NAP/ISP Saturation WAS: Re: Exchanges that matter...
avg at pluris.com
Fri Dec 20 22:57:22 UTC 1996
Alex Bligh> Hmmm.. fragile world we live in.
Paul Ferguson> That's what BGP peer authentication is for. :-)
Ah. It's all one huge silliness.
There is a $0.02 fix for the "routing security" problem --
use a logically separate network for exchanging routing and
network monitoring information. That solution will be
100 years old next afternoon.
Routing updates must _not_ be encapsulated in routable datagrams.
That much, people who did GGP got right.
(That breaks iBGP hack, of course, but that hack is a horrible
kludge anyway, brought to us by silly IGPs which have no provisions
for preserving exterior route information. Somehow no meaningful
IGP work is done to fix that. Instead everybody is playing EiTeeEem
and ReeSeeVeePeee and other kinds of cluelessness.)
It does not make any sense to use any other authentication but
the fact that there's a physical connection between boxes. If
somebody can hack _that_, he can do so many other nasty things
that routing security is hardly relevant.
Internet is in a desperate need of sanity. The latest IETF
convinced me there's not going to be any any time soon.
It's a scary world we live in.
More information about the NANOG