[ http://archive.psg.com/110904.broadside.html ]
Do Not Complicate Routing Security with Voodoo Economics
a broadside
A recent NANOG presentation and SIGCOMM paper by Gill, Schapira, and
Goldberg[1] drew a lot of 'discussion' from the floor. But that
* Wayne E. Bouchard:
the users will screw themselves by flooding their uplinks in which
case they will know what they've done to themselves and will largely
accept the problems for the durration
With shared media networks (or insufficient backhaul capacities),
congestion affects more than
On Sep 4, 2011, at 5:02 PM, Randy Bush wrote:
Will the benefits of security - no more YouTube incidents, etc. - be
perceived as worth having one's routing at the whim of an non-operational
administrative monopoly?
Given recent events in SSL CA-land, how certain are we that the putative
Well said Randy - the previous paper is flawed and if the findings where true
you would wonder how anyone ever created a viable online business.
Neil
Sent from my iPhone
On 4 Sep 2011, at 11:03, Randy Bush ra...@psg.com wrote:
[ http://archive.psg.com/110904.broadside.html ]
Do Not
the previous paper is flawed and if the findings where true you would
wonder how anyone ever created a viable online business.
to me honest, what set me off was
http://transition.fcc.gov/pshs/advisory/csric3/wg-descriptions_v1
describing, among others, a routing working group of an fcc
the previous paper is flawed and if the findings where true you would
wonder how anyone ever created a viable online business.
to me honest, what set me off was
http://transition.fcc.gov/pshs/advisory/csric3/wg-descriptions_v1
describing, among others, a routing working group of an
Mostly excellent thoughts, well documented. I have a question about this
statement though:
in fact, a number of global Tier-1 providers have preferred peers for decades
I assume you mean for a very limited subset of their customers? I've checked
routing on well over half the transit free
I have worked for more then one transit free network, and have work with people
from (most) of the rest, we always prefer cust over peer, every time.
-jim
Sent from my BlackBerry device on the Rogers Wireless Network
-Original Message-
From: Patrick W. Gilmore patr...@ianai.net
Date:
I have worked for more then one transit free network, and have work
with people from (most) of the rest, we always prefer cust over peer,
every time.
again, more than one of the world's largest providers prefer peers. and
even if they wanted to change, it would be horribly anti-pola to the
-Original Message-
From: Randy Bush [mailto:ra...@psg.com]
Sent: 04 September 2011 15:01
To: deles...@gmail.com
Cc: North American Network Operators' Group
Subject: Re: Do Not Complicate Routing Security with Voodoo Economics
I have worked for more then one transit free
On Sep 4, 2011, at 9:59 AM, Randy Bush wrote:
I have worked for more then one transit free network, and have work
with people from (most) of the rest, we always prefer cust over peer,
every time.
again, more than one of the world's largest providers prefer peers. and
even if they wanted
While I can think of some corner cases for this, ie you have a
satellite down link from one provider and fiber to anther. I expect
this is not the norm for most networks/customers.
-jim
On Sun, Sep 4, 2011 at 10:59 AM, Randy Bush ra...@psg.com wrote:
I have worked for more then one transit
to me honest, what set me off was
http://transition.fcc.gov/pshs/advisory/csric3/wg-descriptions_v1
describing, among others, a routing working group of an fcc
communications security, reliability and interoperability council
i.e. these folk plan to write policy and procedures for
Jen,
What operators are involved? And who represents them specifically?
Neil.
On 04/09/2011 16:07, Jennifer Rexford j...@cs.princeton.edu wrote:
As one of the co-chairs of this working group, I'd like to chime in to
clarify the purpose of this group. Our goal is to assemble a group of
vendors
Jay,
I recommend E Solutions, But I am biased (I build the network).
But also in town we have,
Switch and Data
Qwest
Peak 10
Sago Networks
Hostway
I know them all pretty well, so if you have any questions, fire away.
James
- Original Message -
Anyone got any opinions on
maybe volunteers from the nanog community should contact you?
On 4 Sep 2011, at 16:45, Jennifer Rexford j...@cs.princeton.edu wrote:
Neil,
The group is being assembled right now, so we don't have a list as of yet.
-- Jen
Sent from my iPhone
On Sep 4, 2011, at 11:32 AM, Neil J.
