Internet Engineering Task Force (IETF) R. Bush
Request for Comments: 7128 Internet Initiative Japan
Category: Informational R. Austein
ISSN: 2070-1721 Dragon Research Labs
K. Patel
Cisco Systems
H. Gredler
Juniper Networks, Inc.
M. Waehlisch
FU Berlin
February 2014
Internet Engineering Task Force (IETF) R. Bush
Request for Comments: 7128 Internet Initiative Japan
Category: Informational R. Austein
ISSN: 2070-1721 Dragon Research Labs
K. Patel
Cisco Systems
H. Gredler
Juniper Networks, Inc.
M. Waehlisch
FU Berlin
February 2014
Resource Public Key Infrastructure (RPKI) Router Implementation Report
资源公钥基础设施(RPKI)路由器实施报告
Abstract
摘要
This document is an implementation report for the Resource Public Key Infrastructure (RPKI) Router protocol as defined in RFC 6810. The authors did not verify the accuracy of the information provided by respondents. The respondents are experts with the implementations they reported on, and their responses are considered authoritative for the implementations for which their responses represent. The respondents were asked to only use the "YES" answer if the feature had at least been tested in the lab.
本文档是RFC 6810中定义的资源公钥基础设施(RPKI)路由器协议的实施报告。作者没有核实受访者提供的信息的准确性。受访者是他们报告的实现的专家,他们的回答被认为是他们的回答所代表的实现的权威。如果该功能至少在实验室进行过测试,受访者被要求只使用“是”的答案。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7128.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7128.
Copyright Notice
版权公告
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Implementation Forms . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Data Units . . . . . . . . . . . . . . . . . . . . . 4
4. Protocol Sequence . . . . . . . . . . . . . . . . . . . . . . 6
5. Protocol Transport . . . . . . . . . . . . . . . . . . . . . 7
6. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 7
7. Incremental Updates Support . . . . . . . . . . . . . . . . . 8
8. Session ID Support . . . . . . . . . . . . . . . . . . . . . 8
9. Incremental Session Startup Support . . . . . . . . . . . . . 8
10. Interoperable Implementations . . . . . . . . . . . . . . . . 9
10.1. Cisco Implementation . . . . . . . . . . . . . . . . . . 9
10.2. Juniper Implementation . . . . . . . . . . . . . . . . . 9
10.3. rpki.net Implementation . . . . . . . . . . . . . . . . 9
10.4. RIPE NCC Implementation . . . . . . . . . . . . . . . . 9
10.5. RTRlib Implementation . . . . . . . . . . . . . . . . . 9
10.6. BBN RPSTIR Implementation . . . . . . . . . . . . . . . 9
11. Security Considerations . . . . . . . . . . . . . . . . . . . 9
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
13. Normative References . . . . . . . . . . . . . . . . . . . . 10
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Implementation Forms . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Data Units . . . . . . . . . . . . . . . . . . . . . 4
4. Protocol Sequence . . . . . . . . . . . . . . . . . . . . . . 6
5. Protocol Transport . . . . . . . . . . . . . . . . . . . . . 7
6. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 7
7. Incremental Updates Support . . . . . . . . . . . . . . . . . 8
8. Session ID Support . . . . . . . . . . . . . . . . . . . . . 8
9. Incremental Session Startup Support . . . . . . . . . . . . . 8
10. Interoperable Implementations . . . . . . . . . . . . . . . . 9
10.1. Cisco Implementation . . . . . . . . . . . . . . . . . . 9
10.2. Juniper Implementation . . . . . . . . . . . . . . . . . 9
10.3. rpki.net Implementation . . . . . . . . . . . . . . . . 9
10.4. RIPE NCC Implementation . . . . . . . . . . . . . . . . 9
10.5. RTRlib Implementation . . . . . . . . . . . . . . . . . 9
10.6. BBN RPSTIR Implementation . . . . . . . . . . . . . . . 9
11. Security Considerations . . . . . . . . . . . . . . . . . . . 9
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
13. Normative References . . . . . . . . . . . . . . . . . . . . 10
In order to formally validate the origin Autonomous Systems (ASes) of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RPKI) [RFC6810] prefix origin data from a trusted cache. The RPKI Router protocol defined in [RFC6810] provides a mechanism to deliver validated prefix origin data to routers.
