de-peering for security sake
Michael O'Connor
moc at es.net
Tue Jan 19 15:12:31 UTC 2016
Why do we believe network administrators can advocate perfectly for
customer access?
I couldn't control my own children's access without making us all
miserable.
Nation state access control in a free country at the network layer is bound
to fail, way too many cats to herd.
On Mon, Jan 18, 2016 at 2:31 PM, <bzs at theworld.com> wrote:
>
> On January 18, 2016 at 00:21 Valdis.Kletnieks at vt.edu (
> Valdis.Kletnieks at vt.edu) wrote:
> > On Sun, 17 Jan 2016 19:39:52 -0500, bzs at theworld.com said:
> > > How about if backed by an agreement with the 5 RIRs stating no new
> > > resource allocations or transfers etc unless a contract is signed and
> > > enforced? Or similar.
> >
> > Then they'd just resort to hijacking address space.
> >
> > Oh wait, they already do that and get away with it....
>
> I think we're talking about two different problems, both valid.
>
> One is legitimate operators who probably mostly want to do the right
> thing but are negligent, disagree (perhaps with many one this list) on
> what is an actionable problem, etc.
>
> The other are those actors prone to criminality.
>
> I was addressing the first problem though I'd assert that progress on
> the first problem would likely yield progress on the second, or
> cooperation anyhow.
>
> >
> > (And a threat of withholding IP address space from long-haul providers
> isn't as
> > credible - they have much less need for publicly routed IP addresses
> than
> > either eyeball farms or content farms, so you'll have to find some
> other way to
> > motivate them to not accept a hijacked route announcement...)
> >
>
> No man is an island entire of himself -- John Donne.
>
> First one has to agree to the concept of creating a network based on
> contractual agreements.
>
> I gave some examples of how to encourage actors to enter into those
> contracts, my list wasn't intended to be exhaustive, it was intended
> to be an existence proof, some pressure points exist and are easy to
> understand even if not complete.
>
> Besides, why make the perfect the enemy of the good? If many, perhaps
> not all (or not at first), agreed to a common set of contractual
> obligations that would be progress, no?
>
> Is there even a document which describes what a "hijacked" net block
> is and why it is bad? Obvious? No, it is not obvious. The best one can
> say is there exist obvious cases.
>
> --
> -Barry Shein
>
> Software Tool & Die | bzs at TheWorld.com |
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
> The World: Since 1989 | A Public Information Utility | *oo*
>
--
Michael O'Connor
ESnet Network Engineering
moc at es.net
631 344-7410
More information about the NANOG
mailing list