WG Chair hat off
On 08/10/2008, at 8:02 AM, Brian Dickson wrote:
Geoff Huston wrote:
WG Chair Hat Off
On 08/10/2008, at 7:05 AM, Brian Dickson wrote:
(Sorry in advance - long post ahead. Please read, however, when
you have
time, everyone. There's some valuable operator input here.)
Brian when I read your post I was reading it with the following
example in mind
ROA1
10.0.0.0/16, maxlength=18, 10.1.0.0/16, maxlength=18, EE
Cert=10.0.0.0/15
and
ROA2
10.0.0.0/15 minlength=16, maxlength=18, EE Cert=10.0.0.0/15
Now as far as I can tell these are equivalent ROAs, yes?
Yeeeeeees. However, my reading of the drafts suggest that the EE Cert
needs to exactly match the ROA.
Is that the case for ROA1?
My apologies for the misunderstanging here - in the flurry of mail
traffic on this list there was the proposal to change the "exactly
match" text to "encompass"
"Yes, if the text in section 3, step 3 of the draft was altered to use
the term "encompass" such that the IP addresses prefixes in that
extension encompasses the IP prefix(es) in the ROA I would agree that
would be a suitable resolution."
In my head in working through your example I had assumed that this was
already the case.
(The reasoning here is that EE certs DO have a canonical
representation, and 10.0.0.0/16, 10.1.0.0/16 must be expressed in a
canonical form in the cert as 10.0.0.0/15 - for this reason
"encompass" is a reasonable resolution
Now what, in your examples could be expressed using ROA1 that chould
not be expressed using ROA2, and vice versa? The reason why I ask the
question was that in my readon of your post I saw nothing that helped
me distinguish between these cases.
For the small example above, there is no difference. But that example
is, in some respects, a "straw man"...
The problem is when you get into things like:
10.0.0.0/16, minlength=24, maxlength=24
or
10.0.0.0/12, minlength=21, maxlength=29
or
2001:foo::/48 minlength=56, maxlength=126
(Enumeration in binary systems doesn't scale well.)
Again, however this is an enumeration issue rather than a difference
in semantics.
I can think of environments where this kind of thing might be desired,
if not outright required.
MPLS BGP VPNs, or virtual machine environments (EC2), among others.
Even if we're not necessarily designing this for use in anything other
than the DFZ Internet, I don't see strong disincentive to designing
flexibility into the system, to support other uses.
I'm not arguing for or against this - I'm attempting to understand the
precise nature of the difference.
Its my understanding so far that the two representations are
isomorphic - nothing expressible in one notation is inexpressible in
the other. The only difference _as far as I can see_ lies in the size
of the ROA in expressing sets of prefixes, and as far as I can see a
set of conjoined prefixes with the same maximal length constraint
would have a more compact representation with a min length parameter.
Or am I missing something still in my understanding of this?
regards,
Geoff
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