为了正式验证BGP公告的源自治系统(ASE),路由器需要一种简单但可靠的机制来从可信缓存接收资源公钥基础设施(RPKI)[RFC6810]前缀源数据。[RFC6810]中定义的RPKI路由器协议提供了一种机制,用于向路由器传递经过验证的前缀源数据。
This document provides an implementation report for the RPKI Router protocol as defined in RFC 6810 [RFC6810].
本文件提供了RFC 6810[RFC6810]中定义的RPKI路由器协议的实施报告。
The authors did not verify the accuracy of the information provided by respondents or by any alternative means. The respondents are experts with the implementations they reported on, and their responses are considered authoritative for the implementations for which their responses represent. Respondents were asked to only use the "YES" answer if the feature had at least been tested in the lab.
提交人没有核实受访者提供的信息的准确性或通过任何其他方式。受访者是他们报告的实现的专家,他们的回答被认为是他们的回答所代表的实现的权威。受访者被要求仅在该功能至少在实验室进行过测试的情况下才使用“是”的答案。
Contact and implementation information for person filling out this form:
填写本表人员的联系方式和实施信息:
IOS Name: Keyur Patel Email: keyupate@cisco.com Vendor: Cisco Systems, Inc. Release: IOS Protocol Role: Client
IOS名称:Keyur Patel电子邮件:keyupate@cisco.com供应商:Cisco Systems,Inc.发布:IOS协议角色:客户端
XR Name: Forhad Ahmed Email:foahmed@cisco.com Vendor: Cisco Systems, Inc. Release: IOS-XR Protocol Role: Client
XR Name:Forhad Ahmed电子邮件:foahmed@cisco.com供应商:Cisco Systems,Inc.发布:IOS-XR协议角色:客户端
JUNOS Name: Hannes Gredler Email: hannes@juniper.net Vendor: Juniper Networks, Inc. Release: JUNOS Protocol Role: Client
JUNOS姓名:Hannes Gredler电子邮件:hannes@juniper.net供应商:Juniper Networks,Inc.发布:JUNOS协议角色:客户端
rpki.net
Name: Rob Austein
Email: sra@hactrn.net
Vendor: rpki.net project
Release: <http://subvert-rpki.hactrn.net/trunk/>
Protocol Role: Client, Server
rpki.net
Name: Rob Austein
Email: sra@hactrn.net
Vendor: rpki.net project
Release: <http://subvert-rpki.hactrn.net/trunk/>
Protocol Role: Client, Server
NCC
Name: Tim Bruijnzeels
Email: tim@ripe.net
Vendor: RIPE NCC
Release: RIPE NCC validator-app 2.0.0 <https://github.com/RIPE-NCC
/rpki-validator>
Protocol Role: Server
NCC
Name: Tim Bruijnzeels
Email: tim@ripe.net
Vendor: RIPE NCC
Release: RIPE NCC validator-app 2.0.0 <https://github.com/RIPE-NCC
/rpki-validator>
Protocol Role: Server
RTRlib
Name: Fabian Holler, Matthias Waehlisch
Email: waehlisch@ieee.org
Vendor: HAW Hamburg, FU Berlin, RTRlib project
Release: RTRlib 0.2 <http://rpki.realmv6.org/>
Protocol Role: Client
RTRlib
Name: Fabian Holler, Matthias Waehlisch
Email: waehlisch@ieee.org
Vendor: HAW Hamburg, FU Berlin, RTRlib project
Release: RTRlib 0.2 <http://rpki.realmv6.org/>
Protocol Role: Client
BBN
Name: David Mandelberg, Andrew Chi
Email: dmandelb@bbn.com
Vendor: Raytheon/BBN Technologies
Release: RPSTIR 0.2 <http://sourceforge.net/projects/rpstir/>
Protocol Role: Server
BBN
Name: David Mandelberg, Andrew Chi
Email: dmandelb@bbn.com
Vendor: Raytheon/BBN Technologies
Release: RPSTIR 0.2 <http://sourceforge.net/projects/rpstir/>
Protocol Role: Server
Does the implementation support Protocol Data Units (PDUs) as described in Section 5 of [RFC6810]?
