IETF Logo Mail Archive

Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server

"Chris Hall" <chris.hall@highwayman.com> Sun, 10 July 2011 16:05 UTC

Return-Path: <chris.hall@highwayman.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F019721F8745 for <sidr@ietfa.amsl.com>; Sun, 10 Jul 2011 09:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w5Vj3NnMGRRf for <sidr@ietfa.amsl.com>; Sun, 10 Jul 2011 09:05:45 -0700 (PDT)
Received: from anchor-post-3.mail.demon.net (anchor-post-3.mail.demon.net [195.173.77.134]) by ietfa.amsl.com (Postfix) with ESMTP id 4F42E21F873D for <sidr@ietf.org>; Sun, 10 Jul 2011 09:05:44 -0700 (PDT)
Received: from [80.177.246.162] (helo=hestia.halldom.com) by anchor-post-3.mail.demon.net with esmtp (Exim 4.69) id 1QfwVr-0001nI-p1; Sun, 10 Jul 2011 16:05:43 +0000
Received: from hyperion.halldom.com ([80.177.246.170] helo=HYPERION) by hestia.halldom.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.76) (envelope-from <chris.hall@highwayman.com>) id 1QfwVq-0008Gi-NL; Sun, 10 Jul 2011 17:05:42 +0100
From: Chris Hall <chris.hall@highwayman.com>
To: 'sidr wg list' <sidr@ietf.org>
References: <012601cc3d54$8f07c4e0$ad174ea0$@highwayman.com> <m2y609kptw.wl%randy@psg.com> <014001cc3d74$319571c0$94c05540$@highwayman.com> <m2pqlklw3v.wl%randy@psg.com> <014a01cc3d7f$6312f730$2938e590$@highwayman.com> <m2oc14ljh7.wl%randy@psg.com> <017d01cc3da0$9f8cd390$dea67ab0$@highwayman.com> <Pine.WNT.4.64.1107081506110.1536@SMURPHY-LT.columbia.ads.sparta.com>
In-Reply-To: <Pine.WNT.4.64.1107081506110.1536@SMURPHY-LT.columbia.ads.sparta.com>
Date: Sun, 10 Jul 2011 17:05:37 +0100
Organization: Highwayman
Message-ID: <01ec01cc3f1b$383c8920$a8b59b60$@highwayman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLnVxnGjNWVOyUsj5rn4Yr0eH1c1gL48hq9AYUdEa8CIAtBeALePpAvAmnYtsEBdZrX2AJHVOEeki+ILYA=
Content-Language: en-gb
Cc: 'Sandra Murphy' <Sandra.Murphy@sparta.com>
Subject: Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jul 2011 16:05:46 -0000

Sandra Murphy wrote (on Fri 08-Jul-2011 at 20:30):
...
> Section 6.6 rightly notes that if an AS decided to share its
> private key with another AS, no one outside the agreement
> could tell the difference.

As it stands, this is how a transparent route server could be
implemented.

I don't see a requirement to support transparent route servers in
draft-ietf-sidr-bgpsec-reqs :-(

Mind you, placing the RS ASN in the path might be said to violate:

  3.15 A BGPsec design MUST NOT require operators to reveal
       more than is currently revealed...

Though there's no shame in using an RS... except, perhaps, that your
larger ASes will tend not to, and may turn their noses up at those
that do.

Using an RS, IXP customers can peer with each other for the cost of
one BGP Session (or one with each local RS instance).  At some IXPs
there are several hundred RS clients.  The cost doesn't go away, but
falls on the RS, which scales as (N * N * R) -- number of clients 'N'
and average number of routes each 'R' -- that is: it scales horribly.

It would make life easier for the RS if the clients' routers were able
to do more of the work -- noting that it is vital that this does NOT
require any additional administrative effort beyond the initial
configuration, and that new RS clients are automatically connected to
all others (by default, at least).  But any change at the client end
requires some change to BGP and/or to administrative features of BGP
implementations... so good luck with that, as they say :-(

One such approach would use something like draft-walton-bgp-add-paths
(currently expired), so that the RS no longer has to make any best
path selection, but can pass all routes it has for each prefix, and
let the clients decide.  (This also solves the problem of how to allow
clients to tune the selection process in the RS.)

For BGPSEC it might be nice to push the signing out to the client:
suppose BGPSEC were extended, so that each route given to the RS
contained a list of AS Path signatures, one for each possible
destination.  This would also require a means for the RS to signal all
possible destination ASes, so that there is no need for administrators
to fiddle with their configurations.  This solves the private key
issue and has the happy property of moving work to the client --
except that they may not be quite ready to generate and send several
hundred path signatures per route !

More exotic would be to arrange for the RS to talk to a box in each
client which would provide the required signatures (inside the minimum
advertisement interval).  If that were a function of the local RPKI
Cache, then setting up a BGPSEC connection to the RS would be a little
more complicated, but once done would require no further work.  (The
request for a new signature could pass the current signatures, AS Path
and NLRI etc, so that the signing box can verify that the RS is not
asking for something it shouldn't.)

Chris

v2.23.0 | Report a Bug | By Email