Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
Thank you all for the discussion and feedback. >From the email thread we conclude there are no principal objections and close the LC. Best regards, Jan Zorz & Benno Overeinder On 29/05/2018 15:12, Job Snijders wrote: > On Tue, May 29, 2018 at 09:03:48AM +0300, Hank Nussbacher wrote: >> On 28/05/2018 14:53, Job Snijders wrote: >>> On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote: On 17/05/2018 17:02, Benno Overeinder wrote: Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics? >> >>> If someone registers a /25, and announces it, and the RPKI ROA >>> allows it, then what is the problem? :-) >> >> I am not talking about a registered /25. I am talking about someone >> hijacking your /24 or your /21 by announcing a bunch of /25s. > > I'm pretty sure the MANRS documentation suggests that you should not > accept & propagate hijacked prefixes (regardless of prefix length). > > Kind regards, > > Job > -- Benno J. Overeinder NLnet Labs https://www.nlnetlabs.nl/
Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
On Tue, May 29, 2018 at 09:03:48AM +0300, Hank Nussbacher wrote: > On 28/05/2018 14:53, Job Snijders wrote: > > On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote: > >> On 17/05/2018 17:02, Benno Overeinder wrote: > >> > >> Maybe I'm missing it when reading the website and the BCOP but where > >> does it state to *not *allow /25 or more specifics? > > > If someone registers a /25, and announces it, and the RPKI ROA > > allows it, then what is the problem? :-) > > I am not talking about a registered /25. I am talking about someone > hijacking your /24 or your /21 by announcing a bunch of /25s. I'm pretty sure the MANRS documentation suggests that you should not accept & propagate hijacked prefixes (regardless of prefix length). Kind regards, Job
Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
> On 28/05/2018 14:53, Job Snijders wrote: >> On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote: >>> On 17/05/2018 17:02, Benno Overeinder wrote: >>> >>> Maybe I'm missing it when reading the website and the BCOP but where >>> does it state to *not *allow /25 or more specifics? >> If someone registers a /25, and announces it, and the RPKI ROA allows >> it, then what is the problem? :-) >> >> - Job >> > I am not talking about a registered /25. I am talking about someone > hijacking your /24 or your /21 by announcing a bunch of /25s. That shouldn't get far because they can't create the ROA. You SHOULD NOT filter all /25s (or /26s or /27s) as some of these have been assigned by RIPE NCC. Paul.
Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
On 28/05/2018 14:53, Job Snijders wrote: > On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote: >> On 17/05/2018 17:02, Benno Overeinder wrote: >> >> Maybe I'm missing it when reading the website and the BCOP but where >> does it state to *not *allow /25 or more specifics? > If someone registers a /25, and announces it, and the RPKI ROA allows > it, then what is the problem? :-) > > - Job > I am not talking about a registered /25. I am talking about someone hijacking your /24 or your /21 by announcing a bunch of /25s. -Hank
Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
> If someone registers a /25, and announces it, and the RPKI ROA allows > it, then what is the problem? :-) with ipv4 run-out, this day will come
Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
ExterNetworks Inc. is a http://www.extnoc.com/; target="_blank">managed it service providers since 2001. We provide End-to-end solutions featuring Design, Deployment and 24/7 IT support. Battle-tested and performance-proven professionals down the street and around the world give us capacity that is unequalled. With offices around the world, more than 500 full-time employees and over 1000 field technicians, we deploy help and solutions in a hurry. Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote: > On 17/05/2018 17:02, Benno Overeinder wrote: > > Maybe I'm missing it when reading the website and the BCOP but where > does it state to *not *allow /25 or more specifics? If someone registers a /25, and announces it, and the RPKI ROA allows it, then what is the problem? :-) - Job
Re: [routing-wg] Fwd: [bcop] Abstract of the MANRS BCOP
On 17/05/2018 17:02, Benno Overeinder wrote: Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics? The entire reason for MANRS is to prevent route hijacking. An ISP that allows /25s or /26s to be leaked will easily circumvent all filters and protections put in place since the /25 will override the /24 that most of us filter on. Without it specifically stated, we can't come to an ISP that just announced 1000 /25s and tell them they did something wrong. Cuz it doesn't appear anywhere in our BCOP. Please clue me in as to what I am missing since the way it looks now, it doesn't do what it is supposed to do. Thanks, Hank > As discussed in the BCOP TF meeting on Monday, we want to inform the > Routing WG on the status of the MANRS (https://www.manrs.org/manrs/) and > the MANRS Abstract BCOP. > > MANRS have been presented a number of times at the BCOP TF and at the > Routing WG. The actual MANRS guidelines are published on the manrs.org > website, but the BCOP TF had the opinion that a RIPE series document has > value as a static reference to the MANRS. With the community input and > feedback an extended abstract has been written down (see attachment). > > Last year August the BCOP TF announced and closed the last call for > comments on the MANRS Extended Abstract on the BCOP mailing list > b...@ripe.net. Somewhat delayed, we want announce on the Routing WG > mailing list the last call for this document with a time window of two > weeks (until June 1st). > > Thank you and best regards, > > Jan Zorz & Benno Overeinder > > > Forwarded Message > Subject: Re: [bcop] Abstract of the MANRS BCOP > Date: Tue, 22 Aug 2017 15:44:12 +0200 > From: Benno Overeinder> To: BCOP Task Force > CC: Jan Zorz - Go6 > > This reminder is directed to the BCOP TF mailing list subscribers. > > In the BCOP TF meeting we announced a period of last comments on the > extended MANRS BCOP abstract draft and to publish this as a RIPE document. > We want to close the comments period in two weeks and move the draft > further in the process to make it a RIPE document. Note that the draft > is an abstract of the MANRS BCOP and references the full MANRS BCOP that > includes examples and can be extended in the future. The MANRS extended > abstract published as a RIPE document will be a stable document. > > Best regards, > > — Benno > > >> On 8 May 2017, at 13:31, Andrei Robachevsky wrote: >> >> Hi, >> >> The final version of the MANRS BCOP has been published on the MANRS >> website: https://www.manrs.org/bcop/. Both a PDF and an online versions >> are available. >> >> However, to bring the bcop process to an official closure, chairs >> suggested that instead of publishing the MANRS BCOP as a RIPE document, >> that might be too constrained, we publish just an abstract. And once the >> BCOP global repository is in place, we can put it there in whatever >> format is most convenient. >> >> I am attaching the abstract for your review and comments. >> >> Regards, >> >> Andrei >> <20170508-MANRS-BCOP-abstract.txt><20170508-MANRS-BCOP-abstract.docx>