[126270] in North American Network Operators' Group
Re: Securing the BGP or controlling it?
daemon@ATHENA.MIT.EDU (Vincent J.. Bono)
Mon May 10 16:02:43 2010
Date: Mon, 10 May 2010 16:02:03 -0400 (EDT)
From: "Vincent J.. Bono" <vbono@2nplus1.com>
To: Nick Hilliard <nick@foobar.org>
In-Reply-To: <29756003.11111273521337490.JavaMail.root@mail.2nplus1.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> this is a matter of risk analysis. No secure routing means we'll continue
> to see the occasional high profile outage which is dealt with very quickly.
Speaking from painful experience all kinds of variable can ensure that even when a problem is identified quickly and action taken expeditiously outages can and do take much longer than "very quickly" to correct.
Also, while (IMHO) the much higher level of private interconnects / peering links in use today vs. 1997 makes willful route hijacking more difficult, building better security directly into the protocol is certainly in order. A good parallel is the SS7 network that runs "routing" for traditional voice signaling: it's "secured" by using a completely separate, out of band TDM network (DS1s and DS0s) but its also an "in the clear" protocol and could be subject to willful vandalism.
