| draft-ietf-sidr-rpki-rtr-impl-03.txt | draft-ietf-sidr-rpki-rtr-impl-04.txt | |||
|---|---|---|---|---|
| Network Working Group R. Bush | Network Working Group R. Bush | |||
| Internet-Draft Internet Initiative Japan | Internet-Draft Internet Initiative Japan | |||
| Intended status: Informational R. Austein | Intended status: Informational R. Austein | |||
| Expires: September 12, 2013 Dragon Research Labs | Expires: April 18, 2014 Dragon Research Labs | |||
| K. Patel | K. Patel | |||
| Cisco Systems | Cisco Systems | |||
| H. Gredler | H. Gredler | |||
| Juniper Networks, Inc. | Juniper Networks, Inc. | |||
| M. Waehlisch | M. Waehlisch | |||
| FU Berlin | FU Berlin | |||
| March 11, 2013 | October 15, 2013 | |||
| RPKI Router Implementation Report | RPKI Router Implementation Report | |||
| draft-ietf-sidr-rpki-rtr-impl-03 | draft-ietf-sidr-rpki-rtr-impl-04 | |||
| Abstract | Abstract | |||
| This document is an implementation report for the RPKI Router | This document is an implementation report for the RPKI Router | |||
| protocol as defined in [RFC6810]. The editor did not verify the | protocol as defined in [RFC6810]. The editor did not verify the | |||
| accuracy of the information provided by respondents. The respondents | accuracy of the information provided by respondents. The respondents | |||
| are experts with the implementations they reported on, and their | are experts with the implementations they reported on, and their | |||
| responses are considered authoritative for the implementations for | responses are considered authoritative for the implementations for | |||
| which their responses represent. Respondents were asked to only use | which their responses represent. Respondents were asked to only use | |||
| the YES answer if the feature had at least been tested in the lab. | the YES answer if the feature had at least been tested in the lab. | |||
| Requirements Language | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to | ||||
| be interpreted as described in RFC 2119 [RFC2119] only when they | ||||
| appear in all upper case. They may also appear in lower or mixed | ||||
| case as English words, without normative meaning. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 12, 2013. | ||||
| This Internet-Draft will expire on April 18, 2014. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Implementation Forms . . . . . . . . . . . . . . . . . . . . 3 | 2. Implementation Forms . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Protocol Data Units . . . . . . . . . . . . . . . . . . . . . 3 | 3. Protocol Data Units . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Protocol Sequence . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Protocol Sequence . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Protocol Transport . . . . . . . . . . . . . . . . . . . . . 5 | 5. Protocol Transport . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. Incremental Updates Support . . . . . . . . . . . . . . . . . 6 | 7. Incremental Updates Support . . . . . . . . . . . . . . . . . 7 | |||
| 8. Session ID Support . . . . . . . . . . . . . . . . . . . . . 6 | 8. Session ID Support . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. Incremental Session Startup Support . . . . . . . . . . . . . 7 | 9. Incremental Session Startup Support . . . . . . . . . . . . . 8 | |||
| 10. Interoperable Implementations . . . . . . . . . . . . . . . . 7 | 10. Interoperable Implementations . . . . . . . . . . . . . . . . 9 | |||
| 10.1. Cisco Implementation . . . . . . . . . . . . . . . . . . 7 | 10.1. Cisco Implementation . . . . . . . . . . . . . . . . . . 9 | |||
| 10.2. Juniper Implementation . . . . . . . . . . . . . . . . . 7 | 10.2. Juniper Implementation . . . . . . . . . . . . . . . . . 9 | |||
| 10.3. rpki.net Implementation . . . . . . . . . . . . . . . . 7 | 10.3. rpki.net Implementation . . . . . . . . . . . . . . . . 9 | |||
