Bundle Protocol Agents (BPAs) in a BPv7 network apply certain levels of block processing to every block in a bundle. This processing occurs when blocks are added to the bundle, when they are processed at waypoint BPAs, and when they are removed from the bundle.

As extension blocks, BPSec security blocks follow this same set of events at every BPA in the BPv7 network. However, BPSec security blocks are, themselves, aggregations of the various security operations resident in the bundle. Each of these operations implement their own security operation lifecycle. Security operations may be added, processed, and removed from security blocks in a method similar to how security blocks are added, processed, and removed from bundles.

This chapter discusses the processing of BPSec security blocks, both as containers of individual security operations and as generic BPv7 extension blocks.

After reading this chapter you will be able to:

7.1 General Block Processing

There is a complex relationship between extension blocks and the bundles in which they exist. In some cases, extension blocks represent critical ...