IETF Logo Mail Archive

Re: [sidr] beacons and bgpsec

George Michaelson <ggm@pobox.com> Wed, 10 August 2011 01:41 UTC

Return-Path: <geeohgeegeeoh@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 283CF11E8070 for <sidr@ietfa.amsl.com>; Tue, 9 Aug 2011 18:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.499
X-Spam-Level:
X-Spam-Status: No, score=-3.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PmFm3SLAq6e0 for <sidr@ietfa.amsl.com>; Tue, 9 Aug 2011 18:41:36 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7B036228016 for <sidr@ietf.org>; Tue, 9 Aug 2011 18:41:36 -0700 (PDT)
Received: by ywm21 with SMTP id 21so428957ywm.31 for <sidr@ietf.org>; Tue, 09 Aug 2011 18:42:06 -0700 (PDT)
Received: by 10.100.78.10 with SMTP id a10mr6499436anb.34.1312940526332; Tue, 09 Aug 2011 18:42:06 -0700 (PDT)
Received: from dynamic201.apnic.net (dynamic201.apnic.net [203.119.42.201]) by mx.google.com with ESMTPS id l2sm420918anm.24.2011.08.09.18.42.04 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 09 Aug 2011 18:42:05 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: text/plain; charset="us-ascii"
From: George Michaelson <ggm@pobox.com>
In-Reply-To: <B92913D1-AB82-4D9F-B8A9-F8F4F99713D6@tcb.net>
Date: Wed, 10 Aug 2011 11:42:01 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <4DA5E29E-7B05-4986-B993-3EDF2BDB847D@pobox.com>
References: <A37CADA4-F16D-4C01-8D9C-D01001C4EFE4@tcb.net> <21C19DA8-7BF3-4832-8C13-C9A45FE026FB@algebras.org> <87D9E106-2A37-4E1E-8C69-7084C199A3FE@tcb.net> <331AEFBD-6AE5-469E-A11E-E672DC61DCDC@pobox.com> <B92913D1-AB82-4D9F-B8A9-F8F4F99713D6@tcb.net>
To: Danny McPherson <danny@tcb.net>
X-Mailer: Apple Mail (2.1244.3)
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] beacons and bgpsec
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2011 01:41:37 -0000

On 10/08/2011, at 11:34 AM, Danny McPherson wrote:

> 
> On Aug 9, 2011, at 9:23 PM, George Michaelson wrote:
> 
>> 
>> You seemed to be saying "some people are saying beacons wont work"
> 
> No, that's precisely why I referenced Randy's presentation, if you didn't see it you should have a look at the proceedings...
> 

Will look

>> when you said: "I think Randy successfully convinced me during his talk at the Quebec City WG session that "beacons" at a frequency of 24 hours (or anything in the "hours" range) are pretty much useless and add considerable churn and complexity with little return from a practical attack surface perspective.  "
>> 
>> So, I am asking, are we removing support for beacons in BGPSEC because we don't understand their impact on BGPSEC and they add complexity which makes BGPSEC harder to push uphill.
> 
> I was contemplating the ROI for a newly designed protocol (bgpsec) and why they were put there in the first place (replay attacks [and more frequent wedgie oscillation :)]) and considering attack surface and practical implications, realizing that from an engineering tradeoff perspective they're quite likely not worth the effort.  Hence my broken attempt at a corollary with phishing site lifetime and RIPv1 scaling properties, because I don't have quantitative empirical data handy of routing hijack duration, nor could I possibly predict what it might entail in a bgpsec-enabled world, but I do suspect 24 hours is, umm... quite a while.

Popup announcements for spamming might well lie under 24h lifetime. I think some people have notes on that. You can inject a humongous amount of store-and-forward from far far less than 24h of routing.

But from the 1 week captures we did for the runout of IPv4, over a duration of a week we saw some frankly long lived, and widespread assumptions about routability of the spaces. Very probably not consciously in the wide, which goes to Randy's observations about the extent of default route propagating un-expectedly.

Also, "newly designed" seems a bit strong. This is BGP + signing chains isn't it? Its not re-entering from the top clean state..

I said it in part, because AS_SET has gone, precisely because its just too hard to do in BGPSEC, as I understand it. The justification is "its not useful" but its removed because of its impact on the emerging protocol modifications.

I am still struggling to understand how Path prepend is going to work. What I heard suggests its going to have to be administratively constrained to be sign-able. At the edge its more in the hands of the origin AS but beyond that where does the permission to play with the path come from?

(again, I may have misunderstood)

> 
>> Its very probably an unfair question. Thats why I called it the peanut gallery.
> 
> If it makes any difference, I think Randy both proposed beacons, and made a compelling case for removing them.

I guess I live in a margin where they are  research TOOL and you sometimes remove TOOLS. If they were added for another purpose, what I get from them (which is not much btw, but they get talked about in my hearing) is not the core motivation.

What they seem to do, is help confirm people are seeing BGP state. So they add something to the question "do I see the same kind(s) of BGP you see". Maybe thats not enough justifier.

-G

v2.23.0 | Report a Bug | By Email