IETF Logo Mail Archive

Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00

"Smith, Donald" <Donald.Smith@qwest.com> Wed, 21 January 2009 15:28 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0D5C3A68C0; Wed, 21 Jan 2009 07:28:59 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27ED23A6924 for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 07:28:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptz-3qJMt6h1 for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 07:28:57 -0800 (PST)
Received: from suomp64i.qwest.com (suomp64i.qwest.com [155.70.16.237]) by core3.amsl.com (Postfix) with ESMTP id 318153A67F4 for <opsec@ietf.org>; Wed, 21 Jan 2009 07:28:57 -0800 (PST)
Received: from suomp60i.qintra.com (suomp60i.qintra.com [151.117.69.27]) by suomp64i.qwest.com (8.14.0/8.14.0) with ESMTP id n0LFSbJ8024900; Wed, 21 Jan 2009 09:28:37 -0600 (CST)
Received: from ITDENE2KSM01.AD.QINTRA.COM (localhost [127.0.0.1]) by suomp60i.qintra.com (8.14.0/8.14.0) with ESMTP id n0LFSV0H025945; Wed, 21 Jan 2009 09:28:31 -0600 (CST)
Received: from qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) by ITDENE2KSM01.AD.QINTRA.COM with Microsoft SMTPSVC(6.0.3790.1830); Wed, 21 Jan 2009 08:28:31 -0700
Received: from qtdenexmbm24.AD.QINTRA.COM ([151.119.91.226]) by qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) with mapi; Wed, 21 Jan 2009 08:28:31 -0700
From: "Smith, Donald" <Donald.Smith@qwest.com>
To: 'Warren Kumari' <warren@kumari.net>, 'Christopher Morrow' <morrowc.lists@gmail.com>
Date: Wed, 21 Jan 2009 08:28:26 -0700
Thread-Topic: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
Thread-Index: Acl7zwrFafq90/XnSVOAEacEVbWXyQADRk9Q
Message-ID: <B01905DA0C7CDC478F42870679DF0F100493CCEB99@qtdenexmbm24.AD.QINTRA.COM>
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net> <75cb24520901202059h313c2ff2oafa4d4c4d517d062@mail.gmail.com> <269E78A6-369F-4D53-B587-4A726F9FF854@kumari.net>
In-Reply-To: <269E78A6-369F-4D53-B587-4A726F9FF854@kumari.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
X-OriginalArrivalTime: 21 Jan 2009 15:28:31.0239 (UTC) FILETIME=[EA66B170:01C97BDC]
Cc: "'opsec@ietf.org'" <opsec@ietf.org>
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org I agree with Danny. A standards based community would imply the customer might try it without any coordination with their isp. A configuration mistake within the ips might then allow a customer to src base black hole ip addresses that shouldn't be src base blackholed for one reason or another. The ISP has to be involved and it has to be coordinated between the ips and customer as to which addresses and how many can be advertised for src based blackholing.


(coffee != sleep) & (!coffee == sleep)
Donald.Smith@qwest.com gcia   

> -----Original Message-----
> From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] 
> On Behalf Of Warren Kumari
> Sent: Wednesday, January 21, 2009 6:49 AM
> To: Christopher Morrow
> Cc: opsec@ietf.org
> Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
> 
> Cool...
> 
> Well, it looks fairly obvious that Danny's view (viewpoint 1) 
> here is  
> the prevalent one --- I'll update the draft soon to reflect 
> this (I'll  
> give it a couple of days so I can also incorporate any other feed  
> back, hint hint...)
> 
> W
> 
> 
> On Jan 20, 2009, at 11:59 PM, Christopher Morrow wrote:
> 
> > On Tue, Jan 20, 2009 at 1:21 PM, Warren Kumari <warren@kumari.net>  
> > wrote:
> >
> >> Now, for the big question:
> >>
> >> In the draft we are are requesting a registered BGP 
> community to be  
> >> used to
> >> signal your provider that you want destination based RTBH applied  
> >> to an
> >> announced prefix.
> >
> > I don't believe a 'well known community' helps here... I believe it
> > will cause more issues than it resolves. I fear that folks 
> will assume
> > their provider has this enabled (because configuration is 
> required on
> > the provider side, unlike no-advertise and no-export). This 
> will cause
> > unpredictable behaviour for customers and operators.
> >
> > -Chris
> 
> 
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email