RPKI->RTR Protocol
Transcript of RPKI->RTR Protocol
![Page 1: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/1.jpg)
RPKI->RTR Protocol
1
IETF- sidr / Maastricht 2010.07.28
Randy Bush <[email protected]> Rob Austein <[email protected]>
draft-ymbk-rpki-rtr-protocol-06.txt
2010.07.28 sidr rpki-rtr 1
![Page 2: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/2.jpg)
2010.07.28 sidr rpki-rtr 2
Mac
Publication Point
Issued ROAs
My Misc Config
Options
Public RPKI Keys
ID=Me
Internal CA Data
Keys for Talking to
IR BackEnd
Certs Issued to
DownStreams
Up/Down EE Public Keys
Front End GUI &
Management
RPKI Engine
Contract Out To Google
Using the RPKI
Resources [OrgID]
My RightsToRoute
Delegations to Custs
User Web GUI
98% of an RIR’s Users 10% of an RIR’s IP Space
Up / Down Protocol
2% of an RIR’s Users 90% of an RIR’s IP Space
Publication Protocol
IR’s Database(s)
Internal
Protocol
![Page 3: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/3.jpg)
Received from One Parent
2010.07.28 sidr rpki-rtr 3
![Page 4: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/4.jpg)
What I Did With It
2010.07.28 sidr rpki-rtr 4
![Page 5: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/5.jpg)
RCynic Cache Gatherer
RCynic Gatherer Validated
Cache
Trust Anchor
(cynical rsync)
IANA IANA
ARIN ARIN APNIC APNIC
UUNET UUNET PSGnet PSGnet
UUcust UUcust
IIJ IIJ
SIA
SIA
SIA
SIA
5 5 2010.07.28 sidr rpki-rtr 5
![Page 6: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/6.jpg)
Global RPKI
RPKI -> Router
RCynic Gatherer
RPKI to Rtr
Protocol
Near/In PoP
BGP Decision Process
Cache / Server
Object Security RCynic
Transport Security
ssh
6 6 2010.07.28 sidr rpki-rtr 6
![Page 7: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/7.jpg)
Typical Exchange
7
Cache Router | <----- Reset Query -------- | R requests data | | | ----- Cache Response -----> | C confirms request | ------- IPvX Prefix ------> | C sends zero or more | ------- IPvX Prefix ------> | IPv4 and IPv6 Prefix | ------- IPvX Prefix ------> | Payload PDUs | ------ End of Data ------> | C sends End of Data | | and sends new serial ~ ~ | -------- Notify ----------> | (optional) | | | <----- Serial Query ------- | R requests data | | | ----- Cache Response -----> | C confirms request | ------- IPvX Prefix ------> | C sends zero or more | ------- IPvX Prefix ------> | IPv4 and IPv6 Prefix | ------- IPvX Prefix ------> | Payload PDUs | ------ End of Data ------> | C sends End of Data | | and sends new serial ~ ~
7 2010.07.28 sidr rpki-rtr 7
![Page 8: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/8.jpg)
Reset Query
8
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | reserved = zero | | 0 | 2 | | +-------------------------------------------+ | | | Length=8 | | | `-------------------------------------------'
2010.07.28 sidr rpki-rtr 8
![Page 9: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/9.jpg)
Cache Response
9
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | reserved = zero | | 0 | 3 | | +-------------------------------------------+ | | | Length=8 | | | `-------------------------------------------'
2010.07.28 sidr rpki-rtr 9
![Page 10: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/10.jpg)
IPv4 Prefix
10
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | Color | | 0 | 4 | | +-------------------------------------------+ | | | Length=20 | | | +-------------------------------------------+ | | Prefix | Max | Data | | Flags | Length | Length | Source | | | 0..32 | 0..32 | RPKI/IRR | +-------------------------------------------+ | | | IPv4 prefix | | | +-------------------------------------------+ | | | Autonomous System Number | | | `-------------------------------------------'
10 2010.07.28 sidr rpki-rtr 10
![Page 11: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/11.jpg)
IPv6 Prefix
11
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | Color | | 0 | 6 | | +-------------------------------------------+ | | | Length=40 | | | +-------------------------------------------+ | | Prefix | Max | Data | | Flags | Length | Length | Source | | | 0..128 | 0..128 | RPKI/IRR | +-------------------------------------------+ | | +--- ---+ | | +--- IPv6 prefix ---+ | | +--- ---+ | | +-------------------------------------------+ | | | Autonomous System Number | | | `-------------------------------------------'
11 2010.07.28 sidr rpki-rtr 11
![Page 12: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/12.jpg)
End of Data
12
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | reserved = zero | | 0 | 7 | | +-------------------------------------------+ | | | Length=12 | | | +-------------------------------------------+ | | | Serial Number | | | `-------------------------------------------'
2010.07.28 sidr rpki-rtr 12
![Page 13: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/13.jpg)
