Update of SLURM (Simplified Local internet nUmber Resource ...
Transcript of Update of SLURM (Simplified Local internet nUmber Resource ...
UpdateofSLURM(SimplifiedLocalinternetnUmber
ResourceManagementwiththeRPKI)
IETF97
DiMaZDNS
1
SLURMReview
• Motivations– NetworkoperatorsMAYwanttoselectivelyoverridethe
RPKIhierarchyatitsdiscretionasforprivateINRs.– NetworkoperatorsMAYwishtomakeuseofalocal
overridecapabilitytoprotectroutesfromadverseactions[I-D.ietf-sidr-adverse-actions],untiltheresultsofsuchactionshavebeenaddressed.
• Methodology– Arelyingpartyusesbothoutputfilteringandlocallyadded
assertionstomodifyvalidatedcache.2
UpdateOverview
• Reorganizethelayoutoftheintendedcontent
• Rewritetheusecases• GiveanoverviewofSLURMbyaddingafigureofSLURM’sPositionintheRelyingPartyStack
• AddmoretexttoSecurityConsiderations
3
ReorganizedLayout• RPKIRPswithSLURM
• SLURMMechanisms– ValidationOutputFiltering– LocallyAddingAssertions– CombiningMechanisms
• FormatoftheSLURM
• SLURMFileConfiguration– SLURMFileAtomicity– MultipleSLURMFiles
4
UsecaseRevision
• MakingthemotivationunfocusedfromprivateINRbychangingexpressionsthroughouttheI-D
• Referringtodraft-ietf-sidr-adverse-actions
5
SLURM'sPositionintheRelyingPartyStack
+--------------+ +---------------------------+ +------------+ | | | | | | | Repositories +--->Local cache of RPKI objects+---> Validation | | | | | | | +--------------+ +---------------------------+ +-----+------+ | +-------------------------------------------------+ | +------v-------+ +---------------------------+ +------------+ | | | | | | | SLURM +---> rpki-rtr +--->BGP Speakers| | | | | | | +--------------+ +---------------------------+ +------------+
6
SecurityConsiderations
• Manipulationonassertionsaboutnon-privateINRs
• ErrorsintheSLURMfile
• AuthenticityandIntegrityoftheSLURMfile
7
ReconsiderationonSLURMfileformat
• ABNFV.S.JSON/XML/YAML– ABNFisusedwidelytodefinesyntaxofprogramlanguage,
whichexpressestheessentiallogic.– TherearewideavailabilityoflibrariestoparseJSON/XML/
YAML.
• Formatisdifferentfromformatinstruction.– SLURMfileisjustconfigurationfile.YettheRPneedstobe
reinforcedwithnewmoduletosupportSLURM.– ABNFisemployedinthisI-DtospecifySLURMfileformat.– ImplementersarefreetochooseJSON/XML/YAMLmapped
fromABNFtogenerateSLURMfiletobeconfigured.8
ExamplesofSLURMFile
9
Implementation
• RPSTIR,asasortofRPKIRPsoftware,willbesupportingSLURMinthecomingfuture.
10
• ThanksgotoSteveKentforhisguidanceanddetailedreviewsinpreparingthisupdatedI-D.
• ThanksgotoTimBruijnzeelsandRobAusteinforsharingwithmetheirconsiderationsonSLURMfileformat.
11
Thanks!
12