> BGPSEC is not a new *routing* feature. It is protections for existing
> routing features. BGPSEC eliminates certain *bad* routing behavior,
> but it should not create *new* routing features.
>
> The ability to restrict where a receiver can propagate an update is
> not presently BGP behavior. Brand new routing behavior. That's the
> difference.
So, just to ask... Suppose you have this:
A---B---C---D
| |
+---E---+
A sends an advertisement to B, B sends it to C, but B does not send it
to E. Your argument is that BGPSEC prevents D from using the path
through E by including in the update a series of signatures.
Correct? So:
1. The existence of the link from B to E is a fact within the topology
shown.
2. Choosing not to use that link is an expression of policy, and a
policy that cannot be expressed within BGP itself (on the wire protocol
wise) today. Today, in other words, there is no way for B to communicate
to D what it's policy is in regards to receiving transit traffic through
E from D.
3. So the ability to remove the B to E link from the possible paths
available to reach A, enforcable by D, is actually a new feature in BGP.
The signatures suggested will actually provide D with information about
B's policy towards E --something which is not currently carried in BGP.
Hence BGPSEC is a new feature in BGP, and should be treated as such.
Russ
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
