nanog mailing list archives
Re: "Is BGP safe yet?" test
From: jim deleskie <deleskie () gmail com>
Date: Mon, 20 Apr 2020 16:10:08 -0300
I remember having this discussion more than 20yrs ago, minus the ARIN bit, couldn't get every to agree to it it then either :(. We don't need more rules, we just need to start with basic hygiene. Was a novel idea :) On Mon., Apr. 20, 2020, 2:41 p.m. Christopher Morrow, < morrowc.lists () gmail com> wrote:
On Mon, Apr 20, 2020 at 12:25 PM Tom Beecher <beecher () beecher cc> wrote:Technical people need to make the business case to management for RKPIby laying out what it would cost to implement (equipment, resources, ongoing opex), and what the savings are to the company from protecting themselves against hijacks. By taking this step, I believe RPKI will become viewed by non-technical decision makers as a 'Cloudflare initiative' instead of a 'good of the internet' initiative, especially by some companies who compete with Cloudflare in the CDN space. you say here: "RPKI" but the cloudflare thing is a little bit more nuanced than that, right? 'RPKI" is really: "Did you sign ROA for your IP Number Resources?" what you do with the RPKI data is the 'more nuanced' part of the webpage. 1) Do you just sign? 2) do you sign and also do Origin Validation(OV) for your peers? 3) do you just do OV and not sign your own IP Number Resources? I think CloudFlare (and other folk doing bgp security work) would like 'everyone' to: 1) sign ROA for their IP number resources 2) enable OV on your peerings 3) prefix filter all of your peeringsI believe that will change the calculus and make it a more difficultsell for technical people to get resources approved to make it happen. I don't think that's the case... but I'm sure we'll be proven wrong :) -chris
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
- Re: "Is BGP safe yet?" test Rubens Kuhl (Apr 20)
- Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 20)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 21)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 20)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 20)
- Re: "Is BGP safe yet?" test Alex Band (Apr 20)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 20)
- Re: "Is BGP safe yet?" test jim deleskie (Apr 20)
- Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Sander Steffann (Apr 21)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 21)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)