| 10.4. RIPE NCC Implementation . . . . . . . . . . . . . . . . 8 | 10.4. RIPE NCC Implementation . . . . . . . . . . . . . . . . 9 | |||
| 10.5. RTRlib Implementation . . . . . . . . . . . . . . . . . 8 | 10.5. RTRlib Implementation . . . . . . . . . . . . . . . . . 9 | |||
| 10.6. BBN RPSTIR Implementation . . . . . . . . . . . . . . . 8 | 10.6. BBN RPSTIR Implementation . . . . . . . . . . . . . . . 9 | |||
| 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 12. Security considerations . . . . . . . . . . . . . . . . . . . 8 | 12. Security considerations . . . . . . . . . . . . . . . . . . . 10 | |||
| 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 14. Normative References . . . . . . . . . . . . . . . . . . . . 8 | 14. Normative References . . . . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 1. Introduction | 1. Introduction | |||
| In order to formally validate the origin ASs of BGP announcements, | In order to formally validate the origin Autonomous Systems (ASs) of | |||
| routers need a simple but reliable mechanism to receive RPKI | BGP announcements, routers need a simple but reliable mechanism to | |||
| [RFC6810] prefix origin data from a trusted cache. The RPKI Router | receive Resource Public Key Infrastructure (RPKI) [RFC6810] prefix | |||
| protocol defined in [RFC6810] provides a mechanism to deliver | origin data from a trusted cache. The RPKI Router protocol defined | |||
| validated prefix origin data to routers. | in [RFC6810] provides a mechanism to deliver validated prefix origin | |||
| data to routers. | ||||
| This document provides an implementation report for the RPKI Router | This document provides an implementation report for the RPKI Router | |||
| protocol as defined in RFC 6810 [RFC6810]. | protocol as defined in RFC 6810 [RFC6810]. | |||
| The editor did not verify the accuracy of the information provided by | The editor did not verify the accuracy of the information provided by | |||
| respondents or by any alternative means. The respondents are experts | respondents or by any alternative means. The respondents are experts | |||
| with the implementations they reported on, and their responses are | with the implementations they reported on, and their responses are | |||
| considered authoritative for the implementations for which their | considered authoritative for the implementations for which their | |||
| responses represent. Respondents were asked to only use the YES | responses represent. Respondents were asked to only use the YES | |||
| answer if the feature had at least been tested in the lab. | answer if the feature had at least been tested in the lab. | |||
| 2. Implementation Forms | 2. Implementation Forms | |||
| Contact and implementation information for person filling out this | Contact and implementation information for person filling out this | |||
| form: | form: | |||
| IOS Name: Keyur Patel, Email: keyupate@cisco.com, Vendor: Cisco | IOS | |||
| Systems, Inc. Release: IOS | Name: Keyur Patel | |||
| Email: keyupate@cisco.com | ||||
| Vendor: Cisco Systems, Inc. | ||||
| Release: IOS | ||||
| XR Name: Forhad Ahmed, Email:foahmed@cisco.com, Vendor: Cisco | XR | |||
| Systems, Inc. Release: IOS-XR | Name: Forhad Ahmed | |||
| Email:foahmed@cisco.com | ||||
| Vendor: Cisco Systems, Inc. | ||||
| Release: IOS-XR | ||||
| JUNOS Name: Hannes Gredler, Email: hannes@juniper.net, Vendor: | JUNOS | |||
| Juniper Networks, Inc., Release: JUNOS | Name: Hannes Gredler | |||
| Email: hannes@juniper.net | ||||
| Vendor: Juniper Networks, Inc. | ||||
| Release: JUNOS | ||||
| rpki.net Name: Rob Austein, Email: sra@hactrn.net, Vendor: rpki.net | rpki.net | |||
| project, Release: http://subvert-rpki.hactrn.net/trunk/ | Name: Rob Austein | |||
| Email: sra@hactrn.net | ||||
| Vendor: rpki.net project | ||||
| Release: http://subvert-rpki.hactrn.net/trunk/ | ||||
| NCC Name: Tim Bruijnzeels, Email: tim@ripe.net, Vendor: RIPE NCC | NCC | |||
