Re: [sidr] Burstiness of BGP updates
Robert Raszuk <robert@raszuk.net> Fri, 18 November 2011 14:32 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D01221F8B2A for <sidr@ietfa.amsl.com>; Fri, 18 Nov 2011 06:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d7PQFXwqiFrN for <sidr@ietfa.amsl.com>; Fri, 18 Nov 2011 06:31:59 -0800 (PST)
Received: from mail1310.opentransfer.com (mail1310.opentransfer.com [76.162.254.103]) by ietfa.amsl.com (Postfix) with ESMTP id 7343E21F8B15 for <sidr@ietf.org>; Fri, 18 Nov 2011 06:31:59 -0800 (PST)
Received: (qmail 17984 invoked by uid 399); 18 Nov 2011 14:31:58 -0000
Received: from unknown (HELO ?10.0.1.3?) (203.69.99.16) by mail1310.opentransfer.com with ESMTP; 18 Nov 2011 14:31:58 -0000
X-Originating-IP: 203.69.99.16
Message-ID: <4EC66C5F.7040302@raszuk.net>
Date: Fri, 18 Nov 2011 15:31:59 +0100
From: Robert Raszuk <robert@raszuk.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Tony Tauber <ttauber@1-4-5.net>
References: <D7A0423E5E193F40BE6E94126930C49308E9E35567@MBCLUSTER.xchange.nist.gov> <4EC329C6.4090600@riw.us> <7309FCBCAE981B43ABBE69B31C8D21391A45A2062E@EUSAACMS0701.eamcs.ericsson.se> <4EC32EBE.6030106@riw.us> <7309FCBCAE981B43ABBE69B31C8D21391A45A20633@EUSAACMS0701.eamcs.ericsson.se> <E2D346C7800D704DB41ED19D90434DA6320C15DF93@ESESSCMS0358.eemea.ericsson.se> <4EC33E88.9090505@riw.us> <7309FCBCAE981B43ABBE69B31C8D21391A45A20649@EUSAACMS0701.eamcs.ericsson.se> <4EC459F0.9070200@riw.us> <CAL9jLabyymUZJRk44Z00UeQsxinN5D-05-7_htmRanYwi7ysvQ@mail.gmail.com> <4EC462E9.7090103@riw.us> <m2wraz4j68.wl%randy@psg.com> <4EC4684B.3030204@riw.us> <m2ty634ie7.wl%randy@psg.com> <855A62C6-6654-4FA8-8644-B7B044C76148@verisign.com> <m2k46z4f1d.wl%randy@psg.com> <4EC48834.9060805@riw.us> <m2hb2346uq.wl%randy@psg.com> <09683D2C-A35A-4083-93D4-0E47B2106D83@apnic.net> <CAGQUKcd1nos+XfBzaSKrBu=oeNWGaMnA-AVa207GTr48pbrc2Q@mail.gmail.com>
In-Reply-To: <CAGQUKcd1nos+XfBzaSKrBu=oeNWGaMnA-AVa207GTr48pbrc2Q@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Burstiness of BGP updates
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert@raszuk.net
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2011 14:32:00 -0000
Hello Tony, > Hopefully I've characterized things reasonably Sincere apologies for critics, but observing this space as well as hearing voices of operators from all over the world IMHO you have not even stated the basic preludium to the problem at stake. I think Russ is not just flaming that this is complex. The way I read what Russ is not afraid to say is that solutions in place are just not addressing the real BGP security issue. If they would we do know (with around for most of us 20 years of internet deployments behind our belts) how to educate community to deploy globally any new useful functionality. However the current proposal may very well address the Internet control issue rather then real internet security issue and this is the problem. This is something that non of the authors or implementors will ever admit is the objective here for a very obvious legal reasons. Best, R. > As that old draft's author/editor (started as editor, ended up more > as author, with suggestions), perhaps I can add some clarification to > some of what's being re-hashed here. It's likely many already > understand it; some don't; some could be aided by different wording. > > Steve Kent takes the approach that working through the processing > and propagation of updates and securing those operations to the > spec. The notion appears to me to be to model behavior based on > discrete events and the BGP FSM. > > Russ White takes the approach that the overall deployed system is > very complex containing many dimensions of variability including but > not limited to time, topology, and local practice/policy. Following > from that is a concern that, beyond a point, adding the additional > complexity being proposed results in either no benefit or negative > impact to the