On Sat, Nov 12, 2011 at 8:40 PM, Randy Bush wrote:
> in a separate message, i think it was
> you who is proposing a protocol spec change/refinement. this thread is
> about the ops, not protocol, doc. i am hoping protocol geeks will have
> enough coffee soon that they can discuss.
Yep - while it
> BGPsec from the announcer, transitively, can only be done with a
> public ASN.
someone is gonna ask for a 1918 cloud and have their own trust anchor
if it connects to the public network, yes, something is gonna have to
get that private stuff off there. in a separate message, i think it was
you
On Sat, Nov 12, 2011 at 7:45 PM, George, Wes wrote:
>> From: Randy Bush [mailto:ra...@psg.com]
>> Sent: Saturday, November 12, 2011 9:58 AM
>> To: George, Wes
>> Cc: sidr wg list
>> Subject: Re: various
>>
>> > Do you or do you not agree that on the transition between private ASN
>> > and public,
> Think just bog-standard, vanilla eBGP, with two BGPSec speakers, one
> of whom is using a private ASN, announcing routes that must be carried
> to the DFZ. Make more sense now as to why I'm making the distinction
> between private and public ASN?
yep. so we are on a completely separate, though
> From: Randy Bush [mailto:ra...@psg.com]
> Sent: Saturday, November 12, 2011 9:58 AM
> To: George, Wes
> Cc: sidr wg list
> Subject: Re: various
>
> > Do you or do you not agree that on the transition between private ASN
> > and public, if remove-private is configured, any signatures
> containing
In the case of confederations, and presuming BGPSEC is used among the
confederation members,
it should be the case that upon entry to the confederation, the "TO"
ASN of the sender's signature
is the AS Confederation Identifier, i.e. the externally visible ASN as
which the confederation appears
to i
> Do you or do you not agree that on the transition between private ASN
> and public, if remove-private is configured, any signatures containing
> private ASN must be removed even if the eBGP peer is BGPSec capable?
with the statement as is, if it is a private asn or a public asn, it is
not signin
On Nov 11, 2011, at 10:40 PM, Randy Bush wrote:
> draft-ietf-sidr-bgpsec-ops-02
>
> To prevent exposure of the internals of BGP Confederations [RFC5065],
> a BGPsec speaker which is a Member-AS of a Confederation MUST NOT not
> sign updates sent to another Member-AS of the same Confederati
> From: Randy Bush [mailto:ra...@psg.com]
> Sent: Saturday, November 12, 2011 5:45 AM
> To: George, Wes
> Cc: sidr wg list
> Subject: Re: various
>
> > "However, signed updates received from BGPSec speakers outside of the
> > confederation (i.e. those transiting the confederation ASes) MUST be
> >
> "However, signed updates received from BGPSec speakers outside of the
> confederation (i.e. those transiting the confederation ASes) MUST be
> passed to the other Member-ASes BGPSec speakers intact.
nope. you could decide to strip toward one or more confed peers which
are not bgpsec capable. y
> From: Randy Bush [mailto:ra...@psg.com]
>
> the statement attempts to very clearly apply ONLY to two members of the
> confed speaking to each other, period. if it is not clearly restricted
> to that case, please say how it could be reworded to more clearly be so
> restricted.
>
> ( i should be a
>> draft-ietf-sidr-bgpsec-ops-02
>>
>>To prevent exposure of the internals of BGP Confederations [RFC5065],
>>a BGPsec speaker which is a Member-AS of a Confederation MUST NOT
>>sign updates sent to another Member-AS of the same Confederation.
>
> [WEG] does that mean that routes using
> From: Randy Bush [mailto:ra...@psg.com]
> Sent: Friday, November 11, 2011 10:41 PM
> To: George, Wes
> Cc: sidr wg list
> Subject: various
>
> draft-ietf-sidr-bgpsec-ops-02
>
>To prevent exposure of the internals of BGP Confederations
> [RFC5065],
>a BGPsec speaker which is a Member-AS of
to two of your comments, in my unpublished edit buffers
draft-ietf-sidr-bgpsec-ops-02
To prevent exposure of the internals of BGP Confederations [RFC5065],
a BGPsec speaker which is a Member-AS of a Confederation MUST NOT not
sign updates sent to another Member-AS of the same Confederati
14 matches
Mail list logo
