Here is the updated version of the examples. I made two main modifications to the previous one,
(a) The Certificate is 18 month (Jan 1, 2017 – July 1, 2018)
(b) The BGPSEC Attribute type which in the reference implementations is
currently for
Interoperability between the QuaggaSRx and BIRD bgpsec implementations set to
30 (0x1E) and needs to be defined by IANA (see bgpsec protocol draft).
I modified the values in the example to “**” and added an exclaimer.
Again, for better reading I attached the example as text/pdf in case the
formatting within the email gets
Messed up.
----example----example----example----
Topology:
AS(64496)----AS(65536)----AS(65537)
Prefix Announcement: AS(64496), 192.0.2.0/24
For this example the ECDSA algorithm was provided with a static k to
make the result deterministic.
The k used for all signature operations was taken from RFC 6979,
chapter A.2.5 “Signatures With SHA-256, message 'sample'”.
k = A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60
Keys of AS64496:
================
ski: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154
private key:
x = D8AA4DFBE2478F86E88A7451BF075565709C575AC1C136D081C540254CA440B9
public key:
Ux = 7391BABB92A0CB3BE10E59B19EBFFB214E04A91E0CBA1B139A7D38D90F77E55A
Uy = A05B8E695678E0FA16904B55D9D4F5C0DFC58895EE50BC4F75D205A25BD36FF5
Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013
--------------------------------------------------------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38655612 (0x24dd67c)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ROUTER-0000FBF0
Validity
Not Before: Jan 1 05:00:00 2017 GMT
Not After : Jul 1 05:00:00 2018 GMT
Subject: CN=ROUTER-0000FBF0
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:73:91:ba:bb:92:a0:cb:3b:e1:0e:59:b1:9e:bf:
fb:21:4e:04:a9:1e:0c:ba:1b:13:9a:7d:38:d9:0f:
77:e5:5a:a0:5b:8e:69:56:78:e0:fa:16:90:4b:55:
d9:d4:f5:c0:df:c5:88:95:ee:50:bc:4f:75:d2:05:
a2:5b:d3:6f:f5
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
AB:4D:91:0F:55:CA:E7:1A:21:5E:F3:CA:FE:3A:CC:45:B5:EE:C1:54
X509v3 Extended Key Usage:
1.3.6.1.5.5.7.3.30
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
64496
Routing Domain Identifiers:
inherit
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:07:b7:b4:6a:5f:a4:f1:cc:68:36:39:03:a4:83:
ec:7c:80:02:d2:f6:08:9d:46:b2:ec:2a:7b:e6:92:b3:6f:b1:
02:20:00:91:05:4a:a1:f5:b0:18:9d:27:24:e8:b4:22:fd:d1:
1c:f0:3d:b1:38:24:5d:64:29:35:28:8d:ee:0c:38:29
-----BEGIN CERTIFICATE-----
MIIBiDCCAS+gAwIBAgIEAk3WfDAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9ST1VU
RVItMDAwMEZCRjAwHhcNMTcwMTAxMDUwMDAwWhcNMTgwNzAxMDUwMDAwWjAaMRgw
FgYDVQQDDA9ST1VURVItMDAwMEZCRjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AARzkbq7kqDLO+EOWbGev/shTgSpHgy6GxOafTjZD3flWqBbjmlWeOD6FpBLVdnU
9cDfxYiV7lC8T3XSBaJb02/1o2MwYTALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFKtN
kQ9VyucaIV7zyv46zEW17sFUMBMGA1UdJQQMMAoGCCsGAQUFBwMeMB4GCCsGAQUF
BwEIAQH/BA8wDaAHMAUCAwD78KECBQAwCgYIKoZIzj0EAwIDRwAwRAIgB7e0al+k
8cxoNjkDpIPsfIAC0vYInUay7Cp75pKzb7ECIACRBUqh9bAYnSck6LQi/dEc8D2x
OCRdZCk1KI3uDDgp
-----END CERTIFICATE-----
Keys of AS(65636):
==================
