Re: Security of BGP Re: Status of the 16-bit AS Number space

On 25 mei 2009, at 19:34, Phillip Hallam-Baker wrote: But I think we need to restate the problem. We don't need to prove that the information is valid so much as determine whether it is likely to break things or not. Not simple. One approach that seems attractive is to still allow routes

Re: Security of BGP Re: Status of the 16-bit AS Number space

On Sat, May 23, 2009 at 5:52 AM, Iljitsch van Beijnum iljit...@muada.com wrote: [belatedly] On 12 mei 2009, at 21:42, Phillip Hallam-Baker wrote: As for adding IPSEC to BGP, I would not want to comment on the competence of the person involved. We need to replace the MD5 hack with IPsec,

Re: Security of BGP Re: Status of the 16-bit AS Number space

[belatedly] On 12 mei 2009, at 21:42, Phillip Hallam-Baker wrote: As for adding IPSEC to BGP, I would not want to comment on the competence of the person involved. We need to replace the MD5 hack with IPsec, because MD5 doesn't have any DoS potection, crypto algorithm agility or key

Re: Security of BGP Re: Status of the 16-bit AS Number space

On Tue, May 12, 2009 at 10:25 PM, Steven M. Bellovin s...@cs.columbia.edu wrote: On Tue, 12 May 2009 15:42:26 -0400 When you do run an ISP, let me know how well that actually works. Well one thing my approach would be a lot less good at would be forcing upgrades to ludicrously expensive

Re: Security of BGP Re: Status of the 16-bit AS Number space

We can all agree on the fact there is a problem. That does nothing. What matters to me is if we plan to do something about it before crunch time comes. As for adding IPSEC to BGP, I would not want to comment on the competence of the person involved. I will merely note that maybe the proposal

Security of BGP Re: Status of the 16-bit AS Number space

Looks to me that we have an obscurity based 'security' system going on there. The security of the system depends on various net-ops using their skill and judgment to discriminate between purported updates. Such systems tend to fail catastrophically once there is an incentive to attack them. At

Re: Security of BGP Re: Status of the 16-bit AS Number space

On Tue, 12 May 2009 09:25:07 -0400 Phillip Hallam-Baker hal...@gmail.com wrote: Looks to me that we have an obscurity based 'security' system going on there. Everyone in the business understands that there is a routing security problem. There is some disagreement about the magnitude of the

Re: Security of BGP Re: Status of the 16-bit AS Number space

On Tue, 12 May 2009 15:42:26 -0400 Phillip Hallam-Baker hal...@gmail.com wrote: We can all agree on the fact there is a problem. That does nothing. What matters to me is if we plan to do something about it before crunch time comes. As for adding IPSEC to BGP, I would not want to comment on

Re: Status of the 16-bit AS Number space

Subject: Re: Status of the 16-bit AS Number space Date: Tue, May 05, 2009 at 09:02:50PM -0700 Quoting Bill Manning (bmann...@isi.edu): a thought experiment. snip Is the 15ms moritorium excessive? No. Perhaps even short. A month should be appropriate. Those who update

Re: Status of the 16-bit AS Number space

* Bill Manning: The question is why there should be moratorium on returned ASNs. I can think of one reason that could be of dis-service to a new assignee, but all we have so far is handwaving from the proponents. ___ a thought experiment.

Re: Status of the 16-bit AS Number space

Wed, May 06, 2009 at 08:49:42AM +0200, Mans Nilsson: Is the 15ms moritorium excessive? No. Perhaps even short. A month should be appropriate. Those who update their filters based on RIR data with some support system assistance do so daily/weekly. Those who have manually updated

Re: Status of the 16-bit AS Number space

* Steve Crocker: I strongly advise against quick reallocation of returned AS numbers. Returned AS numbers should stay out of service for a substantial period of time. Why? It seems to be consensus among operators that it's fine to use other people's ASNs in the global routing table, so such

Re: Status of the 16-bit AS Number space

Tue, May 05, 2009 at 08:22:27PM +0200, Florian Weimer: * Steve Crocker: I strongly advise against quick reallocation of returned AS numbers. Returned AS numbers should stay out of service for a substantial period of time. Why? It seems to be consensus among operators that it's fine

Re: Status of the 16-bit AS Number space

The question is why there should be moratorium on returned ASNs. I can think of one reason that could be of dis-service to a new assignee, but all we have so far is handwaving from the proponents. ___ a thought experiment. John is

Re: Status of the 16-bit AS Number space

...@vigilsec.com wrote: I thought that the whole community would like to be aware of this status. Russ From: Michelle Cotton michelle.cot...@icann.org To: i...@ietf.org i...@ietf.org Date: Wed, 22 Apr 2009 20:52:18 -0700 Subject: Status of the 16-bit AS Number space Dear IESG, This is to let you

Fwd: Status of the 16-bit AS Number space

I thought that the whole community would like to be aware of this status. Russ From: Michelle Cotton michelle.cot...@icann.org To: i...@ietf.org i...@ietf.org Date: Wed, 22 Apr 2009 20:52:18 -0700 Subject: Status of the 16-bit AS Number space Dear IESG, This is to let you know what we now

Re: Fwd: Status of the 16-bit AS Number space

, would not be reallocated if it were returned. So, in theory there are far more available than this lets on. From: Michelle Cotton michelle.cot...@icann.org To: i...@ietf.org i...@ietf.org Date: Wed, 22 Apr 2009 20:52:18 -0700 Subject: Status of the 16-bit AS Number space Dear IESG

Re: Status of the 16-bit AS Number space

of a block. AS1 for example, would not be reallocated if it were returned. So, in theory there are far more available than this lets on. From: Michelle Cotton michelle.cot...@icann.org To: i...@ietf.org i...@ietf.org Date: Wed, 22 Apr 2009 20:52:18 -0700 Subject: Status of the 16-bit AS Number

Re: Fwd: Status of the 16-bit AS Number space

Is there a parallel report on the current usability of 32-bit AS numbers? --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf

Re: Status of the 16-bit AS Number space

Thu, Apr 23, 2009 at 11:46:01AM -0400, Steve Crocker: I strongly advise against quick reallocation of returned AS numbers. Returned AS numbers should stay out of service for a substantial period of time. why? because someone somewhere might have policy with one of these ASNs hard-coded?

Re: Status of the 16-bit AS Number space

--On Thursday, April 23, 2009 11:46 -0400 Steve Crocker st...@shinkuro.com wrote: I strongly advise against quick reallocation of returned AS numbers. Returned AS numbers should stay out of service for a substantial period of time. The same should be true for other deactivated quantities

Re: Status of the 16-bit AS Number space

: Michelle Cotton michelle.cot...@icann.org To: i...@ietf.org i...@ietf.org Date: Wed, 22 Apr 2009 20:52:18 -0700 Subject: Status of the 16-bit AS Number space Dear IESG, This is to let you know what we now have fewer than 10 blocks of 16- bit AS Numbers left in the IANA free pool. Yesterday we

Re: Status of the 16-bit AS Number space

Geoff Huston wrote: You, and the community, may find these two AS number use reports helpful. It's quite interesting to see the lack of scalability of multihoming by routing is destroying the Internet. The first, http://www.potaroo.net/tools/asn16/ looks at the levels of consumption of