Re: [Sidrops] I-D Action: draft-ietf-sidrops-route-server-rpki-light-00.txt

I am advocating a strong security posture, in which each ASN takes their responsibility to the best of their abilities in maintaining a healthy global routing system. KNOWINGLY distributing routes which are considered Invalid is the wrong thing to do.

If an ASN (read Route Server) doesn't want to participate in keeping the routing system clean, they should perhaps consider ceasing their BGP operations, but certainly not hide under the guise of "offering customers all options".

An autonomous system is an autonomous system. IXP operators do not get a free pass to propagate garbage, the same garbage we expect the rest of the operators to reject.

This draft promotes an insecure mode of operation.

Kind regards,

Job

On 13 Jan 2017, 20:57 +0100, Carlos M. Martinez <carlosm3011@gmail.com>, wrote:
> Hi Job,
>
> I believe what what you propose would be deciding on behalf of people
> who are not your customers and with whom you only have a loose
> relationship based on sharing something. I don´t think a route server
> should in fact drop invalid routes when re-announcing them to the other
> peers.
>
> I understand that this could be different depending on the arrangements
> among members of the IXP, but, I like to have the option for marking
> open.
>
> Cheers!
>
> -Carlos
>
> On 13 Jan 2017, at 15:40, Job Snijders wrote:
>
> > Hi all,
> >
> > I have trouble with the idea proposed in this draft. It reads to me
> > "When the route server receives a hijacked prefix, it will decorate it
> > with an extended community and propagate it to all its peers".
> >
> > This is not a responsible thing to do. Route Server operators should
> > configure there route servers to reject/drop/ignore 'RPKI invalid'
> > announcements, and thats should be the end of it.
> >
> > Kind regards,
> >
> > Job
> >
> > On Fri, Jan 13, 2017 at 10:28:24AM -0800, internet-drafts@ietf.org
> > wrote:
> > >
> > > A New Internet-Draft is available from the on-line Internet-Drafts
> > > directories.
> > > This draft is a work item of the SIDR Operations of the IETF.
> > >
> > > Title : Signaling Prefix Origin Validation Results
> > > from a Route-Server to Peers
> > > Authors : Thomas King
> > > Daniel Kopp
> > > Aristidis Lambrianidis
> > > Arnaud Fenioux
> > > Filename : draft-ietf-sidrops-route-server-rpki-light-00.txt
> > > Pages : 6
> > > Date : 2017-01-13
> > >
> > > Abstract:
> > > This document defines the usage of the BGP Prefix Origin
> > > Validation
> > > State Extended Community
> > > [I-D.ietf-sidr-origin-validation-signaling]
> > > to signal prefix origin validation results from a route-server to
> > > its
> > > peers. Upon reception of prefix origin validation results peers
> > > can
> > > use this information in their local routing decision process.
> > >
> > >
> > >
> > > The IETF datatracker status page for this draft is:
> > > https://datatracker.ietf.org/doc/draft-ietf-sidrops-route-server-rpki-light/
> > >
> > > There's also a htmlized version available at:
> > > https://tools.ietf.org/html/draft-ietf-sidrops-route-server-rpki-light-00
> > >
> > >
> > > Please note that it may take a couple of minutes from the time of
> > > submission
> > > until the htmlized version and diff are available at tools.ietf.org.
> > >
> > > Internet-Drafts are also available by anonymous FTP at:
> > > ftp://ftp.ietf.org/internet-drafts/
> > >
> > > _______________________________________________
> > > Sidrops mailing list
> > > Sidrops@ietf.org
> > > https://www.ietf.org/mailman/listinfo/sidrops
> >
> > _______________________________________________
> > Sidrops mailing list
> > Sidrops@ietf.org
> > https://www.ietf.org/mailman/listinfo/sidrops
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops