[144169] in North American Network Operators' Group
Re: Do Not Complicate Routing Security with Voodoo Economics
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Sep 4 09:51:16 2011
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <m2mxek1v78.wl%randy@psg.com>
Date: Sun, 4 Sep 2011 09:51:12 -0400
To: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Mostly excellent thoughts, well documented. I have a question about =
this statement though:
> in fact, a number of global Tier-1 providers have preferred peers for =
decades
I assume you mean for a very limited subset of their customers? I've =
checked routing on well over half the transit free networks on the =
planet, and for the small number of customers I was researching, they =
definitely preferred customer routes over peering.
--=20
TTFN,
patrick
On Sep 4, 2011, at 6:02 AM, Randy Bush wrote:
> [ http://archive.psg.com/110904.broadside.html ]
>=20
> Do Not Complicate Routing Security with Voodoo Economics
> a broadside
>=20
> A recent NANOG presentation and SIGCOMM paper by Gill, Schapira, and
> Goldberg[1] drew a lot of 'discussion' from the floor. But that
> discussion missed significant problems with this work. I raise this
> because of fear that uncritical acceptance of this work will be used =
as
> the basis for others' work, or worse, misguided public policy.
> o The ISP economic and incentive model is overly naive to the point of
> being misleading,=20
> o The security threat model is unrealistic and misguided, and
> o The simulations are questionable.
>=20
> Basic ISP economics are quite different from those described by the
> authors. Above the tail links to paying customers, the expenses of
> inter-provider traffic are often higher than the income, thanks to the
> telcos' race to the bottom. In this counter-intuitive world, transit
> can often be cheaper than peering. I.e. history shows that in the =
rare
> cases where providers have been inclined to such games, they usually
> shed traffic not stole it, the opposite of what the paper presumes. =
The
> paper also completely ignores the rise of the content providers as
> described so well in SIGCOMM 2010 by Labovitz et alia[2]
>=20
> It is not clear how to =91fix=92 the economic model, especially as[3] =
says
> you can not do so with rigor. Once one starts, e.g. the paper may =
lack
> Tier-N peering richness which is believed to be at the edges, we have
> bought into the game for which there is no clear end.
>=20
> But this is irrelevant, what will motivate deployment of BGP security =
is
> not provider traffic-shifting. BGP security is, as its name =
indicates,
> about security, preventing data stealing (think banking
> transactions[4]), keeping miscreants from originating address space of
> others (think YouTube incident) or as attack/spam sources, etc.
>=20
> The largest obstacle to deployment of BGP security is that the
> technology being deployed, RPKI-based origin validation and later
> BGPsec, are based on an X.509 certificate hierarchy, the RPKI. This
> radically changes the current inter-ISP web of trust model to one =
having
> ISPs' routing at the mercy of the Regional Internet Registries (RIRs).
> Will the benefits of security - no more YouTube incidents, etc. - be
> perceived as worth having one's routing at the whim of an
> non-operational administrative monopoly? Perhaps this is the real
> economic game here, and will cause a change in the relationship =
between
> the operators and the RIR cartel.
>=20
> The paper's simulations really should be shown not to rely on the
> popular but highly problematic3 Gao-Rexford model of inter-provider
> relationships, that providers prefer customers over peers (in fact, a
> number of global Tier-1 providers have preferred peers for decades), =
and
> that relationships are valley free, which also has significant
> exceptions. Yet these invalid assumptions may underpin the simulation
> results.
>=20
> ---
>=20
> Randy Bush <randy@psg.com>
> Dubrovnik, 2011.9.4
>=20
> [1] P. Gill, M. Schapira, and S. Goldberg, Let the Market Drive
> Deployment: A Strategy for Transitioning to BGP Security, SIGCOMM =
2011,
> August 2011.
> http://conferences.sigcomm.org/sigcomm/2011/papers/sigcomm/p14.pdf
>=20
> [2] [1] C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, and
> F. Jahanian, =93Internet inter-domain traffic,=94 in SIGCOMM '10:
> Proceedings of the ACM SIGCOMM 2010 conference on SIGCOMM, 2010.
>=20
> [3] M. Roughan, W. Willinger, O. Maennel, D. Perouli, and R. Bush, 10
> Lessons from 10 Years of Measuring and Modeling the Internet's
> Autonomous Systems, IEEE Journal on Selected Areas in Communications,
> Vol. 29, No. 9, pp. 1-12, Oct. 2011.
> https://archive.psg.com/111000.TenLessons.pdf
>=20
> [4] A. Pilosov, T. Kapela. Stealing The Internet An Internet-Scale Man
> In The Middle Attack, Defcon 16, August, 2008.
> =
http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-piloso=
v-kapela.pdf
>=20
