Re: [sidr] [Idr] No BGPSEC intradomain ?

Robert Raszuk <robert@raszuk.net> Tue, 10 April 2012 17:49 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4893911E80F4 for <sidr@ietfa.amsl.com>; Tue, 10 Apr 2012 10:49:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sAxrMfmDBud3 for <sidr@ietfa.amsl.com>; Tue, 10 Apr 2012 10:49:26 -0700 (PDT)
Received: from mail1310.opentransfer.com (mail1310.opentransfer.com [76.162.254.103]) by ietfa.amsl.com (Postfix) with ESMTP id 70CEB21F86F1 for <sidr@ietf.org>; Tue, 10 Apr 2012 10:49:26 -0700 (PDT)
Received: (qmail 12845 invoked by uid 399); 10 Apr 2012 17:49:25 -0000
Received: from unknown (HELO ?192.168.1.57?) (pbs:robert@raszuk.net@83.31.51.142) by mail1310.opentransfer.com with ESMTPM; 10 Apr 2012 17:49:25 -0000
X-Originating-IP: 83.31.51.142
Message-ID: <4F8472A5.5000700@raszuk.net>
Date: Tue, 10 Apr 2012 19:49:25 +0200
From: Robert Raszuk <robert@raszuk.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: Warren Kumari <warren@kumari.net>
References: <D7A0423E5E193F40BE6E94126930C4930B96182E71@MBCLUSTER.xchange.nist.gov> <4F828D6D.10907@raszuk.net> <D7A0423E5E193F40BE6E94126930C4930B96C507DA@MBCLUSTER.xchange.nist.gov> <4F830E75.70606@raszuk.net> <24B20D14B2CD29478C8D5D6E9CBB29F60F6F1533@Hermes.columbia.ads.sparta.com> <4F832F5E.9030903@raszuk.net> <0BD03B75-CA3A-4CBA-BBF4-E2100AFA64E4@kumari.net> <4F846121.2050408@raszuk.net> <CAL9jLaYF-MW1cJ2n28BiV1mi+tpPS2ECKB2UxhFMQ=NXxbihCg@mail.gmail.com> <D7CF4F8F-AF93-43F2-BC0D-26E072307B4F@kumari.net>
In-Reply-To: <D7CF4F8F-AF93-43F2-BC0D-26E072307B4F@kumari.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "idr@ietf.org List" <idr@ietf.org>, sidr@ietf.org
Subject: Re: [sidr] [Idr] No BGPSEC intradomain ?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert@raszuk.net
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2012 17:49:27 -0000

Hi Warren,

Not seeing the problem/error does not mean it is not there.

I would in fact encourage in the initial years of deployment to use both 
to easily detect bugs and inconsistency issues.

In my view we should do all BGP processing based on "legacy" attributes 
and BGPSEC should be a hint to the local operator on how to treat the 
update.

Actually I am of the opinion (I think similar to some research voices in 
US) that secured BGP (or for that matter even origin validation) should 
be handled by few BGP Route Controllers providing AS based overlay 
certificate processing rather then by each individual BGP speaker in the 
network. BGP should be able to transport it as purely opaque information 
which could after automatic detection be used as best path 
decision/preference factor in a given AS.

Regards,
R.


> On Apr 10, 2012, at 12:52 PM, Christopher Morrow wrote:
>
>> On Tue, Apr 10, 2012 at 12:34 PM, Robert Raszuk<robert@raszuk.net>  wrote:
>>> Anyhow my doubt has been answered and I stay by my opinion that not sending
>>> AS_PATH and AS4_PATH is a terrible idea.
>>
>> So... we can send the data along, but in the case of BGPSEC speakers
>> the data isn't used (it's replicated in the BGPSEC_SIGNED_PATH).
>> Carrying extra bits isn't actually helpful is it? (the implementers
>> drove the design decision here I believe)
>
> I think that sone of the biggest issues to keep in mind with carrying the "same" data in two places is what to do when you suddenly discover that they are not actually the same?
>
> There has been much good work in IDR to better handle bugs / implementations issues, and these considerations probably had much to do with this...
>
> For example, I'm a BGPSEC speaker. In the BGPSEC bits I see:
>
> AS1 AS2 AS3 AS4 AS5  All this checks out, the magic crypto says all is happy, etc.
> but, in the AS_PATH I see:
> AS1 AS 100 AS17 AS6
>
> What do I do here? Do I a: drop the update or b: ignore the issue or c: reset the session or d: prefer the singed or unsigned or e: nasal demons?
> Someone who's opinion I really respect once said: Never test for an error condition you don't know how to handle.
>
> This idea extends this by simply not allowing the error condition to occur.
>
> You have all of the information to recreate the AS_PATH / AS4_PATH when you leave a BGPSEC domain, and because it is only in one place, you sidestep all sorts of weird error corner cases...
>
> W
>
>
>>
>>> Perhaps one could depreciate it in 20 years when world is upgraded to
>>> BGPSEC, but recommending this in BGPSEC protocol draft now is IMHO not
>>> helpful for any even potential BGPSEC deployment model.
>>
>> is it helpful for the folks that write bgp code though? "Hey, you will
>> need to re-synthesize the as-path at sec->non-sec boundaries. you need
>> to also create sec-path at none->sec boundaries."
>>
>> -chris
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
>>
>
> _______________________________________________
> Idr mailing list
> Idr@ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>
>