Yisong Liu,
The idea behind your draft is reasonable and has value. I have a small
number of suggestions for the draft:
- The code points carried in the IE shouldn't diverge unnecessarily from
the well known ones covered in RFC 8097. This would make the IE carry a
uint8 rather than a bit vector.
- I would suggest NOT specifying "no origin validation is done" as you
have with value 0. The absence of this IE is sufficient for that state.
- Somewhat similar to other IEs covering BGP state, this draft is
under-specified what the matching BGP Route is for reporting purposes.
Customarily this is the "active route", or in BGP terms, the LocRIB
entry. It is necessary to make this observation because the validation
state for a given prefix will depend on whether the selected route from
the Adj-Ribs-In has undergone RPKI validation and what state it carries.
- RFC 8893, which this document cannot support, highlights how
validation state may vary depending on perspective. That document
covers egress marking and helps distinguish the case that the marking
state conveyed in the IE is the LocRIB entry.
-- Jeff
On 2/12/26 04:18, Yisong Liu wrote:
Dear WG,
This draft defines a new IPFIX Information Element specifically for
monitoring RPKI-based BGP Prefix Origin Validation states (valid,
invalid, not-found). Currently, operators lack standardized ways to
collect and observe these critical route validation states across
their networks. Our proposal fills this gap, enabling better
visibility into potential route hijacking and enhancing network
security observability.
We believe this work would greatly benefit from the working group's
collective expertise.We would sincerely appreciate your review
comments and feedback on the draft. Your insights will be invaluable
in helping us refine the technical details and strengthen the proposal
for the next revision.
Thank you very much for your time and consideration.
Best Regards,
Yisong Liu
----邮件原文----
发件人:internet-drafts <[email protected]>
收件人:Taoran Zhou <[email protected]>,Xueyan Song
<[email protected]>,Yisong Liu <[email protected]>
抄 送: (无)
发送时间:2026-02-11 14:12:36
主题:New Version Notification for draft-liu-opsawg-ipfix-bgp-pov-00.txt
A new version of Internet-Draft draft-liu-opsawg-ipfix-bgp-pov-00.txt has been
successfully submitted by Yisong Liu and posted to the
IETF repository.
Name: draft-liu-opsawg-ipfix-bgp-pov
Revision: 00
Title: Export of BGP Prefix Origin Validation in IP Flow Information Export
(IPFIX)
Date: 2026-02-10
Group: Individual Submission
Pages: 8
URL: https://www.ietf.org/archive/id/draft-liu-opsawg-ipfix-bgp-pov-00.txt
Status: https://datatracker.ietf.org/doc/draft-liu-opsawg-ipfix-bgp-pov/
HTML:
https://www.ietf.org/archive/id/draft-liu-opsawg-ipfix-bgp-pov-00.html
HTMLized:
https://datatracker.ietf.org/doc/html/draft-liu-opsawg-ipfix-bgp-pov
Abstract:
This document defines an IP Flow Information Export (IPFIX)
Information Element for monitoring the state of Resource Public Key
Infrastructure (RPKI) based BGP Prefix Origin Validation. The
Information Element enables network operators to collect and analyze
BGP route validation states (valid, invalid, not-found) to facilitate
the detection of potential route hijacks improving network
observability and security.
The IETF Secretariat
Subject:New Version Notification for draft-liu-opsawg-ipfix-bgp-pov-00.txt
A new version of Internet-Draft draft-liu-opsawg-ipfix-bgp-pov-00.txt has been
successfully submitted by Yisong Liu and posted to the
IETF repository.
Name: draft-liu-opsawg-ipfix-bgp-pov
Revision: 00
Title: Export of BGP Prefix Origin Validation in IP Flow Information Export
(IPFIX)
Date: 2026-02-10
Group: Individual Submission
Pages: 8
URL: https://www.ietf.org/archive/id/draft-liu-opsawg-ipfix-bgp-pov-00.txt
Status: https://datatracker.ietf.org/doc/draft-liu-opsawg-ipfix-bgp-pov/
HTML:
https://www.ietf.org/archive/id/draft-liu-opsawg-ipfix-bgp-pov-00.html
HTMLized:
https://datatracker.ietf.org/doc/html/draft-liu-opsawg-ipfix-bgp-pov
Abstract:
This document defines an IP Flow Information Export (IPFIX)
Information Element for monitoring the state of Resource Public Key
Infrastructure (RPKI) based BGP Prefix Origin Validation. The
Information Element enables network operators to collect and analyze
BGP route validation states (valid, invalid, not-found) to facilitate
the detection of potential route hijacks improving network
observability and security.
The IETF Secretariat
_______________________________________________
OPSAWG mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
OPSAWG mailing list -- [email protected]
To unsubscribe send an email to [email protected]