Notify (Think DNS)
13
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | reserved = zero | | 0 | 0 | | +-------------------------------------------+ | | | Length=12 | | | +-------------------------------------------+ | | | Serial Number | | | `-------------------------------------------'
2010.07.28 sidr rpki-rtr 13
![Page 14: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/14.jpg)
Serial Query
14
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | reserved = zero | | 0 | 1 | | +-------------------------------------------+ | | | Length=12 | | | +-------------------------------------------+ | | | Serial Number | | | `-------------------------------------------'
2010.07.28 sidr rpki-rtr 14
![Page 15: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/15.jpg)
Error Response
15
0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | Error Number | | 0 | 10 | | +-------------------------------------------+ | | | Length | | | +-------------------------------------------+ | | | Length of Encapsulated PDU | | | +-------------------------------------------+ | | ~ Copy of Erroneous PDU ~ | | +-------------------------------------------+ | | | Length of Error Text | | | +-------------------------------------------+ | | | Arbitrary Text | | of | ~ Error Diagnostic Message ~ | | `-------------------------------------------' 2010.07.28 sidr rpki-rtr 15
![Page 16: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/16.jpg)
Changing Caches
2010.07.28 sidr rpki-rtr 16
• Running on cache A happily • A goes bad (A down, sends error, ...) • Router decides to break off relationship with A • Router keeps using old data from A • Router tries other caches in priority order • Router starts to load from B, in a separate buffer, but still runs on old data from A
• Router finishes loading data from B • Router flushes all data from A and installs all data from B
• Router reevaluates installed prefixes against new data
![Page 17: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/17.jpg)
2010.07.28 sidr rpki-rtr 17
Global RPKI
Asia Cache
NoAm Cache
Euro Cache
in-PoP Cache
in-PoP Cache
in-PoP Cache
in-PoP Cache
in-PoP Cache
in-PoP Cache
in-PoP Cache
in-PoP Cache
in-PoP Cache
Cust Facing
Cust Facing
Cust Facing
Cust Facing
Cust Facing
High Priority
Lower Priority
Extremely Large ISP Deployment
![Page 18: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/18.jpg)
Good Dog! RP/0/1/CPU0:r0.dfw#show bgp 192.158.248.0/24 BGP routing table entry for 192.158.248.0/24 Versions: Process bRIB/RIB SendTblVer Speaker 132327 132327 Last Modified: Oct 2 01:06:47.630 for 13:33:12 Paths: (6 available, best #3) Advertised to peers (in unique update groups): 204.69.200.26 Path #1: Received by speaker 0 2914 1299 6939 6939 27318 157.238.224.149 from 157.238.224.149 (129.250.0.85) Origin IGP, metric 0, localpref 100, valid, external, \ origin validity state: valid Community: 2914:420 2914:2000 2914:3000 4128:380 Path #2: Received by speaker 0 ...
18 18 2010.07.28 sidr rpki-rtr 18
![Page 19: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/19.jpg)
Bad Dog! RP/0/1/CPU0:r0.dfw#sh bgp 64.9.224.0 BGP routing table entry for 64.9.224.0/20 Versions: Process bRIB/RIB SendTblVer Speaker 0 0 Last Modified: Oct 2 17:38:27.630 for 4d22h Paths: (6 available, no best path) Not advertised to any peer Path #1: Received by speaker 0 2914 3356 36492 157.238.224.149 from 157.238.224.149 (129.250.0.85) Origin IGP, metric 2, localpref 100, valid, external,\ origin validity state: invalid Community: 2914:420 2914:2000 2914:3000 4128:380
19 19 2010.07.28 sidr rpki-rtr 19
![Page 20: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/20.jpg)
Strange Dog! RP/0/1/CPU0:r0.dfw#sh bgp 147.28.0.0 BGP routing table entry for 147.28.0.0/16 Versions: Process bRIB/RIB SendTblVer Speaker 337691 337691 Last Modified: Oct 2 17:40:16.630 for 4d22h Paths: (6 available, best #1) Advertised to peers (in unique update groups): 204.69.200.26 Path #1: Received by speaker 0 2914 3130 157.238.224.149 from 157.238.224.149 (129.250.0.85) Origin IGP, metric 68, localpref 100, valid, external, \ origin validity state: not found Community: 2914:410 2914:2000 2914:3000 4128:380
20 20 2010.07.28 sidr rpki-rtr 20
![Page 21: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/21.jpg)
Open Source (BSD Lisc) Running Code
https://subvert-rpki.hactrn.net/
Test Code in Routers Talk to Ed Kern
21 21 2010.07.28 sidr rpki-rtr 21
![Page 22: RPKI->RTR Protocol](https://reader030.fdocuments.us/reader030/viewer/2022012801/61bd054061276e740b0e8a2d/html5/thumbnails/22.jpg)
Work Supported By • US Government
THIS PROJECT IS SPONSORED BY THE DEPARTMENT OF HOMELAND SECURITY UNDER AN INTERAGENCY AGREEMENT WITH THE AIR FORCE RESEARCH LABORATORY (AFRL).
• Internet Initiative Japan
• Cisco, Juniper, Google, NTT, Equinix
22 22 2010.07.28 sidr rpki-rtr 22