Re: Feedback Requested: Routing Resilience Manifesto

[Jared Mauch <jared () puck nether net>]

On Jul 2, 2014, at 2:22 PM, William Herrin <bill () herrin us> wrote:

> On Wed, Jul 2, 2014 at 2:00 PM, Jared Mauch <jared () puck nether net> wrote:
> > No, but how else do you suggest we work to address these problems?
> > While a naked run isn't my first choice, I am interested in practical solutions
> > and responses.  I've privately and publicly documented some of my challenges
> > securing my networks with BCP-38.  While perhaps not obviously related there
> > is also the issue of BGP filtering and other things that create a nexus of
> > interrelated items.
>
> Hi Jared,
>
> Have you ever known any problem to be solved with stronger awareness
> of the rules of whack-a-mole?
>
> The first level of the problem is technical: there's no efficient
> protocol for propagating knowledge about acceptable sources from each
> link from router to router and not nearly enough TCAM in shipping
> models to implement such a protocol if it existed.  Every current
> anti-spoofing approach either involves slow and mistake-prone manual
> effort or is tied to trivial single-homed routing cases so often
> implemented by inept junior staff at third-tier networks.

I can't solve the inept staff problem either, this is a problem of people
being paid to do something they're unqualified to do.  They can muddle through
it to a workable solution and folks say "great, it's fixed don't touch it"
and move on.  As a community we need to find these cases and educate those
which haven't learned that proxy-arp, ip redirects (and ipv6 redirects) are
bad and cause more damage than good.  Perhaps this "manifesto" is the
wrong way, but it's at least an attempt to enumerate some set of them
and make it public to educate folks.  I'd love to see all the members
of this list be able to take one item and strive for it this year as a
goal.

> The second level of the problem is financial -- some customers will
> pay you to avoid being victims of the problem but none will pay you to
> avoid being facilitators. Protocols, software and TCAMs are expensive.
> Far more expensive than the abject lack of penalties, lawsuits,
> shutdowns and public shaming which result from the discovery of leaky
> origins.

Sure.  I have been trying to avoid mentioning this, but there's at least one
case this week where someone substituted their own moral standing in place
of a party they feel wasn't doing the right thing.  The fate of that
event is still not determined.  (I'm not trying to fork the discussion to
be related, but it's certainly a threat that I'm paying close attention to).

        - Jared