Re: [sidr] draft-dickson-sidr-route-leak-solns-01.txt
DougM lists <dougm.tlist@gmail.com> Mon, 26 March 2012 12:37 UTC
Return-Path: <dougm.tlist@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 778D021F84DE for <sidr@ietfa.amsl.com>; Mon, 26 Mar 2012 05:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNTJtb1M0ipq for <sidr@ietfa.amsl.com>; Mon, 26 Mar 2012 05:37:01 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 23B7821E808E for <sidr@ietf.org>; Mon, 26 Mar 2012 05:37:01 -0700 (PDT)
Received: by yenm5 with SMTP id m5so4124647yen.31 for <sidr@ietf.org>; Mon, 26 Mar 2012 05:37:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=K7+tu4+cW/ijhDMaTT22XthRRXfuktde3Z/cy2qTZnY=; b=AGYLgzHigtAfV7xmAi+eaG1Yov6o/Wt+EmOmOmH/4hD3yRBI2G3v/W8/VsJsuSJ8tw qhllAA2fyyUaqpt2jUY5Jz5D/MpMeWvurXO60CE5xDvB0p0g+ivvL5wKoEAGnHoD34+Y JkNUb8eZch7/GfHjM53Am//PHgSwKaMrN2srz8988cv9F5QZHy4yXOiQ8k02ksHSTtEg xJqZl1WEur5w9U6P8sTZkJa2LMA8LqENh4s94bjCxQ5/+02zpzelAV0Dlzy6xbuIUpaT LY/40ofDTxrmvc28k01eTrfuzV29pnYad1khDVm1TEFlLm9pDFbB/XmJsREJ37G1XnBS 7iEQ==
Received: by 10.68.212.35 with SMTP id nh3mr30398696pbc.84.1332765420364; Mon, 26 Mar 2012 05:37:00 -0700 (PDT)
Received: from [130.129.87.191] (dhcp-57bf.meeting.ietf.org. [130.129.87.191]) by mx.google.com with ESMTPS id k2sm12457327pba.28.2012.03.26.05.36.58 (version=SSLv3 cipher=OTHER); Mon, 26 Mar 2012 05:36:59 -0700 (PDT)
Message-ID: <4F7062EA.5050307@gmail.com>
Date: Mon, 26 Mar 2012 08:36:58 -0400
From: DougM lists <dougm.tlist@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: sidr@ietf.org
References: <m2limnh8cv.wl%randy@psg.com>
In-Reply-To: <m2limnh8cv.wl%randy@psg.com>
Content-Type: multipart/alternative; boundary="------------050502090404060604070304"
Subject: Re: [sidr] draft-dickson-sidr-route-leak-solns-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2012 12:37:06 -0000
As noted a while back (http://www.ietf.org/mail-archive/web/sidr/current/msg03797.html <http://www.ietf.org/mail-archive/web/sidr/current/msg03797.html>) we have been trying to add this to BGP for over 20 years (see RFC1105 - this was in BGP design at one point). What always sends this straight into a rat hole are the exceptions cases. In particular: 1. If the granularity of the labeling is the peering session, you will find that there are situations in which some routes need to be labeled differently than the rest. * If you label individual updates, you at least have the flexibility to have exceptions per-peering session. 2. If you label updates - there will always be situations where someone does not want to reveal that relationship. * The encoding must permit some updates to be unlabeled (or marked "undisclosed"). 3. If you mandate the policy that MUST be enforced w/ these markings (e.g., valley free, no multi-hop plateaus, etc) there will always be exceptions. * If you make the labeling of hops simply an input to local policy, receivers can decide what policies to implement with respect to the "shape" of the path. If we avoid these rat holes, one could include such a feature w/ bounded risk, time would tell how the mechanism is put to use in practice. dougm On 3/26/2012 8:09 AM, Randy Bush wrote: > [ let me save mic time and just say what i said to the idr list ] > > i do not think this will fly in the long run, but let my try to at least > get it in the best light. > > o it could and should be said in a page or so in order that people can > get it and think it is simple and not imposing > > o it assumes gao-rexford, which we know is an unsafe assumption, but > wtf, it's good in enough cases that we can let it go for the moment > > o the relationship has to be per prefix not per link, as prefixes with > different business models are often sent over the same link > > o the mark should be determined by the sender, and need not agree with > the receiver's perception of the relationship > > o if the receiver does not like it they can call the sender on the > phone, drop the announcement, whatever > > o this is a significant change to bgp, so idr should be asked to say > it's cool before sidr tries to protect it by signing over it > > o if it is agreed by idr and it is well defined, we know how to sign > it in bgpsec, it's like a few more bits on each hop in the as path > > o as with origin validation and path validation, the router should not > do anything on its own, but rather should provide the operator the > tools needed to apply policy based on the data > > o therefore, to use it, the router will have to give the operator some > sort of expression over the catenation of the per-as policy markings > > o but what should an operator do when they see a 'violation' six hops > away? > > randy > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr