Re: [sidr] Comment on draft-ietf-sidr-roa-validation-05

Mon, 05 Apr 2010 00:34:18 -0700 

On 05/04/2010, at 1:22 PM, Sriram, Kotikalapudi wrote:

> Geoff:
> George:
> 
> Are you leaning towards an "Invalid" or "Unknown" for the decision
> when an AS set is found for the origin AS in an update?
> I think when we had a discussion on this topic long time ago,
> the thinking was that we should try to discourage the usage
> of AS sets. I am trying to figure if that meant calling the 
> update "Invaid" in this situation?
> 
> Sriram 
> 
> 


Hi,

Given that I am assuming that in the case of a route with an 
AS Set the origin AS is unable to be determined, then if a 
valid ROA exists where the address prefix in the route object 
"matches" the prefix in the ROA, then outcome of the validation 
operation would be "invalid" within the scope of the semantics 
of route object validation as specified in section 2 of the 
roa-validation  draft(*). And IF no valid ROA exists where the 
address prefix in the route object "matches" the prefix in the 
ROA, then outcome of the validation operation would be "unknown", 
again by application of the same pseudo-algorithm specified in 
that draft (*).


regards,

   Geoff



* to quote the draft:

    Route validation is defined by the following procedure:
      
      1.  Select all valid ROAs that include a ROAIPAddress value that
          either matches, or is a covering aggregate of, the address
          prefix in the route.

      2.  If the set of candidate ROAs is empty then the validation
          procedure stops with an outcome of "unknown".

      3.  If any of the selected ROAs has an asID value that matches the
          origin AS in the route, and the route object's address prefix
          matches a ROAIPAddress in the ROA (where "match" is defined as
          where the route object's address precisely matches the
          ROAIPAddress, or where the ROAIPAddress includes a maxLength
          element, and the route's address prefix is a more specific
          prefix of the ROAIPAddress, and the route's address prefix
          length value is less than or equal to the ROAIPAddress
          maxLength value) then the validation procedure stops with an
          outcome of "valid".

      4.  Otherwise, the validation procedure stops with an outcome of
          "invalid".


_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to