Securing the BGP or controlling it?
nick at foobar.org
Mon May 10 15:52:12 UTC 2010
On 10/05/2010 16:29, Christopher Morrow wrote:
> qwest customers may want to take note here..."quickly enough" is how
> much of your business lost exactly?
this is a matter of risk analysis. No secure routing means we'll continue
to see the occasional high profile outage which is dealt with very quickly.
Secure routing is going to introduce significant complexities into the
inter-domain routing system. Complexities lead to greater pilot error, and
pilot error leads to outages.
So while we may have fixed the 2 hour youtube externally derived problem
which we get once every couple of years, it's probably going to come at the
cost of having N hours worth of outages per year per ASN, because someone's
mucked up their configuration, or has let their cert expire, or whatever.
My gut instinct tells me that secure routing and the rpki venture well into
the realm of negative returns. But I would be really interested to see
some proper risk analysis in this area done by someone with clue.
More information about the NANOG