From 092c4bcbec4b5c133a409890883d4ae512406017 Mon Sep 17 00:00:00 2001 From: Randy Bush Date: Wed, 9 Apr 2025 11:11:35 -0700 Subject: [PATCH] added secion on merging updates -17 published --- draft-ietf-sidrops-8210bis.xml | 80 +++++++++++++++++++++++++--------- 1 file changed, 59 insertions(+), 21 deletions(-) diff --git a/draft-ietf-sidrops-8210bis.xml b/draft-ietf-sidrops-8210bis.xml index e62b382..939f394 100644 --- a/draft-ietf-sidrops-8210bis.xml +++ b/draft-ietf-sidrops-8210bis.xml @@ -8,7 +8,7 @@ - @@ -728,14 +728,6 @@ The lowest-order bit of the Flags field is 1 for an announcement and 0 for a withdrawal. - In the RPKI, there is an actual need for what might appear to a router as identical IPvX PDUs. This can occur when an @@ -748,12 +740,17 @@ The cache server MUST ensure that it has told the router - client to have one and only one IPvX PDU for a unique {Prefix, + client to have one and only one IPvX VRP for a unique {Prefix, Len, Max-Len, AS} at any one point in time. Should the - router client receive an IPvX PDU with a {Prefix, Len, + router client receive an IPvX VRP with a {Prefix, Len, Max-Len, AS} identical to one it already has active, it SHOULD raise a Duplicate Announcement Received error. + + The cache MUST merge announce/withdraw ROAs for the same + {Prefix, Len, Max-Len, AS} into the minimal (or no) VRP to + update the router to to the desired state. +
@@ -1471,7 +1468,8 @@ Cache Router (e.g. the peer advertised a TCP RCV.WND of zero) for longer than three times the Retry Interval (a la BGP's hold timer being three times the - keepalive interval), the transport session should be terminated. + keepalive interval), an Error PDU 10, Transport Failure, should + be sent and the transport session should be terminated. A cache SHOULD NOT use a separate TCP segment for each PDU, but @@ -1753,14 +1751,15 @@ Cache Router For some prefix P, an operator may create two or more ROAs - with different ASes because they are in the process of changing - what provider AS may announce P. This is a case of "make - before break." If a cache is feeding a router and sends the - one not yet in service a significant time before sending the - one currently in service, then BGP data could be marked + with different ASes because they are in the process of + changing what provider AS may announce P. This is a case of + "make before break." If a cache is feeding a router and sends + the one not yet in service a significant time before sending + the one currently in service, then BGP data could be marked invalid during the interval. To minimize that interval, the - cache SHOULD announce all ROAs for the same prefix as close to - sequentially as possible. + cache SHOULD announce all VRPs for the same prefix as close to + sequentially as possible, and announce new VRPs for a prefix + before any withdraws, If an operator has created a ROA for P0, and another operator @@ -1772,6 +1771,11 @@ Cache Router the case of withdrawals, the cache SHOULD withdraw covering prefixes before their sub-prefixes. + + To minimize risk of inadvertent marking of BGP data as + invalid, a prefix PDU for prefix P which has an AS of 0, + SHOULD be sent after all other prefix PDUs for prefix P. + In order to further mitigate such race conditions, a router MAY @@ -1786,7 +1790,36 @@ Cache Router
-