Feedback Requested: Routing Resilience Manifesto
Colleagues, A small group of network operators has been working on defining a minimal, but feasible package of recommended measures that, if deployed on a wide scale, could result in visible improvements to the security and resilience of the global routing system. Many operators are ahead of the curve and already implement much more than the proposed recommendations. But we believe that gathering support for these relatively small steps could pave the road to more significant actions on a global scale. We called this set of recommendations a Routing Resilience Manifesto – you can find a draft document here: https://www.routingmanifesto.org/. This initial version of the Manifesto was drafted by a small group, but we need a wider community review, your feedback, and, ultimately, your support to make this initiative fly. It was already presented at several venues, like RIPE and NANOG, and now we open it for a more detailed review. Please note that this is very much a work in progress. Please review the document and provide your feedback and text suggestions online or via routingmanifesto@isoc.org by 31 August 2014. Regards, Andrei Robachevsky Internet Society
On Wed, Jul 2, 2014 at 10:23 AM, Andrei Robachevsky <robachevsky@isoc.org> wrote:
We called this set of recommendations a Routing Resilience Manifesto – you can find a draft document here: https://www.routingmanifesto.org/.
Howdy, First recommendation: ditch the word "manifesto." Manifesto is loaded with so many negative connotations that using it in a document intended to be taken seriously by professionals is unwise... particularly if those professionals will have to beg money from CEOs to implement any of the proposals. While less catchy, something along the lines of "Minimum Professional Routing Standards for Lawfully Operated Networks" is more apt to secure the needed cooperation, funding and vendor support. Seriously, manifesto? What's next, some routing unabombers? Oh wait, I guess we already have those, don't we? Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On the other hand, people will notice & read a Œmanifesto¹. The industry has preached things like BCP38 for many years with not great progress... On 7/2/14, 12:20 PM, "William Herrin" <bill@herrin.us> wrote:
On Wed, Jul 2, 2014 at 10:23 AM, Andrei Robachevsky <robachevsky@isoc.org> wrote:
We called this set of recommendations a Routing Resilience Manifesto you can find a draft document here: https://www.routingmanifesto.org/.
Howdy,
First recommendation: ditch the word "manifesto." Manifesto is loaded with so many negative connotations that using it in a document intended to be taken seriously by professionals is unwise... particularly if those professionals will have to beg money from CEOs to implement any of the proposals.
While less catchy, something along the lines of "Minimum Professional Routing Standards for Lawfully Operated Networks" is more apt to secure the needed cooperation, funding and vendor support.
Seriously, manifesto? What's next, some routing unabombers? Oh wait, I guess we already have those, don't we?
Regards, Bill Herrin
-- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Wed, Jul 2, 2014 at 1:05 PM, Livingood, Jason <Jason_Livingood@cable.comcast.com> wrote:
On the other hand, people will notice & read a Œmanifesto¹. The industry has preached things like BCP38 for many years with not great progress...
Howdy, Best practices just means you're not quite the best -- often a worthy trade for controlling cost, particularly if your customers won't notice. Besides, it's best -current- practices which means it'll probably change tomorrow and you won't have to do all that hard work after all. And if not tomorrow then surely the next day. People will notice you streaking across a football field. They won't pay the slightest attention to what you have to say but they sure will notice you. Shall we organize a naked routing run? Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Jul 2, 2014, at 1:52 PM, William Herrin <bill@herrin.us> wrote:
People will notice you streaking across a football field. They won't pay the slightest attention to what you have to say but they sure will notice you. Shall we organize a naked routing run?
No, but how else do you suggest we work to address these problems? There are side-effects of every tradeoff, including today NTP is unusable on some networks due to lack of BCP-38. Is the internet to be eventually defined as a few select ports and protocol numbers? While a naked run isn't my first choice, I am interested in practical solutions and responses. I've privately and publicly documented some of my challenges securing my networks with BCP-38. While perhaps not obviously related there is also the issue of BGP filtering and other things that create a nexus of interrelated items. How can we build a culture of cooperation around these topics to raise the bar? It isn't the most chronic or sexy thing to address, but the bar still needs to be raised before it becomes the latest in a list of things we all knew about and took no action on. - Jared
On Wed, Jul 2, 2014 at 2:00 PM, Jared Mauch <jared@puck.nether.net> wrote:
No, but how else do you suggest we work to address these problems? While a naked run isn't my first choice, I am interested in practical solutions and responses. I've privately and publicly documented some of my challenges securing my networks with BCP-38. While perhaps not obviously related there is also the issue of BGP filtering and other things that create a nexus of interrelated items.
