[150482] in North American Network Operators' Group
Re: do not filter your customers
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Feb 24 20:47:02 2012
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: North American Network Operators' Group <nanog@nanog.org>
Date: Sat, 25 Feb 2012 01:45:59 +0000
In-Reply-To: <m2aa47ohys.wl%randy@psg.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 25, 2012, at 7:49 AM, Randy Bush wrote:
> i would love to see progress on the route leak problem. i do not confudd=
le it with security.
Availability is a key aspect of security - the most important one, in many =
cases/contexts. The availability of the control plane itself (i.e., being =
stable/resilient enough to continue doing its job even under various forms =
of duress) as well as the availability of the information about paths it pr=
opagates in order to allow the routing of transit traffic both fall squarel=
y within the rubric of security, IMHO.
The disruption of transit traffic routing often caused by route leaks, as i=
n this particular case, has a negative impact of the overall availability o=
f affected networks/endpoints/applications/services/data. However, route l=
eaks are only one potential cause of such hits to availability - and while =
there are several BCPs which can and should be adopted in order to protect =
against control-plane disruption, they in many cases honored more in the br=
each than in the observance due to complexity, opex (as is the case with ma=
ny - some would say most - security-related BCPs), and so forth.
The single best thing which could be done to improve the stability/resilien=
cy of the control-plane on IP networks in general would be to change the na=
ture of the control-plane (not just BGP, but the IGPs, as well) from in-ban=
d to out-of-band, IMHO. I know this will probably never happen, but wanted=
to be sure that the point was made in relation to this specific topic for =
the sake of completeness, if nothing else.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