ski: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC
private key:
x = 6CB2E931B112F24554BCDCAAFD9553A9519A9AF33C023B60846A21FC95583172
public key:
Ux = 28FC5FE9AFCF5F4CAB3F5F85CB212FC1E9D0E0DBEAEE425BD2F0D3175AA0E989
Uy = EA9B603E38F35FB329DF495641F2BA040F1C3AC6138307F257CBA6B8B588F41F
Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013
--------------------------------------------------------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3168189942 (0xbcd6bdf6)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ROUTER-0000FFFF
Validity
Not Before: Jan 1 05:00:00 2017 GMT
Not After : Jul 1 05:00:00 2018 GMT
Subject: CN=ROUTER-0000FFFF
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:28:fc:5f:e9:af:cf:5f:4c:ab:3f:5f:85:cb:21:
2f:c1:e9:d0:e0:db:ea:ee:42:5b:d2:f0:d3:17:5a:
a0:e9:89:ea:9b:60:3e:38:f3:5f:b3:29:df:49:56:
41:f2:ba:04:0f:1c:3a:c6:13:83:07:f2:57:cb:a6:
b8:b5:88:f4:1f
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
47:F2:3B:F1:AB:2F:8A:9D:26:86:4E:BB:D8:DF:27:11:C7:44:06:EC
X509v3 Extended Key Usage:
1.3.6.1.5.5.7.3.30
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
65535
Routing Domain Identifiers:
inherit
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:df:04:c5:17:04:d0:f2:b9:fa:f3:d9:6e:3f:
6f:a1:58:d8:fe:6c:18:e4:37:ca:19:7c:c8:75:40:57:6e:7e:
9d:02:20:12:45:e8:a8:58:6b:00:7b:e6:a9:0e:f2:b6:62:50:
4b:1c:01:6f:3b:41:11:69:88:30:73:9f:d7:02:9e:64:4f
-----BEGIN CERTIFICATE-----
MIIBijCCATCgAwIBAgIFALzWvfYwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPUk9V
VEVSLTAwMDBGRkZGMB4XDTE3MDEwMTA1MDAwMFoXDTE4MDcwMTA1MDAwMFowGjEY
MBYGA1UEAwwPUk9VVEVSLTAwMDBGRkZGMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEKPxf6a/PX0yrP1+FyyEvwenQ4Nvq7kJb0vDTF1qg6Ynqm2A+OPNfsynfSVZB
8roEDxw6xhODB/JXy6a4tYj0H6NjMGEwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRH
8jvxqy+KnSaGTrvY3ycRx0QG7DATBgNVHSUEDDAKBggrBgEFBQcDHjAeBggrBgEF
BQcBCAEB/wQPMA2gBzAFAgMA//+hAgUAMAoGCCqGSM49BAMCA0gAMEUCIQDfBMUX
BNDyufrz2W4/b6FY2P5sGOQ3yhl8yHVAV25+nQIgEkXoqFhrAHvmqQ7ytmJQSxwB
bztBEWmIMHOf1wKeZE8=
-----END CERTIFICATE-----
BGPSec Update from AS(65536) to AS(65537):
===========================================
Binary Form of BGPSec Update (TCP-DUMP):
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
01 00 02 00 00 00 E9 40 01 01 02 80 04 04 00 00
00 00 80 0E 0D 00 01 01 04 C6 33 64 64 00 18 C0
00 02 90 ** 00 CA 00 0E 01 00 00 01 00 00 01 00
00 00 FB F0 00 BC 01 47 F2 3B F1 AB 2F 8A 9D 26
86 4E BB D8 DF 27 11 C7 44 06 EC 00 46 30 44 02
20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D
C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2
7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB DB C8 A4
97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE 8D E6 D3
59 5F 41 AB 4D 91 0F 55 CA E7 1A 21 5E F3 CA FE
3A CC 45 B5 EE C1 54 00 47 30 45 02 20 72 14 BC
96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D
DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 21 00
C6 17 19 34 07 43 06 3B 8A 5C CD 54 16 39 0B 31
21 1D 3C 52 48 07 95 87 D0 13 13 7B 41 CD 23 E2
** To be replaced with one octet hex value specified by IANA for
the BGPSEC_PATH attribute.
