nanog mailing list archives
Re: "Is BGP safe yet?" test
From: Andrey Kostin <ankost () podolsk ru>
Date: Mon, 20 Apr 2020 13:01:24 -0400
Thank you Mark, Tom and Chris for your responses that confirmed my "mixed feelings" about this tool. As a side note, I mentioned from https://bgp.he.net/AS13335#_prefixes that AS13335 advertises a bunch or prefixes without RoA and even one invalid prefix, although I don't see it (only invalid one) from other sources. So it looks like an attempt to jump ahead and announce competitive leadership using marketing rather than technology. So for myself with your help I'd qualify it as aggressive push from technical PoV and offensive from marketing PoV. The former definitely has some positive effect which however could or could not be outweighted by the latter.
Kind regards, Andrey Tom Beecher писал 2020-04-20 12:24:
Technical people need to make the business case to management for RKPI by laying out what it would cost to implement (equipment, resources, ongoing opex), and what the savings are to the company from protecting themselves against hijacks. By taking this step, I believe RPKI will become viewed by non-technical decision makers as a 'Cloudflare initiative' instead of a 'good of the internet' initiative, especially by some companies who compete with Cloudflare in the CDN space. I believe that will change the calculus and make it a more difficult sell for technical people to get resources approved to make it happen. On Mon, Apr 20, 2020 at 11:38 AM Cummings, Chris <ccummings () coeur com> wrote:Why do you think that RPKI adoption will be slowed due to this action by CloudFlare? — Chris Cummings FROM: NANOG <nanog-bounces () nanog org> on behalf of Tom Beecher <beecher () beecher cc> DATE: Monday, April 20, 2020 at 10:35 TO: Andrey Kostin <ankost () podolsk ru> CC: Nanog <nanog () nanog org> SUBJECT: Re: "Is BGP safe yet?" test ( Speaking 100% for myself. ) I think it was tremendously irresponsible, especially in the context of current events, to take a complex technical issue like this and frame it to the general public as a 'safety' issue. It's created articles like this : https://www.wired.com/story/cloudflare-bgp-routing-safe-yet/ , which are terrible because they imply that RPKI is just some simple thing that anyone not doing is just lazy or stupid. Very few people will read to the bottom note about vendors implementing RPKI support, or do any other research on the issue and challenges that some companies face to do it. It's not their job; that's ours. I feel like there has been more momentum in getting more people to implement PKI in the last 18-24 months. ( Maybe others with different visibility have different opinions there. ) There are legitimate technical and business reasons why this isn't just a switch that can be turned on, and everyone in our industry knows that. In my opinion, Mr. Prince is doing a great disservice by taking this approach, and in the longer term RPKI adoption will likely be slower than it would have been otherwise. I genuinely appreciate much of what Cloudflare does for the sake of 'internet good' , but I believe they wildly missed the mark here.
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
- Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 20)
- Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
- Re: "Is BGP safe yet?" test Rubens Kuhl (Apr 20)
- Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 20)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 21)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 20)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 20)
- Re: "Is BGP safe yet?" test Alex Band (Apr 20)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 20)
- Re: "Is BGP safe yet?" test jim deleskie (Apr 20)
- Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)