From 3fd0154d5a9fbbc0e1e9b7e466902cac8f06ad7b Mon Sep 17 00:00:00 2001 From: Randy Bush Date: Wed, 22 Jan 2025 14:06:51 -0800 Subject: [PATCH] further clarification of Session ID --- draft-ietf-sidrops-8210bis.xml | 65 +++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 29 deletions(-) diff --git a/draft-ietf-sidrops-8210bis.xml b/draft-ietf-sidrops-8210bis.xml index 7b1f1fa..7417ff5 100644 --- a/draft-ietf-sidrops-8210bis.xml +++ b/draft-ietf-sidrops-8210bis.xml @@ -8,7 +8,7 @@ - @@ -46,9 +46,9 @@ In order to validate the origin Autonomous Systems (ASes) and Autonomous System relationships behind BGP announcements, routers need a simple but reliable mechanism to receive Resource - Public Key Infrastructure (RFC6480) prefix origin data and - Router Keys from a trusted cache. This document describes a - protocol to deliver them. + Public Key Infrastructure (RFC6480) prefix origin data, Router + Keys, and ASPA data from a trusted cache. This document + describes a protocol to deliver them. This document describes version 2 of the RPKI-Router protocol. @@ -68,10 +68,11 @@ (ASes) and AS paths of BGP announcements, routers need a simple but reliable mechanism to receive cryptographically validated Resource Public Key Infrastructure (RPKI) prefix origin data and Router Keys from a - trusted cache. This document describes a protocol to deliver - them. The design is intentionally constrained to be usable on - much of the current generation of ISP router platforms. + target="RFC6480"/> prefix origin data, Router Keys, and ASPA + data from a trusted cache. This document describes a protocol + to deliver them. The design is intentionally constrained to be + usable on much of the current generation of ISP router + platforms. @@ -193,12 +194,15 @@ cache server. - When a cache server is started, it generates a Session ID - to uniquely identify the instance of the cache and - to bind it to the sequence of Serial Numbers that cache - instance will generate. This allows the router to restart a - session knowing that the Serial Number it is using is - commensurate with that of the cache. + When a cache server starts a new Sequence Number space, + (which might be caused by, for example, restart with loss of + data) it generates a new Session ID to uniquely identify the + instance of the cache and to bind it to the sequence of + Serial Numbers that the cache instance generates. This + allows a router to resume a session after a transport + connection failure without invalidating the router's data + store; as it is assured that the Serial Numbers it uses are + commensurate with those of the cache. A payload PDU is a protocol message which contains data for @@ -353,20 +357,20 @@ update from a parent cache or the Global RPKI. - A 16-bit unsigned integer. - When a cache server is started, it generates a Session - ID to identify the instance of the cache and to bind it - to the sequence of Serial Numbers that cache instance - will generate. This allows the router to restart a - failed session knowing that the Serial Number it is - using is commensurate with that of the cache. If, at - any time after the protocol version has been negotiated - (), either the router or the - cache finds that the value of the Session ID is not the - same as the other's, the party which detects the mismatch - MUST immediately terminate the session with an Error - Report PDU with code 0 ("Corrupt Data"), - and the router MUST flush all data learned from that cache. + A 16-bit unsigned integer. When a cache server is + [re]started (i.e. its data are not a continuation of the + previous data) it generates a new Session ID to identify + the instance of the cache and to bind it to the sequence + of Serial Numbers that cache instance will generate. This + allows the router to restart a failed session knowing that + the Serial Number it is using is commensurate with that of + the cache. If, at any time after the protocol version has + been negotiated (), either the + router or the cache finds that the value of the Session ID + is not the same as the other's, the party which detects + the mismatch MUST immediately terminate the session with + an Error Report PDU with code 0 ("Corrupt Data"), and the + router MUST flush all data learned from that cache. Note that sessions are specific to a particular protocol @@ -425,7 +429,9 @@ A 32-bit unsigned integer which has as its value the count of the octets in the entire PDU, including the 8 octets of header which includes the length field. This length MUST - NOT exceed 65,535 octets. + NOT exceed 65,535 octets. Note that BGP speakers already + need the capability to handle messages of this size, see + . An 8-bit binary field, with the lowest-order bit being 1 @@ -2076,6 +2082,7 @@ Cache Router +