goals of the global routing system. > > Hopefully I've characterized things reasonably and this might help > anyone who's having trouble following at home. > > Tony > > On Thu, Nov 17, 2011 at 7:19 PM, Geoff Huston<gih@apnic.net> wrote: > >> >> On 17/11/2011, at 5:10 PM, Randy Bush wrote: >> >>>> The process SIDR has used is backwards --choose a solution, >>>> then build the requirements around that solution. >>> >>> the bgpsec requirements document was started from the 2008 >>> document draft-ietf-rpsec-bgpsecrec-10 >> >> That document never managed to reconcile the various views relating >> to AS Path validation, so I'm unclear if you are citing this as a >> completed activity, because to me it certainly appeared to be an >> incomplete piece of work. >> >> To be specific to quote from section 7 of this draft: >> >> AS_PATH Feasibility Check: The AS_PATH list may correspond to a >> valid list of autonomous systems according to the first >> verification category listed in the "Areas to Secure" Section >> above. Further study will determine the extent to which this is a >> security requirement. >> >> >> >> _______________________________________________ sidr mailing list >> sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr >> > > > > _______________________________________________ sidr mailing list > sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Sriram, Kotikalapudi
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Jakob Heitz
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Randy Bush
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Jakob Heitz
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … George, Wes
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Jakob Heitz
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … George, Wes
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Jakob Heitz
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Brian Dickson
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … George, Wes
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Russ White
- Re: [sidr] Burstiness of BGP updates (was: WGLC: … Jakob Heitz
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Jakob Heitz
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Jakob Heitz
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Shankar K A
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Christopher Morrow
- Re: [sidr] Burstiness of BGP updates Shankar K A
- Re: [sidr] Burstiness of BGP updates Jakob Heitz
- Re: [sidr] Burstiness of BGP updates Shankar K A
- Re: [sidr] Burstiness of BGP updates Brian Dickson
- Re: [sidr] Burstiness of BGP updates Christopher Morrow
- Re: [sidr] Burstiness of BGP updates Brian Dickson
- Re: [sidr] Burstiness of BGP updates Christopher Morrow
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Christopher Morrow
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Randy Bush
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Robert Raszuk
- Re: [sidr] Burstiness of BGP updates Randy Bush
- Re: [sidr] Burstiness of BGP updates Brian Dickson
- Re: [sidr] Burstiness of BGP updates Robert Raszuk
- Re: [sidr] Burstiness of BGP updates Randy Bush
- Re: [sidr] Burstiness of BGP updates Eric Osterweil
- Re: [sidr] Burstiness of BGP updates Randy Bush
- Re: [sidr] Burstiness of BGP updates Stephen Kent
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Russ White
- Re: [sidr] Burstiness of BGP updates Eric Osterweil
- Re: [sidr] Burstiness of BGP updates Randy Bush
- Re: [sidr] Burstiness of BGP updates Geoff Huston
- Re: [sidr] Burstiness of BGP updates Tony Tauber
- Re: [sidr] Burstiness of BGP updates Robert Raszuk
- Re: [sidr] Burstiness of BGP updates Tony Tauber
- Re: [sidr] Burstiness of BGP updates Robert Raszuk
- Re: [sidr] Burstiness of BGP updates Tony Tauber
- Re: [sidr] Burstiness of BGP updates Stephen Kent
- Re: [sidr] Burstiness of BGP updates Randy Bush
- Re: [sidr] Burstiness of BGP updates Jakob Heitz