| Release: RIPE NCC validator-app 2.0.0 https:// | Name: Tim Bruijnzeels | |||
| certification.ripe.net/content/public-repo/releases/net/ripe/rpki- | Email: tim@ripe.net | |||
| validator/rpki-validator-app/2.0.0/rpki-validator- | Vendor: RIPE NCC | |||
| app-2.0.0-bin.zip | Release: RIPE NCC validator-app 2.0.0 https://github.com/RIPE-NCC/ | |||
| rpki-validator | ||||
| RTRlib Name: Fabian Holler, Matthias Waehlisch, Email: | RTRlib | |||
| waehlisch@ieee.org, Vendor: HAW Hamburg, FU Berlin, RTRlib | Name: Fabian Holler, Matthias Waehlisch | |||
| project, Release: RTRlib 0.2 http://rpki.realmv6.org/ | Email: waehlisch@ieee.org | |||
| Vendor: HAW Hamburg, FU Berlin, RTRlib project | ||||
| Release: RTRlib 0.2 http://rpki.realmv6.org/ | ||||
| BBN Name: David Mandelberg, Andrew Chi Email: dmandelb@bbn.com, | BBN | |||
| achi@bbn.com, Vendor: Raytheon/BBN Technologies, Release: RPSTIR | Name: David Mandelberg, Andrew Chi | |||
| 0.2 http://sourceforge.net/projects/rpstir/ | Email: dmandelb@bbn.com | |||
| Vendor: Raytheon/BBN Technologies | ||||
| Release: RPSTIR 0.2 http://sourceforge.net/projects/rpstir/ | ||||
| 3. Protocol Data Units | 3. Protocol Data Units | |||
| Does the implementation support Protocol Data Units (PDUs) as | Does the implementation support Protocol Data Units (PDUs) as | |||
| described in Section 5 of [RFC6810]? | described in Section 5 of [RFC6810]? | |||
| +------------+-----+-----+-------+--------+--------+--------+-------+ | P0: Serial Notify | |||
| | | IOS | XR | JUNOS | rpki | NCC | RTR- | BBN | | ||||
| | | | | | .net | | lib | | | P1: Serial Query | |||
| +------------+-----+-----+-------+--------+--------+--------+-------+ | ||||
| | Rcv. | YES | YES | YES | YES | UNIT | YES | SYS | | P2: Reset Query | |||
| | Serial | | | | | TEST | | TEST | | ||||
| | Notify | | | | | | | | | P3: Cache Response | |||
| | Snd. | NO | NO | NO | YES | YES | NO | YES | | ||||
| | Serial | | | | | | | | | P4: IPv4 Prefix | |||
| | Notify | | | | | | | | | ||||
| | Rcv. | NO | NO | NO | YES | YES | NO | YES | | P6: IPv6 Prefix | |||
| | Serial | | | | | | | | | ||||
| | Query | | | | | | | | | P7: End of Data | |||
| | Snd. | YES | YES | YES | YES | UNIT | YES | SYS | | ||||
| | Serial | | | | | TEST | | TEST | | P8: Cache Reset | |||
| | Query | | | | | | | | | ||||
| | Rcv. Reset | NO | NO | NO | YES | YES | NO | YES | | ||||
| | Query | | | | | | | | | ||||
| | Snd. Reset | YES | YES | YES | YES | UNIT | YES | SYS | | ||||
| | Query | | | | | TEST | | TEST | | ||||
| | Rcv. Cache | YES | YES | YES | YES | UNIT | YES | SYS | | ||||
| | Resp. | | | | | TEST | | TEST | | ||||
| | Snd. Cache | NO | NO | NO | YES | YES | NO | YES | | ||||
| | Resp. | | | | | | | | | ||||
| | Rcv. IPv4 | YES | YES | YES | YES | UNIT | YES | SYS | | ||||
| | Prefix | | | | | TEST | | TEST | | ||||
| | Snd. IPv4 | NO | NO | NO | YES | YES | NO | YES | | ||||
| | Prefix | | | | | | | | | ||||
| | Rcv. IPv6 | YES | YES | YES | YES | UNIT | YES | SYS | | ||||
| | Prefix | | | | | TEST | | TEST | | ||||
| | Snd. IPv6 | NO | NO | NO | YES | YES | NO | YES | | ||||
| | Prefix | | | | | | | | | ||||
| | Rcv. End | YES | YES | YES | YES | UNIT | YES | SYS | | ||||
| | of Data | | | | | TEST | | TEST | | ||||
| | Snd. End | NO | NO | NO | YES | YES | NO | YES | | ||||
| | of Data | | | | | | | | | ||||
| | Rcv. Cache | YES | YES | YES | YES | UNIT | YES | SYS | | ||||
| | Reset | | | | | TEST | | TEST | | ||||
| | Snd. Cache | NO | NO | NO | YES | YES | NO | YES | | ||||
| | Reset | | | | | | | | | ||||
| | Rcv. Error | YES | YES | NO~1 | YES | YES | YES | YES | | ||||
| | Report | | | | | | | | | ||||
| | Snd. Error | YES | NO | NO | YES | YES | YES | YES | | ||||
| | Report | | | | | | | | | ||||
| +------------+-----+-----+-------+--------+--------+--------+-------+ | ||||
| P10: Error Report | ||||
| +---------+------+-----+-------+--------+--------+-----+------+-----+ | ||||
| | | IOS | XR | JUNOS | rpki | rpki | NCC | RTR- | BBN | | ||||
