[150466] in North American Network Operators' Group
Re: do not filter your customers
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Feb 24 16:01:16 2012
Date: Fri, 24 Feb 2012 12:59:50 -0800
From: Leo Bicknell <bicknell@ufp.org>
To: "North American Network Operators' Group" <nanog@nanog.org>
Mail-Followup-To: North American Network Operators' Group <nanog@nanog.org>
In-Reply-To: <38BE694A-53C0-4306-B129-5B3BF101291B@castlepoint.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Fri, Feb 24, 2012 at 01:04:20PM -0700, Shane Amante=
wrote:
> Solving for route leaks is /the/ "killer app" for BGPSEC. I can't unders=
tand why people keep ignoring this.
Not all "leaks" are bad.
I remember when there was that undersea landside in Asia that took
out a bunch of undersea cables. Various providers quickly did
mutual transit and other arrangements to route around the problem,
getting a number of things back up quite quickly. These did not
match IRR records though, and likely would not have matached BGPSEC
information, at least not initially.
There are plenty of cases where someone "leaks" more specifics with
NO_EXPORT to only one of their BGP peers for the purposes of TE.
The challenge of securing BGP isn't crypto, and it isn't enough
ram/cpu/whatever to process it. The challenge is getting a crypto
scheme that operators can use to easily represent the real world.
It turns out the real world is quite messy though, often full of
temporary hacks, unusual relationships and other issues.
I'm sure it will be solved, one day.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQIVAwUBT0f6RrN3O8aJIdTMAQKilRAAgd+J0ZJh3SHbK+nOrU3Vyb2QgS5Ji2Vc
Heh33JZp9a/cXK8xGK39FyXpa56sT+Qc+vnPkTUnEKyK43/8iSY8y1vLqQYTO57E
TA5DdA2idJEQeKyQRDrNBhUbMN8xZHQ2PRoEt2x0gYgfbXi/r1y7hF6lab2OO41W
eBgYQf4X8u/Il4FCM+IeFtQk6Ki6Egt5DOWRxJ/zPfvBfff6e577lAz/gJtYcCMd
0I/knP80JC0TrGIGcixjh3loSZkULias9ZNtOzkQEuC4suMrmxPqzeyotUfdBXY2
Ybu/ToBW61i+9cs4BauSxAPmmuqUBdeXw+RKDFPdRb4qZbs7Vs2EhOsWMsdNpJqr
lW08n8IPe+HI0KEe29798NyAT+wT5urtJLzPYpRJBEcBA+4OG3lsGRFHT8iqmaM+
rBTxWsep1rKlg6gfTjNZOCiGznji8Cw5m7RYfvZIoLw6qb59YXntmR5t7GIn6EOX
/ajelVXTDMkhqXfRSVLoix3QowMB0+3BjdpT1i1XbX71i4BJXw4CwKmAtnlcLWS0
ZgFaiPRMA0kiSE5JQynoAPML8xPY0wlpJgLxMmftrpDvBO4CmHPrLmZOiqfonJMP
PDOC2LoFiG9rNNp4Mr8L5urfGe0Keulp+ddzewUyI2Vzm4/l36fpTfR6hzpWD0Qw
Gmzd87qA6xU=
=yLkX
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--