实施是否支持[RFC6810]第5节所述的协议数据单元(PDU)?
P0: Serial Notify
P0:串行通知
P1: Serial Query
P1:串行查询
P2: Reset Query
P2:重置查询
P3: Cache Response
P3:缓存响应
P4: IPv4 Prefix
P4:IPv4前缀
P6: IPv6 Prefix
P6:IPv6前缀
P7: End of Data
P7:数据结束
P8: Cache Reset
P8:缓存重置
P10: Error Report
P10:错误报告
+---------+-----+-----+-------+--------+---------+-----+------+-----+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTR- | BBN |
| | | | | .net | .net | | lib | |
| | | | | clnt | srvr | | | |
+---------+-----+-----+-------+--------+---------+-----+------+-----+
| Rcv.P0 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P0 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P1 | --- | --- | --- | --- | YES | YES | --- | YES |
| Snd.P1 | YES | YES | YES | YES | --- | --- | YES | --- |
| Rcv.P2 | --- | --- | --- | --- | YES | YES | --- | YES |
| Snd.P2 | YES | YES | YES | YES | --- | --- | YES | --- |
| Rcv.P3 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P3 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P4 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P4 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P6 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P6 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P7 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P7 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P8 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P8 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P10 | YES | YES | NO~1 | YES | YES | YES | YES | YES |
| Snd.P10 | YES | NO | NO | YES | YES | YES | YES | YES |
+---------+-----+-----+-------+--------+---------+-----+------+-----+
+---------+-----+-----+-------+--------+---------+-----+------+-----+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTR- | BBN |
| | | | | .net | .net | | lib | |
| | | | | clnt | srvr | | | |
+---------+-----+-----+-------+--------+---------+-----+------+-----+
| Rcv.P0 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P0 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P1 | --- | --- | --- | --- | YES | YES | --- | YES |
| Snd.P1 | YES | YES | YES | YES | --- | --- | YES | --- |
| Rcv.P2 | --- | --- | --- | --- | YES | YES | --- | YES |
| Snd.P2 | YES | YES | YES | YES | --- | --- | YES | --- |
| Rcv.P3 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P3 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P4 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P4 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P6 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P6 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P7 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P7 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P8 | YES | YES | YES | YES | --- | --- | YES | --- |
| Snd.P8 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.P10 | YES | YES | NO~1 | YES | YES | YES | YES | YES |
| Snd.P10 | YES | NO | NO | YES | YES | YES | YES | YES |
+---------+-----+-----+-------+--------+---------+-----+------+-----+
Note 1: No, Error PDU gets silently ignored.
注1:否,错误PDU被静默忽略。
Does the RPKI Router protocol implementation follow the four protocol sequences as outlined in Section 6 of [RFC6810]?
RPKI路由器协议实现是否遵循[RFC6810]第6节中概述的四个协议序列?
S1: Start or Restart
S1:启动或重新启动
S2: Typical Exchange
S2:典型交换
S3: No Incremental Update Available
S3:没有可用的增量更新
S4: Cache Has No Data Available
S4:缓存没有可用数据
+----+-----+-----+-------+--------+---------+------+--------+-------+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN |
| | | | | .net | .net | | | |
| | | | | clnt | srvr | | | |
+----+-----+-----+-------+--------+---------+------+--------+-------+
| S1 | YES | YES | YES | YES | YES | YES | YES | YES |
| S2 | YES | YES | YES | YES | YES | NO~1 | YES | YES |
| S3 | YES | YES | YES | YES | YES | YES | YES | YES |
| S4 | YES | YES | YES | YES | YES | YES | YES | YES~2 |
+----+-----+-----+-------+--------+---------+------+--------+-------+
+----+-----+-----+-------+--------+---------+------+--------+-------+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN |
| | | | | .net | .net | | | |
| | | | | clnt | srvr | | | |
+----+-----+-----+-------+--------+---------+------+--------+-------+
| S1 | YES | YES | YES | YES | YES | YES | YES | YES |
| S2 | YES | YES | YES | YES | YES | NO~1 | YES | YES |
| S3 | YES | YES | YES | YES | YES | YES | YES | YES |
| S4 | YES | YES | YES | YES | YES | YES | YES | YES~2 |
+----+-----+-----+-------+--------+---------+------+--------+-------+
Note 1: Does not implement Serial Query, thus Incremental Update is never available, so responds to Serial Query with Cache Reset as described in Section 6.3 of [RFC6810]
注1:未实现串行查询,因此增量更新永远不可用,因此按照[RFC6810]第6.3节中的说明,使用缓存重置响应串行查询
Note 2: Sends Cache Reset in response to Serial Query when no data; sends Error Report PDU in response to Reset Query when no data.
