ROVER routing security - its not enumeration
Doug Montgomery
dougm.tlist at gmail.com
Wed Jun 6 18:13:41 UTC 2012
On 6/5/12 3:40 PM, Randy Bush wrote:
>>> There are number of operational models that provide the needed
>>> routing protection without enumeration.
>> I can see a use-case for something like:
>> "Build me a prefix list from the RIR data"
> this requires a full data fetch, not doable in dns.
>
> and, at the other end of the spectrum, for any dynamic lookup on
> receiving a bgp announcement, the data had best be already in the
> router. a full data set on an in-rack cache will go nuts on any
> significant bgp load. beyond that, you are in non-op space.
>
> randy
>
I think we debate the superficial here, and without sufficient
imagination. The enumerations vs query issue is a NOOP as far as I am
concerned. With a little imagination, one could envision building a
box that takes a feed of prefixes observed, builds an aged cache of
prefixes of interest, queries for their SRO records, re queries for
those records before their TTLs expire, and maintains a white list of
"SRO valid" prefix/origin pairs that it downloads to the router.
Lets call that box a SRO validating cache.
Where do you get the feed of prefixes of interest? From your own RIBs
if you are only interested in white lists proportional to the routes you
actually see, e.g., feed the box iBGP. From other sources (monitors,
etc) if you would like a white list of every known prefix that anyone
has seen.
What about a completely new prefix being turned up? ... we could talk
through those scenarios in each approach.
How does the cache down load the white list to the router ... we already
have one approach for that. Add a bit to the protocol to distinguish
semantics of SRO from ROA semantics if necessary.
Point being, with a little imagination I think one could build
components with either approach with similar black box behavior.
If there are real differences in these approaches it will be in their
inherent trust models, the processes that maintain those trust models,
the system's level behavior of the info creation and distribution
systems, and the expressiveness of their validation frameworks.
dougm
More information about the NANOG
mailing list