Home page logo
/

nanog logo nanog mailing list archives

Re: do not filter your customers
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sat, 25 Feb 2012 01:45:59 +0000


On Feb 25, 2012, at 7:49 AM, Randy Bush wrote:

i would love to see progress on the route leak problem.  i do not confuddle it with security.

Availability is a key aspect of security - the most important one, in many cases/contexts.  The availability of the 
control plane itself (i.e., being stable/resilient enough to continue doing its job even under various forms of duress) 
as well as the availability of the information about paths it propagates in order to allow the routing of transit 
traffic both fall squarely within the rubric of security, IMHO.

The disruption of transit traffic routing often caused by route leaks, as in this particular case, has a negative 
impact of the overall availability of affected networks/endpoints/applications/services/data.  However, route leaks are 
only one potential cause of such hits to availability - and while there are several BCPs which can and should be 
adopted in order to protect against control-plane disruption, they in many cases honored more in the breach than in the 
observance due to complexity, opex (as is the case with many - some would say most - security-related BCPs), and so 
forth.

The single best thing which could be done to improve the stability/resiliency of the control-plane on IP networks in 
general would be to change the nature of the control-plane (not just BGP, but the IGPs, as well) from in-band to 
out-of-band, IMHO.  I know this will probably never happen, but wanted to be sure that the point was made in relation 
to this specific topic for the sake of completeness, if nothing else.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault