On Tue, 20 Mar 2012 22:58:02 +0100, Ondrej Zajicek <santiago@crfreenet.org> said:
Ondrej> On Tue, Mar 20, 2012 at 11:11:44AM -0700, Michael Baer wrote: >> >> Hi All, >> >> We've been working on an extension to BIRD supporting the BGPSec >> protocol that is currently being discussed in the IETF SIDR >> Working Group. And I had some questions I wanted to ask the BIRD >> developers. If the user list isn't the appropriate forum, let me >> know and we can discuss it elsewhere or offline. Ondrej> I guess user list is appropriate. Personally, i do not Ondrej> believe in user/developer mailing list splits. With only one list and not a high message load, it looked to me like this would be a good forum. But I wanted to be sure and ask. >> We've made some initial progress, although it's not even to what >> I would call an Alpha stage yet. Our current plan is to have a >> beta/alpha working by the beginning of Summer and to continue >> work on it for up to a year afterwords. >> >> We would like to have the work contributed back to the BIRD >> project. Which brings me to the questions I had. Is the BIRD >> team interested in the contribution? Are we in conflict with any >> work you are doing to support BGPSec? (I haven't seen any mention >> on the user list, but I don't know if there has been any work >> otherwise). Assuming you are interested, besides that our code >> should have a compatible license, i.e. GPL, and it should try >> match the coding style of the files that are modified, are there >> any other requirements or desires that you may have regarding >> code enhancements and contributions to the BIRD project? Ondrej> We are interested in contributions, although it sometimes Ondrej> took a while to get reviewed and merged, esp. if it is an Ondrej> invasive patch. Ondrej> We don't have any current plans on BGPSec, AFAIK. Ondrej> GPL; coding style similar to one used in nest, BGP or OSPF Ondrej> and reusing existing elements and code patterns instead of Ondrej> reinventing wheel is probably enough. It is a good idea to Ondrej> write some overview (how it will be integrated in the Ondrej> current code) beforehand, esp. for invasive changes to the Ondrej> current code or non-standard interactions with the rest of Ondrej> BIRD. Ondrej> I don't know BGPSec, bug i see some possible problems - Ondrej> first, BGP code (and most of BIRD route propagation), is Ondrej> synchronous, which is probably not well suited for Ondrej> cryptographic validation. Second, how cryptographic code Ondrej> would be connected - external tool for validation, external Ondrej> lib, internal lib. Generating the local cert info was going to be asynchronous to BIRD. The validation, at least initially, will be synchronous using openssl. It may be a problem for high capacity routers. I'd guess for medium use/decent hardware or low use routers that it won't be much of an issue. But since we haven't gotten far enough along to see the cpu load during update validation, it's a pretty limited guess. -Mike -- Michael Baer baerm@tislabs.com