Do Not Complicate Routing Security with Voodoo Economics

Neil J. McRae neil at domino.org
Sun Sep 4 08:26:44 CDT 2011


Well said Randy - the previous paper is flawed and if the findings where true you would wonder how anyone ever created a viable online business.

Neil

Sent from my iPhone

On 4 Sep 2011, at 11:03, "Randy Bush" <randy at psg.com> wrote:

> [ http://archive.psg.com/110904.broadside.html ]
> 
>    Do Not Complicate Routing Security with Voodoo Economics
>                  a broadside
> 
> A recent NANOG presentation and SIGCOMM paper by Gill, Schapira, and
> Goldberg[1] drew a lot of 'discussion' from the floor.  But that
> discussion missed significant problems with this work.  I raise this
> because of fear that uncritical acceptance of this work will be used as
> the basis for others' work, or worse, misguided public policy.
> o The ISP economic and incentive model is overly naive to the point of
>   being misleading, 
> o The security threat model is unrealistic and misguided, and
> o The simulations are questionable.
> 
> Basic ISP economics are quite different from those described by the
> authors.  Above the tail links to paying customers, the expenses of
> inter-provider traffic are often higher than the income, thanks to the
> telcos' race to the bottom.  In this counter-intuitive world, transit
> can often be cheaper than peering.  I.e. history shows that in the rare
> cases where providers have been inclined to such games, they usually
> shed traffic not stole it, the opposite of what the paper presumes.  The
> paper also completely ignores the rise of the content providers as
> described so well in SIGCOMM 2010 by Labovitz et alia[2]
> 
> It is not clear how to ‘fix’ the economic model, especially as[3] says
> you can not do so with rigor.  Once one starts, e.g. the paper may lack
> Tier-N peering richness which is believed to be at the edges, we have
> bought into the game for which there is no clear end.
> 
> But this is irrelevant, what will motivate deployment of BGP security is
> not provider traffic-shifting.  BGP security is, as its name indicates,
> about security, preventing data stealing (think banking
> transactions[4]), keeping miscreants from originating address space of
> others (think YouTube incident) or as attack/spam sources, etc.
> 
> The largest obstacle to deployment of BGP security is that the
> technology being deployed, RPKI-based origin validation and later
> BGPsec, are based on an X.509 certificate hierarchy, the RPKI.  This
> radically changes the current inter-ISP web of trust model to one having
> ISPs' routing at the mercy of the Regional Internet Registries (RIRs).
> Will the benefits of security - no more YouTube incidents, etc. - be
> perceived as worth having one's routing at the whim of an
> non-operational administrative monopoly?  Perhaps this is the real
> economic game here, and will cause a change in the relationship between
> the operators and the RIR cartel.
> 
> The paper's simulations really should be shown not to rely on the
> popular but highly problematic3 Gao-Rexford model of inter-provider
> relationships, that providers prefer customers over peers (in fact, a
> number of global Tier-1 providers have preferred peers for decades), and
> that relationships are valley free, which also has significant
> exceptions.  Yet these invalid assumptions may underpin the simulation
> results.
> 
> ---
> 
> Randy Bush <randy at psg.com>
> Dubrovnik,  2011.9.4
> 
> [1] P. Gill, M. Schapira, and S. Goldberg, Let the Market Drive
> Deployment: A Strategy for Transitioning to BGP Security, SIGCOMM 2011,
> August 2011.
> http://conferences.sigcomm.org/sigcomm/2011/papers/sigcomm/p14.pdf
> 
> [2] [1] C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, and
> F. Jahanian, “Internet inter-domain traffic,” in SIGCOMM '10:
> Proceedings of the ACM SIGCOMM 2010 conference on SIGCOMM, 2010.
> 
> [3] M. Roughan, W. Willinger, O. Maennel, D. Perouli, and R. Bush, 10
> Lessons from 10 Years of Measuring and Modeling the Internet's
> Autonomous Systems, IEEE Journal on Selected Areas in Communications,
> Vol. 29, No. 9, pp. 1-12, Oct. 2011.
> https://archive.psg.com/111000.TenLessons.pdf
> 
> [4] A. Pilosov, T. Kapela. Stealing The Internet An Internet-Scale Man
> In The Middle Attack, Defcon 16, August, 2008.
> http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
> 
> 





More information about the NANOG mailing list