"Is BGP safe yet?" test

Mark Tinka mark.tinka at seacom.mu
Mon Apr 20 15:31:03 UTC 2020

On 20/Apr/20 17:08, Andrey Kostin wrote:
> Hi Nanog list,
> Would be interesting to hear your opinion on this:
> https://isbgpsafeyet.com/

From a practical standpoint, this doesn't actually tell the whole truth
in our case because we do not accept the ARIN TAL. Given that this
system is "ARIN-based", it says we aren't safe.

Swiftly moving on...

> We have cases when residential customers ask support "why is your
> service isn't safe?" pointing to that article. It's difficult to
> answer correctly considering that the asking person usually doesn't
> know what BGP is and what it's used for, save for understanding it's
> function, design and possible misuses.
> IMO, on one hand it promotes and is aimed to push RPKI deployment, on
> the other hand is this a proper way for it? How ethical is to claim
> other market players unsafe, considering that scope of possible impact
> of not implementing it has completely different scale for a small stub
> network and big transit provider?

On count two, my experience with doing the RPKI deployathon in Melbourne
during this past APRICOT led to some random news web site talking about
how "I would be shedding all invalid routes blah blah", which while not
untrue, had locals all the way in South Africa asking if the Internet
was going to collapse.

So while I think these initiatives are useful, considering that
information has been democratized to such an extent that it is now a
commodity, we might do well to consider the fallout for folk that do not
know (or care) about how the Internet works, but know that their lives
depend on it, and what that means for our individual SNR's.


More information about the NANOG mailing list