Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
Joel Jaeggli <joelja@bogus.com> Thu, 22 January 2009 01:50 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0DEA3A699E; Wed, 21 Jan 2009 17:50:47 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B31A33A699E for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 17:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level:
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[AWL=-0.350, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iKt-LW9y8ut0 for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 17:50:45 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id A2A253A687A for <opsec@ietf.org>; Wed, 21 Jan 2009 17:50:45 -0800 (PST)
Received: from [192.168.1.118] (c-24-130-16-195.hsd1.ca.comcast.net [24.130.16.195]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n0M1oPBs036089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 22 Jan 2009 01:50:26 GMT (envelope-from joelja@bogus.com)
Message-ID: <4977D0DE.8040409@bogus.com>
Date: Wed, 21 Jan 2009 17:50:22 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: "Ryan Mcdowell (rymcdowe)" <rymcdowe@cisco.com>
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net> <19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com> <A759481225F9064586B34D2B490AB73206B93254@xmb-rtp-20e.amer.cisco.com>
In-Reply-To: <A759481225F9064586B34D2B490AB73206B93254@xmb-rtp-20e.amer.cisco.com>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8886/Wed Jan 21 22:46:06 2009 on nagasaki.bogus.com
X-Virus-Status: Clean
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org The value of having a commonly understood convention for usage is that
the facility can then get used more, becuase you can teach it document it reference texts etc. That doesn't mean a more expressive set of situationially useful tools cannot also be provided, the fact that their is some variation is what providers offer their customers and how they express them reflects different priorties, vendor specfic limitations and so on. Ryan Mcdowell (rymcdowe) wrote: > Agree with Roland, too many ISP's do slightly different things. I think > a standard community could capture all the power and options possible. > A standard community would greatly reduce the flexibility. > > Does the provider set no-advertise on such updates so I have to > advertise them over every eBGP session? Does the provider do source, > destination, or both blackholing? Does the provider attempt to > propagate it to their upstreams? If so, which ones? Can I control > which ones? If the provider has multiple ASes, do they propagate it to > all their ASes? If so, which ones? Can I control which ones? Does the > provider offer QPPB instead of blackholing? Etc... > > ---------------------------- > Ryan McDowell > Systems Engineer > Cisco Systems, Inc > (W) +1 703.484.0040 > (M) +1 703.201.5742 > PGP Fingerprint: EED9 192F 9F45 FAE4 F6A3 8764 FEE1 299D 1B62 A361 > ---------------------------- > > -----Original Message----- > From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf > Of Roland Dobbins (rdobbins) > Sent: Tuesday, January 20, 2009 11:07 PM > To: opsec wg mailing list > Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 > > > On Jan 21, 2009, at 2:21 AM, Warren Kumari wrote: > >> I'd like to keep the registered community -- while different providers > >> will support different subsets of this, having a well known way to >> enable this seems good to me. > > The problem with this is that it lacks granularity, and if this were to > come to pass and you tagged your announcement accordingly, you don't > know what the result will be, nor where, nor how. > > We've all seen instances of uncoordinated mitigation which have gone > awry and made things worse, not better. Any kind of inter-provider > signaling of this type should only be undertaken/work after an explicit > mutual understanding has been reached regarding expectations and actual > behavior. > > Given the fact that various operators have implemented various > communities for various purposes over time, and given the > situationally-specific nature of the blackholing mechanisms themselves, > I think that while this is a noble goal, that it simply isn't practical > in this particular milieu and should probably be removed. > > ----------------------------------------------------------------------- > Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile > > All behavior is economic in motivation and/or consequence. > > > > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Warren Kumari
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Danny McPherson
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Roland Dobbins
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Roland Dobbins
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Christopher Morrow
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Warren Kumari
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Smith, Donald
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Ryan Mcdowell (rymcdowe)
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Ryan Mcdowell (rymcdowe)
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Joel Jaeggli
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Joel Jaeggli
- Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00 Smith, Donald