| | | | | | .net | .net | | lib | | | ||||
| | | | | | clnt | srvr | | | | | ||||
| +---------+------+-----+-------+--------+--------+-----+------+-----+ | ||||
| | Rcv.P0 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Snd.P0 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Rcv.P1 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Snd.P1 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Rcv.P2 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Snd.P2 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Rcv.P3 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Snd.P3 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Rcv.P4 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Snd.P4 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Rcv.P6 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Snd.P6 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Rcv.P7 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Snd.P7 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Rcv.P8 | YES | YES | YES | YES | --- | --- | YES | --- | | ||||
| | Snd.P8 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| | Rcv.P10 | YES | YES | NO~1 | YES | YES | YES | YES | YES | | ||||
| | Snd.P10 | YES | NO | NO | YES | YES | YES | YES | YES | | ||||
| +---------+------+-----+-------+--------+--------+-----+------+-----+ | ||||
| 1) No, Error PDU gets silently ignored | 1) No, Error PDU gets silently ignored | |||
| 4. Protocol Sequence | 4. Protocol Sequence | |||
| Does RPKI Router protocol implementation follow the four protocol | Does RPKI Router protocol implementation follow the four protocol | |||
| sequences as outlined in Section 6 of [RFC6810]? | sequences as outlined in Section 6 of [RFC6810]? | |||
| S1: Start or Restart | S1: Start or Restart | |||
| S2: Typical Exchange | S2: Typical Exchange | |||
| S3: Generation of Incremental Updates Sequence | S3: Generation of Incremental Updates Sequence | |||
| S4: Receipt of Incremental Updates Sequence | S4: Receipt of Incremental Updates Sequence | |||
| S5: Generation of Cache has No data Sequence | S5: Generation of Cache has No data Sequence | |||
| +----+-----+-----+-------+----------+------+--------+-----+ | +------+------+-----+-------+--------+--------+------+--------+-----+ | |||
| | | IOS | XR | JUNOS | rpki.net | NCC | RTRlib | BBN | | | | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN | | |||
| +----+-----+-----+-------+----------+------+--------+-----+ | | | | | | .net | .net | | | | | |||
| | S1 | YES | YES | YES | YES | YES | YES | YES | | | | | | | clnt | srvr | | | | | |||
| | S2 | YES | YES | YES | YES | NO~1 | YES | YES | | +------+------+-----+-------+--------+--------+------+--------+-----+ | |||
| | S3 | NO | NO | NO | YES | NO | YES | YES | | | S1 | YES | YES | YES | YES | YES | YES | YES | YES | | |||
| | S4 | YES | YES | YES | YES | NO | YES | NO | | | S2 | YES | YES | YES | YES | YES | NO~1 | YES | YES | | |||
| | S5 | NO | NO | NO | YES | YES | YES | YES | | | S3 | --- | --- | --- | --- | YES | NO | --- | YES | | |||
| +----+-----+-----+-------+----------+------+--------+-----+ | | S4 | YES | YES | YES | YES | --- | --- | YES | --- | | |||
| | S5 | --- | --- | --- | --- | YES | YES | --- | YES | | ||||
| +------+------+-----+-------+--------+--------+------+--------+-----+ | ||||
| 1) NO, we always respond as described in 6.3 of [RFC6810] | 1) NO, we always respond as described in 6.3 of [RFC6810] | |||
| 5. Protocol Transport | 5. Protocol Transport | |||
| Does RPKI Router protocol implementation support different protocol | Does RPKI Router protocol implementation support different protocol | |||
| transport mechanism outlined in Section 7 of [RFC6810]? | transport mechanism outlined in Section 7 of [RFC6810]? | |||
| +---------+-------+------+-------+------+------+-----+--------+-----+ | ||||
| +---------+-----+-----+-------+----------+-----+--------+-------+ | | | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN | | |||
