On Jul 2, 2014, at 2:22 PM, William Herrin <bill@herrin.us> wrote:
On Wed, Jul 2, 2014 at 2:00 PM, Jared Mauch <jared@puck.nether.net> wrote:
No, but how else do you suggest we work to address these problems? While a naked run isn't my first choice, I am interested in practical solutions and responses. I've privately and publicly documented some of my challenges securing my networks with BCP-38. While perhaps not obviously related there is also the issue of BGP filtering and other things that create a nexus of interrelated items.
Hi Jared,
Have you ever known any problem to be solved with stronger awareness of the rules of whack-a-mole?
The first level of the problem is technical: there's no efficient protocol for propagating knowledge about acceptable sources from each link from router to router and not nearly enough TCAM in shipping models to implement such a protocol if it existed. Every current anti-spoofing approach either involves slow and mistake-prone manual effort or is tied to trivial single-homed routing cases so often implemented by inept junior staff at third-tier networks.
I can't solve the inept staff problem either, this is a problem of people being paid to do something they're unqualified to do. They can muddle through it to a workable solution and folks say "great, it's fixed don't touch it" and move on. As a community we need to find these cases and educate those which haven't learned that proxy-arp, ip redirects (and ipv6 redirects) are bad and cause more damage than good. Perhaps this "manifesto" is the wrong way, but it's at least an attempt to enumerate some set of them and make it public to educate folks. I'd love to see all the members of this list be able to take one item and strive for it this year as a goal.
The second level of the problem is financial -- some customers will pay you to avoid being victims of the problem but none will pay you to avoid being facilitators. Protocols, software and TCAMs are expensive. Far more expensive than the abject lack of penalties, lawsuits, shutdowns and public shaming which result from the discovery of leaky origins.
Sure. I have been trying to avoid mentioning this, but there's at least one case this week where someone substituted their own moral standing in place of a party they feel wasn't doing the right thing. The fate of that event is still not determined. (I'm not trying to fork the discussion to be related, but it's certainly a threat that I'm paying close attention to). - Jared