nanog mailing list archives

Re: ROVER routing security - its not enumeration

From: Doug Montgomery <dougm.tlist () gmail com>
Date: Wed, 06 Jun 2012 14:13:41 -0400

On 6/5/12 3:40 PM, Randy Bush wrote:

There are number of operational models that provide the needed
routing protection without enumeration.

I can see a use-case for something like:
   "Build me a prefix list from the RIR data"

this requires a full data fetch, not doable in dns.

and, at the other end of the spectrum, for any dynamic lookup on
receiving a bgp announcement, the data had best be already in the
router.  a full data set on an in-rack cache will go nuts on any
significant bgp load.  beyond that, you are in non-op space.

randy

I think we debate the superficial here, and without sufficientimagination. The enumerations vs query issue is a NOOP as far as I amconcerned. With a little imagination, one could envision building abox that takes a feed of prefixes observed, builds an aged cache ofprefixes of interest, queries for their SRO records, re queries forthose records before their TTLs expire, and maintains a white list of"SRO valid" prefix/origin pairs that it downloads to the router.


Lets call that box a SRO validating cache.

Where do you get the feed of prefixes of interest? From your own RIBsif you are only interested in white lists proportional to the routes youactually see, e.g., feed the box iBGP. From other sources (monitors,etc) if you would like a white list of every known prefix that anyonehas seen.

What about a completely new prefix being turned up? ... we could talkthrough those scenarios in each approach.

How does the cache down load the white list to the router ... we alreadyhave one approach for that. Add a bit to the protocol to distinguishsemantics of SRO from ROA semantics if necessary.

Point being, with a little imagination I think one could buildcomponents with either approach with similar black box behavior.

If there are real differences in these approaches it will be in theirinherent trust models, the processes that maintain those trust models,the system's level behavior of the info creation and distributionsystems, and the expressiveness of their validation frameworks.


dougm

Current thread:

ROVER routing security - its not enumeration Daniel Massey (Jun 05)
- Re: ROVER routing security - its not enumeration Shane Amante (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
  - Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
    - Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
    - Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
    - Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
    - Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
    - Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 06)
    - Re: ROVER routing security - its not enumeration Paul Vixie (Jun 10)
    - Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 11)
  - Re: ROVER routing security - its not enumeration Tony Tauber (Jun 05)
    - Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)