Hi Jared, Have you ever known any problem to be solved with stronger awareness of the rules of whack-a-mole? The first level of the problem is technical: there's no efficient protocol for propagating knowledge about acceptable sources from each link from router to router and not nearly enough TCAM in shipping models to implement such a protocol if it existed. Every current anti-spoofing approach either involves slow and mistake-prone manual effort or is tied to trivial single-homed routing cases so often implemented by inept junior staff at third-tier networks. The second level of the problem is financial -- some customers will pay you to avoid being victims of the problem but none will pay you to avoid being facilitators. Protocols, software and TCAMs are expensive. Far more expensive than the abject lack of penalties, lawsuits, shutdowns and public shaming which result from the discovery of leaky origins. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Jul 2, 2014, at 2:22 PM, William Herrin <bill@herrin.us> wrote:
On Wed, Jul 2, 2014 at 2:00 PM, Jared Mauch <jared@puck.nether.net> wrote:
No, but how else do you suggest we work to address these problems? While a naked run isn't my first choice, I am interested in practical solutions and responses. I've privately and publicly documented some of my challenges securing my networks with BCP-38. While perhaps not obviously related there is also the issue of BGP filtering and other things that create a nexus of interrelated items.
Hi Jared,
Have you ever known any problem to be solved with stronger awareness of the rules of whack-a-mole?
The first level of the problem is technical: there's no efficient protocol for propagating knowledge about acceptable sources from each link from router to router and not nearly enough TCAM in shipping models to implement such a protocol if it existed. Every current anti-spoofing approach either involves slow and mistake-prone manual effort or is tied to trivial single-homed routing cases so often implemented by inept junior staff at third-tier networks.
I can't solve the inept staff problem either, this is a problem of people being paid to do something they're unqualified to do. They can muddle through it to a workable solution and folks say "great, it's fixed don't touch it" and move on. As a community we need to find these cases and educate those which haven't learned that proxy-arp, ip redirects (and ipv6 redirects) are bad and cause more damage than good. Perhaps this "manifesto" is the wrong way, but it's at least an attempt to enumerate some set of them and make it public to educate folks. I'd love to see all the members of this list be able to take one item and strive for it this year as a goal.
The second level of the problem is financial -- some customers will pay you to avoid being victims of the problem but none will pay you to avoid being facilitators. Protocols, software and TCAMs are expensive. Far more expensive than the abject lack of penalties, lawsuits, shutdowns and public shaming which result from the discovery of leaky origins.
Sure. I have been trying to avoid mentioning this, but there's at least one case this week where someone substituted their own moral standing in place of a party they feel wasn't doing the right thing. The fate of that event is still not determined. (I'm not trying to fork the discussion to be related, but it's certainly a threat that I'm paying close attention to). - Jared
On Wed, 02 Jul 2014 13:52:26 -0400, William Herrin said:
People will notice you streaking across a football field. They won't pay the slightest attention to what you have to say but they sure will notice you. Shall we organize a naked routing run?
Ew. That's a mental image I didn't need. Pass me the mind bleach.
On Wed, Jul 2, 2014 at 7:23 AM, Andrei Robachevsky <robachevsky@isoc.org> wrote:
Colleagues,
A small group of network operators has been working on defining a minimal, but feasible package of recommended measures that, if deployed on a wide scale, could result in visible improvements to the security and resilience of the global routing system.
Many operators are ahead of the curve and already implement much more than the proposed recommendations. But we believe that gathering support for these relatively small steps could pave the road to more significant actions on a global scale.
We called this set of recommendations a Routing Resilience Manifesto – you can find a draft document here: https://www.routingmanifesto.org/.
This initial version of the Manifesto was drafted by a small group, but we need a wider community review, your feedback, and, ultimately, your support to make this initiative fly. It was already presented at several venues, like RIPE and NANOG, and now we open it for a more detailed review. Please note that this is very much a work in progress.
Please review the document and provide your feedback and text suggestions online or via routingmanifesto@isoc.org by 31 August 2014.
Regards,
Andrei Robachevsky Internet Society
Well, that was easy. Already have 1 and 2 squared away. Only challenging one left is #3. Is the INOC-DBA project still around? Would love to sign up for that and be able to check off #3 as well. Once that's done, all that's left is the naked routing run. With the way temperatures have been, I'm all in favour of that--pick a date, let's make it happen! Matt
On Jul 2, 2014, at 2:23 PM, Matthew Petach <mpetach@netflight.com> wrote:
Is the INOC-DBA project still around? Would love to sign up for that and be able to check off #3 as well.
