Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-06-04 Thread Benno Overeinder 
Thank you all for the discussion and feedback.

>From the email thread we conclude there are no principal objections and
close the LC.

Best regards,

Jan Zorz & Benno Overeinder


On 29/05/2018 15:12, Job Snijders wrote:
> On Tue, May 29, 2018 at 09:03:48AM +0300, Hank Nussbacher wrote:
>> On 28/05/2018 14:53, Job Snijders wrote:
>>> On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
 On 17/05/2018 17:02, Benno Overeinder wrote:

 Maybe I'm missing it when reading the website and the BCOP but where
 does it state to *not *allow /25 or more specifics?
>>
>>> If someone registers a /25, and announces it, and the RPKI ROA
>>> allows it, then what is the problem? :-)
>>
>> I am not talking about a registered /25.  I am talking about someone
>> hijacking your /24 or your /21 by announcing a bunch of /25s. 
> 
> I'm pretty sure the MANRS documentation suggests that you should not
> accept & propagate hijacked prefixes (regardless of prefix length).
> 
> Kind regards,
> 
> Job
> 


-- 
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/

Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-05-29 Thread Job Snijders 
On Tue, May 29, 2018 at 09:03:48AM +0300, Hank Nussbacher wrote:
> On 28/05/2018 14:53, Job Snijders wrote:
> > On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
> >> On 17/05/2018 17:02, Benno Overeinder wrote:
> >>
> >> Maybe I'm missing it when reading the website and the BCOP but where
> >> does it state to *not *allow /25 or more specifics?
>
> > If someone registers a /25, and announces it, and the RPKI ROA
> > allows it, then what is the problem? :-)
>
> I am not talking about a registered /25.  I am talking about someone
> hijacking your /24 or your /21 by announcing a bunch of /25s. 

I'm pretty sure the MANRS documentation suggests that you should not
accept & propagate hijacked prefixes (regardless of prefix length).

Kind regards,

Job

Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-05-29 Thread Paul Hoogsteder 
> On 28/05/2018 14:53, Job Snijders wrote:
>> On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
>>> On 17/05/2018 17:02, Benno Overeinder wrote:
>>>
>>> Maybe I'm missing it when reading the website and the BCOP but where
>>> does it state to *not *allow /25 or more specifics?
>> If someone registers a /25, and announces it, and the RPKI ROA allows
>> it, then what is the problem? :-)
>>
>> - Job
>>
> I am not talking about a registered /25.  I am talking about someone
> hijacking your /24 or your /21 by announcing a bunch of /25s. 

That shouldn't get far because they can't create the ROA. You SHOULD NOT
filter all /25s (or /26s or /27s) as some of these have been assigned by
RIPE NCC.

Paul.

Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-05-29 Thread Hank Nussbacher 
On 28/05/2018 14:53, Job Snijders wrote:
> On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
>> On 17/05/2018 17:02, Benno Overeinder wrote:
>>
>> Maybe I'm missing it when reading the website and the BCOP but where
>> does it state to *not *allow /25 or more specifics?
> If someone registers a /25, and announces it, and the RPKI ROA allows
> it, then what is the problem? :-)
>
> - Job
>
I am not talking about a registered /25.  I am talking about someone
hijacking your /24 or your /21 by announcing a bunch of /25s. 


-Hank

Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-05-28 Thread Randy Bush 
> If someone registers a /25, and announces it, and the RPKI ROA allows
> it, then what is the problem? :-)

with ipv4 run-out, this day will come

Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-05-28 Thread ramya sri 

ExterNetworks Inc. is a http://www.extnoc.com/; 
target="_blank">managed it service providers since 2001. We provide 
End-to-end solutions featuring Design, Deployment and 24/7 IT support. 
Battle-tested and performance-proven professionals down the street and around 
the world give us capacity that is unequalled. With offices around the world, 
more than 500 full-time employees and over 1000 field technicians, we deploy 
help and solutions in a hurry.

Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum

Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-05-28 Thread Job Snijders 
On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
> On 17/05/2018 17:02, Benno Overeinder wrote:
> 
> Maybe I'm missing it when reading the website and the BCOP but where
> does it state to *not *allow /25 or more specifics?

If someone registers a /25, and announces it, and the RPKI ROA allows
it, then what is the problem? :-)

- Job

Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP

2018-05-17 Thread Hank Nussbacher 
On 17/05/2018 17:02, Benno Overeinder wrote:

Maybe I'm missing it when reading the website and the BCOP but where
does it state to *not *allow /25 or more specifics?
The entire reason for MANRS is to prevent route hijacking.  An ISP that
allows /25s or /26s to be leaked will easily circumvent all filters and
protections put in place since the /25 will override the /24 that most
of us filter on.  Without it specifically stated, we can't come to an
ISP that just announced 1000 /25s and tell them they did something
wrong.  Cuz it doesn't appear anywhere in our BCOP.

Please clue me in as to what I am missing since the way it looks now, it
doesn't do what it is supposed to do.

Thanks,
Hank

> As discussed in the BCOP TF meeting on Monday, we want to inform the
> Routing WG on the status of the MANRS (https://www.manrs.org/manrs/) and
> the MANRS Abstract BCOP.
>
> MANRS have been presented a number of times at the BCOP TF and at the
> Routing WG.  The actual MANRS guidelines are published on the manrs.org
> website, but the BCOP TF had the opinion that a RIPE series document has
> value as a static reference to the MANRS.  With the community input and
> feedback an extended abstract has been written down (see attachment).
>
> Last year August the BCOP TF announced and closed the last call for
> comments on the MANRS Extended Abstract on the BCOP mailing list
> b...@ripe.net.  Somewhat delayed, we want announce on the Routing WG
> mailing list the last call for this document with a time window of two
> weeks (until June 1st).
>
> Thank you and best regards,
>
> Jan Zorz & Benno Overeinder
>
>
>  Forwarded Message 
> Subject: Re: [bcop] Abstract of the MANRS BCOP
> Date: Tue, 22 Aug 2017 15:44:12 +0200
> From: Benno Overeinder 
> To: BCOP Task Force 
> CC: Jan Zorz - Go6 
>
> This reminder is directed to the BCOP TF mailing list subscribers.
>
> In the BCOP TF meeting we announced a period of last comments on the
> extended MANRS BCOP abstract draft and to publish this as a RIPE document.
> We want to close the comments period in two weeks and move the draft
> further in the process to make it a RIPE document.  Note that the draft
> is an abstract of the MANRS BCOP and references the full MANRS BCOP that
> includes examples and can be extended in the future.  The MANRS extended
> abstract published as a RIPE document will be a stable document.
>
> Best regards,
>
> — Benno
>
>
>> On 8 May 2017, at 13:31, Andrei Robachevsky  wrote:
>>
>> Hi,
>>
>> The final version of the MANRS BCOP has been published on the MANRS
>> website: https://www.manrs.org/bcop/. Both a PDF and an online versions
>> are available.
>>
>> However, to bring the bcop process to an official closure, chairs
>> suggested that instead of publishing the MANRS BCOP as a RIPE document,
>> that might be too constrained, we publish just an abstract. And once the
>> BCOP global repository is in place, we can put it there in whatever
>> format is most convenient.
>>
>> I am attaching the abstract for your review and comments.
>>
>> Regards,
>>
>> Andrei
>> <20170508-MANRS-BCOP-abstract.txt><20170508-MANRS-BCOP-abstract.docx>