soBGP deployment
Christopher Woodfield
rekoil at semihuman.com
Fri May 20 18:31:21 UTC 2005
As far as answering the "First Goal" of the article, I really don't
see much here that isn't handled today by route registries, except
for the TLS certificate stuff. Not sure how much security that adds,
practically; how often do people see their route objects jacked by
hax0rs?
For the "Second Goal" part, this is somewhat intriguing, although I
would like to know how often "fake" as-paths get leaked and if it
really happens often enough to justify a new BGP infrastructure in
order to prevent it. Maybe as part of BGPv5, where there are other
benefits to migrating to the new protocol (32-bit ASNs, anyone?)
In short, the goals seem laudable, but it seems that this solution
seems a bit, well, extreme, and I'm not sure if the disease if worse
than the cure. That said, I'm curious how much of this can be
implemented realistically at the single-peer level the paper
mentions. Just don't ask me to run it on a GRP-B.
-C
On May 19, 2005, at 7:51 PM, vijay gill wrote:
>
> If you are an operator, would you deploy soBGP or something like
> it? If not, why not.
>
> http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac236/
> about_cisco_ipj_archive_article09186a00801c5a9b.html
>
> /vijay
>
More information about the NANOG
mailing list