IETF Logo Mail Archive

Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server

Robert Raszuk <raszuk@cisco.com> Fri, 08 July 2011 14:05 UTC

Return-Path: <raszuk@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46CCB21F871A for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 07:05:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-4.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jrvqlqkupmtu for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 07:05:01 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 82A4A21F8509 for <sidr@ietf.org>; Fri, 8 Jul 2011 07:05:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=raszuk@cisco.com; l=953; q=dns/txt; s=iport; t=1310133901; x=1311343501; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=H70bwIVZGNZeprl8hirqFIGYVBuUZZZo7dGj+CV0MEk=; b=dJBDlzHtrpVSnIP8ofGNkY2/NpX8Bd1WUY89fQoJvgr/WiuBiZXiKOp7 PVdRPEeTdhm9YW+eAuTE+F5jyn/z/BXx3JngFZGWEFSKJu7SOFzmrGwQL NaqUbW9JstaOMXX0sbDPReAA2Qsjlc06CjcVjLuWTPUGZl41n3yo7qQ1v o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EADsNF06rRDoG/2dsb2JhbABTp0V3iHukZ4MVDwGaXIY4BJJMhH2LSQ
X-IronPort-AV: E=Sophos;i="4.65,499,1304294400"; d="scan'208";a="1050553"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by rcdn-iport-5.cisco.com with ESMTP; 08 Jul 2011 14:05:00 +0000
Received: from [192.168.1.51] (ams-raszuk-2-87113.cisco.com [10.55.99.78]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p68E4wWb019575; Fri, 8 Jul 2011 14:04:59 GMT
Message-ID: <4E170E82.60406@cisco.com>
Date: Fri, 08 Jul 2011 16:04:50 +0200
From: Robert Raszuk <raszuk@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Randy Bush <randy@psg.com>, Chris Hall <chris.hall@highwayman.com>
References: <012601cc3d54$8f07c4e0$ad174ea0$@highwayman.com> <m2y609kptw.wl%randy@psg.com> <014001cc3d74$319571c0$94c05540$@highwayman.com> <m2pqlklw3v.wl%randy@psg.com>
In-Reply-To: <m2pqlklw3v.wl%randy@psg.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: 'sidr wg list' <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: raszuk@cisco.com
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 14:05:02 -0000

> so, A has to know all the ASs to which RS will hand route, forward sign
> announcements to each of them and hand all those to RS, and RS then
> stores them all and forwards as appropriate.  that'll scale really well.

IX are used for optimizing local traffic patterns. Only very few 
applications of IX are about Internet peering broker service (but let's 
keep those out for the time being).

So if we assume that A wants to give some of his addresses to B & C via 
RS why do they need to bother with bgpsec at all ?

When A advertises it's nets to it's Internet providers yes it will 
forward sign it properly so they will be announced everywhere according 
to BGPsec rules.

Imagine an IX without RS ... A wants to peer with B and both establish a 
peering relation I really see no need why they should get any of 
additional security on top of their direct route exchange as B will not 
be a transit for A anyway.

Rgs,
R.

v2.23.0 | Report a Bug | By Email