注2:无数据时,响应串行查询发送缓存重置;当没有数据时,发送错误报告PDU以响应重置查询。
Does the RPKI Router protocol implementation support the different protocol transport mechanisms outlined in Section 7 of [RFC6810]?
RPKI路由器协议实现是否支持[RFC6810]第7节中概述的不同协议传输机制?
+---------+-----+-----+-------+-------+--------+-----+--------+-----+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN |
| | | | | .net | .net | | | |
| | | | | clnt | srvr | | | |
+---------+-----+-----+-------+-------+--------+-----+--------+-----+
| SSH | NO | YES | NO | YES | YES | NO | YES | YES |
| TLS | NO | NO | NO | NO | NO | NO | NO | NO |
| TCP | YES | YES | YES | YES | YES | YES | YES | YES |
| TCP-MD5 | NO | NO | NO | NO | NO | NO | NO | NO |
| TCP-AO | NO | NO | NO | NO | NO | NO | NO | NO |
| IPsec | NO | NO | NO | NO | NO | NO | NO | NO |
+---------+-----+-----+-------+-------+--------+-----+--------+-----+
+---------+-----+-----+-------+-------+--------+-----+--------+-----+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN |
| | | | | .net | .net | | | |
| | | | | clnt | srvr | | | |
+---------+-----+-----+-------+-------+--------+-----+--------+-----+
| SSH | NO | YES | NO | YES | YES | NO | YES | YES |
| TLS | NO | NO | NO | NO | NO | NO | NO | NO |
| TCP | YES | YES | YES | YES | YES | YES | YES | YES |
| TCP-MD5 | NO | NO | NO | NO | NO | NO | NO | NO |
| TCP-AO | NO | NO | NO | NO | NO | NO | NO | NO |
| IPsec | NO | NO | NO | NO | NO | NO | NO | NO |
+---------+-----+-----+-------+-------+--------+-----+--------+-----+
Does the RPKI Router protocol implementation support the different protocol error codes outlined in Section 10 of [RFC6810]?
RPKI路由器协议实施是否支持[RFC6810]第10节中概述的不同协议错误代码?
+-------+-----+-----+-------+-------+--------+-------+--------+-----+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN |
| | | | | .net | .net | | | |
| | | | | clnt | srvr | | | |
+-------+-----+-----+-------+-------+--------+-------+--------+-----+
| Rcv.0 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.0 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.1 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.1 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.2 | YES | YES | NO | YES | --- | --- | YES | --- |
| Snd.2 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.3 | YES | YES | NO | YES | --- | --- | YES | --- |
| Snd.3 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.4 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.4 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.5 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.5 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.6 | --- | --- | --- | --- | YES | YES~1 | --- | YES |
| Snd.6 | YES | YES | NO | NO | --- | --- | YES | --- |
| Rcv.7 | --- | --- | --- | --- | YES | YES~1 | --- | YES |
| Snd.7 | YES | YES | NO | NO | --- | --- | YES | --- |
+-------+-----+-----+-------+-------+--------+-------+--------+-----+
+-------+-----+-----+-------+-------+--------+-------+--------+-----+
| | IOS | XR | JUNOS | rpki | rpki | NCC | RTRlib | BBN |
| | | | | .net | .net | | | |
| | | | | clnt | srvr | | | |
+-------+-----+-----+-------+-------+--------+-------+--------+-----+
| Rcv.0 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.0 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.1 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.1 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.2 | YES | YES | NO | YES | --- | --- | YES | --- |
| Snd.2 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.3 | YES | YES | NO | YES | --- | --- | YES | --- |
| Snd.3 | --- | --- | --- | --- | YES | YES | --- | YES |
| Rcv.4 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.4 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.5 | YES | YES | NO | YES | YES | YES | YES | YES |
| Snd.5 | YES | YES | NO | YES | YES | YES | YES | YES |
| Rcv.6 | --- | --- | --- | --- | YES | YES~1 | --- | YES |
| Snd.6 | YES | YES | NO | NO | --- | --- | YES | --- |
| Rcv.7 | --- | --- | --- | --- | YES | YES~1 | --- | YES |
| Snd.7 | YES | YES | NO | NO | --- | --- | YES | --- |
+-------+-----+-----+-------+-------+--------+-------+--------+-----+
Note 1: YES, but... fatal, so connection is dropped, but cache does not conclude it's inconsistent.
