I propose to add the following to section “Operational Recommendations”:
3.3. Information about Validity of a BGP Prefix Origin Not Available at
a Route-Server
In case information about the validity of a BGP prefix origin is not
available at the route-server (e.g., error in the ROA c
> I would like to come back to a solution that was discussed already: If
> the route-server is not able to perform the origin prefix validation
> the BGP community is not added to the BGP update. The BGP community is
> only added if the origin prefix validation could be executed.
>
> This solution
I would like to come back to a solution that was discussed already: If the
route-server is not able to perform the origin prefix validation the BGP
community is not added to the BGP update. The BGP community is only added if
the origin prefix validation could be executed.
This solution allows a
There was a quite similar discussion in 2013, for the thread see
https://mailarchive.ietf.org/arch/msg/sidr/zvSP_-iiEfu_acYInK5lOMnys5U
As far as I remember w/o a final conclusion (or the conclusion was
leave it as is).
Cheers
matthias
On Tue, 26 Apr 2016, Thomas King wrote:
> Hi all,
>
>
Hi all,
Following up on the discussion we had during the last IETF meeting I would like
to discuss with you how we proceed with the “Did not perform validation” value.
I think this value is very important and should be added to
ietf-sidr-origin-validation-signaling.
Best regards,
Thomas
__
Hi Sriram,
thanks for your feedback. I comment inline.
> On 28 Mar 2016, at 22:14, Sriram, Kotikalapudi (Fed)
> wrote:
>
> I read the draft. A few comments:
>
> 1. RPKI validation refers to checking cryptographic integrity of the RPKI
> objects such as certs, ROAs, etc.
> What you intend to
I read the draft. A few comments:
1. RPKI validation refers to checking cryptographic integrity of the RPKI
objects such as certs, ROAs, etc.
What you intend to signal from RS to peers is prefix-origin validation results
(RFC 6811).
s/RPKI validation results/ prefix-origin validation results/g