Re: [sidr] sidr-arch-09 refresh cycle time

To: Randy Bush <randy at psg.com>
Subject: Re: [sidr] sidr-arch-09 refresh cycle time
From: Robert Kisteleki <robert at ripe.net>
Date: Thu, 05 Nov 2009 09:58:22 +0100
Cc: "sidr at ietf.org" <sidr at ietf.org>
Delivered-to: sidr at core3.amsl.com
In-reply-to: <m2fx913kz7.wl%randy at psg.com>
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
Organization: RIPE NCC
References: <4AE6160D.8000503 at bbn.com> <38FCEA94-4D74-47F0-BD36-B42338474C2E at apnic.net> <4AE75809.4050808 at bbn.com> <4AE854D9.8040103 at ripe.net> <m2iqdz5c3c.wl%randy at psg.com> <4AE947CA.1070603 at ripe.net> <m2y6mu2xid.wl%randy at psg.com> <4AE98CE2.3080708 at ripe.net> <m2fx913kz7.wl%randy at psg.com>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

Randy Bush wrote:

That is only true if the thing you're propagating has to travel hop by
hop to the bottom of the hierarchy. So the question still stands: what
is this "thing" that you think propagates slowly, and why does it have
to propagate hop by hop?


incorrect or missing cert high in chain which needs delegation fix down
the chain so end site can get a fixed roa out there.  remember, my
routing depends on that roa.  and arin has extreme cases of depth,
though i think we will find itu-rir-<three or four> to be the more
common cases.

it's max time to repair which worries me.

randy

I understand this concern, but how likely is it that there is an "incorrector missing cert high in chain" which needs fixing within one cycle?

In the case of missing resources, it's very unlikely that someone deep downin the chain suddenly realises "oh, I need more resource from mygrand-grand-grandparent NOW!". In the case of overclaiming, it's enough ifany one in the chain shrinks their resources, the effect is visible in onecycle.


So I'm not convinced that multi-cycle propagation this is an issue.

Robert

Follow-Ups:
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Randy Bush

References:
- [sidr] Updates: sidr-arch-09 and roa-format-06
  - From: Matt Lepinski
- [sidr] sidr-arch-09 refresh cycle time
  - From: Geoff Huston
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Matt Lepinski
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Robert Kisteleki
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Randy Bush
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Robert Kisteleki
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Randy Bush
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Robert Kisteleki
- Re: [sidr] sidr-arch-09 refresh cycle time
  - From: Randy Bush

Prev by Date: [sidr] TA questions
Next by Date: Re: [sidr] sidr-arch-09 refresh cycle time
Previous by thread: Re: [sidr] sidr-arch-09 refresh cycle time
Next by thread: Re: [sidr] sidr-arch-09 refresh cycle time
Index(es):
- Date
- Thread

Re: [sidr] sidr-arch-09 refresh cycle time

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.