[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Is BGP safe yet?" test

I remember having this discussion more than 20yrs ago, minus the ARIN bit,
couldn't get every to agree to it it then either :(. We don't need more
rules, we just need to start with basic hygiene. Was a novel idea :)

On Mon., Apr. 20, 2020, 2:41 p.m. Christopher Morrow, <
morrowc.lists at gmail.com> wrote:

> On Mon, Apr 20, 2020 at 12:25 PM Tom Beecher <beecher at beecher.cc> wrote:
> >
> > Technical people need to make the business case to management for RKPI
> by laying out what it would cost to implement (equipment, resources,
> ongoing opex), and what the savings are to the company from protecting
> themselves against hijacks. By taking this step, I believe RPKI will become
> viewed by non-technical decision makers as a 'Cloudflare initiative'
> instead of a 'good of the internet' initiative, especially by some
> companies who compete with Cloudflare in the CDN space.
> you say here: "RPKI"
> but the cloudflare thing is a little bit more nuanced than that, right?
> 'RPKI" is really: "Did you sign ROA for your IP Number Resources?"
> what you do with the RPKI data is the 'more nuanced' part of the webpage.
>    1) Do you just sign?
>    2) do you sign  and also do Origin Validation(OV) for your peers?
>    3) do you just do OV and not sign your own IP Number Resources?
> I think CloudFlare (and other folk doing bgp security work) would like
> 'everyone' to:
>   1) sign ROA for their IP number resources
>   2) enable OV on your peerings
>   3) prefix filter all of your peerings
> > I believe that will change the calculus and make it a more difficult
> sell for technical people to get resources approved to make it happen.
> I don't think that's the case... but I'm sure we'll be proven wrong :)
> -chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200420/ddf6a9c9/attachment.html>