![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: soBGP deployment
From: Steve Gibbard <scg () gibbard org>
Date: Wed, 25 May 2005 17:04:41 -0700 (PDT)
On Wed, 25 May 2005, Tony Li wrote:
I know all the issues up there are real, since I've occasionally heard about them happening. I understand the devastating consequences of somebody finding a sufficiently well connected unfiltered BGP session and using it to announce some important prefixes. I fully agree that it should be fixed. And yet, in the nine or so years I've been working on network infrastructure stuff, spoofed BGP announcements have never been a major cause of problems for me.That's what we can say so far. Do you really want to wait until we have a major problem?
No. As I said, I understand that the results of somebody doing something malicious here would be bad.
My point (covered in the paragraph you didn't quote) is that schemes for requiring the authentication of routing information can also cause problems (which could be major if they happen to the wrong prefixes). If we make the network more able to withstand worst case scenarios without doing damage to its ability to be stable in its every day environment, that's a clear win. If, on the other hand, we were to get the network into a situation where it was harder for terrorists to push it over but it fell over on its own with some regularity, that probably wouldn't be an improvement.
I'm not saying don't secure BGP. I'm saying be very careful in doing so, if you want to convince network operators to implement it.
I'll note that I'm not talking about soBGP specifically. I have read the RFC, but I'm still not sure I understand it sufficiently to pass judgement.
-Steve
Current thread:
- Re: soBGP deployment, (continued)
- Re: soBGP deployment Tony Li (May 24)
- Re: soBGP deployment Daniel Karrenberg (May 25)
- Re: soBGP deployment Tony Li (May 25)
- Re: soBGP deployment Jeroen Massar (May 26)
- Re: soBGP deployment william(at)elan.net (May 26)
- Re: soBGP deployment Todd Underwood (May 26)
- Re: soBGP deployment Bill Woodcock (May 26)
- Re: soBGP deployment Bill Woodcock (May 26)
- Re: soBGP deployment Steve Gibbard (May 25)
- Re: soBGP deployment Tony Li (May 25)
- Re: soBGP deployment Steve Gibbard (May 25)
- Re: soBGP deployment Todd Underwood (May 26)
- Re: soBGP deployment Daniel Golding (May 26)
- Re: soBGP deployment Randy Bush (May 26)
- Re: soBGP deployment Tony Li (May 26)
- Re: soBGP deployment william(at)elan.net (May 26)
- Re: soBGP deployment Todd Underwood (May 27)
- Re: [s,o]BGP deployment bmanning (May 27)
- Re: [s,o]BGP deployment Randy Bush (May 27)
- Re: [s,o]BGP deployment Lucy E. Lynch (May 27)
- Re: [s,o]BGP deployment bmanning (May 27)