Re: [sidr] route leaks message to IDR
Brian Dickson <brian.peter.dickson@gmail.com> Mon, 19 March 2012 23:18 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C55A921F883D for <sidr@ietfa.amsl.com>; Mon, 19 Mar 2012 16:18:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.555
X-Spam-Level:
X-Spam-Status: No, score=-3.555 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l8GdOo3AnwVO for <sidr@ietfa.amsl.com>; Mon, 19 Mar 2012 16:18:23 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) by ietfa.amsl.com (Postfix) with ESMTP id B4A9321F8834 for <sidr@ietf.org>; Mon, 19 Mar 2012 16:18:22 -0700 (PDT)
Received: by wibhr17 with SMTP id hr17so3880298wib.1 for <sidr@ietf.org>; Mon, 19 Mar 2012 16:18:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=64jL7P5WieL3c4ZmaHNORt4ju3WZG9z8Xw3NvkyeGKA=; b=HRZxwpBzjfzyyIjm226U/iWje6ypsnXG3qTaHCb3y8S5qGyNyMy4VBaX3PnTm51HB8 raR4r2A6pTd0TVvKgYtiUwM5IEHTXJPtS86cAZAiLhf5s7W0tSwO4eSSL65iCO5DFQrp SB7hKk4tS50YIJdKaCuCb10YgEcldRKT8dIQO5b54f6l6ESvAm4th1oJnz4v7FdNzohF XOU1/sYXZ0fcm2nge4C8/AJHP18gy/FU/QK92pCg1f3Zg7B6EhX9t11Znkg2aWwR2tGx 3LRtSPGb8X86WrZ9tyKgPO4OrMiUvpqhary549K9XQ3WRrTKx8j7EdZkgvVImIMGOC4K aAMw==
MIME-Version: 1.0
Received: by 10.180.95.74 with SMTP id di10mr34378643wib.1.1332199101940; Mon, 19 Mar 2012 16:18:21 -0700 (PDT)
Received: by 10.223.88.212 with HTTP; Mon, 19 Mar 2012 16:18:21 -0700 (PDT)
In-Reply-To: <4F67B647.10904@raszuk.net>
References: <24B20D14B2CD29478C8D5D6E9CBB29F60F6C75A0@Hermes.columbia.ads.sparta.com> <DCC302FAA9FE5F4BBA4DCAD465693779173BA12C3E@PRVPEXVS03.corp.twcable.com> <5E228600-8A59-40F0-BB4E-5FBAA50EF16E@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F60F6C7D36@Hermes.columbia.ads.sparta.com> <144F8BE8-2A9A-4967-AA7D-0702670BF820@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F60F6C815F@Hermes.columbia.ads.sparta.com> <CAH1iCipxuXU2B17NjrdmOq6D_OhYq3PbE0EyArwJVNbC3FhG8Q@mail.gmail.com> <p06240802cb8ceb04d6ac@192.168.1.5> <4F67B647.10904@raszuk.net>
Date: Mon, 19 Mar 2012 19:18:21 -0400
Message-ID: <CAH1iCir4oC7mdEi5s9LVqpJxzA2k_+6bmTn5pENxX50NvpCOPQ@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: robert@raszuk.net
Content-Type: multipart/alternative; boundary="f46d041825203dc50304bba0c642"
Cc: "Murphy, Sandra" <Sandra.Murphy@sparta.com>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] route leaks message to IDR
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 23:18:23 -0000
Hi, Robert, The problem being solved is, that the current methodology places the entire onus on not allowing route leaks, on the immediate upstream provider - who may be small and inexperienced. What is being solved, in particular, is the ability to identify and block route-leaks when one is _more_ than one AS-hop away from the leak, in a guaranteed fashion. Blocking, or even noticing, route leaks via one's peers, can be difficult (or nearly impossible) today. Best practices are good, but consider the level of adoption of BCP-38. Clearly, best practices are not good enough, or we wouldn't have any interest in the "route leak" problem. Reducing the best practice to a "pick one of these four settings (and don't use #4 unless you REALLY know what you are doing)", is a deliberate choice. Make it easy. And, for the most part, the party benefiting significantly, is the person _using_ that setting. Route leaks _hurt_ the leaker/leakee probably as much or more than anyone else. If route filters are seat-belts, then this is an air-bag. Either is good, both is best. Especially when used. Brian On Mon, Mar 19, 2012 at 6:42 PM, Robert Raszuk <robert@raszuk.net> wrote: > Hi Brian, > > > The desired outcome is that sender/receiver _negotiate_ what is or is not >> to be sent, >> and the protocol merely enforces what has been agreed upon. The automatic >> enforcement >> of this high-level policy, is what stops route leaks from being initiated >> or propagated. >> The policy is still determined by the operators at both ends of a peering >> session. >> Just like the IP addresses and ASNs, the policies have to match for BGP >> session establishment. >> Unilateral misconfiguration (whether by accident or deliberate act), >> which could have introduced >> or propagated route leaks, are prevented. >> > > I have read your drafts reg route leaks however I would like to clarify > one very basic question. > > When any provider creates a BGP peering relation to his customer it is a > common best practice among most if not all ISPs that there is a strict BGP > policy applied over the session to make sure only legitimate customer > blocks are advertised. > > If such policy would be required to be share one could use prefix ORF. > > With this in mind I am really not clear what practical vs theoretical > problems you are attempting to solve ? > > Best regards, > R. > >
- [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Sriram, Kotikalapudi
- Re: [sidr] route leaks message to IDR George, Wes
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Sriram, Kotikalapudi
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Russ White
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Stephen Kent
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Eric Osterweil
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Shane Amante
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Robert Raszuk
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- Re: [sidr] route leaks message to IDR Murphy, Sandra
- Re: [sidr] route leaks message to IDR Christopher Morrow
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Montgomery, Douglas
- [sidr] Signed vs unsgned and bgp best path decisi… Robert Raszuk
- Re: [sidr] route leaks message to IDR Brian Dickson
- Re: [sidr] route leaks message to IDR Jay Borkenhagen
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] route leaks message to IDR Randy Bush
- Re: [sidr] Signed vs unsgned and bgp best path de… Ruediger Volk
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow
- Re: [sidr] Signed vs unsgned and bgp best path de… Jakob Heitz
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow
- Re: [sidr] Signed vs unsgned and bgp best path de… Robert Raszuk
- Re: [sidr] Signed vs unsgned and bgp best path de… Christopher Morrow