further clarification of Session ID
This commit is contained in:
parent
175b66f818
commit
3fd0154d5a
1 changed files with 36 additions and 29 deletions
|
|
@ -8,7 +8,7 @@
|
|||
<?rfc compact="yes"?>
|
||||
<?rfc subcompact="no"?>
|
||||
|
||||
<rfc category="std" docName="draft-ietf-sidrops-8210bis-173"
|
||||
<rfc category="std" docName="draft-ietf-sidrops-8210bis-17"
|
||||
submissionType="IETF" ipr="trust200902" version="2" consensus="yes">
|
||||
|
||||
<front>
|
||||
|
|
@ -46,9 +46,9 @@
|
|||
In order to validate the origin Autonomous Systems (ASes) and
|
||||
Autonomous System relationships behind BGP announcements,
|
||||
routers need a simple but reliable mechanism to receive Resource
|
||||
Public Key Infrastructure (RFC6480) prefix origin data and
|
||||
Router Keys from a trusted cache. This document describes a
|
||||
protocol to deliver them.
|
||||
Public Key Infrastructure (RFC6480) prefix origin data, Router
|
||||
Keys, and ASPA data from a trusted cache. This document
|
||||
describes a protocol to deliver them.
|
||||
</t>
|
||||
<t>
|
||||
This document describes version 2 of the RPKI-Router protocol.
|
||||
|
|
@ -68,10 +68,11 @@
|
|||
(ASes) and AS paths of BGP announcements, routers need a simple
|
||||
but reliable mechanism to receive cryptographically validated
|
||||
Resource Public Key Infrastructure (RPKI) <xref
|
||||
target="RFC6480"/> prefix origin data and Router Keys from a
|
||||
trusted cache. This document describes a protocol to deliver
|
||||
them. The design is intentionally constrained to be usable on
|
||||
much of the current generation of ISP router platforms.
|
||||
target="RFC6480"/> prefix origin data, Router Keys, and ASPA
|
||||
data from a trusted cache. This document describes a protocol
|
||||
to deliver them. The design is intentionally constrained to be
|
||||
usable on much of the current generation of ISP router
|
||||
platforms.
|
||||
</t>
|
||||
|
||||
<t>
|
||||
|
|
@ -193,12 +194,15 @@
|
|||
cache server.
|
||||
</t>
|
||||
<t hangText="Session ID:">
|
||||
When a cache server is started, it generates a Session ID
|
||||
to uniquely identify the instance of the cache and
|
||||
to bind it to the sequence of Serial Numbers that cache
|
||||
instance will generate. This allows the router to restart a
|
||||
session knowing that the Serial Number it is using is
|
||||
commensurate with that of the cache.
|
||||
When a cache server starts a new Sequence Number space,
|
||||
(which might be caused by, for example, restart with loss of
|
||||
data) it generates a new Session ID to uniquely identify the
|
||||
instance of the cache and to bind it to the sequence of
|
||||
Serial Numbers that the cache instance generates. This
|
||||
allows a router to resume a session after a transport
|
||||
connection failure without invalidating the router's data
|
||||
store; as it is assured that the Serial Numbers it uses are
|
||||
commensurate with those of the cache.
|
||||
</t>
|
||||
<t hangText="Payload PDU:">
|
||||
A payload PDU is a protocol message which contains data for
|
||||
|
|
@ -353,20 +357,20 @@
|
|||
update from a parent cache or the Global RPKI.
|
||||
</t>
|
||||
<t hangText="Session ID:">
|
||||
A 16-bit unsigned integer.
|
||||
When a cache server is started, it generates a Session
|
||||
ID to identify the instance of the cache and to bind it
|
||||
to the sequence of Serial Numbers that cache instance
|
||||
will generate. This allows the router to restart a
|
||||
failed session knowing that the Serial Number it is
|
||||
using is commensurate with that of the cache. If, at
|
||||
any time after the protocol version has been negotiated
|
||||
(<xref target="version"/>), either the router or the
|
||||
cache finds that the value of the Session ID is not the
|
||||
same as the other's, the party which detects the mismatch
|
||||
MUST immediately terminate the session with an Error
|
||||
Report PDU with code 0 ("Corrupt Data"),
|
||||
and the router MUST flush all data learned from that cache.
|
||||
A 16-bit unsigned integer. When a cache server is
|
||||
[re]started (i.e. its data are not a continuation of the
|
||||
previous data) it generates a new Session ID to identify
|
||||
the instance of the cache and to bind it to the sequence
|
||||
of Serial Numbers that cache instance will generate. This
|
||||
allows the router to restart a failed session knowing that
|
||||
the Serial Number it is using is commensurate with that of
|
||||
the cache. If, at any time after the protocol version has
|
||||
been negotiated (<xref target="version"/>), either the
|
||||
router or the cache finds that the value of the Session ID
|
||||
is not the same as the other's, the party which detects
|
||||
the mismatch MUST immediately terminate the session with
|
||||
an Error Report PDU with code 0 ("Corrupt Data"), and the
|
||||
router MUST flush all data learned from that cache.
|
||||
</t>
|
||||
<t>
|
||||
Note that sessions are specific to a particular protocol
|
||||
|
|
@ -425,7 +429,9 @@
|
|||
A 32-bit unsigned integer which has as its value the count
|
||||
of the octets in the entire PDU, including the 8 octets of
|
||||
header which includes the length field. This length MUST
|
||||
NOT exceed 65,535 octets.
|
||||
NOT exceed 65,535 octets. Note that BGP speakers already
|
||||
need the capability to handle messages of this size, see
|
||||
<xref target="RFC8654"/>.
|
||||
</t>
|
||||
<t hangText="Flags:">
|
||||
An 8-bit binary field, with the lowest-order bit being 1
|
||||
|
|
@ -2076,6 +2082,7 @@ Cache Router
|
|||
<?rfc include="reference.RFC.5781.xml"?>
|
||||
<?rfc include="reference.RFC.6480.xml"?>
|
||||
<?rfc include="reference.RFC.6481.xml"?>
|
||||
<?rfc include="reference.RFC.8654.xml"?>
|
||||
<?rfc include="reference.RFC.9293.xml"?>
|
||||
</references>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue