Re: [GROW] ISC Response to draft-ietf-grow-unique-origin-as
Danny McPherson <danny@tcb.net> Thu, 29 September 2011 13:25 UTC
Return-Path: <danny@tcb.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1F9B21F8CCD for <grow@ietfa.amsl.com>; Thu, 29 Sep 2011 06:25:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.631
X-Spam-Level:
X-Spam-Status: No, score=-106.631 tagged_above=-999 required=5 tests=[AWL=-0.032, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u2TmV4WbqguG for <grow@ietfa.amsl.com>; Thu, 29 Sep 2011 06:25:26 -0700 (PDT)
Received: from exprod6og114.obsmtp.com (exprod6og114.obsmtp.com [64.18.1.33]) by ietfa.amsl.com (Postfix) with ESMTP id BDDE921F8C8E for <grow@ietf.org>; Thu, 29 Sep 2011 06:25:13 -0700 (PDT)
Received: from osprey.verisign.com ([216.168.239.75]) (using TLSv1) by exprod6ob114.postini.com ([64.18.5.12]) with SMTP ID DSNKToRyXk4ZocO/g8LA5RP2olOFWfhMv1qp@postini.com; Thu, 29 Sep 2011 06:28:17 PDT
Received: from dul1wnexcn01.vcorp.ad.vrsn.com (dul1wnexcn01.vcorp.ad.vrsn.com [10.170.12.138]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id p8TDRvuF000435; Thu, 29 Sep 2011 09:27:57 -0400
Received: from dul1dmcphers-m2.vcorp.ad.vrsn.com ([10.131.210.13]) by dul1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 29 Sep 2011 09:27:57 -0400
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <20110929130632.GA76531@bikeshed.isc.org>
Date: Thu, 29 Sep 2011 09:27:57 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <E6D92094-5836-4BB8-8E3A-5F620AA67696@tcb.net>
References: <20110928193323.GA57548@bikeshed.isc.org> <CC4CB415-C615-4379-842F-2177B333D380@tcb.net> <20110928235156.GA65454@bikeshed.isc.org> <352BFFD6-B2C3-4ACD-96C1-46F28B5E5719@tcb.net> <20110929130632.GA76531@bikeshed.isc.org>
To: Leo Bicknell <bicknell@isc.org>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 29 Sep 2011 13:27:57.0031 (UTC) FILETIME=[99B6E770:01CC7EAB]
Cc: "grow@ietf.org grow@ietf.org" <grow@ietf.org>
Subject: Re: [GROW] ISC Response to draft-ietf-grow-unique-origin-as
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2011 13:25:26 -0000
On Sep 29, 2011, at 9:06 AM, Leo Bicknell wrote: > > Seriously, show me an algorythm to find a leak for a Anycast service > that does not require any pre-knowledge about how the Anycast service is > configured. I submit such a thing does not exist. I never said "does not require any pre-knowledge". As a matter of fact, what I said, and what the draft says, is that with unique origins the services operator _could publish in a well-known location a list of origin ASNs for a given prefix and the feasible adjacent upstreams for each ASN. With that information network operators can make informed decisions about the legitimacy of a new path in the routing system for a critical Internet services prefix. Today, a prefix and common origin can appear from anywhere and network operators have no indication of whether it is feasible or not (I know of at least two occurrences of this that have impacted consumers), and operators have very little to inform them as to how to detect rogue nodes or malicious paths, and nothing to apply policy to a path known to be undesirable, or how to determine if a new node is legitimate or not. These static policies in no way provide the long-term fix, but in the interim they provide a routing system discriminator and visibility to operators. If you don't believe a discriminator in the routing system for anycasted prefixes is useful, well, duly noted. -danny
- [GROW] ISC Response to draft-ietf-grow-unique-ori… Leo Bicknell
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Danny McPherson
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Danny McPherson
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Leo Bicknell
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Leo Bicknell
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Danny McPherson
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Leo Bicknell
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Danny McPherson
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Leo Bicknell
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Christopher Morrow
- Re: [GROW] ISC Response to draft-ietf-grow-unique… John Kristoff
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Leo Bicknell
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Christopher Morrow
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Danny McPherson
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Leo Bicknell
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Christopher Morrow
- Re: [GROW] ISC Response to draft-ietf-grow-unique… Leo Bicknell