Do Not Complicate Routing Security with Voodoo Economics
Neil J. McRae
neil at domino.org
Sun Sep 4 08:26:44 CDT 2011
Well said Randy - the previous paper is flawed and if the findings where true you would wonder how anyone ever created a viable online business.
Sent from my iPhone
On 4 Sep 2011, at 11:03, "Randy Bush" <randy at psg.com> wrote:
> [ http://archive.psg.com/110904.broadside.html ]
> Do Not Complicate Routing Security with Voodoo Economics
> a broadside
> A recent NANOG presentation and SIGCOMM paper by Gill, Schapira, and
> Goldberg drew a lot of 'discussion' from the floor. But that
> discussion missed significant problems with this work. I raise this
> because of fear that uncritical acceptance of this work will be used as
> the basis for others' work, or worse, misguided public policy.
> o The ISP economic and incentive model is overly naive to the point of
> being misleading,
> o The security threat model is unrealistic and misguided, and
> o The simulations are questionable.
> Basic ISP economics are quite different from those described by the
> authors. Above the tail links to paying customers, the expenses of
> inter-provider traffic are often higher than the income, thanks to the
> telcos' race to the bottom. In this counter-intuitive world, transit
> can often be cheaper than peering. I.e. history shows that in the rare
> cases where providers have been inclined to such games, they usually
> shed traffic not stole it, the opposite of what the paper presumes. The
> paper also completely ignores the rise of the content providers as
> described so well in SIGCOMM 2010 by Labovitz et alia
> It is not clear how to ‘fix’ the economic model, especially as says
> you can not do so with rigor. Once one starts, e.g. the paper may lack
> Tier-N peering richness which is believed to be at the edges, we have
> bought into the game for which there is no clear end.
> But this is irrelevant, what will motivate deployment of BGP security is
> not provider traffic-shifting. BGP security is, as its name indicates,
> about security, preventing data stealing (think banking
> transactions), keeping miscreants from originating address space of
> others (think YouTube incident) or as attack/spam sources, etc.
> The largest obstacle to deployment of BGP security is that the
> technology being deployed, RPKI-based origin validation and later
> BGPsec, are based on an X.509 certificate hierarchy, the RPKI. This
> radically changes the current inter-ISP web of trust model to one having
> ISPs' routing at the mercy of the Regional Internet Registries (RIRs).
> Will the benefits of security - no more YouTube incidents, etc. - be
> perceived as worth having one's routing at the whim of an
> non-operational administrative monopoly? Perhaps this is the real
> economic game here, and will cause a change in the relationship between
> the operators and the RIR cartel.
> The paper's simulations really should be shown not to rely on the
> popular but highly problematic3 Gao-Rexford model of inter-provider
> relationships, that providers prefer customers over peers (in fact, a
> number of global Tier-1 providers have preferred peers for decades), and
> that relationships are valley free, which also has significant
> exceptions. Yet these invalid assumptions may underpin the simulation
> Randy Bush <randy at psg.com>
> Dubrovnik, 2011.9.4
>  P. Gill, M. Schapira, and S. Goldberg, Let the Market Drive
> Deployment: A Strategy for Transitioning to BGP Security, SIGCOMM 2011,
> August 2011.
>   C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, and
> F. Jahanian, “Internet inter-domain traffic,” in SIGCOMM '10:
> Proceedings of the ACM SIGCOMM 2010 conference on SIGCOMM, 2010.
>  M. Roughan, W. Willinger, O. Maennel, D. Perouli, and R. Bush, 10
> Lessons from 10 Years of Measuring and Modeling the Internet's
> Autonomous Systems, IEEE Journal on Selected Areas in Communications,
> Vol. 29, No. 9, pp. 1-12, Oct. 2011.
>  A. Pilosov, T. Kapela. Stealing The Internet An Internet-Scale Man
> In The Middle Attack, Defcon 16, August, 2008.
More information about the NANOG