Signature From AS(64496) to AS(65536):
---------------------------------------
Digest: 21 33 E5 CA A0 26 BE 07 3D 9C 1B 4E FE B9 B9 77
9F 20 F8 F5 DE 29 FA 98 40 00 9F 60
Signature: 30 45 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
D4 E6 F2 7C 02 21 00 C6 17 19 34 07 43 06 3B 8A
5C CD 54 16 39 0B 31 21 1D 3C 52 48 07 95 87 D0
13 13 7B 41 CD 23 E2
Signature From AS(65536) to AS(65537):
--------------------------------------
Digest: 46 4B 57 CE B1 2D 18 B0 FD 1A 1A 35 94 17 3A 4A
09 88 E5 F4 ED ED 2F 3D 83 08 5A A8
Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
D4 E6 F2 7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB
DB C8 A4 97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE
8D E6 D3 59 5F 41
The human readable output is produced using bgpsec-io, a bgpsec
traffic generator that uses a wireshark like printout.
Send Update Message
+--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+--length: 256
+--type: 2 (UPDATE)
+--withdrawn_routes_length: 0
+--total_path_attr_length: 233
+--ORIGIN: INCOMPLETE (4 bytes)
| +--Flags: 0x40 (Well-Known, Transitive, Complete)
| +--Type Code: ORIGIN (1)
| +--Length: 1 byte
| +--Origin: INCOMPLETE (1)
+--MULTI_EXIT_DISC (7 bytes)
| +--Flags: 0x80 (Optional, Complete)
| +--Type Code: MULTI_EXIT_DISC (4)
| +--Length: 4 bytes
| +--data: 00 00 00 00
+--MP_REACH_NLRI (16 bytes)
| +--Flags: 0x80 (Optional, Complete)
| +--Type Code: MP_REACH_NLRI (14)
| +--Length: 13 bytes
| +--data: 00 01 01 04 C6 33 64 64 00 18 C0 00 02
+--BGPSEC Path Attribute (206 bytes)
+--Flags: 0x90 (Optional, Complete, Extended Length)
+--Type Code: BGPSEC Path Attribute (**)
+--Length: 202 bytes
+--Secure Path (14 bytes)
| +--Length: 14 bytes
| +--Secure Path Segment: (6 bytes)
| | +--pCount: 1
| | +--Flags: 0
| | +--AS number: 65536 (1.0)
| +--Secure Path Segment: (6 bytes)
| +--pCount: 1
| +--Flags: 0
| +--AS number: 64496 (0.64496)
+--Signature Block (188 bytes)
+--Length: 188 bytes
+--Algo ID: 1
+--Signature Segment: (92 bytes)
| +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC
| +--Length: 70 bytes
| +--Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
| 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
| D4 E6 F2 7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB
| DB C8 A4 97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE
| 8D E6 D3 59 5F 41
+--Signature Segment: (93 bytes)
+--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154
+--Length: 71 bytes
+--Signature: 30 45 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
D4 E6 F2 7C 02 21 00 C6 17 19 34 07 43 06 3B 8A
5C CD 54 16 39 0B 31 21 1D 3C 52 48 07 95 87 D0
13 13 7B 41 CD 23 E2
** To be replaced with one octet hex value specified by IANA for
the BGPSEC_PATH attribute.
