BGP Experiment
Töma Gavrichenkov
ximaera at gmail.com
Wed Jan 9 18:24:25 UTC 2019
On Wed, Jan 9, 2019 at 9:07 PM Saku Ytti <saku at ytti.fi> wrote:
> Not disputing bug or bog house as ideal location for said policy, just
> want to explain my perspective why it is so.
So, network device vendors releasing security advisories twice a year
isn't a big part of the explanation?
> Hitless upgrades are not really a thing yet, even though they've been
> marketed for 20 years now.
This is correct; on the flip side, hitless vulnerabilities haven't
even been marketed, much less invented.
> Only reason things work as well as they do, is because bad
> guys are not trying to DoS the infrastructure with BGP or
> packet-of-deaths
Err... don't they? My experience is quite the opposite.
> If this is something we think should be fixed, then we should have
> good guys intentionally fuzzing _public internet_ BGP and
> transit-packet-of-deaths with good reporting.
If we could be sure that after such fuzzing there would still be a
working transport infrastructure to report on top of, then yes.
> if they are abused, Internet will fix those in no more than
> days
— just like we did with IoT in 2016 —
> and trying to guarantee it cannot happen probably is fools
> errant
> If anything, I suspect if it's cheaper to enter the market with
> inferior security and quality then that is likely good business case
This is also correct so far. I wonder if it's here to stay.
--
Töma
More information about the NANOG
mailing list