draft-ietf-sidr-origin-ops-06.txt   draft-ietf-sidr-origin-ops-07.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft Internet Initiative Japan
Intended status: BCP March 10, 2011 Intended status: BCP May 3, 2011
Expires: September 11, 2011 Expires: November 4, 2011
RPKI-Based Origin Validation Operation RPKI-Based Origin Validation Operation
draft-ietf-sidr-origin-ops-06 draft-ietf-sidr-origin-ops-07
Abstract Abstract
Deployment of RPKI-based BGP origin validation has many operational Deployment of RPKI-based BGP origin validation has many operational
considerations. This document attempts to collect and present them. considerations. This document attempts to collect and present them.
It is expected to evolve as RPKI-based origin validation is deployed It is expected to evolve as RPKI-based origin validation is deployed
and the dynamics are better understood. and the dynamics are better understood.
Requirements Language Requirements Language
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 11, 2011. This Internet-Draft will expire on November 4, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 15
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3 2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3
3. RPKI Distribution and Maintenance . . . . . . . . . . . . . . . 3 3. RPKI Distribution and Maintenance . . . . . . . . . . . . . . . 3
4. Within a Network . . . . . . . . . . . . . . . . . . . . . . . 4 4. Within a Network . . . . . . . . . . . . . . . . . . . . . . . 5
5. Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . . 7 10.1. Normative References . . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . . 8 10.2. Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
RPKI-based origin validation relies on widespread propagation of the RPKI-based origin validation relies on widespread propagation of the
Resource Public Key Infrastructure (RPKI) [I-D.ietf-sidr-arch]. How Resource Public Key Infrastructure (RPKI) [I-D.ietf-sidr-arch]. How
the RPKI is distributed and maintained globally is a serious concern the RPKI is distributed and maintained globally is a serious concern
skipping to change at page 4, line 45 skipping to change at page 4, line 45
operator MAY have private RPKI objects which cover these private operator MAY have private RPKI objects which cover these private
spaces. This will require a trust anchor created and owned by that spaces. This will require a trust anchor created and owned by that
environment, see [I-D.ietf-sidr-ltamgmt]. environment, see [I-D.ietf-sidr-ltamgmt].
Operators issuing ROAs may have customers announce their own prefixes Operators issuing ROAs may have customers announce their own prefixes
and ASs into global eBGP but who do not wish to go though the work to and ASs into global eBGP but who do not wish to go though the work to
manage the relevant certificates and ROAs. The operator SHOULD manage the relevant certificates and ROAs. The operator SHOULD
provision the RPKI data for these customers just as they provision provision the RPKI data for these customers just as they provision
many other things for them. many other things for them.
While a an operator using RPKI data MAY choose any frequency they
wish for ensuring they have a fresh RPKI cache, if they use RPKI data
as an input to operational routing decisions, they SHOULD ensure
local cache freshness at least every four to six hours.
4. Within a Network 4. Within a Network
Origin validation need only be done by edge routers in a network, Origin validation need only be done by edge routers in a network,
those which border other networks/ASs. those which border other networks/ASs.
A validating router will use the result of origin validation to A validating router will use the result of origin validation to
influence local policy within its network, see Section 5. In influence local policy within its network, see Section 5. In
deployment this policy should fit into the AS's existing policy, deployment this policy should fit into the AS's existing policy,
preferences, etc. This allows a network to incrementally deploy preferences, etc. This allows a network to incrementally deploy
validation capable border routers. validation capable border routers.
skipping to change at page 7, line 31 skipping to change at page 7, line 41
February 2011. February 2011.
[I-D.ietf-sidr-roa-format] [I-D.ietf-sidr-roa-format]
Lepinski, M., Kent, S., and D. Kong, "A Profile for Route Lepinski, M., Kent, S., and D. Kong, "A Profile for Route
Origin Authorizations (ROAs)", Origin Authorizations (ROAs)",
draft-ietf-sidr-roa-format-10 (work in progress), draft-ietf-sidr-roa-format-10 (work in progress),
February 2011. February 2011.
[I-D.ietf-sidr-rpki-rtr] [I-D.ietf-sidr-rpki-rtr]
Bush, R. and R. Austein, "The RPKI/Router Protocol", Bush, R. and R. Austein, "The RPKI/Router Protocol",
draft-ietf-sidr-rpki-rtr-10 (work in progress), draft-ietf-sidr-rpki-rtr-11 (work in progress),
March 2011. March 2011.
[I-D.ietf-sidr-pfx-validate] [I-D.ietf-sidr-pfx-validate]
Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R.
Austein, "BGP Prefix Origin Validation", Austein, "BGP Prefix Origin Validation",
draft-ietf-sidr-pfx-validate-01 (work in progress), draft-ietf-sidr-pfx-validate-01 (work in progress),
February 2011. February 2011.
[I-D.ietf-sidr-ghostbusters] [I-D.ietf-sidr-ghostbusters]
Bush, R., "The RPKI Ghostbusters Record", Bush, R., "The RPKI Ghostbusters Record",
draft-ietf-sidr-ghostbusters-00 (work in progress), draft-ietf-sidr-ghostbusters-03 (work in progress),
December 2010. March 2011.
[I-D.ietf-sidr-ltamgmt] [I-D.ietf-sidr-ltamgmt]
Kent, S. and M. Reynolds, "Local Trust Anchor Management Kent, S. and M. Reynolds, "Local Trust Anchor Management
for the Resource Public Key Infrastructure", for the Resource Public Key Infrastructure",
draft-ietf-sidr-ltamgmt-00 (work in progress), draft-ietf-sidr-ltamgmt-00 (work in progress),
November 2010. November 2010.
10.2. Informative References 10.2. Informative References
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
 End of changes. 8 change blocks. 
10 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/