On 3/20/12 5:54 PM, "Robert Raszuk" <[email protected]> wrote:
>Hi Stephen, > >> pCount is a data element used to do two things. It provides a shorthand >> way for an AS to indicate that its ASN should be counted multiple times >> when computing path length. This replicates the capability that BGP >> already offers, through repeated insertion of one's own ASN, so it does >> not change the features/semantics of BGP. > >I have one clarifying question on the topic of pCount > 0. > >You are correct that the example you stated will address the typical >as-prepend case. > >However I am not clear how it will deal with "replace as-path" >functionality of BGP policies where operator can replace today any >arbitrary sequence of ASes in the AS_PATH with his own AS number. There >are some legitimate uses for this policy enhancement. > >Ref: http://goo.gl/xVToJ > > >Example for policy applied by AS 100: > >Incoming AS_PATH: 10, 20, 30, 35, 60 > >Policy: replace as-path '30 35' > >Outgoing AS_PATH: 100, 10, 20, 100, 100, 60 > > >Question: What would be the basic analogy of BGPSEC_Path_Signatures >attribute? Would we just see one new signature segment for AS 100 with >the pCount of 3 ? Can signature segments be just removed and replaced by >prepend analogy ? The forward/backward chaining of PATH_SIGs would prevent AS100 from doing this in a way that would validate ... Unless 100 had the private keys for 20 and 60 to patch up the chain. Dougm _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
