IETF
sidr2@jabber.ietf.org
Wednesday, 6 June 2012< ^ >
Room Configuration

GMT+0
[19:57:36] weiler joins the room
[20:10:55] Sean Turner joins the room
[20:11:03] <Sean Turner> hi ;)
[20:11:14] Sean Turner leaves the room
[20:13:20] MIchael Sinatra joins the room
[20:13:50] dongtingyu joins the room
[20:13:51] <weiler> quiet in here.
[20:16:39] <weiler> i don';t think your bridge info has been sent out. so disconnecting it leaves things simpler
[20:16:55] <weiler> missend
[20:28:20] dongtingyu leaves the room
[20:38:43] dongtingyu joins the room
[20:43:24] weiler leaves the room
[20:57:05] p.krishnaswamy.ietf joins the room
[21:26:30] p.krishnaswamy.ietf leaves the room
[21:27:46] p.krishnaswamy.ietf joins the room
[22:24:05] Sean Turner joins the room
[22:24:10] weiler joins the room
[22:24:17] <Sean Turner> SIDR Interim Meeting - Vancouver, Canada - 2006-06-06
(slides: http://www.ietf.org/proceedings/interim/2012/06/06/sidr/proceedings.html )
meeting start: 1300 local (2100 GMT)
RB removing of ASPath is a consequence of other things.
SM: History in the protocol -00 we had the ASPath in it's classic form. and we had one sig attribute per path.  If you prepended you had to generate three sigs.  In the -01 we added the pcount field to only produce one sig per unique ASPATH and changed the ASPath so it only had unique instances of the AS #.  As the protocol evolved we removed ASPATH entirely.
RB: What are the problems we have today with knowing what path has been followed? Have we made decisions that make it… confederation, aliasing, etc. What does this say about what we have to have on aspath or are the signatures sufficient.
KS: Jumped to slides to explain his point about BGPPath Updates w and w/o ASPATH.
ML: What is the problem that including ASPATH solves?
Brian Weis: wants a common algorithm for converting back to an AS Path, whether within confed or outside.
Sandy points out that there are already funky things one must do when leaving a confed.  So may not be reasonable to make a common alg.
Summary:
Ed: we're in the same place we were before: either every edge router will need to know about every confed AS or we need a marker.  
Randy: prefers a marker.  (No objections.)
"Every AS within a confed signs normally.  When you enter confed first AS within, first AS sets a flag in the flags field of sig block that says "I'm the entrance to confed".  The data wanders around in the confed.  At exit of confed, exit rtr looks backwards in AS path until it finds the FIRST instance of that flag.  It strips that sig and all subsequent sigs and fwd signs to the next AS."  While the packet is traversing the AS and it hits something that's not BGPSEC capable.  The path must be reconstructed using going left ot find the flag 
bit resulting in a 
Clarification: FIRST time the flag is encounted going backwards.  pre-confed hops might have set the flag also.
Q from jayb: "suppose a bgpsec router that knows it's *not* in a confed sees the "start of confed" flag.  should we specify the action to take in that case?"   A: (someone else step in, please) 
Nested configurations do not exist today. (as opposed to we will not support nested configurations) 
new topic: aliasing
What happens when we have aliasing?
Currently, aliasing bob thinks you are called fred but when you talk to the rest of the world you are joe:
So, how is that handled in BGPsec
Concern: it comes back to the lets use pCount=0 hammer
Migration is a usecase, aliasing is a technique. 
(more discussion of migration)  timestamp: 2:31pm PDT
Use aliasing when otherwise you might be using replace AS
Keep the AS path down
pcount=0 is being proposed as a possible solution, should be written up, belongs in the use case document, don't want to explore all possible horrible vendor knobs... 
Wes will get with Shane and see if the understanding/concerns regarding the use care are accurate, and Warren will work with Wes to flesh out the semantics
   (Randy: it's not cooked enough to go in the protocol doc yet) 
Sandy bringing up John's concerns regarding leaving out ASpath
Matt will make the document more clear with respect to AS_PATH
And on to keying and rekeying...
[22:24:58] mikeb joins the room
[22:25:20] mlepinski joins the room
[22:27:39] Rob Austein joins the room
[22:27:48] <Sean Turner> And on to keying and rekeying...
RA: Can we get away with just generating keys on the router?
RA: What RB and RA talked about people aren't going to spend the money to do it the cryptographically pure way therefore hotswappable looks the way to go.
[22:28:57] Karen O'Donoghue joins the room
[22:29:47] melkins joins the room
[22:30:32] <Sean Turner> RB: The procedures now support both ripping the key out of the router and slephing it in to another router or pushing a key to multiple places.
[22:30:57] <Sean Turner> RB: Does anyone believe you will never need to get a private key out of a router?
[22:31:27] p.krishnaswamy.ietf leaves the room
[23:21:13] p.krishnaswamy.ietf joins the room
[23:23:54] jayb@jabber.org joins the room
[23:26:36] <weiler> testing2
[23:27:35] <MIchael Sinatra> works.
[23:45:29] Sean Turner leaves the room
[23:57:40] weiler leaves the room
[23:58:13] melkins leaves the room
[23:58:31] mlepinski leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!