RE: [RPSEC] Re: draft-convery-bgpattack-00
Stephen Kent <kent@bbn.com> Thu, 07 November 2002 22:11 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA15372 for <rpsec-archive@odin.ietf.org>; Thu, 7 Nov 2002 17:11:25 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gA7MDUL25377 for rpsec-archive@odin.ietf.org; Thu, 7 Nov 2002 17:13:30 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gA7MDTv25373 for <rpsec-web-archive@optimus.ietf.org>; Thu, 7 Nov 2002 17:13:29 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA15363 for <rpsec-web-archive@ietf.org>; Thu, 7 Nov 2002 17:10:54 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gA7MD9v25356; Thu, 7 Nov 2002 17:13:09 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gA7MCCv25311 for <rpsec@optimus.ietf.org>; Thu, 7 Nov 2002 17:12:12 -0500
Received: from gto-mailer1.bbn.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA15337 for <rpsec@ietf.org>; Thu, 7 Nov 2002 17:09:21 -0500 (EST)
Received: from [128.89.88.34] (comsec.bbn.com [128.89.88.34]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id RAA04989; Thu, 7 Nov 2002 17:11:46 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@po2.bbn.com
Message-Id: <p05100311b9f0917c10e4@[128.89.88.34]>
In-Reply-To: <20021106171433.J58530-100000@sequoia.muada.com>
References: <20021106171433.J58530-100000@sequoia.muada.com>
Date: Thu, 07 Nov 2002 17:07:42 -0500
To: Iljitsch van Beijnum <iljitsch@muada.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: [RPSEC] Re: draft-convery-bgpattack-00
Cc: rpsec@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: rpsec-admin@ietf.org
Errors-To: rpsec-admin@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Iljitsch, >On Wed, 6 Nov 2002 sandy@tislabs.com wrote: > >> >IMHO - "Security requirements" that force Internet capital spending and >> >network wide maintenance windows to deploy are not going to be adopted by >> >the operations community. > >> Not a surprising development and reminiscent of the auto manufacturers' >> stance on seat belts, crash resistent bumpers, air bags, ... Those whose >> focus is the bottom line always want to be shown a financial incentive. >> "How about 'survival'?" seems to be unpersuasive. > >Routers are a lot like regular computers in many ways, but you can only >expect to sell a very small number compared to computers. I'm not a >router builder but I think that's the reason why router CPUs are so slow >compared to those of regular computers: the design costs to keep up with >the latest CPU technology would be too high. The performance of the CPU used for BGP varies from model to model and from vendor to vendor. >As far as I can tell, verifying a signature takes in the order of a >millisecond on a decent CPU. So with 115,000 routes in the global >routing table, that's 2 minutes to initialize BGP, assuming one >signature must be checked per route. I don't think this is acceptable, >especially not considering router CPUs may be slower, there is other >processing to do as well and the expected growth of the global routing >table. This means routers must be equipped with crypto modules. We realized long ago that startup transients could be a serious timing concern, and so we have suggested that routers destined to support S-BGP would ideally have non-volatile storage sufficient to hold a recent copy of the RAs, as well as the AAs and PKI data. Few (if any) routers deployed today have this cap[ability, but it would be cheap to provide in the future, e.g., flash memory prices are fairly low even today. >Then there is memory. There are still many routers in production that >are already in trouble memory-wise as their design allows only 32, 64 or >128 MB and a Cisco needs 256 MB to comfortably run BGP. I've tried to >add up all the extra fields but I couldn't be sure how much of what goes >where, but it looks like S-BGP will take at least twice the memory of >regular BGP. Again, no argument that currently deployed routers would not generally have sufficient memory to hold all the RAs if everyone ran S-BGP, but then these routers would probably no longer be in use by the time everybody would be ready to run S-BGP. The factors (to first order) that determine the extra memory requirements under S-BGP are the number of ADJ-RIBs the router holds, the number of routes in the RIBs, and the average path length for the routes. The total memory requirement is a function of these factors, plus the extent to which S-BGP is deployed, i.e., the fraction of routes that are S-BGP protected. In any case, we're not talking about more memory than my laptop and desktop have, and the costs are not great, but you are right that most routers in use today simply do not have the ability to support enough memory, although some do. But, as noted above, the initial stages of incremental deployment would not need as much extra memory as full deployment. >This means some routers must be replaced completely and all others need >hardware upgrades. So expect resistance from the people who have to pay >the bill. Especially if there is so much of a byte wasted in your packet >formats, or there is a place where crypto is used when the same result >could be obtained without it. > Yes, routers would need to be replaced over time, but routers are replaced over time anyway, so the question is in part one of timing, and incremental deployment is, by definition, staged over time. Also, it would be possible to use ancillary devices with multi-hop BGP to avoid a "fork lift upgrade" for some routers, if one can tolerate managing the extra boxes. Steve _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Joachim Jensen
- RE: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- [RPSEC] draft-convery-bgpattack-00 Sean Convery
- Re: [RPSEC] draft-convery-bgpattack-00 Damir Rajnovic
- [RPSEC] Re: draft-convery-bgpattack-00 David G. Boney
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] draft-convery-bgpattack-00 Christopher Lonvick
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Birger Toedtmann
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Randy Bush
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Michael Richardson
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Birger Toedtmann
- Re: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Jeffrey Haas
- [RPSEC] prefix origin authentication (was Re: dra… Michael Richardson
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Michael Richardson
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Jeffrey Haas
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Tony Tauber
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Danny McPherson
- Re: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Michael Richardson
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Sean Convery
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Sean Convery
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Larry J. Blunk
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Jeffrey Haas
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Barry Raveendran Greene
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Michael Richardson
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Michael Richardson
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Jeffrey Haas
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Barry Raveendran Greene
- Re: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- RE: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Jeffrey Haas
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Jeffrey Haas
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Randy Bush
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Jeffrey Haas
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Charles Lynn
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Susan Hares
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- Re: [RPSEC] Re: draft-convery-bgpattack-00 sandy
- Aggregation in S-BGP was RE: [RPSEC] Re: draft-co… Charles Lynn
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Joel M. Halpern
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Randy Bush
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Iljitsch van Beijnum
- [RPSEC] Potential requirements Charles Lynn
- Re: [RPSEC] Potential requirements Iljitsch van Beijnum
- RE: [RPSEC] Re: draft-convery-bgpattack-00 Stephen Kent
- Re: [RPSEC] Potential requirements Tony Tauber
- Re: [RPSEC] Potential requirements Steve Suehring
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Sean Convery
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Sean Convery
- Re: [RPSEC] Re: draft-convery-bgpattack-00 Michael Richardson