Hi Grégory,
> tend to limit the scope of such messages only to information
> pertaining to the neighbouring AS (ie the prefixes it originates
> and maybe in the future the AS_PATH its has signed, and not the
> prefixes signed by a 5-hop-far AS).
This is actually a very useful idea reg the scoping of what given peer
should get as part of this diagnostic message.
We will incorporate this to make sure that implementations do allow to
configure such scope.
Many thx,
R.
Le 31/03/2011 13:22, Randy Bush a écrit :
[ let's try again ]
I don't want to shut the door completely, I like having a choice.
you have the choice. i hope all my competitors accept invalid routes
As a provider I have the same point of view as Randy. But then when we
talk about first deployments, it can be harmful to reject UPDATE
messages because there is some problem with the signature of the prefix
in a legitimate announcement.
That's where the draft on security state diagnostic message by Alvaro
and Robert can be interesting in debugging such cases. However, I will
tend to limit the scope of such messages only to information pertaining
to the neighbouring AS (ie the prefixes it originates and maybe in the
future the AS_PATH its has signed, and not the prefixes signed by a
5-hop-far AS).
Greg
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