注1:是的,但是。。。致命,所以连接被丢弃,但缓存并不能断定它是不一致的。
Does the RPKI Router implementation support Incremental Updates as defined in Section 4 of [RFC6810]?
RPKI路由器实现是否支持[RFC6810]第4节中定义的增量更新?
+-----+----+-------+-------------+-------------+-----+--------+-----+
| IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN |
| | | | clnt | srvr | | | |
+-----+----+-------+-------------+-------------+-----+--------+-----+
| NO | NO | YES | YES | YES | NO | YES | YES |
+-----+----+-------+-------------+-------------+-----+--------+-----+
+-----+----+-------+-------------+-------------+-----+--------+-----+
| IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN |
| | | | clnt | srvr | | | |
+-----+----+-------+-------------+-------------+-----+--------+-----+
| NO | NO | YES | YES | YES | NO | YES | YES |
+-----+----+-------+-------------+-------------+-----+--------+-----+
Session ID is used to indicate that the cache server may have restarted and that the incremental restart may not be possible.
会话ID用于指示缓存服务器可能已重新启动,并且可能无法进行增量重新启动。
Does the RPKI Router protocol implementation support the Session ID procedures outlined in Section 5.1 of [RFC6810]?
RPKI路由器协议实施是否支持[RFC6810]第5.1节中概述的会话ID程序?
+-----+-----+-------+------------+------------+------+--------+-----+
| IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN |
| | | | clnt | srvr | | | |
+-----+-----+-------+------------+------------+------+--------+-----+
| YES | YES | YES | YES | YES | NO~1 | YES | YES |
+-----+-----+-------+------------+------------+------+--------+-----+
+-----+-----+-------+------------+------------+------+--------+-----+
| IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN |
| | | | clnt | srvr | | | |
+-----+-----+-------+------------+------------+------+--------+-----+
| YES | YES | YES | YES | YES | NO~1 | YES | YES |
+-----+-----+-------+------------+------------+------+--------+-----+
Note 1: NO, using random, but will FIX
注1:否,使用随机,但将修复
Does the RPKI Router protocol implementation support Incremental session startups with Serial Number and Session ID as defined in Section 5.3 of [RFC6810]?
RPKI路由器协议实施是否支持具有[RFC6810]第5.3节中定义的序列号和会话ID的增量会话启动?
+-----+-----+-------+------------+-------------+-----+--------+-----+
| IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN |
| | | | clnt | srvr | | | |
+-----+-----+-------+------------+-------------+-----+--------+-----+
| YES | YES | YES | YES | YES | NO | YES | YES |
+-----+-----+-------+------------+-------------+-----+--------+-----+
+-----+-----+-------+------------+-------------+-----+--------+-----+
| IOS | XR | JUNOS | rpki.net | rpki.net | NCC | RTRlib | BBN |
| | | | clnt | srvr | | | |
+-----+-----+-------+------------+-------------+-----+--------+-----+
| YES | YES | YES | YES | YES | NO | YES | YES |
+-----+-----+-------+------------+-------------+-----+--------+-----+
List other implementations with which you have tested the interoperability of the RPKI Router implementation.
列出测试RPKI路由器实现互操作性的其他实现。
Cisco: The Cisco IOS and IOS-XR implementation should be interoperable with other vendor RPKI Router Protocol implementations. In particular, we have tested our interoperability with rpki.net's RPKI Router implementation.
