BGP Experiment

Töma Gavrichenkov ximaera at gmail.com
Wed Jan 9 18:24:25 UTC 2019


On Wed, Jan 9, 2019 at 9:07 PM Saku Ytti <saku at ytti.fi> wrote:
> Not disputing bug or bog house as ideal location for said policy, just
> want to explain my perspective why it is so.

So, network device vendors releasing security advisories twice a year
isn't a big part of the explanation?

> Hitless upgrades are not really a thing yet, even though they've been
> marketed for 20 years now.

This is correct; on the flip side, hitless vulnerabilities haven't
even been marketed, much less invented.

> Only reason things work as well as they do, is because bad
> guys are not trying to DoS the infrastructure with BGP or
> packet-of-deaths

Err... don't they?  My experience is quite the opposite.

> If this is something we think should be fixed, then we should have
> good guys intentionally fuzzing _public internet_ BGP and
> transit-packet-of-deaths with good reporting.

If we could be sure that after such fuzzing there would still be a
working transport infrastructure to report on top of, then yes.

> if they are abused, Internet will fix those in no more than
> days

 — just like we did with IoT in 2016 —

> and trying to guarantee it cannot happen probably is fools
> errant

> If anything, I suspect if it's cheaper to enter the market with
> inferior security and quality then that is likely good business case

This is also correct so far. I wonder if it's here to stay.

--
Töma



More information about the NANOG mailing list