...
A provider may wish to override validated RPKI data for their own purposes.
While not explicitly a SIDR-driven requirement, this was discussed multiple
times as a requirement during the original RPSEC work.
A specific proposal for how to locally override the RPKI structure as
retrieved for
Bill,
On Thu, Aug 05, 2010 at 10:50:42AM +, bmann...@vacation.karoshi.com wrote:
> On Thu, Aug 05, 2010 at 12:28:12PM +0200, Randy Bush wrote:
> > > Answer the second paragraph in the context of *unedited cache
> > > consistency*
> >
> > givem the rpki operational structure, it would be deli
>> givem the rpki operational structure, it would be deliciously wonderful
>> if you could describe how multiple gathered caches thereof can be
>> consistent.
> consistent with what exactly?
as no other entities were mentioned, it would be safe to assume
eachother.
> i would hope/expect that the
On Thu, Aug 05, 2010 at 12:28:12PM +0200, Randy Bush wrote:
> > Answer the second paragraph in the context of *unedited cache
> > consistency*
>
> givem the rpki operational structure, it would be deliciously wonderful
> if you could describe how multiple gathered caches thereof can be
> consiste
> Answer the second paragraph in the context of *unedited cache
> consistency*
givem the rpki operational structure, it would be deliciously wonderful
if you could describe how multiple gathered caches thereof can be
consistent.
anxiously awaiting your design.
randy
On Wed, Aug 04, 2010 at 10:29:40PM +0200, Randy Bush wrote:
> this document is not about how, why, and under what policies you get
> whatever you get into whatever cache(s) you trust.
Ignore policy. Answer the second paragraph in the context of *unedited
cache consistency* from the same mail you
> I think you have chosen to take the word policy and apply it in the
> route filtering sense rather than my intended RPKI sense. Please insert
> whatever word you want to use that directs my use of which objects from the
> RPKI I choose to be permitted for validation purposes. The simplest examp
On Wed, Aug 04, 2010 at 03:41:17PM -0400, Rob Austein wrote:
> > A provider may wish to override validated RPKI data for their own purposes.
> > While not explicitly a SIDR-driven requirement, this was discussed multiple
> > times as a requirement during the original RPSEC work.
>
> What RPSEC did
> At this point, the deployment model that appears to be documented
> (Section 8) seems to presume that it's okay to have inconsistent RPKI
> policy within a provider. If everyone is cool with that, we're done.
there is no rpki policy in this document. hence such policies can not
be inconsistent
On Wed, Aug 04, 2010 at 08:37:07PM +0200, Randy Bush wrote:
> there are no redundantly configured caches.
: 7. Router-Cache Set-Up
: [...]
:A router may be configured to peer with a selection of caches
> there are no database version numbers.
That was my proposal and not my assertion that yo
Last message for a bit, as I do have other things I need to do today.
At Wed, 4 Aug 2010 19:02:09 +, Jeffrey Haas wrote:
>
> Let me attempt to correct my incorrect verbiage. It's been a while since
> I've read the -arch document.
>
> -arch notes that a provider must maintain a Local Cache.
To amend my last post:
On Wed, Aug 04, 2010 at 07:02:09PM +, Jeffrey Haas wrote:
> Implementation/Deployment models:
> 1. The Local Cache with resulting routing origin policy and the rpki-router
> protocol server are in the same box.
>
> In this model, the provider will likely have to deploy
On Wed, Aug 04, 2010 at 02:06:53PM -0400, Rob Austein wrote:
> At Wed, 4 Aug 2010 17:44:24 +, Jeffrey Haas wrote:
> >
> > My concern is that if a cache is out of step with the policy server
> > that is used to populate that cache.
>
> This description makes no sense in the context of the curr
>>> The use-case I have in mind is that a given provider may have a number of
>>> cache servers deployed within their network. A given router may wish to
>>> have a session with two servers for redundancy purposes.
>>
>> do not do it
>
> It seems odd for you of all people, Randy, to want a featu
> The issue is less a matter of being in lock-step between a pair of
> caches. My concern is that if a cache is out of step with the policy
> server that is used to populate that cache.
i have no idea what a policy server is.
> What I had in mind was a simple message from the cache server noting
At Wed, 4 Aug 2010 17:44:24 +, Jeffrey Haas wrote:
>
> My concern is that if a cache is out of step with the policy server
> that is used to populate that cache.
This description makes no sense in the context of the current protocol
and implementations. You've introduced an independent eleme
Rob,
Thanks for a clearer answer than Randy's.
On Wed, Aug 04, 2010 at 01:08:08PM -0400, Rob Austein wrote:
> If it really cares whether the caches are exactly in sync, it could
> compare the results, but I doubt that doing so would be particularly
> useful. This protocol is presenting a live v
To remove any confusion caused by the apparent contradiction between
the answers that Randy and I gave:
- It's ok to have connections open to more than one cache server at a
time, but if you're going to do that, you have to buffer the results
for each cache separately.
- It's -not- ok to -use
At Wed, 4 Aug 2010 15:33:22 +, Jeffrey Haas wrote:
>
> Could the authors comment on the expected behavior of a single router with a
> pair of sessions to cache servers operated by the same provider which
> implement the same RPKI policy?
>
> The use-case I have in mind is that a given provide
On Wed, Aug 04, 2010 at 06:49:16PM +0200, Randy Bush wrote:
> > The use-case I have in mind is that a given provider may have a number of
> > cache servers deployed within their network. A given router may wish to
> > have a session with two servers for redundancy purposes.
>
> do not do it
It s
> Could the authors comment on the expected behavior of a single router with a
> pair of sessions to cache servers operated by the same provider which
> implement the same RPKI policy?
yes. do not do it.
> The use-case I have in mind is that a given provider may have a number of
> cache servers
Could the authors comment on the expected behavior of a single router with a
pair of sessions to cache servers operated by the same provider which
implement the same RPKI policy?
The use-case I have in mind is that a given provider may have a number of
cache servers deployed within their network.
22 matches
Mail list logo
