IETF Logo Mail Archive

Re: [sidr] BGPSEC Threat Model ID

Christopher Morrow <morrowc.lists@gmail.com> Fri, 04 November 2011 21:24 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5C4111E8097 for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 14:24:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.54
X-Spam-Level:
X-Spam-Status: No, score=-103.54 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwnfux6AxdeC for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 14:24:00 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0E3D711E808B for <sidr@ietf.org>; Fri, 4 Nov 2011 14:23:59 -0700 (PDT)
Received: by qadc10 with SMTP id c10so3246466qad.31 for <sidr@ietf.org>; Fri, 04 Nov 2011 14:23:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=uxUtBQR7cf8INM8/Jh9189bdE05sxT5jFxhg0maRCmQ=; b=whLAyjx+g0B7lbh0ocAaBG6aPFDhWC1ubBJRfwZcX0SQQvs2kB+6kQwaSrJvLULYgh boUpQq0o3yU0cPcR3iXdwMKyHvdKkYc+Q6pL2LdlnrsvqXj3De6Mran0fe6BjCQSf8hj vk7f1h0wgRIzJXjMdG0Cf8rtRgw1NoGcGJk1w=
MIME-Version: 1.0
Received: by 10.50.36.161 with SMTP id r1mr14565873igj.37.1320441838320; Fri, 04 Nov 2011 14:23:58 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.231.202.142 with HTTP; Fri, 4 Nov 2011 14:23:58 -0700 (PDT)
In-Reply-To: <CAH1iCioH8jm36-COFxyoxqaxGAK+VHrSAT2dTjqOUApTqE+SrQ@mail.gmail.com>
References: <E96517DD-BAC7-4DD8-B345-562F71788C6A@tcb.net> <p06240807cad42f85eb7d@193.0.26.186> <32744.216.168.239.87.1320175657.squirrel@webmail.tcb.net> <p06240801cad6ab773279@193.0.26.186> <D9A38669-883D-4090-9F95-BC5C63220950@tcb.net> <p06240801cad800485596@193.0.26.186> <EEBF68E0-FAD9-4AF3-B81B-78760D200D9B@tcb.net> <p06240808cad85ff73d61@193.0.26.186> <080F8FFF-D2C7-4414-B53A-233F88D2009F@vpnc.org> <CAFU7BATC-6DUDNuadakwSa5wj0ryy0=49=XveBXD5Wv=5JL-ag@mail.gmail.com> <m2aa8c489s.wl%randy@psg.com> <CAH1iCioH8jm36-COFxyoxqaxGAK+VHrSAT2dTjqOUApTqE+SrQ@mail.gmail.com>
Date: Fri, 04 Nov 2011 17:23:58 -0400
X-Google-Sender-Auth: IS_4teFqOD8LTvCjA3FmoJjZez0
Message-ID: <CAL9jLab8hjcZSCvgFkKj8tC613Qag6TkbpRnQfj8CHAZ9YPf0g@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] BGPSEC Threat Model ID
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2011 21:24:00 -0000

On Fri, Nov 4, 2011 at 4:52 PM, Brian Dickson
<brian.peter.dickson@gmail.com> wrote:
> On Fri, Nov 4, 2011 at 4:11 AM, Randy Bush <randy@psg.com> wrote:
>> could someone post a clear technical explanation of WHAT a route leak
>> is,
>
> I'll bite.
>
> It requires carefully a constructed definition, first:
> "Customer" - A is a customer of B iff A has an arrangement with B
> which explicitly allows B to announce A's routes to any third party,
> and for B to announce B's entire routing table to A.
>
> Customer is a technical arrangement, regardless of how or why that
> arrangement was arrived at, e.g. paying money.

channeling russ: "where is this arrangement publicly documented?" (So
I can know it and put it into my algorithm)

> If A is a customer of B, A is allowed to announce A's own routes (and
> by extension A's customer's routes) to B.
> A _may_ (or may not, at A's discretion) signal to B that A wishes B to
> forward all (or a subset) of A's (and A's customers) routes to third
> parties.
> A is not _required_ to do so, and A may further signal that B should
> only send those prefixes to a subset of third parties with whom B
> peers.
>
> (Observe: B may always announce A's routes to B's other customers.)
>
> A route leak occurs, when B announces non-customer routes to non-customers.
>
> (Those would be routes for which B has not been given explicit
> _blanket_ permission to announce to third parties.)
>

Where is this documented? (this permissions giving)
How is this enforced? (the permission)
what about cases of partial transit? (I sent a route to B, and
requested he NOT send it to the world at large)
  how is that sort of thing documented? (again, channeling russ)

> If A (a customer of B) signals to B to not announce a subset of routes
> to B's non-customers, but B does so anyways, that would _not_
> constitute a true route-leak as such.

depends on your perspective I suppose, no? Doesn't RPSL today have the
ability to signal: "Send partial routes to Foo and Full routes to Bar"
?

> (It would, however, be a contractual and technical issue that would
> normally be resolved between A and B.)
>
> If it helps, I've tried to illustrate the leak/no-leak distinction below...

it didn't really... re-explaining valley-free routing with mistakes
due to agreements not-available 2 as-hops away isn't helpful. Routes
leak, people should filter... not new knowledge.

-chris

v2.23.0 | Report a Bug | By Email