Showing T08: OV: Scenario4, I-Invalid

Owner sspies
Date created 2011-07-27 18:55:48 UTC

Test Description

Intention

This test checks, if an IUT (Implementation Under Test) can
  • re-validate prefix/origin pairs of incoming BGP announcement Updates according to RPKI/RTR whitelist entries, which are announced afterwards
  • can still operate the acceptance policy (ignore-invalid) correctly, when the validation state of prefix/origin pairs changes
  • can fulfil both above, if ROA1 is replaced by ROA1_broken (5.0.0.0/16, OAS4) and ROA3 is replaced by ROA3_broken (11.0.0.0/16-24, OAS9)
within the following requirements, dataset and scenario 4

Requirements

  • Policy
    Ignore prefix/origin pairs of incoming BGP announcement updates
    if their validation state is INVALID, however accept UNKNOWN and VALID.
  • Cache to Router
    It is expected that the implementation under test will send a "Query Request" message within 60 seconds of the receipt of a "Notify" message.
  • Policy
    Do not execute any other policies on incoming BGP Updates and do not change the default BGP best path selection algorithm.

Dataset

Scenario 4 and Expectations according to ignore-invalid

  • t0: Send all BGP Updates
  • t0-t60: Goal "All Updates, No WL (Unknown)"
    Expect to receive all green, blue and red BGP routes.
  • t60: Send all ROAs as whitelists
  • t60-120 and if "All Updates, No WL (Unknown)" success
    Goal "Withdraw Invalid Routes": Expect to receive withdrawals for all red BGP routes.
  • t120: Remove ROA1 and ROA3 as whitelists
  • t120-t180 and if "Withdraw Invalid Routes" success
    Goal "Announce Invalid -> Unknown Routes (being more-specific or ML exceeded) after WL remove": Expect to receive announcements for BGP routes (5.0.0.0/17, OAS5) and (10.0.0.0/25, OAS10)
  • t180: Add ROA1_broken (5.0.0.0/16, OAS4) and ROA3_broken (10.0.0.0/16-24, OAS9) as whitelists
  • t180-t240 and if "Announce Invalid -> Unknown Routes ..." success
    Goal "Withdraw UNKNOWN -> INVALID Routes due to broken ROA add"
    Expect to receive withdrawals for BGP routes (5.0.0.0/16, OAS5), (5.0.0.0/17, OAS5), (10.0.0.0/16, OAS10), (10.0.0.0/20, OAS10), (10.0.0.0/24, OAS10) and (10.0.0.0/25, OAS10).