IETF Logo Mail Archive

Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs

Christopher Morrow <morrowc.lists@gmail.com> Sat, 05 November 2011 01:51 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B99A11E80C4 for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 18:51:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.431
X-Spam-Level:
X-Spam-Status: No, score=-103.431 tagged_above=-999 required=5 tests=[AWL=-0.059, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_OBFU_Q1=0.227, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6eXS8aOHaiRn for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 18:51:50 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id B543D11E8091 for <sidr@ietf.org>; Fri, 4 Nov 2011 18:51:50 -0700 (PDT)
Received: by gye5 with SMTP id 5so3559883gye.31 for <sidr@ietf.org>; Fri, 04 Nov 2011 18:51:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=WqYdc//5KL7i/wpJjIwZD45zP0sYQ0FUBxUqosVt/mU=; b=dRxkuKLBleAidIijqc7N4ARiFapOSYC/n/zPQnBk4z0bUaH2clFNVgP8qisnOq9sLo 1vmzL98bao4EzhaaDmBdZZjPaSHl28g+kzCscU/duh6iM0EKbN9XI8dO2Qp6h/3tX4+4 Kmxkp0kah7ONFa0W0KRQJqoMZhDN/ooCs2OUI=
MIME-Version: 1.0
Received: by 10.42.136.196 with SMTP id v4mr20452555ict.3.1320457910118; Fri, 04 Nov 2011 18:51:50 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.231.202.142 with HTTP; Fri, 4 Nov 2011 18:51:50 -0700 (PDT)
In-Reply-To: <54CED243-BDDD-45B9-AC5C-C6A97692FBF2@verisign.com>
References: <CAL9jLaa+L-C7+Gp54BpM8FjAj+EFMabwQB9SsPW0N4QnFEfVGw@mail.gmail.com> <4297E946-980B-43C5-A01F-1F49706BC51E@tcb.net> <p06240808cad5c4d268eb@193.0.26.186> <0364A2AA-0CCF-408A-B5CB-42D7AFCAFB36@tcb.net> <p06240804cad81a9e4485@193.0.26.186> <54CED243-BDDD-45B9-AC5C-C6A97692FBF2@verisign.com>
Date: Fri, 04 Nov 2011 21:51:50 -0400
X-Google-Sender-Auth: rayFL4gJme-0MAn4olmyKAXrlC0
Message-ID: <CAL9jLaZ1GoN-iG4SWocVVhTKp5ppPOgHWcjh1J30GPnfwBPf+A@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Eric Osterweil <eosterweil@verisign.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Nov 2011 01:51:51 -0000

On Fri, Nov 4, 2011 at 11:57 AM, Eric Osterweil <eosterweil@verisign.com> wrote:
>
> On Nov 3, 2011, at 11:59 AM, Stephen Kent wrote:
>
>> At 9:32 PM -0400 11/2/11, Danny McPherson wrote:
>>> On Nov 2, 2011, at 11:04 AM, Stephen Kent wrote:
>>
>
> <snip>
>
>>> More specifically, if I have perform a cost/benefit analysis it's not at all clear to me
>>> that tightening exposure windows to the frequency (hours/days) you're suggesting
>>> is worth the investment and fundamental shift from the stateful BGP model we know
>>> today, particularly given the drive-by and targeted nature we see in all other aspects
>>> of security today (e.g., APT, phishing, etc..).
>>
>> I presume that your statement "fundamental shift from the stateful BGP model..." refers to beaconing. Beaconing does create a new basis for propagating a route, but an AS could cause the same impact on the routing system by changing other route parameters at the same frequency, consistent with the BGP spec. I'd prefer a better solution, but I don't have one to offer at this time.
>
> ooc, in regards to the above: is there any detailed analysis of how much extra overhead we can expect from these beacons if BGPSec were deployed universally today?  Specifically, the comment above, "an AS could cause the same impact on the routing system by changing other route parameters at the same frequency" seems to miss the point I think I see in the objection: what if _every_ AS must do this all the time (not just a rogue, or select few).  How much extra overhead would ensue if (say) someone took the current set of all ASes and prefixes and simulated the extra update traffic needed in (say) a day?  Maybe if we saw some numbers that told us how many additional updates and how much additional bandwidth this approach would require in a routing system like today's we could understand another aspect of much of a shift we are talking about?
>

my recollection is we ran some of these numbers (based, I think, on
routeviews dump/mrt data), perhaps randy or stephen has this sort of
number available?

v2.23.0 | Report a Bug | By Email