| | | IOS | XR | JUNOS | rpki.net | NCC | RTRlib | BBN | | | | | | | .net | .net | | | | | |||
| +---------+-----+-----+-------+----------+-----+--------+-------+ | | | | | | clnt | srvr | | | | | |||
| | SSH | NO | YES | NO | YES | NO | YES | YES~1 | | +---------+-------+------+-------+------+------+-----+--------+-----+ | |||
| | TLS | NO | NO | NO | NO | NO | NO | NO | | | SSH | NO | YES | NO | YES | YES | NO | YES | YES | | |||
| | TCP | YES | YES | YES | YES | YES | YES | YES | | | TLS | NO | NO | NO | NO | NO | NO | NO | NO | | |||
| | TCP-MD5 | NO | NO | NO | NO | NO | NO | NO | | | TCP | YES | YES | YES | YES | YES | YES | YES | YES | | |||
| | TCP-AO | NO | NO | NO | NO | NO | NO | NO | | | TCP-MD5 | NO | NO | NO | NO | NO | NO | NO | NO | | |||
| +---------+-----+-----+-------+----------+-----+--------+-------+ | | TCP-AO | NO | NO | NO | NO | NO | NO | NO | NO | | |||
| +---------+-------+------+-------+------+------+-----+--------+-----+ | ||||
| 1) Yes, using netcat as the ssh subsystem to connect to the RTR | ||||
| server on localhost via TCP. This is currently untested. | ||||
| 6. Error Codes | 6. Error Codes | |||
| Does RPKI Router protocol implementation support different protocol | Does RPKI Router protocol implementation support different protocol | |||
| error codes outlined in Section 10 of [RFC6810]? | error codes outlined in Section 10 of [RFC6810]? | |||
| +-------+-----+-----+-------+----------+-------+--------+----------+ | +-------+-------+------+-------+------+------+-------+--------+-----+ | |||
| | | IOS | XR | JUNOS | rpki.net | NCC | RTRlib | BBN | | | | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN | | |||
| +-------+-----+-----+-------+----------+-------+--------+----------+ | | | | | | .net | .net | | | | | |||
| | Rcv.0 | YES | YES | NO | YES | YES | YES | YES | | | | | | | clnt | srvr | | | | | |||
| | Snd.0 | YES | YES | NO | YES | YES | YES | YES | | +-------+-------+------+-------+------+------+-------+--------+-----+ | |||
| | Rcv.1 | YES | YES | NO | YES | YES | YES | YES | | | Rcv.0 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Snd.1 | YES | YES | NO | YES | YES | YES | YES | | | Snd.0 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Rcv.2 | YES | YES | NO | YES | N/A | YES | YES | | | Rcv.1 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Snd.2 | YES | YES | NO | YES | YES | N/A | YES | | | Snd.1 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Rcv.3 | YES | YES | NO | YES | N/A | YES | YES | | | Rcv.2 | YES | YES | NO | YES | --- | --- | YES | --- | | |||
| | Snd.3 | NO | NO | NO | YES | YES | NO | YES | | | Snd.2 | --- | --- | --- | --- | YES | YES | --- | YES | | |||
| | Rcv.4 | YES | YES | NO | YES | YES | YES | YES | | | Rcv.3 | YES | YES | NO | YES | --- | --- | YES | --- | | |||
| | Snd.4 | YES | YES | NO | YES | YES | YES | YES | | | Snd.3 | --- | --- | --- | --- | YES | YES | --- | YES | | |||
| | Rcv.5 | YES | YES | NO | YES | YES | YES | YES | | | Rcv.4 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Snd.5 | YES | YES | NO | YES | YES | YES | YES | | | Snd.4 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Rcv.6 | NO | NO | NO | YES | YES~1 | N/A | YES | | | Rcv.5 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Snd.6 | YES | YES | NO | NO | N/A | YES | SYS TEST | | | Snd.5 | YES | YES | NO | YES | YES | YES | YES | YES | | |||
| | Rcv.7 | NO | NO | NO | YES | YES~1 | N/A | YES | | | Rcv.6 | --- | --- | --- | --- | YES | YES~1 | --- | YES | | |||
| | Snd.7 | YES | YES | NO | NO | N/A | YES | SYS TEST | | | Snd.6 | YES | YES | NO | NO | --- | --- | YES | --- | | |||
| +-------+-----+-----+-------+----------+-------+--------+----------+ | | Rcv.7 | --- | --- | --- | --- | YES | YES~1 | --- | YES | | |||
| | Snd.7 | YES | YES | NO | NO | --- | --- | YES | --- | | ||||
| +-------+-------+------+-------+------+------+-------+--------+-----+ | ||||
