Re: [sidr] [Idr] Route Leaks and solutions
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Thu, 09 July 2015 17:14 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2044F1B2B0E; Thu, 9 Jul 2015 10:14:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQnIzLLFdlXs; Thu, 9 Jul 2015 10:14:32 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0128.outbound.protection.outlook.com [207.46.100.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF90B1B2B0C; Thu, 9 Jul 2015 10:14:31 -0700 (PDT)
Received: from CY1PR09MB0793.namprd09.prod.outlook.com (10.163.43.143) by BLUPR09MB005.namprd09.prod.outlook.com (10.255.211.143) with Microsoft SMTP Server (TLS) id 15.1.213.10; Thu, 9 Jul 2015 17:14:30 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) by CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) with mapi id 15.01.0207.004; Thu, 9 Jul 2015 17:14:30 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Christopher Morrow <morrowc.lists@gmail.com>
Thread-Topic: [Idr] Route Leaks and solutions
Thread-Index: AQHQst/YBwy3rwbYakKgtnDiHnHcZp3NZLUJgAAwLgCAACk92IAAEGcAgAWPDmA=
Date: Thu, 09 Jul 2015 17:14:29 +0000
Message-ID: <CY1PR09MB0793E39F703D436A3E21805B84900@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <005901d0b283$ea07bd20$be173760$@ndzh.com> <m2fv52b1w1.wl%randy@psg.com> <CY1PR09MB07939BA36BB01C19AD9AC2A384930@CY1PR09MB0793.namprd09.prod.outlook.com> <CAL9jLab5LOfeSYGzt=ywAwkoJdbe4moXD2w5LsGF-L_Cju_TUw@mail.gmail.com>
In-Reply-To: <CAL9jLab5LOfeSYGzt=ywAwkoJdbe4moXD2w5LsGF-L_Cju_TUw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [129.6.140.100]
x-microsoft-exchange-diagnostics: 1; BLUPR09MB005; 5:ih8u81BoV3woSLXhF3yPH10mfk1mIa6HfA/RZsAZ3maYGW1GeAKu7wuanrxjFclaLm7G6mqFX0AatZj+4gDBwTSq4ikpbnvQ6O1DUraYIFmNj30rlftCG08RsrXshAzKUmoWasjkV7lx/lRqtjWAeA==; 24:hssFmOkpYs3qXfQsCW2Bcn1attXGIVdajk1GwdpVHWa4LGnudqyy7lqjRhExwIrs/QSvvVKzLGGhypdwjXyfD479dhCDTx7PGIqujWhPwjg=; 20:91lTiIHdlyfPJu2bnt3NBF7e8v8GGWgR3si5CTD560hKv/WpBBOKQgvbw7XiukKK+X8fbXoiRCd/Z1wAPiF0EQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR09MB005;
blupr09mb005: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <BLUPR09MB0057AAE3E398156C34B337384900@BLUPR09MB005.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BLUPR09MB005; BCL:0; PCL:0; RULEID:; SRVR:BLUPR09MB005;
x-forefront-prvs: 0632519F33
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(87936001)(106116001)(5003600100002)(86362001)(76576001)(62966003)(46102003)(99286002)(2656002)(66066001)(77156002)(76176999)(54356999)(50986999)(5002640100001)(2950100001)(33656002)(2900100001)(102836002)(110136002)(74316001)(77096005)(189998001)(5001960100002)(93886004)(92566002)(122556002)(40100003); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR09MB005; H:CY1PR09MB0793.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2015 17:14:30.0377 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR09MB005
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/d8MX_YYCGnWqJnkTPmW_2VnDPUk>
Cc: idr wg list <idr@ietf.org>, "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] [Idr] Route Leaks and solutions
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 17:14:34 -0000
(Cc'ing sidr list also since there is interest there too in this topic.)
>> If A's customer C does not want A to propagate, then C has a choice not to send
>> the prefix-route to A in the first place.
>> Given that choice, why would C instead choose to poison or downgrade by altering RLP bits?
>Q: why do people poison routes by jamming in to the aspath ASN which
>they want to ignore their prefix/announcement?
>A: because knob.
Section 5.1 in the route leaks solution draft already discusses possible abuse
of the knob (without security / bgpsec).
Randy and I were trying to come up with more examples (besides what is in Sec. 5.1).
I will include Randy's additional example (that we have discussed here) also in Section 5.1.
But, IMHO, so far none of these abuses seems egregious.
So the benefit seems to outweigh the 'new attack vector' disadvantage. Explained further below.
Even with ROA origin validation, there is the fake-origin-AS attack vector (without bgpsec),
but we recognize that ROA origin validation stops all accidental mis-originations. So it is worth it.
The determined attacker may still use fake-origin-AS attack;
but that would be mitigated by bgpsec (when it is deployed).
Likewise, the evolution path for route leaks solution could be as follows:
Current BGP (without route leak solution; assuming prefix /AS path filters aren’t doing job adequately)
--- Vulnerable to accidental and malicious route leaks
--- Let us say 99% are accidental and 1% malicious (you can substitute your numbers)
|
|
\/
BGP with proposed route leak solution (without bgpsec)
--- Detects/mitigates the 99% but not the 1%
|
|
\/
Proposed route leak solution with bgpsec
--- Detects/mitigates the 99% as well as the 1%
Sriram
- Re: [sidr] [Idr] Route Leaks and solutions Sriram, Kotikalapudi
- [sidr] draft-sriram-idr-route-leak-detection-miti… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Andrei Robachevsky
- Re: [sidr] draft-sriram-idr-route-leak-detection-… Sriram, Kotikalapudi
- Re: [sidr] [Idr] Route Leaks and solutions Christopher Morrow
- Re: [sidr] [Idr] Route Leaks and solutions Sriram, Kotikalapudi