----example----example----example----
-------------------------------------------------------------
Oliver Borchert, Computer Scientist
National Institute of Standards and Technology
(Phone) 301.975.4856 , (Fax) 301.975.6238
draft-ietf-sidr-bgpsec-algs-examples-v2.pdf
Description: draft-ietf-sidr-bgpsec-algs-examples-v2.pdf
Topology:
AS(64496)----AS(65536)----AS(65537)
Prefix Announcement: AS(64496), 192.0.2.0/24
For this example, the ECDSA algorithm was provided with a static k to
make the result deterministic.
The k used for all signature operations was taken from RFC 6979,
chapter A.2.5 âSignatures With SHA-256, message 'sample'â.
k = A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60
Keys of AS64496:
================
ski: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154
private key:
x = D8AA4DFBE2478F86E88A7451BF075565709C575AC1C136D081C540254CA440B9
public key:
Ux = 7391BABB92A0CB3BE10E59B19EBFFB214E04A91E0CBA1B139A7D38D90F77E55A
Uy = A05B8E695678E0FA16904B55D9D4F5C0DFC58895EE50BC4F75D205A25BD36FF5
Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013
--------------------------------------------------------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38655612 (0x24dd67c)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ROUTER-0000FBF0
Validity
Not Before: Jan 1 05:00:00 2017 GMT
Not After : Jul 1 05:00:00 2018 GMT
Subject: CN=ROUTER-0000FBF0
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:73:91:ba:bb:92:a0:cb:3b:e1:0e:59:b1:9e:bf:
fb:21:4e:04:a9:1e:0c:ba:1b:13:9a:7d:38:d9:0f:
77:e5:5a:a0:5b:8e:69:56:78:e0:fa:16:90:4b:55:
d9:d4:f5:c0:df:c5:88:95:ee:50:bc:4f:75:d2:05:
a2:5b:d3:6f:f5
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
AB:4D:91:0F:55:CA:E7:1A:21:5E:F3:CA:FE:3A:CC:45:B5:EE:C1:54
X509v3 Extended Key Usage:
1.3.6.1.5.5.7.3.30
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
64496
Routing Domain Identifiers:
inherit
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:07:b7:b4:6a:5f:a4:f1:cc:68:36:39:03:a4:83:
ec:7c:80:02:d2:f6:08:9d:46:b2:ec:2a:7b:e6:92:b3:6f:b1:
02:20:00:91:05:4a:a1:f5:b0:18:9d:27:24:e8:b4:22:fd:d1:
1c:f0:3d:b1:38:24:5d:64:29:35:28:8d:ee:0c:38:29
-----BEGIN CERTIFICATE-----
MIIBiDCCAS+gAwIBAgIEAk3WfDAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9ST1VU
RVItMDAwMEZCRjAwHhcNMTcwMTAxMDUwMDAwWhcNMTgwNzAxMDUwMDAwWjAaMRgw
FgYDVQQDDA9ST1VURVItMDAwMEZCRjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AARzkbq7kqDLO+EOWbGev/shTgSpHgy6GxOafTjZD3flWqBbjmlWeOD6FpBLVdnU
9cDfxYiV7lC8T3XSBaJb02/1o2MwYTALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFKtN
kQ9VyucaIV7zyv46zEW17sFUMBMGA1UdJQQMMAoGCCsGAQUFBwMeMB4GCCsGAQUF
BwEIAQH/BA8wDaAHMAUCAwD78KECBQAwCgYIKoZIzj0EAwIDRwAwRAIgB7e0al+k
8cxoNjkDpIPsfIAC0vYInUay7Cp75pKzb7ECIACRBUqh9bAYnSck6LQi/dEc8D2x
OCRdZCk1KI3uDDgp
-----END CERTIFICATE-----
Keys of AS(65636):
==================
ski: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC
private key:
x = 6CB2E931B112F24554BCDCAAFD9553A9519A9AF33C023B60846A21FC95583172