| 1) YES, but... fatal, so connection is dropped, but cache does not | 1) YES, but... fatal, so connection is dropped, but cache does not | |||
| conclude it's inconsistent | conclude it's inconsistent. | |||
| 7. Incremental Updates Support | 7. Incremental Updates Support | |||
| Does the RPKI Router implementation support Incremental Updates as | ||||
| defined in Section 4 of [RFC6810]? | ||||
| RPKI Router protocol does support Incremental Updates defined in | +-----+------+-------+------------+------------+-----+--------+-----+ | |||
| Section 4 of [RFC6810]. | | IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN | | |||
| | | | | clnt | srvr | | | | | ||||
| +-----+----+-------+----------+-----+--------+-----+ | +-----+------+-------+------------+------------+-----+--------+-----+ | |||
| | IOS | XR | JUNOS | rpki.net | NCC | RTRlib | BBN | | | NO | NO | YES | YES | YES | NO | YES | YES | | |||
| +-----+----+-------+----------+-----+--------+-----+ | +-----+------+-------+------------+------------+-----+--------+-----+ | |||
| | NO | NO | YES~1 | YES | NO | YES | YES | | ||||
| +-----+----+-------+----------+-----+--------+-----+ | ||||
| 1) YES, receive side support | ||||
| 8. Session ID Support | 8. Session ID Support | |||
| Session ID is used to indicate that the cache server may have | Session ID is used to indicate that the cache server may have | |||
| restarted and that the incremental restart may not be possible. | restarted and that the incremental restart may not be possible. | |||
| Does RPKI Router protocol implementation support Session ID | Does RPKI Router protocol implementation support Session ID | |||
| procedures outlined in Section 5.1 of [RFC6810]? | procedures outlined in Section 5.1 of [RFC6810]? | |||
| +-----+-----+-------+----------+------+--------+-----+ | +-----+-----+-------+------------+------------+------+--------+-----+ | |||
| | IOS | XR | JUNOS | rpki.net | NCC | RTRlib | BBN | | | IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN | | |||
| +-----+-----+-------+----------+------+--------+-----+ | | | | | clnt | srvr | | | | | |||
| | YES | YES | YES | YES | NO~1 | YES | YES | | +-----+-----+-------+------------+------------+------+--------+-----+ | |||
| +-----+-----+-------+----------+------+--------+-----+ | | YES | YES | YES | YES | YES | NO~1 | YES | YES | | |||
| +-----+-----+-------+------------+------------+------+--------+-----+ | ||||
| 1) NO, using random, but will FIX | 1) NO, using random, but will FIX | |||
| 9. Incremental Session Startup Support | 9. Incremental Session Startup Support | |||
| RPKI Router protocol does support Incremental session startups with | Does the RPKI Router protocol implementation support Incremental | |||
| Serial Number and Session ID defined in the protocol. Does RPKI | session startups with Serial Number and Session ID as defined in | |||
| Router protocol implementation support Incremental Session Startup | section 5.3 of [RFC6810]? | |||
| Support as defined in section 5.4 of [RFC6810]. | ||||
| +-----+-----+-------+----------+-----+--------+-----+ | +------+-----+-------+------------+------------+-----+--------+-----+ | |||
| | IOS | XR | JUNOS | rpki.net | NCC | RTRlib | BBN | | | IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN | | |||
| +-----+-----+-------+----------+-----+--------+-----+ | | | | | clnt | srvr | | | | | |||
| | YES | YES | YES | YES | NO | YES | YES | | +------+-----+-------+------------+------------+-----+--------+-----+ | |||
| +-----+-----+-------+----------+-----+--------+-----+ | | YES | YES | YES | YES | YES | NO | YES | YES | | |||
| +------+-----+-------+------------+------------+-----+--------+-----+ | ||||
| 10. Interoperable Implementations | 10. Interoperable Implementations | |||
| List other implementations that you have tested interoperability of | List other implementations that you have tested interoperability of | |||
| RPKI Router Implementation. | RPKI Router Implementation. | |||
