Re: [sidr] Burstiness of BGP updates

Christopher Morrow <morrowc.lists@gmail.com> Wed, 16 November 2011 05:35 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBFC31F0CD5 for <sidr@ietfa.amsl.com>; Tue, 15 Nov 2011 21:35:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.548
X-Spam-Level:
X-Spam-Status: No, score=-103.548 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fiXg6ZDrL2BC for <sidr@ietfa.amsl.com>; Tue, 15 Nov 2011 21:35:05 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id C88AE1F0CE8 for <sidr@ietf.org>; Tue, 15 Nov 2011 21:35:03 -0800 (PST)
Received: by ggnr5 with SMTP id r5so3598955ggn.31 for <sidr@ietf.org>; Tue, 15 Nov 2011 21:35:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=/Mxo0FswjIVLR/c4BkBmgBY5+Km4nEMXeoVp+C9VSW0=; b=PFZQkCT9xFuRAr4RSHM8eOLifT7Yix+ymrTercqvVILKdlgfsvuAUFWsQilcDtm38F RbyX7/n0hgPCWNlENaq+dE47fJePxh1QC1DnMwa2UJFKuxtPDY0hes167O6e3/ll8CVF xi76wi3OapTCzhGCoh6WOY0BvULbQv/GBSnNE=
MIME-Version: 1.0
Received: by 10.50.202.100 with SMTP id kh4mr31113773igc.41.1321421703179; Tue, 15 Nov 2011 21:35:03 -0800 (PST)
Sender: christopher.morrow@gmail.com
Received: by 10.231.202.142 with HTTP; Tue, 15 Nov 2011 21:35:03 -0800 (PST)
In-Reply-To: <CAH1iCiqFq7reoMrCBAUOk-PdmZDYoed+ii37xQbgX0nopNgDEw@mail.gmail.com>
References: <D7A0423E5E193F40BE6E94126930C49308E9E35567@MBCLUSTER.xchange.nist.gov> <7309FCBCAE981B43ABBE69B31C8D21391A45A1F85D@EUSAACMS0701.eamcs.ericsson.se> <m2fwhqeq5i.wl%randy@psg.com> <CCE759E6-BEA6-433B-957A-6559C67BAD52@ericsson.com> <DCC302FAA9FE5F4BBA4DCAD4656937791452387941@PRVPEXVS03.corp.twcable.com> <7309FCBCAE981B43ABBE69B31C8D21391A45A1FE9F@EUSAACMS0701.eamcs.ericsson.se> <DCC302FAA9FE5F4BBA4DCAD4656937791452387978@PRVPEXVS03.corp.twcable.com> <7309FCBCAE981B43ABBE69B31C8D21391A45A1FEC8@EUSAACMS0701.eamcs.ericsson.se> <4EC3125D.4000309@riw.us> <7309FCBCAE981B43ABBE69B31C8D21391A45A2061F@EUSAACMS0701.eamcs.ericsson.se> <4EC329C6.4090600@riw.us> <7309FCBCAE981B43ABBE69B31C8D21391A45A2062E@EUSAACMS0701.eamcs.ericsson.se> <CAH1iCiqFq7reoMrCBAUOk-PdmZDYoed+ii37xQbgX0nopNgDEw@mail.gmail.com>
Date: Wed, 16 Nov 2011 00:35:03 -0500
X-Google-Sender-Auth: hxucGAfaCu_cRSXOp2a_tl047p8
Message-ID: <CAL9jLaZ+m=P37X+Q3sf5r=RmdDniA+XSYMbQFF8_PZyCq2WtUQ@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Burstiness of BGP updates
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2011 05:35:10 -0000

On Wed, Nov 16, 2011 at 12:29 AM, Brian Dickson
<brian.peter.dickson@gmail.com> wrote:
> Understanding the "real" threats, and worked, real-world examples, is important.
>
> I cannot believe anyone in this WG would be ignorant of things like this:
>
> http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf

this is referred to several times in Stephen Kent's presentations
actually, and in Randy's presentations to RIR/etc folk.

> Does this illustrate the importance of not only validating origins,
> but also only using signed prefixes if you are participating in
> BGPsec?

sure, but if your customer forgets to pay a bill, calls you up and
(post proper 'this is the customer' authentication) says: "Hey, srsly,
I forgot, checks in the mail to ARIN, can you accept our route pls?"

you may be willing to do same, you may also be willing to do this in
the case of internal services routes that you don't actually want
externally visible.

> And the importance of minimizing or eliminating the ability of someone
> currently off-axis, from becoming on-axis?

sure, see referenced slides from Kent. (and bgpsec as spec'd would
squish pilosov/kapella)

> Preferably eliminating exploitation of lack of proper trust boundaries
> WRT leakage (reannouncement permissions)?

re-announcement is 'harder' since it's not clear if NTT is supposed to
be passing cogent aol's routes or not, is it?

> (It is difficult to change from off-axis to on-axis without "leaking"
> - the only time "leaking" isn't strictly required, is when already
> on-axis.)
>
> Jakob, please view the whole presentation above. It was more than 3
> years ago... You should have heard of it by now.

hopefully everyone's read it :)

-chris