Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt

[Job Snijders <job@ntt.net>]

Hi Jay,

On Tue, Mar 13, 2018 at 11:25:16AM -0400, Jay Borkenhagen wrote:
> My reasons for preferring that my vendors do not implement DISR are:
> 
>  - implementing DISR would require changes to some very key parts of
>  router code.  You might be right that there is a straightforward way
>  to do it -- but it's still a change to some critical code, and any
>  bugs introduced there could affect even those not using DISR.

Eh.... yes... so don't write bugs? Your reasoning applies to any change,
in any aspect of a codebase. While your fear may be justified, this type
of argument is hard to take into consideration from an IETF perspective.

>  - the long-term goal should still be dropping all invalids, including
>  those that DISR would permit. So at best DISR should be only a
>  short-term policy.

Yes.

> I don't think DISR is the right policy for anyone to use, for the
> reasons I cited: (a) it's better to attempt to educate those
> publishing what appear to be bad ROAs rather than making any
> assumptions about them, and (b) the invalid-only route could be
> announced by address squatters -- why assist the squatters?
> 
> I know of no significant ISP networks that are dropping invalids
> today. (I am not discussing IXPs here.)  I also know of no one saying
> they would be dropping some invalids today if only DISR were
> available.

I'm certainly struggling to find some kind of pathway towards dropping
invalids, and would seriously consider deploying DISR-style filters if
they were available to me.

> Before we get hung up on how DISR would be implemented in router code,
> let's discuss whether it's a policy ISPs should actually deploy.  For
> the reasons I have explained, I say it's not.

Yes - this is the big question.

We agree on the observation that nobody is dropping invalids, so we have
to ask ourselves: what is the resaon for this? Is there a way to
overcome whatever obstacles ISPs see?

A problem I see at this point in time is that if there are three
networks: A, B & C - and A does origin validation but B does not, then
B will be rewarded for mistakes that happen in the administrative domain
of C. This makes origin validation a really tough sell.

I appreciate that DISR attempts to mitigate some of these concerns - but
obviously DISR (in its _current_ form) introduces some problems as well,
namely opening up the option to more easily squat on unannounced space.

One could consider it a trade-off: does attempting to level the playing
field between network A & network B from an incentive perspective,
justify a weakening of protection of (perhaps purposefully) unannounced
space?

> Out of curiousity, are you attempting to educate those announcing
> invalids today?

Yes.

kind regards,

Job