| 10.1. Cisco Implementation | 10.1. Cisco Implementation | |||
| Cisco: The Cisco IOS and IOS-XR implementation should be | Cisco: The Cisco IOS and IOS-XR implementation should be | |||
| interoperable with other vendor RPKI Router Protocol implementations. | interoperable with other vendor RPKI Router Protocol implementations. | |||
| skipping to change at page 8, line 4 | skipping to change at page 9, line 25 | |||
| RPKI Router implementation. | RPKI Router implementation. | |||
| 10.2. Juniper Implementation | 10.2. Juniper Implementation | |||
| Juniper: The Juniper Networks, Inc. JUNOS implementation should be | Juniper: The Juniper Networks, Inc. JUNOS implementation should be | |||
| interoperable with other vendor RPKI Router Protocol implementations. | interoperable with other vendor RPKI Router Protocol implementations. | |||
| In particular we have tested our interoperability with rpki.net's and | In particular we have tested our interoperability with rpki.net's and | |||
| NCCs RPKI Router Cache implementation. | NCCs RPKI Router Cache implementation. | |||
| 10.3. rpki.net Implementation | 10.3. rpki.net Implementation | |||
| rpki.net: The rpki.net implementation should operate with other rpki- | rpki.net: The rpki.net implementation should operate with other rpki- | |||
| rtr implementations. In particular, we have tested our | rtr implementations. In particular, we have tested our rpki-rtr | |||
| interoperability with Cisco IOS, Cisco IOS-XR, and Juniper. | server's interoperability with Cisco IOS, Cisco IOS-XR, and Juniper. | |||
| 10.4. RIPE NCC Implementation | 10.4. RIPE NCC Implementation | |||
| RIPE NCC: The RIPE NCC validator has been tested by us with other | RIPE NCC: The RIPE NCC validator has been tested by us with other | |||
| rpki-rtr implementations. In particular we have tested with RTRLib | rpki-rtr implementations. In particular we have tested with RTRLib | |||
| and CISCO IOS. We received positive feedback from close contacts | and CISCO IOS. We received positive feedback from close contacts | |||
| testing our validator with JUNOS and Quagga. | testing our validator with JUNOS and Quagga. | |||
| 10.5. RTRlib Implementation | 10.5. RTRlib Implementation | |||
| skipping to change at page 8, line 39 | skipping to change at page 10, line 12 | |||
| Note to RFC Editor: this section may be removed on publication as an | Note to RFC Editor: this section may be removed on publication as an | |||
| RFC. | RFC. | |||
| 12. Security considerations | 12. Security considerations | |||
| No new security issues are introduced to the RPKI Router protocol | No new security issues are introduced to the RPKI Router protocol | |||
| defined in [RFC6810]. | defined in [RFC6810]. | |||
| 13. Acknowledgements | 13. Acknowledgements | |||
| TBD.... | The authors would like to thank Andrew Chi, David Mandelberg, Fabian | |||
| Holler, Forhad Ahmed, and Tim Bruijnzeels for their contributions to | ||||
| this document. | ||||
| 14. Normative References | 14. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | ||||
| [RFC6810] Bush, R. and R. Austein, "The Resource Public Key | [RFC6810] Bush, R. and R. Austein, "The Resource Public Key | |||
| Infrastructure (RPKI) to Router Protocol", RFC 6810, | Infrastructure (RPKI) to Router Protocol", RFC 6810, | |||
| January 2013. | January 2013. | |||
| Authors' Addresses | Authors' Addresses | |||
| Randy Bush | Randy Bush | |||
| Internet Initiative Japan | Internet Initiative Japan | |||
| 5147 Crystal Springs | 5147 Crystal Springs | |||
| Bainbridge Island, Washington 98110 | Bainbridge Island, Washington 98110 | |||
| US | US | |||
| Email: randy@psg.com | Email: randy@psg.com | |||
| Rob Austein | Rob Austein | |||
| Dragon Research Labs | Dragon Research Labs | |||
| End of changes. 30 change blocks. | ||||
| 173 lines changed or deleted | 182 lines changed or added | |||
This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||