IETF Logo Mail Archive

Re: [Sidrops] Comments on draft-ietf-sidrops-validating-bgp-speaker

Job Snijders <job@ntt.net> Thu, 15 February 2018 13:39 UTC

Return-Path: <job@instituut.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DAE712DA04 for <sidrops@ietfa.amsl.com>; Thu, 15 Feb 2018 05:39:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6gFOavPwQtbg for <sidrops@ietfa.amsl.com>; Thu, 15 Feb 2018 05:39:35 -0800 (PST)
Received: from mail-wm0-f50.google.com (mail-wm0-f50.google.com [74.125.82.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78BC912DA09 for <sidrops@ietf.org>; Thu, 15 Feb 2018 05:39:35 -0800 (PST)
Received: by mail-wm0-f50.google.com with SMTP id j21so1213586wmh.1 for <sidrops@ietf.org>; Thu, 15 Feb 2018 05:39:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=yUeLVwHUVz9Kkd3IzuB0s4D8iuHTM+7paISd4IQ8oRU=; b=K/dILUClSJLlF75V4zxhh1DORxn1SNxIlrbV7H9y3IkiN8eDOEEyOSzGnuyPWxgYVN tjmabMw4T4/u9EaZ5aZnq7a7K/qOMmGNiNRHVhW3EhZG1Yh6UGgRRMx3MI1noY/TL5So IvC/DjIYl49/E834teVXk1Em3fQYTmGOeyiwf+GdfojyOx6tZ5dDN+ZzNUXPHcQWJDhK nkdx2x2L3xCg3BvutcIKjPEi5IoPrlorw6uWEHkaq99BPktCE5s+qyonCKKtph7tQUJz 8Wqamhv763j4XU/AK87qYBs9u2hOAg0A0zkraP4NPwIU87HpN0PDZLtrsLdlrIYSTnrA ZuVg==
X-Gm-Message-State: APf1xPB58KVYXTs2o5fuIGX0Jxo+d15uBFv7yoWY2Pi8HuH8XroecUXT U4vvviSMa3x3V9R/DAAbiKX3gDQvbmI=
X-Google-Smtp-Source: AH8x227Yr3c6dLl7XHcXZszWpkFq+DOi9La1bAuujJkz0tFdY3ATUJBf5CkApwYjaKjguHr1VR7VIQ==
X-Received: by 10.80.153.143 with SMTP id m15mr3352317edb.145.1518701973775; Thu, 15 Feb 2018 05:39:33 -0800 (PST)
Received: from localhost ([2001:67c:208c:10:2cf2:185e:db44:f1cb]) by smtp.gmail.com with ESMTPSA id p55sm7604112edc.15.2018.02.15.05.39.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Feb 2018 05:39:32 -0800 (PST)
Date: Thu, 15 Feb 2018 14:39:31 +0100
From: Job Snijders <job@ntt.net>
To: Aris Lambrianidis <aris.lambrianidis@ams-ix.net>
Cc: Jeff Wheeler <jsw@inconcepts.biz>, sidrops@ietf.org
Message-ID: <20180215133931.GB1193@hanna.meerval.net>
References: <CAPWAtbJJ3mWXP-d314CbY7n9LSh4KmNjXBCP93Ag_i=0gcAd8Q@mail.gmail.com> <5A84B6B8.50207@ams-ix.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5A84B6B8.50207@ams-ix.net>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.9.3 (2018-01-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/F_tekILJ7AHww6_5-aUuESuEIfA>
Subject: Re: [Sidrops] Comments on draft-ietf-sidrops-validating-bgp-speaker
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2018 13:39:37 -0000

On Wed, Feb 14, 2018 at 11:22:48PM +0100, Aris Lambrianidis wrote:
> Let me also point out that in theory, forwarding "invalid" prefixes is
> bad. However, our own operational experience so far has shown that
> most ROA invalid prefixes are due to misconfiguration rather than
> malicious intent.

A major consideration is that all IXP route servers only offer a
_partial_ view on the global routing table, nobody ever single-homes
behind an IXP route server. So, if the IXP route server does _not_
propagate invalid prefixes to its participants, operationally speaking
the 'worst' thing that can happen is that alternative paths are used via
either bilateral peering or other arrangements. If anything, if people
depend on keeping their traffic on the IX with the help of the RS, there
is an actual monetary incentive to repair the misconfigured ROAs. If
anything, IXPs should take a leading role in deploying RPKI Origin
Validation - this draft proposes the opposite: a watering down that
justifies propagation of bad announcements.

By merely tagging the invalid prefixes with a community, the sender of
those BGP announcements has significantly visiblity into problem, since
the sender of such announcements won't see the 'invalid community'
themselves.

I think in context of IXP Route Servers it is very detrimental to the
Internet community's overall effort to improve routing security if
invalid malicious announcements are distributed alongside these
'misconfigurations', and the propagation of misconfigurations is deemed
more important than blocking of incorrect announcements.

Given the prevalence of routing incidents and the critical effects they
have on business continuity, I'm concerned that time is wasted on
actively lowering the bar ('rpki-light' aka 'draft-ietf-sidrops-validating-bgp-speaker')
rather than spending time on setting higher standards.

ESPECIALLY given the position of route servers in the routing ecosystem.
If we consider a misconfigured RPKI ROA an 'error', favoring strict
error handling (dropping) over attempting error recovery is an effective
technique for ensuring that faults receive attention. 

Kind regards,

Job

v2.23.0 | Report a Bug | By Email