Securing the BGP or controlling it?

Nick Hilliard nick at foobar.org
Tue May 11 08:32:19 CDT 2010


On 10/05/2010 20:20, Randy Bush wrote:
> if something like those happen again, we are gonna be spending a lot of
> time explaining our selves to people who wear funny clothes, and telling
> them why it is not going to happen again if they let us keep our jobs.

Yes, I have observed that people who wear funny clothes with blood
constriction devices wrapped tightly around their necks seem to be
concerned primarily with ass covering theatre.

Risk analysis is ass covering without the theatre.  You collect data, make
a judgement based on that data, and if it turns out that the judgement says
that signed bgp updates constitute more of a stability risk to network
operations than the occasional shock problem, then you point these people
with odd dress sense towards the conclusions of this risk analysis report,
having made sure that the conclusions are printed in a 48pt font, with no
more than 2 syllables per word, preferably with a filled circle preceding
each sentence.

It may well be that they will ignore the risk analysis and be more
concerned with the theatre than with data; this happens all the time, an
excellent example being airport security, where security theatre seems to
be considered much more important than actual security.  Or it could go the
other way, where risk analysis dictates that sensible precautions be taken,
but they are thrown out for other reasons.  A good example here is road
safety, where it would be sensible to speed limit all cars to 50km/h, and
ban motorbikes and bull-bars;  but instead we substantially choose to
ignore the risk and accept an attrition rate of 80,000 people every year
between Europe and the US.

Nick




More information about the NANOG mailing list