Performance -- Certificates

• Processing -- certificates and CRLs are signed infrequently; this should be done off-line (and not by routers)

• Storage:

  • ~30 Mbytes for ~65K Certificates
  • ~2 Mbytes for ~3K CRLs
  • DNS or Certificate server -- 1 entry/address block, 1 entry/AS, 1 entry/BGP-speaker in an AS

• Transmission bandwidth -- An UPDATE will not hold the certificates needed to validate an average route. Therefore, certificates will have to be cached. Certificates will be transmitted at a low frequency except at startup (or preloaded from the NOC).

* Estimates are based on observed MRT data from Jan 1998

Previous slide

Next slide

Back to first slide

View graphic version