Yep. We had a bit of a dry spell on funding for it for a while, but we have someone starting full-time on it again in mid-August, and we’ve had some very good volunteers that have tided us over during the times when we didn’t have funded staff for it. And Cisco have, of course, been very generous with continuous support since INOC-DBA was rolled out in 2001. We’re in the process of a web-site overhaul that will include a new INOC-DBA configuration portal, and we’re currently testing out the new DX650 phones. I’m anticipating that a fair bit of the last few years’ development work will actually get rolled out in production over the course of the next year; there was quite a bit backed up behind the lack of full-time staff. -Bill
About #3... I had a little discussion on abuse-wg@RIPE a while ago about keeping records up to date and relevant. See below. Nobody at RIPE cares much at the moment (to actually pick up this subject). Maybe they need a push with a TerexRH400. David Hofstee Deliverability Management MailPlus B.V. Netherlands (ESP) ---------------------------------------------------------ctrl-v-------------------------------------------- Hi Frederik, Who has an interest in a clean database? The sloppy Org or Ripe? The answer is Ripe, therefore it should also spend energy [via Ripe Ncc] in (making sure that Orgs are) keeping it clean. Kids do not grow up themselves, it requires an active process. Organisations are not much different. David -----Oorspronkelijk bericht----- Van: Fredrik Widell [mailto:fredrik@resilans.se] Verzonden: vrijdag 15 maart 2013 10:37 Aan: MailPlus| David Hofstee CC: anti-abuse-wg@ripe.net Onderwerp: RE: [anti-abuse-wg] Abuse Reporting Issues On Fri, 15 Mar 2013, MailPlus| David Hofstee wrote: Well, that is probably more a sign of a sloppy organisation, it is up to the LIR to keep the ripedb up to date, this is not the role of RIPE. You probably dont expect RIPE to keep track of your old DNS-entrys and give you a phone-call if it seems that a customer-name is wrong do you?
Hi Frederik,
I am such a person (DH3195-RIPE). I entered my email a long time ago. Unlike passwords that expire and accounts that get locked when not used, this vital contact info is never re-validated. We never get mail that says: "Ripe wants to confirm that you are still having Role X in your organisation. Click here to confirm.". A full-inbox bounce could trigger a phone call. Etc. Ripe should charge money for not keeping records up to date.
In my (ESP) world, an email address that has not been used by the list-owner for over a year is a risk for a spam trap ;-).
Bye,
David ---------------------------------------------------------ctrl-v--------------------------------------------
-----Oorspronkelijk bericht----- Van: NANOG [mailto:nanog-bounces@nanog.org] Namens Andrei Robachevsky Verzonden: Wednesday, July 2, 2014 4:24 PM Aan: NANOG Onderwerp: Feedback Requested: Routing Resilience Manifesto Colleagues, A small group of network operators has been working on defining a minimal, but feasible package of recommended measures that, if deployed on a wide scale, could result in visible improvements to the security and resilience of the global routing system. Many operators are ahead of the curve and already implement much more than the proposed recommendations. But we believe that gathering support for these relatively small steps could pave the road to more significant actions on a global scale. We called this set of recommendations a Routing Resilience Manifesto - you can find a draft document here: https://www.routingmanifesto.org/. This initial version of the Manifesto was drafted by a small group, but we need a wider community review, your feedback, and, ultimately, your support to make this initiative fly. It was already presented at several venues, like RIPE and NANOG, and now we open it for a more detailed review. Please note that this is very much a work in progress. Please review the document and provide your feedback and text suggestions online or via routingmanifesto@isoc.org by 31 August 2014. Regards, Andrei Robachevsky Internet Society
On Thu, Jul 3, 2014 at 1:00 PM, David Hofstee <david@mailplus.nl> wrote:
About #3... I had a little discussion on abuse-wg@RIPE a while ago about keeping records up to date and relevant. See below.
Nobody at RIPE cares much at the moment (to actually pick up this subject). Maybe they need a push with a TerexRH400.
You get a lot of network and DNS types and maybe 1% of them will be concerned with the mechanics of abuse prevention - that's the other group down the hall, and "they are not the internet police". Ah well .. maybe that's better than hamfisted lanham act takedowns of whitehat dynamic dns providers - but those are two extremes. --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
participants (9)
-
Andrei Robachevsky -
Bill Woodcock -
David Hofstee -
Jared Mauch -
Livingood, Jason -
Matthew Petach -
Suresh Ramasubramanian -
Valdis.Kletnieks@vt.edu -
William Herrin