On 4/9/12 1:22 PM, "Robert Raszuk" <[email protected]> wrote:
>Hi Sandy, > >> There is no reverse direction. > >What do you mean there is no reverse direction ? > >Sriram said: > >"When the update is to leave a BGPSEC island to go to a BGP-4 only AS, >then the Secure Path is easily converted to BGP-4 AS_PATH at the edge of >the BGPSEC island." > >That means that there is EBGP peering at the two ASes which on one side >supports BGPSEC on the other does not. Right. BGPSEC doesn't support partially signed PATHS. Thus a update either starts off signed, or it is not signed at all. You can take a signed path, strip the PATH-SIG, reconstruct the AS-PATH and transmit it to a non-BGPSEC speaker. But from that point on, the PATH remains unsigned. A path that starts off unsigned, will always remain unsigned. Dougm _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