public key:
Ux = 28FC5FE9AFCF5F4CAB3F5F85CB212FC1E9D0E0DBEAEE425BD2F0D3175AA0E989
Uy = EA9B603E38F35FB329DF495641F2BA040F1C3AC6138307F257CBA6B8B588F41F
Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013
--------------------------------------------------------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3168189942 (0xbcd6bdf6)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=ROUTER-0000FFFF
Validity
Not Before: Jan 1 05:00:00 2017 GMT
Not After : Jul 1 05:00:00 2018 GMT
Subject: CN=ROUTER-0000FFFF
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:28:fc:5f:e9:af:cf:5f:4c:ab:3f:5f:85:cb:21:
2f:c1:e9:d0:e0:db:ea:ee:42:5b:d2:f0:d3:17:5a:
a0:e9:89:ea:9b:60:3e:38:f3:5f:b3:29:df:49:56:
41:f2:ba:04:0f:1c:3a:c6:13:83:07:f2:57:cb:a6:
b8:b5:88:f4:1f
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
47:F2:3B:F1:AB:2F:8A:9D:26:86:4E:BB:D8:DF:27:11:C7:44:06:EC
X509v3 Extended Key Usage:
1.3.6.1.5.5.7.3.30
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
65535
Routing Domain Identifiers:
inherit
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:df:04:c5:17:04:d0:f2:b9:fa:f3:d9:6e:3f:
6f:a1:58:d8:fe:6c:18:e4:37:ca:19:7c:c8:75:40:57:6e:7e:
9d:02:20:12:45:e8:a8:58:6b:00:7b:e6:a9:0e:f2:b6:62:50:
4b:1c:01:6f:3b:41:11:69:88:30:73:9f:d7:02:9e:64:4f
-----BEGIN CERTIFICATE-----
MIIBijCCATCgAwIBAgIFALzWvfYwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPUk9V
VEVSLTAwMDBGRkZGMB4XDTE3MDEwMTA1MDAwMFoXDTE4MDcwMTA1MDAwMFowGjEY
MBYGA1UEAwwPUk9VVEVSLTAwMDBGRkZGMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEKPxf6a/PX0yrP1+FyyEvwenQ4Nvq7kJb0vDTF1qg6Ynqm2A+OPNfsynfSVZB
8roEDxw6xhODB/JXy6a4tYj0H6NjMGEwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRH
8jvxqy+KnSaGTrvY3ycRx0QG7DATBgNVHSUEDDAKBggrBgEFBQcDHjAeBggrBgEF
BQcBCAEB/wQPMA2gBzAFAgMA//+hAgUAMAoGCCqGSM49BAMCA0gAMEUCIQDfBMUX
BNDyufrz2W4/b6FY2P5sGOQ3yhl8yHVAV25+nQIgEkXoqFhrAHvmqQ7ytmJQSxwB
bztBEWmIMHOf1wKeZE8=
-----END CERTIFICATE-----
BGPSec Update from AS(65536) to AS(65537):
===========================================
Binary Form of BGPSec Update (TCP-DUMP):
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
01 00 02 00 00 00 E9 40 01 01 02 80 04 04 00 00
00 00 80 0E 0D 00 01 01 04 C6 33 64 64 00 18 C0
00 02 90 ** 00 CA 00 0E 01 00 00 01 00 00 01 00
00 00 FB F0 00 BC 01 47 F2 3B F1 AB 2F 8A 9D 26
86 4E BB D8 DF 27 11 C7 44 06 EC 00 46 30 44 02
20 72 14 BC 96 47 16 0B BD 39 FF 2F 80 53 3F 5D
C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2
7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB DB C8 A4
97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE 8D E6 D3
59 5F 41 AB 4D 91 0F 55 CA E7 1A 21 5E F3 CA FE
3A CC 45 B5 EE C1 54 00 47 30 45 02 20 72 14 BC
96 47 16 0B BD 39 FF 2F 80 53 3F 5D C6 DD D7 0D
DF 86 BB 81 56 61 E8 05 D5 D4 E6 F2 7C 02 21 00
C6 17 19 34 07 43 06 3B 8A 5C CD 54 16 39 0B 31
21 1D 3C 52 48 07 95 87 D0 13 13 7B 41 CD 23 E2
** To be replaced with one octet hex value specified by IANA for
the BGPSEC_PATH attribute.
