Re: [sidr] Route Leaks and BGP Security

Robert Raszuk <> Mon, 21 November 2011 19:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D904F11E80C0 for <>; Mon, 21 Nov 2011 11:53:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NEfvWgC9ZIpa for <>; Mon, 21 Nov 2011 11:53:25 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id A279611E8096 for <>; Mon, 21 Nov 2011 11:53:25 -0800 (PST)
Received: (qmail 22463 invoked by uid 399); 21 Nov 2011 19:53:24 -0000
Received: from unknown (HELO ? ( by with ESMTP; 21 Nov 2011 19:53:24 -0000
Message-ID: <>
Date: Mon, 21 Nov 2011 20:53:24 +0100
From: Robert Raszuk <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Russ White <>, Randy Bush <>
References: <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [sidr] Route Leaks and BGP Security
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 21 Nov 2011 19:53:30 -0000

 >>    o a significant portion of the internet's isps will not publish
 >>      peering and customer business relationships,


This is very true statement how every last week we have had a number of 
conversations where the same significant portions of ISPs expressed very 
great interest in increase their revenues in the context of CDNs.

So to get some money from the large content providers like Akamai or 
Google they are willing to expose their peering relations just to let 
those big guys may an intelligent content query redirection.

I do know this is a bit outside of the scope of this WG, but the 
requirement is common and with addressing one we could perhaps address 
the other one in one shot.

So if we would propose a solution which only asks to advertise given 
AS's neighboring ASes by peering to them of course without disclosing 
any policy one may have .. do you think this would not be a doable 
proposal ?


 > On 2011-11-21 17:57, Russ White wrote:
>>    o a significant portion of the internet's isps will not publish
>>      peering and customer business relationships,
> You can't secure what you don't tell anyone about. Security is about
> allowing others to compare the current state against what the state
> should be. What you're asking for is to ask someone else to take some
> specific action for you without telling them what that action should be.
> An impossibility.
>>    o ASs are not homogenous, A gives B local peering and international
>>      transit in frankfurt, but B may have no relationship with A in
>>      new york, or B may be A's customer in new york, and you will never
>>      know (and you do not want to see how this is done if you are
>>      anywhere near a meal)
> These can be accounted for in some of the systems that have been
> proposed in the past, or are now available.
>>    o this is just a repeat of the non-sense which wasted years of time
>>      of the last ietf attempt in this area,
> Which is a worse waste of time --designing a solution first, then
> fitting the requirements around it, or figuring out what the problem is,
> then thinking through possible solutions?
> :-)
> Russ
> _______________________________________________
> sidr mailing list