Re: [Idr] Fw: New Version Notification for draft-sriram-idr-route-leak-detection-mitigation-01

Sriram: 

Here's an ASPath ORF draft that Keyur and I think might help the non-BGPSEC
version of the route leaks.  The ORF filters the ASPATH.  It's not secure
like the BGPSEC - but perhaps it will help.

Sue 

-----Original Message-----
From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Sriram, Kotikalapudi
Sent: Sunday, July 05, 2015 9:39 AM
To: idr@ietf.org wg
Cc: Susan Hares
Subject: [Idr] Fw: New Version Notification for
draft-sriram-idr-route-leak-detection-mitigation-01

We (the authors) have just submitted an updated -01 version:

https://www.ietf.org/internet-drafts/draft-sriram-idr-route-leak-detection-m
itigation-01.txt

Sue had posted a WG adoption call request (with -00 version):

http://www.ietf.org/mail-archive/web/idr/current/msg14550.html

Please take a look at the updated version. The diff can be viewed at:

https://www.ietf.org/rfcdiff?url2=draft-sriram-idr-route-leak-detection-miti
gation-01 

Key changes (in -01 version relative to -00):
* Section 2 -  Related Prior Work - has been newly added
* There is substantial new material in Section 5:  Design Rationale and
Discussion.
* Many useful changes have been made to improve the presentation and
clarity.
* Brian Dickson has been added as a co-author.

This work was presented in Dallas, and again an updated version was
presented in the IDR interim meeting on June 29. The slides of the
presentation are at:

http://www.ietf.org/proceedings/interim/2015/06/29/idr/slides/slides-interim
-2015-idr-7-0.pdf  

Comments/questions would be very much appreciated.

Sriram

________________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Sunday, July 5, 2015 8:26 AM

A new version of I-D,
draft-sriram-idr-route-leak-detection-mitigation-01.txt
has been successfully submitted by Kotikalapudi Sriram and posted to the
IETF repository.

Name:           draft-sriram-idr-route-leak-detection-mitigation
Revision:       01
Title:          Methods for Detection and Mitigation of BGP Route Leaks
Document date:  2015-07-05
Group:          idr
Pages:          17
URL:
https://www.ietf.org/internet-drafts/draft-sriram-idr-route-leak-detection-m
itigation-01.txt
Status:
https://datatracker.ietf.org/doc/draft-sriram-idr-route-leak-detection-mitig
ation/
Htmlized:
https://tools.ietf.org/html/draft-sriram-idr-route-leak-detection-mitigation
-01
Diff:
https://www.ietf.org/rfcdiff?url2=draft-sriram-idr-route-leak-detection-miti
gation-01

Abstract:
   In [I-D.ietf-grow-route-leak-problem-definition], the authors have
   provided a definition of the route leak problem, and also enumerated
   several types of route leaks.  In this document, we first examine
   which of those route-leak types are detected and mitigated by the
   existing origin validation (OV) [RFC 6811] and BGPSEC path validation
   [I-D.ietf-sidr-bgpsec-protocol].  Where the current OV and BGPSEC
   protocols don't offer a solution, this document suggests an
   enhancement that would extend the route-leak detection and mitigation
   capability of BGPSEC.  The solution can be implemented in BGP without
   necessarily tying it to BGPSEC.  Incorporating the solution in BGPSEC
   is one way of implementing it in a secure way.  We do not claim to
   have provided a solution for all possible types of route leaks, but
   the solution covers several, especially considering some significant
   route-leak attacks or occurrences that have been observed in recent
   years.  The document also includes a stopgap method for detection and
   mitigation of route leaks for the phase when BGPSEC (path validation)
   is not yet deployed but only origin validation is deployed.

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr

Re: [Idr] Fw: New Version Notification for draft-sriram-idr-route-leak-detection-mitigation-01

Attachment: draft-ietf-idr-aspath-orf.txt.pdf