On Aug 29, 2014, at 6:08 AM, Job Snijders <job@instituut.net> wrote:
On Fri, Aug 29, 2014 at 06:39:32PM +0900, Randy Bush wrote:
Loose mode would drop failing routes, iff there is covering (i.e. less specific is ok) route already in RIB. isn't that exactly the hole punching attack? No, as the the more specific route is signed and is preferred (longest match routing) against the less specific hijacked route
clearly i am missing something. got a write-up?
I'll attempt to clarify.
Assume:
ROA: 10.0.0.0/16, max_length = 16, origin = AS123 in RIB: 10.0.0.0/16 origin AS123 (valid)
With the above two conditions any updates containing more-specifics of 10.0.0.0/16 would be rejected/not-installed, just like in todays 'strict mode'
Loose mode A would look like this:
In the case that 10.0.0.0/16 origin AS123 is not in your table, the loose mode would kick in and one could accept more specifics for 10.0.0.0/16, but only when originated by AS123.
Loose mode B would look like this:
In the case that 10.0.0.0/16 origin AS123 is not in your table, the loose mode would kick in and one could accept more specifics for 10.0.0.0/16 originated by any ASN.
The major point is that when the valid route is missing, one might choose to accept invalid routes. When the valid route returns, the invalids are purged from your table.
Or in other words: Proposal is, that when additional 'loose' mode is configured, invalid routes are accepted if and only if they are the only route to destination. If there is any other route (less-specific) which is not invalid, it will be used, instead of the invalid route.
In your examples, you presume there's a ROA for the less-specific. Here you say "not invalid", which would mean a route that is "unknown", i.e. no ROA exists. Your Loose Mode A relies on the existence of the ROA - you accept more specifics but only when originated by the ASN in the ROA. So which do you mean? The less specific has a ROA or the less specific may not have a ROA? (Just trying to work this out in my head.) --Sandy P.S. All the RPKI use is subject to local routing policy, so working out impact of different policies is a really good thing.