Zw4agjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUb2xYjsxI4VWDJwAYFVCjjxCrM7AC8VAFwI0_Jr0_Gr1l1xkIjI8I 6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM2 8CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVW8JVW5JwA2z4x0Y4vE2Ix0 cI8IcVCY1x0267AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIE14v26r4UJVWxJr1l84ACjcxK6I 8E87Iv6xkF7I0E14v26r4UJVWxJr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xv F2IEw4CE5I8CrVC2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r 4UMcvjeVCFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwCY02Avz4vE14v_twCF04k2 0xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI 8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jrv_JF1lIxkGc2Ij64vIr41l IxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIx AIcVCF04k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2 z280aVCY1x0267AKxVWUJVW8JbIYCTnIWIevJa73UjIFyTuYvjxUxK0PDUUUU
X-CM-SenderInfo: pix13q5fqqxugofq/
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/tkF4tG3t5YrC-zlmA0MJh1Rh4Rk>
Cc: rpki@rpki.net, sidr@ietf.org
Subject: Re: [sidr] [rpki] Some test results of ROA issuing for sharing
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2015 00:59:45 -0000
Hi Rob If the command of load_roa_requests works like as you described, I have one other question. It would have problems with the load_roa_requests command in the case as below : We have issued ROA1 for AS1-> IP Prefix1 five minutes ago. Then we want to issue ROA2 for AS1-> IP Prefix2. As you described below, we need to include ROA1 in the new set when we are issuing the ROA2. But AS1 has not been authorized to announce IP prefix2. So we are failed to issue the ROA2. And the ROA1 are also failed for issuing as together with the ROA2. This will be a mistake for this use case. BR Yu -----Original Message----- From: Rob Austein [mailto:sra@hactrn.net] Sent: Thursday, September 24, 2015 11:59 AM To: Yu Fu Cc: rpki@rpki.net Subject: Re: [rpki] [sidr] Some test results of ROA issuing for sharing I think you misunderstood how the load_roa_requests command works. It REPLACES the set of ROA requests with a new set. If you want to keep an existing ROA in the set, you have to include it in the new set. Putting it another way: the way you would tell rpkic that you want to delete all your roas would be to load_roa_requests /dev/null. So, as I can tell from your report, the code is working as designed.