On 2015-03-17 14:29, George, Wes wrote:
This
may be as simple as recommending that in the case where data from
multiple
caches is held and specific entries conflict with one another, there
SHOULD be an odd number of caches so that there is basis for
comparison to
determine which cache is out of sync or providing incorrect info.
(i.e.
Have 3 so that you can go with the 2/3 that agree)
Are you suggesting comparison of all the data from each single cache as
an atomic entity, or comparison of individual IPvX and Router Key PDUs?
If the former, then I think that would work fine as long as a majority
(or maybe even a plurality) of the caches has the exact same data. But
what does the router do if this is not the case? If the caches all
download from the RPKI at different times, then I would expect it to be
common for no two caches to have the same data.
If the latter, then the semantics depend heavily on exactly how the
comparison is done. Lets say a CA simultaneously issues one ROA for {AS
65536, 10.0.0.0/8} and another for {AS 65537, 10.0.0.0/8}. Some of the
caches see the publication point before both ROAs are issued; some see
the pub point after both ROAs are issued and published. Can you
guarantee that the voting mechanism will always result in either both
ROA payloads, or neither, being used? (If a router ends up using one but
not the other, then a previously unknown route becomes invalid.)
--
David Eric Mandelberg / dseomn
http://david.mandelberg.org/
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
