On Wed, Mar 21, 2012 at 7:46 AM, Russ White <[email protected]> wrote: > >> i don't think the case you outline is one of actually telling the >> remote-as that the path doesn't exist because of policy. the /fact of >> policy/ can be inferred, and I outlined 3 (or more) places you could >> infer at D that there was some policy decision happening. I don't >> think it's at all clear that you can determine where that policy >> removed the path though. > > If the advertisement is passed on by the intermediate AS (in this case, > E), then you're telling the remote AS that path shouldn't exist --this > is carrying policy within the protocol.
your example: So, just to ask... Suppose you have this: A---B---C---D | | +---E---+ "A sends an advertisement to B, B sends it to C, but B does not send it to E. Your argument is that BGPSEC prevents D from using the path through E by including in the update a series of signatures." You state that the path isn't known to E, so he can't possibly send along something he doesn't know. Did I mis-read your example? "A sends to B, B sends to C but NOT E ... D sees only 1 path: C->B->A" I don't see this putting policy in BGP, I don't think anyone has stated that you should send along alternate path info with: "Hey, but don't use this" bits set. Did someone say that? -chris _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