Signature From AS(64496) to AS(65536):
---------------------------------------
Digest: 21 33 E5 CA A0 26 BE 07 3D 9C 1B 4E FE B9 B9 77
9F 20 F8 F5 DE 29 FA 98 40 00 9F 60
Signature: 30 45 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
D4 E6 F2 7C 02 21 00 C6 17 19 34 07 43 06 3B 8A
5C CD 54 16 39 0B 31 21 1D 3C 52 48 07 95 87 D0
13 13 7B 41 CD 23 E2
Signature From AS(65536) to AS(65537):
--------------------------------------
Digest: 46 4B 57 CE B1 2D 18 B0 FD 1A 1A 35 94 17 3A 4A
09 88 E5 F4 ED ED 2F 3D 83 08 5A A8
Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
D4 E6 F2 7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB
DB C8 A4 97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE
8D E6 D3 59 5F 41
The human readable output is produced using bgpsec-io, a bgpsec
traffic generator that uses a wireshark like printout.
Send Update Message
+--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+--length: 256
+--type: 2 (UPDATE)
+--withdrawn_routes_length: 0
+--total_path_attr_length: 233
+--ORIGIN: INCOMPLETE (4 bytes)
| +--Flags: 0x40 (Well-Known, Transitive, Complete)
| +--Type Code: ORIGIN (1)
| +--Length: 1 byte
| +--Origin: INCOMPLETE (1)
+--MULTI_EXIT_DISC (7 bytes)
| +--Flags: 0x80 (Optional, Complete)
| +--Type Code: MULTI_EXIT_DISC (4)
| +--Length: 4 bytes
| +--data: 00 00 00 00
+--MP_REACH_NLRI (16 bytes)
| +--Flags: 0x80 (Optional, Complete)
| +--Type Code: MP_REACH_NLRI (14)
| +--Length: 13 bytes
| +--data: 00 01 01 04 C6 33 64 64 00 18 C0 00 02
+--BGPSEC Path Attribute (206 bytes)
+--Flags: 0x90 (Optional, Complete, Extended Length)
+--Type Code: BGPSEC Path Attribute (**)
+--Length: 202 bytes
+--Secure Path (14 bytes)
| +--Length: 14 bytes
| +--Secure Path Segment: (6 bytes)
| | +--pCount: 1
| | +--Flags: 0
| | +--AS number: 65536 (1.0)
| +--Secure Path Segment: (6 bytes)
| +--pCount: 1
| +--Flags: 0
| +--AS number: 64496 (0.64496)
+--Signature Block (188 bytes)
+--Length: 188 bytes
+--Algo ID: 1
+--Signature Segment: (92 bytes)
| +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC
| +--Length: 70 bytes
| +--Signature: 30 44 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
| 53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
| D4 E6 F2 7C 02 20 2D DC 00 3C 64 BE 7B 29 C9 EB
| DB C8 A4 97 ED 66 28 5E E9 22 76 83 E6 C1 78 CE
| 8D E6 D3 59 5F 41
+--Signature Segment: (93 bytes)
+--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154
+--Length: 71 bytes
+--Signature: 30 45 02 20 72 14 BC 96 47 16 0B BD 39 FF 2F 80
53 3F 5D C6 DD D7 0D DF 86 BB 81 56 61 E8 05 D5
D4 E6 F2 7C 02 21 00 C6 17 19 34 07 43 06 3B 8A
5C CD 54 16 39 0B 31 21 1D 3C 52 48 07 95 87 D0
13 13 7B 41 CD 23 E2
** To be replaced with one octet hex value specified by IANA for
the BGPSEC_PATH attribute.
_______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