As one of the co-chairs of this working group, I'd like to chime in to
clarify the purpose of this group. Our goal is to assemble a group of
vendors and operators (not publish or perish academics) to discuss and
recommend effective strategies for incremental deployment of security
solutions
While I can think of some corner cases for this, ie you have a
satellite down link from one provider and fiber to anther. I expect
this is not the norm for most networks/customers.
what is it you do not understand about more than one of the world's
largest providers? not in corner cases, but
+1
-Tk
On Sep 4, 2011, at 12:23 PM, Neil J. McRae n...@domino.org wrote:
maybe volunteers from the nanog community should contact you?
On 4 Sep 2011, at 16:45, Jennifer Rexford j...@cs.princeton.edu wrote:
Neil,
The group is being assembled right now, so we don't have a list as of yet.
Neil,
maybe volunteers from the nanog community should contact you?
Thanks for the suggestion! Yes, I would encourage interested people to contact
me. We won't be able to put everyone on the working group (in the interest of
having a small enough group to make progress), but we are very
Because routing to peers as a policy instead of customer as a matter
of policy, outside of corner cases make logical sence. While many
providers aren;t good at making money it is fact the purpose of the
ventures. If I route to a customer I get paid for it. If I send it
to a peer I do not.
On
Because routing to peers as a policy instead of customer as a matter
of policy, outside of corner cases make logical sence.
welcome to the internet, it does not always make logical sense at first
glance.
the myth in academia that customers are always preferred over peers
comes from about '96
In response to Randy's three criticisms of our recent
SIGCOMM'11/NANOG'52 paper, which is available here:
http://www.cs.bu.edu/~goldbe/papers/SBGPtrans_full.pdf
http://www.cs.toronto.edu/~phillipa/sbgpTrans.html
Point 1: The ISP economic and incentive model is overly naive to the
point of being
I've managed a few servers from sago, they have a great network and quick
support responses as needed. Hostway not had quite as good of responses from
them, and some weird network issues. However that was a few years back.
-Original Message-
From: James P. Ashton
On Sun, Sep 04, 2011 at 12:56:25PM +0200, Florian Weimer wrote:
* Wayne E. Bouchard:
the users will screw themselves by flooding their uplinks in which
case they will know what they've done to themselves and will largely
accept the problems for the durration
With shared media networks
On Sun, 04 Sep 2011 16:16:45 EDT, Sharon Goldberg said:
Point 2: The security threat model is unrealistic and misguided
Our paper does not present a security threat model at all. We do not
present a new security solution.
Unfortunately for all concerned, it's going to be *perceived* as a
Hi
Seems Netnames / Ascio have been compromised, resulting in DNS servers for
a number of their customers (telegraph.co.uk, acer.com, betfair.com ,
theregister.co.uk etc) being changed, and the sites being redirected to an
hacked page.
list of domains affected here:
On 4 Sep 2011, at 21:17, Sharon Goldberg gol...@cs.bu.edu wrote:
thanks for responding you paper is interesting,
Thus, while we cannot hope to accurately model every aspect of
interdomain routing, nor predict how S*BGP deployment will proceed in
practice, we believe that ISP competition
On Sun, Sep 4, 2011 at 4:45 PM, Wayne E Bouchard w...@typo.org wrote:
Okay, so to state the obvious for those who missed the point...
The congestion will either be directly in front of user because
they're flooding their uplink or towards the destination (beit a
single central network or a
On Sep 5, 2011, at 4:03, Randy Bush ra...@psg.com wrote:
Because routing to peers as a policy instead of customer as a matter
of policy, outside of corner cases make logical sence.
welcome to the internet, it does not always make logical sense at first
glance.
the myth in academia that
Forgive my potential lack of understanding; perhaps BGP behavior has
changed or the way people use it has but my understanding is -
Since BGP is used in almost all circumstances in a mode where only
the best path to a prefix can be re-advertised, only one of the
peer or customer path can be used
On Sun, Sep 4, 2011 at 5:39 PM Neil J. McRae n...@domino.org wrote:
... one could almost argue the opposite also or make the same case about
nearly any feature in a transit product! If i stop offering
community based filtering- I'd probably see revenue decline!
Yes some features in a
On Sep 5, 2011, at 11:04 AM, Michael Schapira wrote:
One crucial way in which S*BGP differs from other features is that ASes which
deploy S*BGP *must* use their ability to validate paths to inform route
selection (otherwise, adding security to BGP makes no sense).
Origin validation path
On Sep 5, 2011, at 11:55 AM, Dobbins, Roland wrote:
Origin validation path validation.
Rather, that should read, 'Origin/path validation origin/path enforcement'.
The idea of origin validation is a simple one. The idea of path validation
isn't to determine the 'correctness' or
34 matches
Mail list logo