randy/draft-8210bis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

further clarification of Session ID

Browse source
This commit is contained in:
Randy Bush 2025-01-22 14:06:51 -08:00
parent 175b66f818
commit 3fd0154d5a
1 changed files with 36 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

65
draft-ietf-sidrops-8210bis.xml
View file

@ -8,7 +8,7 @@
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" docName="draft-ietf-sidrops-8210bis-173"
<rfc category="std" docName="draft-ietf-sidrops-8210bis-17"
submissionType="IETF" ipr="trust200902" version="2" consensus="yes">
<front>
@ -46,9 +46,9 @@
In order to validate the origin Autonomous Systems (ASes) and
Autonomous System relationships behind BGP announcements,
routers need a simple but reliable mechanism to receive Resource
Public Key Infrastructure (RFC6480) prefix origin data and
Router Keys from a trusted cache. This document describes a
protocol to deliver them.
Public Key Infrastructure (RFC6480) prefix origin data, Router
Keys, and ASPA data from a trusted cache. This document
describes a protocol to deliver them.
</t>
<t>
This document describes version 2 of the RPKI-Router protocol.
@ -68,10 +68,11 @@
(ASes) and AS paths of BGP announcements, routers need a simple
but reliable mechanism to receive cryptographically validated
Resource Public Key Infrastructure (RPKI) <xref
target="RFC6480"/> prefix origin data and Router Keys from a
trusted cache. This document describes a protocol to deliver
them. The design is intentionally constrained to be usable on
much of the current generation of ISP router platforms.
target="RFC6480"/> prefix origin data, Router Keys, and ASPA
data from a trusted cache. This document describes a protocol
to deliver them. The design is intentionally constrained to be
usable on much of the current generation of ISP router
platforms.
</t>
<t>
@ -193,12 +194,15 @@
cache server.
</t>
<t hangText="Session ID:">
When a cache server is started, it generates a Session ID
to uniquely identify the instance of the cache and
to bind it to the sequence of Serial Numbers that cache
instance will generate. This allows the router to restart a
session knowing that the Serial Number it is using is
commensurate with that of the cache.
When a cache server starts a new Sequence Number space,
(which might be caused by, for example, restart with loss of
data) it generates a new Session ID to uniquely identify the
instance of the cache and to bind it to the sequence of
Serial Numbers that the cache instance generates. This
allows a router to resume a session after a transport
connection failure without invalidating the router's data
store; as it is assured that the Serial Numbers it uses are
commensurate with those of the cache.
</t>
<t hangText="Payload PDU:">
A payload PDU is a protocol message which contains data for
@ -353,20 +357,20 @@
update from a parent cache or the Global RPKI.
</t>
<t hangText="Session ID:">
A 16-bit unsigned integer.
When a cache server is started, it generates a Session
ID to identify the instance of the cache and to bind it
to the sequence of Serial Numbers that cache instance
will generate. This allows the router to restart a
failed session knowing that the Serial Number it is
using is commensurate with that of the cache. If, at
any time after the protocol version has been negotiated
(<xref target="version"/>), either the router or the
cache finds that the value of the Session ID is not the
same as the other's, the party which detects the mismatch
MUST immediately terminate the session with an Error
Report PDU with code 0 ("Corrupt Data"),
and the router MUST flush all data learned from that cache.
A 16-bit unsigned integer. When a cache server is
[re]started (i.e. its data are not a continuation of the
previous data) it generates a new Session ID to identify
the instance of the cache and to bind it to the sequence
of Serial Numbers that cache instance will generate. This
allows the router to restart a failed session knowing that
the Serial Number it is using is commensurate with that of
the cache. If, at any time after the protocol version has
been negotiated (<xref target="version"/>), either the
router or the cache finds that the value of the Session ID
is not the same as the other's, the party which detects
the mismatch MUST immediately terminate the session with
an Error Report PDU with code 0 ("Corrupt Data"), and the
router MUST flush all data learned from that cache.
</t>
<t>
Note that sessions are specific to a particular protocol
@ -425,7 +429,9 @@
A 32-bit unsigned integer which has as its value the count
of the octets in the entire PDU, including the 8 octets of
header which includes the length field. This length MUST
NOT exceed 65,535 octets.
NOT exceed 65,535 octets. Note that BGP speakers already
need the capability to handle messages of this size, see
<xref target="RFC8654"/>.
</t>
<t hangText="Flags:">
An 8-bit binary field, with the lowest-order bit being 1
@ -2076,6 +2082,7 @@ Cache Router
<?rfc include="reference.RFC.5781.xml"?>
<?rfc include="reference.RFC.6480.xml"?>
<?rfc include="reference.RFC.6481.xml"?>
<?rfc include="reference.RFC.8654.xml"?>
<?rfc include="reference.RFC.9293.xml"?>
</references>