[80981] in North American Network Operators' Group
Re: soBGP deployment
daemon@ATHENA.MIT.EDU (Christopher Woodfield)
Fri May 20 14:34:06 2005
In-Reply-To: <428D267B.9080707@umbc.edu>
Cc: nanog@merit.edu
From: Christopher Woodfield <rekoil@semihuman.com>
Date: Fri, 20 May 2005 14:31:21 -0400
To: vijay gill <vijay@umbc.edu>
Errors-To: owner-nanog@merit.edu
As far as answering the "First Goal" of the article, I really don't
see much here that isn't handled today by route registries, except
for the TLS certificate stuff. Not sure how much security that adds,
practically; how often do people see their route objects jacked by
hax0rs?
For the "Second Goal" part, this is somewhat intriguing, although I
would like to know how often "fake" as-paths get leaked and if it
really happens often enough to justify a new BGP infrastructure in
order to prevent it. Maybe as part of BGPv5, where there are other
benefits to migrating to the new protocol (32-bit ASNs, anyone?)
In short, the goals seem laudable, but it seems that this solution
seems a bit, well, extreme, and I'm not sure if the disease if worse
than the cure. That said, I'm curious how much of this can be
implemented realistically at the single-peer level the paper
mentions. Just don't ask me to run it on a GRP-B.
-C
On May 19, 2005, at 7:51 PM, vijay gill wrote:
>
> If you are an operator, would you deploy soBGP or something like
> it? If not, why not.
>
> http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac236/
> about_cisco_ipj_archive_article09186a00801c5a9b.html
>
> /vijay
>