Cisco:Cisco IOS和IOS-XR实现应可与其他供应商RPKI路由器协议实现互操作。特别是,我们已经测试了与rpki.net的rpki路由器实现的互操作性。
Juniper: The Juniper Networks, Inc. JUNOS implementation should be interoperable with other vendor RPKI Router Protocol implementations. In particular, we have tested our interoperability with rpki.net's and NCC's RPKI Router Cache implementation.
Juniper:Juniper Networks,Inc.的JUNOS实现应该可以与其他供应商的RPKI路由器协议实现进行互操作。特别是,我们已经测试了与rpki.net和NCC的rpki路由器缓存实现的互操作性。
rpki.net: The rpki.net implementation should operate with other rpki-rtr implementations. In particular, we have tested our rpki-rtr server's interoperability with Cisco IOS, Cisco IOS-XR, and Juniper.
rpki.net:rpki.net实现应该与其他rpki rtr实现一起运行。特别是,我们测试了RPKIRTR服务器与Cisco IOS、Cisco IOS-XR和Juniper的互操作性。
RIPE NCC: The RIPE NCC validator has been tested by us with other rpki-rtr implementations. In particular, we have tested with RTRlib and CISCO IOS. We received positive feedback from close contacts who tested our validator with JUNOS and Quagga.
RIPE NCC: The RIPE NCC validator has been tested by us with other rpki-rtr implementations. In particular, we have tested with RTRlib and CISCO IOS. We received positive feedback from close contacts who tested our validator with JUNOS and Quagga.translate error, please retry
RTRlib: The RTRlib has been tested by us with other rpki-rtr implementations. In particular, we have tested with rtr-origin from rpki.net and RIPE NCC Validator.
RTRlib:我们已经用其他rpki rtr实现对RTRlib进行了测试。特别是,我们已经使用来自rpki.net的rtr源代码和成熟的NCC验证器进行了测试。
BBN RPSTIR: We have not yet tested with any other implementations.
BBN RPSTIR:我们还没有使用任何其他实现进行测试。
No new security issues are introduced to the RPKI Router protocol defined in [RFC6810].
[RFC6810]中定义的RPKI路由器协议没有引入新的安全问题。
The authors would like to thank Andrew Chi, David Mandelberg, Fabian Holler, Forhad Ahmed, and Tim Bruijnzeels for their contributions to this document.
作者要感谢Andrew Chi、David Mandelberg、Fabian Holler、Forhad Ahmed和Tim Bruinzeels对本文件的贡献。
[RFC6810] Bush, R. and R. Austein, "The Resource Public Key Infrastructure (RPKI) to Router Protocol", RFC 6810, January 2013.
[RFC6810]Bush,R.和R.Austein,“资源公钥基础设施(RPKI)到路由器协议”,RFC 6810,2013年1月。
Authors' Addresses
作者地址
Randy Bush Internet Initiative Japan 5147 Crystal Springs Bainbridge Island, Washington 98110 US
兰迪·布什互联网倡议日本5147水晶泉班布里奇岛,华盛顿98110美国
EMail: randy@psg.com
EMail: randy@psg.com
Rob Austein Dragon Research Labs
Rob Austein Dragon研究实验室
EMail: sra@hactrn.net
EMail: sra@hactrn.net
Keyur Patel Cisco Systems 170 West Tasman Drive San Jose, California 95134 US
美国加利福尼亚州圣何塞市西塔斯曼大道170号凯尔帕特尔思科系统公司95134
EMail: keyupate@cisco.com
EMail: keyupate@cisco.com
Hannes Gredler Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, California 94089 US
Hannes Gredler Juniper Networks,Inc.美国加利福尼亚州桑尼维尔市马蒂尔达大道北1194号,邮编94089
EMail: hannes@juniper.net
EMail: hannes@juniper.net
Matthias Waehlisch FU Berlin Takustr. 9 Berlin 14195 Germany
马蒂亚斯·韦利希(Matthias Waehlisch)在柏林担任秘书长。9柏林14195德国
EMail: waehlisch@ieee.org
URI: http://www.inf.fu-berlin.de/~waehl
EMail: waehlisch@ieee.org
URI: http://www.inf.fu-berlin.de/~waehl