On Wed, Sep 18, 2002 at 07:31:41PM +0200, Iljitsch van Beijnum wrote:
On Wed, 18 Sep 2002, Steven M. Bellovin wrote:
Wow, we should all start using out of band management. Anyone think it is feasible to do management of an IP network exclusively out of band?
And BGP should be more secure. What is the problem we should be trying to fix here? There is a "Secure BGP" draft: http://www.ir.bbn.com/projects/sbgp/draft-clynn-s-bgp-protocol-00a.txt
I think the problem that people are attempting to address is the fact that most interprovider bgp sessions are unfiltered and this can cause significant problems if someone starts leaking improper routes or decides to do something malicious. Authentication of routing announcements is seen as better than "just letting it all slosh around".
Implementing this may make BGP very secure, but it will make the internet as a whole much less reliable because routing will no longer be a function that can be performed autonomously by routers, but something that's tied into a global (public key) infrastructure. An infrastructure that depends on routing to work... Hello circularity.
Well, you need to have graded levels of trust. You will trust your upstream more than your customers obviously. But yeah, there do become some issues if people aren't doing local mirroring of the dataset and they break their configs badly and need to reconfigure. This does increase the barrier to entry significantly in getting your announcements out there.
I read solutions (well, avenues for possible solutions) without a good indication of what the problem is. (That goes for both the Secure Cyberspace and S-BGP drafts.)
Well, there are significant problems today with router architecture that prevent s-bgp and other things from being deployed. Namely start looking at those still using 2500/4500/4700 for bgp in their networks (yes people still do this) and then ask it to do some major cryptograhic authentication... The hardware is not designed for this. Even a reasonable amount of todays 'modern' hardware may not be able to handle this due to the centralized architecture. (take the above router types as example as well as any others that don't have distributed forwarding). When "W" goes surfing the net at night to shop for things on ebay and can't get there because someone is improperly announcing a /24 to hijack/DoS them, these are the things that they will suggest down that there needs to be authentication and centralized routing data created. Take a look at the LERG sometime if you have the ability to see it. Lists the CLLI for each NPA-NXX that you are required to deliver the call to. There are those that understand that there are more complicated lookups involved but without people from the industry providing feedback and playing hawk on the gov't, we may not like what they come up with if we don't get people involved. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.